HELP, I think my computer has been highjacked

No problem what i usually do if thier is a component trying to gain internet access is i take the components name and quickly run it through a search engine to see what exactly it does and if thier are any side effects

Originally posted by silQ
if ur comp is old, then it's just ur fan and ur sound system is starting wear down and ur internal stuff is starting to slow down, causing weird noises. it's nothing to worry about. it's just like my comp. it's old as hell so it's doing the same thing.

My computer does the same thing. Some very freaky noises at night.

The CERT� Coordination Center sponsored by, Carnegie Mellon University, has assembled a very user-friendly guide to basic home computer Internet security. It is a great place to start learning how to protect yourself online, and I highly recommend it.

CERT - Home Computer Security

It covers antivirus, OS patches, firewalls, etc. -all in a way that is not overwhelming to computer users who may not have a technical background. I hope you find this is helpful.

Originally posted by Amuk
Thanks man.

63 objects found.

Damn

No problem. I run Ad Aware every day at least once. It only takes a couple of minutes and it gets rid of all spyware on my system. Its a great program and it gets updated a lot so you're always protected against the latest spyware, which is really nice.

If I decided to reinstall my operating system, is their any good program that will erase everything on the drive so the files can never be acessed or found?

Originally posted by kinglizard
If I decided to reinstall my operating system, is their any good program that will erase everything on the drive so the files can never be acessed or found?

Yes but they might cost a bit
www.east-tec.com... for example does.

Originally posted by kinglizard
If I decided to reinstall my operating system, is their any good program that will erase everything on the drive so the files can never be acessed or found?

If you delete and re-create the hard drive partition, then do a clean install over that, you will have effectively over-written and data that was on the drive. It isn't a perfect solution but will defeat common data recovery software. If you really REALLY want to wipe out a hard drive check out
Darik's Boot and Nuke ("DBAN")

I usually blow away my WinXP install about twice a year anyway since I have usually hosed it up by experimenting. To make it less painless, I have a Symantec Ghost image of my basic configuration (WinXP and the software I use most) that I can use to restore it in just a few minutes.

If you just want to securely delete files, there is a good open-source program called "Eraser." It runs on all versions of Windows and can delete to US Department of Defense specs. Eraser

Originally posted by Amuk

Originally posted by Ocelot

63 objects found.

JUST 63 lol, I think I found my problem try 343 here!

Originally posted by Bushed
JUST 63 lol, I think I found my problem try 343 here!

HOLY S**T!! . Well get rid of it.

One of my favorites is Registry First Aid, it cleans all registry entrys and orphaned files. My computer always speeds up after I use this program.

Originally posted by Bushed

Originally posted by Amuk

Originally posted by Ocelot

63 objects found.

JUST 63 lol, I think I found my problem try 343 here!

I just ran it again and found 12 more

Originally posted by Bushed
My computer has starting doing some really strange things, i.e. slowed down considerably, as well as making strange noises while no one is using it. When I click on the connention icon in the system tray it is showing that I am sending and receiving data even when I do not have a page opened. Does this make since or has my computer been highjacked?

Bushed, I have a couple questions along with my advice, which will help me in giving even more accurate advice maybe.
Questions:
1.) What Operating System are you using? (98, XP,)
2.) What Kind of Net Service are you using? (DSL, Dialup)
3.) What security software/hardware do you currently use? (Anti-Virus, Firewall, Router)

Advice:
1.) As far as you being 'Hijacked' over the Internet is concerned there are a couple very easy things you can do which will let you know what's happening right away. Small amounts of traffic on 'Always Connected' Internet Accounts, like DSL or Cable or even a Local Network, is to be expected to some degree and depending on your setup and services and so forth. Even when you aren't using the internet at all, there will be some 'Minimal' network traffic from things like Netbios and other services, especially when using 2000 or XP, even this should be very little traffic though. Unless you're on a local network, when you're not using the net you shouldn't be 'Connected' to anything, even with this background traffic as it isn't used over the internet.

If you are 'Connected' to someone when not intended, you may have been compromised into an IRC Zombie, Spam Server, etc. The fastest and easiest way to check for unwanted 'Connections' with or without Firewalls and stuff is to use 'Netstat' at a command prompt.

