Vista Hacked

Discussion in 'Windows Vista Performance' started by S.Quickness, Jul 1, 2008.

  1. S.Quickness

    S.Quickness Guest

    Internet Explore and Windows Host Process Server on my computer are
    attempting to connect multiple times a day (20 or more) to numerous
    google.com ip addresses across a wide viriety of ports in the 45000's.
    I have been unable to close the processes. The Internet Explorer
    process has been running as a seperate program that I am unable to see
    and uses 45,000k of ram. It is also not possible for me to shut the
    program down. I have nine svchost.exe (windows host process services)
    running which are also attempting to communicate with google.com.
    These events are of great concern to me as I work for a financial firm
    and keep large amounts of proprietary knowledge on my computer. Can
    anyone help me determine if in fact I was hacked? If I was hacked, I
    am not looking to have this issue repaired, I want evidence to take to
    the police so that I do not need to deal with these hassles again.
     
    S.Quickness, Jul 1, 2008
    #1
    1. Advertisements

  2. Install Windows OneCare
    http://onecare.live.com/standard/en-us/default.htm

    --
    Carey Frisch
    Microsoft MVP
    Windows Desktop Experience -
    Windows Vista Enthusiast

    ---------------------------------------------------------------

    Internet Explore and Windows Host Process Server on my computer are
    attempting to connect multiple times a day (20 or more) to numerous
    google.com ip addresses across a wide viriety of ports in the 45000's.
    I have been unable to close the processes. The Internet Explorer
    process has been running as a seperate program that I am unable to see
    and uses 45,000k of ram. It is also not possible for me to shut the
    program down. I have nine svchost.exe (windows host process services)
    running which are also attempting to communicate with google.com.
    These events are of great concern to me as I work for a financial firm
    and keep large amounts of proprietary knowledge on my computer. Can
    anyone help me determine if in fact I was hacked? If I was hacked, I
    am not looking to have this issue repaired, I want evidence to take to
    the police so that I do not need to deal with these hassles again.
     
    Carey Frisch [MVP], Jul 1, 2008
    #2
    1. Advertisements

  3. S.Quickness

    Malke Guest

    Malke, Jul 1, 2008
    #3
  4. You may want to take this one step further and monitor the type of traffic
    that is being discarded by your firewall. This can be done by enabling security
    logging using the steps outlined below:

    1. Click Start, All Programs, and Administrative Tools.
    2. Select Windows Firewall with Advanced Security.
    3. Click Windows Firewall Properties.
    4. Click one of the profile tabs, such as Public Profile.
    5. Click the Customize button within the Logging area.
    6. Enable firewall logging from the dialog box that appears.
    7. Click OK.

    Once you enable security logging, information is written to a log file
    that is stored in the Windows directory.

    --
    Carey Frisch
    Microsoft MVP
    Windows Desktop Experience -
    Windows Vista Enthusiast

    ---------------------------------------------------------------


    Internet Explore and Windows Host Process Server on my computer are
    attempting to connect multiple times a day (20 or more) to numerous
    google.com ip addresses across a wide viriety of ports in the 45000's.
    I have been unable to close the processes. The Internet Explorer
    process has been running as a seperate program that I am unable to see
    and uses 45,000k of ram. It is also not possible for me to shut the
    program down. I have nine svchost.exe (windows host process services)
    running which are also attempting to communicate with google.com.
    These events are of great concern to me as I work for a financial firm
    and keep large amounts of proprietary knowledge on my computer. Can
    anyone help me determine if in fact I was hacked? If I was hacked, I
    am not looking to have this issue repaired, I want evidence to take to
    the police so that I do not need to deal with these hassles again.
     
    Carey Frisch [MVP], Jul 1, 2008
    #4
  5. S.Quickness

    PD43 Guest

    Is this your FINAL answer (after Malke rejected your first one)?
     
    PD43, Jul 1, 2008
    #5
  6. Yes.

    --
    Carey Frisch
    Microsoft MVP
    Windows Desktop Experience -
    Windows Vista Enthusiast

    ---------------------------------------------------------------

    Is this your FINAL answer (after Malke rejected your first one)?
     
