Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User caley
(member) Sun 19-Jun-16 21:46:49
Print Post

Have I been Hacked?


[link to this post]
 
Would appreciate any advice forum members can give me.
For around 18 months I have had various issues on my computer mainly modem/router and wireless issues I think. I began to think something was wrong way back then when my mouse would have crazy fits and rotate around the screen then the light on my network indicator would flash as if on the net but I wasn't on the net doing anything. There was nothing uploading or downloading in the background, no windows updates were downloading or installing. These frustrating episodes were not too frequent. I ran scans but nothing showed up as wrong, installed lots of security programmes but still these oddities went on happening. Sometimes it would be on a daily basis for a week then nothing for a couple of weeks. However, I hadn't had any events since last November till last week. Suddenly I couldn't access the internet, lights went out on my router. I eventually found out through a friend that my password had changed. I set the router back to defaults and redid the password and everything was fine. Rerun all the security checks and nothing suspicious was found.
I'm now worried that something is on my computer that isn't obvious and the security stuff I use can't see it and I can't find it. My browser has been opened too as if by itself. I don't close my computer down but always close any programme that's open when I plan on leaving the room and a few times when I've been away from the computer for a while the browser has been opened when I got back. I've been going crazy trying to find the cause of this. Does anyone here think I could have faulty security that's letting an intruder into my computer? If so how do I find out how it's being done? I don't bank online thank goodness and don't keep credit card details on my computer so if it is a person that's doing this for gain then they won't gain much here.

Thank in advance for any advice.

Caley.

Lost a Pet?
Remember them forever at
Caley's Pet Remembrance Tributes
www.petremembrance.co.uk
Standard User Lethe
(fountain of knowledge) Mon 20-Jun-16 16:38:09
Print Post

Re: Have I been Hacked?


[re: caley] [link to this post]
 
Well, it sounds dodgy.

The only sure way of sorting this is to completely wipe your PC and do a fresh reinstall - obviously back-ups are useless here - you don't know what is infected or how. Also you will need to clear the router, change the passwords etc - and if you can, re-flash it with new firmware, as that could be infected with a back door and the gateway into your home network..

Nick
Standard User 961a
(member) Mon 20-Jun-16 16:58:07
Print Post

Re: Have I been Hacked?


[re: caley] [link to this post]
 
In reply to a post by caley:
Would appreciate any advice forum members can give me.
For around 18 months I have had various issues on my computer mainly modem/router and wireless issues I think. I began to think something was wrong way back then when my mouse would have crazy fits and rotate around the screen then the light on my network indicator would flash as if on the net but I wasn't on the net doing anything. There was nothing uploading or downloading in the background, no windows updates were downloading or installing. These frustrating episodes were not too frequent. I ran scans but nothing showed up as wrong, installed lots of security programmes but still these oddities went on happening. Sometimes it would be on a daily basis for a week then nothing for a couple of weeks. However, I hadn't had any events since last November till last week. Suddenly I couldn't access the internet, lights went out on my router. I eventually found out through a friend that my password had changed. I set the router back to defaults and redid the password and everything was fine. Rerun all the security checks and nothing suspicious was found.
I'm now worried that something is on my computer that isn't obvious and the security stuff I use can't see it and I can't find it. My browser has been opened too as if by itself. I don't close my computer down but always close any programme that's open when I plan on leaving the room and a few times when I've been away from the computer for a while the browser has been opened when I got back. I've been going crazy trying to find the cause of this. Does anyone here think I could have faulty security that's letting an intruder into my computer? If so how do I find out how it's being done? I don't bank online thank goodness and don't keep credit card details on my computer so if it is a person that's doing this for gain then they won't gain much here.

Thank in advance for any advice.

Caley.


Some info first please

Make and age of computer

what windows are you using. is it up to date

what make anti virus are you using?

what security system have you set on your internet connection? Are you on ADSL or fibre?

Is your telephone socket - router - computer connected by ethernet cable or wireless?

who is your ISP?

what downloads have you tried to find the problem?

Have you run Malwarebytes? If not, please do so now and report any findings. The free version will do fine, there is no need to buy the paid for version

https://www.malwarebytes.com/antimalware/

Run a (free) on line scan from Kaspersky and report any findings

http://www.kaspersky.com/free-virus-scan


Register (or login) on our website and you will not see this ad.

Standard User 961a
(member) Mon 20-Jun-16 17:18:23
Print Post

Re: Have I been Hacked?


[re: 961a] [link to this post]
 
As a matter of interest can you check to see if remote control of your computer is enabled on your machine please. It is normally disabled by default but is easy for someone to turn on

http://antivirus.about.com/od/securitytips/ht/How-To...

Does anyone else have access to your computer. May I suggest that for the moment you password protect your user account and turn the machine off when not using it
Standard User AdrianPH
(member) Mon 20-Jun-16 17:59:22
Print Post

Re: Have I been Hacked?


[re: caley] [link to this post]
 
Could be someone has been using your WiFi .