Example:
~At the 'RUN' line(START->RUN) type in 'command'(95 or 98) 'cmd'(NT, 2000 or XP) to get a DOS window.
~At the prompt type in 'netstat' and hit enter.
~You'll see a list of Network Connections from your PC to the remote pc and the 'Port Numbers' being used for the connection. Port numbers will be useful in identifying the type of connection.

For Example:
Active Connections
Proto Local Address Foreign Address State
TCP "Your PC":1194 "Remote":44101 Connected
TCP "mOjOm":1449 "comcast.net":10978 Connected

~TCP is the connection type (Protocol).
~Local is of course your PC and the following number is the TCP port number used on your end.
~Foreign is where you are connected to with their port number on their end.
~State is showing the current status, like 'Connected', 'Time_Wait', 'Fin_Wait', etc. Connected means currently connected, anything else is trying or finishing connection.
**To list the connections using IP address instead of Names, use 'netstat -n'. Use 'netstat/?' for a quick help menu on using netstat for other features.

Now if you are connected somewhere, make note of the 'Name and or IP address & the Port Numbers being used'. BTW, normal Internet Traffic will be using a Remote Port of 80. The port number on the remote end will be the easiest way to identify the method and type of 'trojan, service, etc' .

To see if you are 'Awaiting Connection' use 'netstat -a' which will show Open Ports both with Connection and 'Waiting' status. If you see a Local Port Number with a waiting status take note of it and look up what service it is. Any port with a Waiting Status is basically just sitting there open to the world waiting for some packets to come in on that port.

Microsoft has a habit of being insecure and having some ports left open by default. This is why you should have some security set up like a firewall or router or something, especially when using DSL or Cable or any 24/7 connection. Ports that are left open by default because of microsoft being lazy and stupid are (137,138,139) which is for netbios for Win95 thru XP. NT, 2000 & XP by default will also have (135, 445) as well, and maybe others depending on your system setup.

Just an FYI, here are some typical port numbers:
21-ftp (File Transfer Protocol)
80-HTTP, WWW
135-epmap (Needed by the O.S. in 2000 & XP)
137-139-netbios
445-SMB (Newer version of netbios basically)
1243-SubSeven (Trojan)
6667-IRC (Can be Good or Bad)
6776-Sub7 (Trojan)
31337-Back Orifice (Trojan)
**Port numbers range from 0-65535. Usually most trojan or leaks will be High numbers or atleast above 1025, but some can be set to use any port. The list of Trojan Ports is HUGE also. The few that I typed above in NO WAY come close to the actual number of Typical Trojan & Worm ports that are known and used.

BTW, some of this may be common knowledge to you or stuff you already knew. I'm not sure how familiar you are with all this so I kept it pretty basic for the most part just in case, or for others who may read it. This should obviously be used to quickly check if you have unwanted network connections or check traffic, for gathering information only. Others have recommended Anti-Virus, Firewalls, Spyware Scanners, etc. so I didn't bother repeating their advice again here and decided to offer something different which also doesn't require buying or downloading anything new at all, and can be used anytime with ease. For a more informative scan and/or removal of Virii, Adware, Registry Problems, etc. you would definately want to follow the advice that others have posted as well.

Feel free to ask for more help or to clearify anything else about this or other problems you may have too. If not here in this post you can also U2U me if you'd like. That goes for anyone else too. Good luck!

Originally posted by mOjOm

Originally posted by Bushed
My computer has starting doing some really strange things, i.e. slowed down considerably, as well as making strange noises while no one is using it. When I click on the connention icon in the system tray it is showing that I am sending and receiving data even when I do not have a page opened. Does this make since or has my computer been highjacked?

Bushed, I have a couple questions along with my advice, which will help me in giving even more accurate advice maybe.
Questions:
1.) What Operating System are you using? (98, XP,)
2.) What Kind of Net Service are you using? (DSL, Dialup)
3.) What security software/hardware do you currently use? (Anti-Virus, Firewall, Router)

I have Windows XP, dialup to MSN, and currently upgraded and outdated Norton to ETrust EZ Armor. As for everything else that you so greatly provided I will try this and see where I gets. THANKS a million for taking the time to respond to my request.

Bushed - AboveTopSecret
Elm-er - BelowTopSecret