    Carey Frisch [MVP], Jul 1, 2008
    #6
  7. Open Task Manager and click on the Performance tab, then click on Resource Monitor.
    Click Networking to open.
    Jot down any suspicious IP Address and perform a
    trace using http://whatismyipaddress.com/staticpages/index.php/ip-address-tools

    --
    Carey Frisch
    Microsoft MVP
    Windows Desktop Experience -
    Windows Vista Enthusiast

    ---------------------------------------------------------------

    Internet Explore and Windows Host Process Server on my computer are
    attempting to connect multiple times a day (20 or more) to numerous
    google.com ip addresses across a wide viriety of ports in the 45000's.
    I have been unable to close the processes. The Internet Explorer
    process has been running as a seperate program that I am unable to see
    and uses 45,000k of ram. It is also not possible for me to shut the
    program down. I have nine svchost.exe (windows host process services)
    running which are also attempting to communicate with google.com.
    These events are of great concern to me as I work for a financial firm
    and keep large amounts of proprietary knowledge on my computer. Can
    anyone help me determine if in fact I was hacked? If I was hacked, I
    am not looking to have this issue repaired, I want evidence to take to
    the police so that I do not need to deal with these hassles again.
     
    Carey Frisch [MVP], Jul 1, 2008
    #7
  8. S.Quickness

    mikeyhsd Guest

    do you have google tool bar a\or any other google tools installed.

    could be why it seems to be going to google.

    try running IE with NO add ons.








    Internet Explore and Windows Host Process Server on my computer are
    attempting to connect multiple times a day (20 or more) to numerous
    google.com ip addresses across a wide viriety of ports in the 45000's.
    I have been unable to close the processes. The Internet Explorer
    process has been running as a seperate program that I am unable to see
    and uses 45,000k of ram. It is also not possible for me to shut the
    program down. I have nine svchost.exe (windows host process services)
    running which are also attempting to communicate with google.com.
    These events are of great concern to me as I work for a financial firm
    and keep large amounts of proprietary knowledge on my computer. Can
    anyone help me determine if in fact I was hacked? If I was hacked, I
    am not looking to have this issue repaired, I want evidence to take to
    the police so that I do not need to deal with these hassles again.
     
    mikeyhsd, Jul 1, 2008
    #8
  9. S.Quickness

    Malke Guest

    Well, it's OK to admit when you're wrong and in this case you are most
    certainly wrong.

    The OP said he wanted forensics. That means contacting a real company that
    is licensed to do computer forensics. You may not know this, but computer
    forensics is a very specialized, regulated field. In addition to US Federal
    licensing, most States have their own licensing requirements.

    The OP said he had proprietary financial records on his compromised
    computer. In most countries there are laws as to how that needs to be
    handled.

    To the OP: you need to contact local law enforcement and/or the FBI if you
    are in the US or the equivalent agency if you are in a different country.
    An issue of such seriousness where other people's financial information is
    at stake is not solved in a public peer-to-peer newsgroup.

    And installing a lower-tier antivirus solution (Windows One Care) or
    enabling logging (and how is that going to help after the fact anyway?)
    certainly isn't the answer.

    Malke
     
    Malke, Jul 2, 2008
    #9
  10. PsTools v2.44
    http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

    How can I tell if I've been hacked?
    http://securityadmin.info/faq.asp?hacked

    --
    Carey Frisch
    Microsoft MVP
    Windows Desktop Experience -
    Windows Vista Enthusiast

    ---------------------------------------------------------------

    Internet Explore and Windows Host Process Server on my computer are
    attempting to connect multiple times a day (20 or more) to numerous
    google.com ip addresses across a wide viriety of ports in the 45000's.
    I have been unable to close the processes. The Internet Explorer
    process has been running as a seperate program that I am unable to see
    and uses 45,000k of ram. It is also not possible for me to shut the
    program down. I have nine svchost.exe (windows host process services)
    running which are also attempting to communicate with google.com.
    These events are of great concern to me as I work for a financial firm
    and keep large amounts of proprietary knowledge on my computer. Can
    anyone help me determine if in fact I was hacked? If I was hacked, I
    am not looking to have this issue repaired, I want evidence to take to
    the police so that I do not need to deal with these hassles again.
     