Malwarebytes Chameleon would be the best thing to run on your PC, that works in DOS and kills rootkits.

https://www.malwarebytes.com/chameleon/

The instructions for use are in the .zip file.

Standard User ukhardy07
(knowledge is power) Mon 20-Jun-16 21:09:46
Print Post

Re: Have I been Hacked?


[re: caley] [link to this post]
 
You say the wireless password had been changed. Wireless attacks are easy and can be carried out in a few minutes to a few hours if WPS is enabled (as is the case on home routers). It is unlikely they would change the wireless password any other way. A full brute force takes too long, it is bound to be WPS compromised. The issue with WPS is that it's an 8 digit pin. The first 3 digits are given to you when you fail to connect, the final digit is not random, so there is only 4 digits to guess as an attacker, you just brute-force the 4 digit pin using a computer in virtually no time.

I would do the following:
1) Reformat the affected machine
2) Log into your router, turn off WPS
3) Log into your router, change the SSID and wireless password to something random, ideally 10 digits or more on the password. If a successful WPS attack occurred, they have your SSID and PW. Do not use dictionary words in the password. Make it hard to guess.
4) Set the router wireless to WPA2-PSK AES only, not WPA/WPA2 mixed mode.

With the above you have the best security possible on a home router. MAC filtering is pointless and easily bypassed so do not bother.
Standard User caley
(member) Mon 20-Jun-16 21:19:01
Print Post

Re: Have I been Hacked?


[re: 961a] [link to this post]
 
Firstly thanks to all who responded with ideas and advice. The details of my set up are below. I've tried many different online scans and they all come back with the same answer no problems detected.

My computer is 2 years old and runs windows 7 with all updates (except windows 10) My anti virus is Avast free. I have fttc on my system. Not sure by what you mean "security system" I run a Netgear D6200 router with an BT Openreach modem, type Huawei Echolife HG612 version 3B but wasn't running these when all this started 18 months ago, had a Netgear N300 adsl 2+ modem back then. I'm connected by ethernet cable but do use wireless also. ISP is UNO for the last 10 months. I have Malwarebytes on my computer running all the time. Downloaded ADWCleaner as well as Super Antispyware but they all find nothing.
Had a bout today of browser window being closed this morning and opened up when I got home. There is nobody in the house when this occurs. I will give Kaspersky a try. With regard to formatting the computer that is not a job I do but when I remove the files I require I'll get someone to do it for me.

Caley.

Lost a Pet?
Remember them forever at
Caley's Pet Remembrance Tributes
www.petremembrance.co.uk
Standard User caley
(member) Mon 20-Jun-16 21:23:28
Print Post

Re: Have I been Hacked?


[re: ukhardy07] [link to this post]
 
Thanks for responding. I have a 24 character password which I have changed numerous times over the past 18 months but still this goes on.

Caley.

Lost a Pet?
Remember them forever at
Caley's Pet Remembrance Tributes
www.petremembrance.co.uk
Standard User 10forcash
(learned) Mon 20-Jun-16 21:58:35
Print Post

Re: Have I been Hacked?


[re: caley] [link to this post]
 
First things first, assume that at least one device on your network is compromised (probably not, however, this is the best way of developing a mind set to resolving the issue...
Secondly, if you go for the 'nuclear option' then don't rely on a wipe and reinstall, only replacement hard drives will get rid of any unwanted software for sure.
Now to the problem. In my opinion, it's very unlikely that a random 'hacker' would be interested in your I.P. address and connected equipment for the length of time you suggest if there is no information there to make it worthwhile. So that (mainly) rules out unknown persons or bots, what about known persons? Who do you know that would / could access your network? Think of access from inside as external access on a dynamic I.P. can be time consuming, especially if you reboot your router on a random basis - note that internal access can be by an installed 'back door' on your internal network which reports your public I.P. to the miscreants. So rather than focussing entirely on your PC, consider the network as a whole - and who could & would have the motivation and skills to mess with your head to the point you post on here.
To go back to my first point, treat every device as an attack vector, and secure every other device against it. Disable unused and un-needed services, download portable malware scanners from another location and burn to CD-R's before taking them home and running on all devices, replace any network switches with a hub so you can run wireshark or similar to analyse network traffic using a new network device appropriately secured and analyse the data off site. If you follow the above, one of two things will happen, either you'll find the attack vector, compromised device and an idea of who or what, or you'd conclude it's just a faulty keyboard and /or trackpad, and think back to that spilt cup of coffee all those years ago....
Good luck!
Standard User Michael_Chare
(experienced) Mon 20-Jun-16 22:03:34
Print Post

Re: Have I been Hacked?


[re: caley] [link to this post]
 
If the 'lights went out on your router', one explanation for this is that your ISP has failed to provide a service for some reason. If your main computer uses a wired connection you can always switch off the Wifi when you don't need it.

You should not use any default password for the router's web interface.

You might want to check how your computer behaves if it looses its internet connection say by removing the RJ45 plug

Michael Chare
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to