    Carey Frisch [MVP], Jul 2, 2008
    #10
  11. S.Quickness

    PD43 Guest

    PD43, Jul 2, 2008
    #11
  12. S.Quickness

    Mick Murphy Guest

    frisch is a loser; always has been!
     
    Mick Murphy, Jul 2, 2008
    #12
  13. S.Quickness

    PD43 Guest

    Never will know how the dork got to be an MVP.

    His advice when XP was first introduced was actually laughable at
    times, especially when he stepped outside of the comfort zone of
    Windows.

    He depended on copying and pasting then, and he's still doing it.
     
    PD43, Jul 2, 2008
    #13
  14. S.Quickness

    DevilsPGD Guest

    In message <> PD43
    Even if that is true (and I haven't read enough of his posts to know),
    if he manages to copy and paste correctly, he's still an asset.
     
    DevilsPGD, Jul 2, 2008
    #14
  15. S.Quickness

    Charlie Tame Guest


    In the other thread you say the computer was recently "Hacked" and you
    had it reformatted. This implies you did not reinstall Vista yourself so
    who did? Did they investigate at all or just do as you asked and
    reinstall? In other words what confirmation do you have that the
    original install was actually hacked?

    On my machine there are currently 12 instances of scvhost running and on
    explorer.exe that cannot be shut down because it is the desktop.
    Internet Explorer is IExplore.exe not explorer.exe.

    Often when legitimate processes try to communicate and are blocked they
    will repeatedly try again and sometimes use a different port. The fact
    that your new "Firewall" is blocking things might in fact be making
    things look worse than they are. Software firewalls are sometimes useful
    but that depends on what you do with them, they can also be considered
    "Snake Oil".

    Probably the best solution for a firewall is to use a router, even if
    you only have a single machine.

    You can use this utility
    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    or go start>run?type in cmd and hit enter.
    In the window type netstat -af [enter]

    Either should show active connections, many of which will be your
    machine talking (or at least listening) to itself.

    The utility offered at the technet site is somewhat the better one.

    If you have Google toolbar or update manager installed then random
    connections to google will happen, otherwise I am not sure what the
    connection would be between google and some alleged hacker. Can you list
    what security / antivirus / antispyware / search software you have
    installed if any? I may not be able to get back here before tomorrow but
    that information may help someone get a better idea of what is going on.

    Getting proof of this type of thing can be difficult, it is one thing to
    prove that an IP address did something, quite another to establish who
    was using the machine at that time, so "If" something is happening it is
    best to stop the offender getting in rather than have it continue while
    investigation takes place.
     
    Charlie Tame, Jul 2, 2008
    #15
  16. S.Quickness

    Nonny Guest

    Leave off the "et" and you've got it right.
     
    Nonny, Jul 2, 2008
    #16
  17. S.Quickness

    mikeyhsd Guest

    probably the same way our fake queeny malke got to be one.








    Never will know how the dork got to be an MVP.

    His advice when XP was first introduced was actually laughable at
    times, especially when he stepped outside of the comfort zone of
    Windows.

    He depended on copying and pasting then, and he's still doing it.
     
    mikeyhsd, Jul 2, 2008
    #17
  18. S.Quickness

    mikeyhsd Guest

    mikeyhsd, Jul 2, 2008
    #18
  19. S.Quickness

    Hobo Guest

    Yeah, well at least she knows better than to post to newsgroups in html
    which is one up on you!
     
    Hobo, Jul 3, 2008
    #19
  20. S.Quickness

    Mick Murphy Guest

    I still don't belive he is. Try and find info about him.
    Non-existent!
    When he became an MVP, he had only 137 correct answers here, in these
    Newsgroups.
    Poof! He became an MVP!
     
    Mick Murphy, Jul 3, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.