Author |
Topic: Dear HACKER (Read 1058 times) |
|
unsolved1
Guest
|
OK...someone is seriously screwing with me.
My broadband ISP gives you 6 e-mail accounts. Each account comes with 10MB of webspace.
Someone is using one of my accounts to send out spam and viruses. I'm getting the mail demons. (some with viruses attached)
I've changed the account password 3 times already and they keep getting by it ... so I've temporarly closed that account completely.
Is there a way I can re-open this account or is this bastage going to keep getting in ? Any suggestions ?
UNsolved
|
|
 IP Logged |
|
|
|
Jonny
CH.com Alumnus
New Board Hall of Famer
Give me a shovel Ill dig my own grave!
Gender: 
Posts: 26213
|
 |
Re: Dear HACKER
« Reply #1 on: Nov 30th, 2005, 5:24pm » |
 Quote  Modify
|
Contact your ISP?
|
|
IP Logged |
It is up to YOU to educate yourself and then help your doctor plan your treatment. If you just sit down in front of your doctor and say "make me better" you are setting yourself up for a great deal of pain.
- Guiseppi
|
|
|
Ghost
CH.com Alumnus
New Board Hall of Famer
Farting relieves the pressure
Gender:
Posts: 4024
|
|
Re: Dear HACKER
« Reply #2 on: Nov 30th, 2005, 5:25pm » |
Quote Modify
|
Also have them change your isp address may help.
|
|
IP Logged |
Illigitimus Non Tatum Carborundum
If all men are endowed by their creator, why was mine so short sighted?
***WARNING*** Oxygen will rust your pipes!
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: Dear HACKER
« Reply #3 on: Nov 30th, 2005, 5:44pm » |
Quote Modify
|
How is he getting your passwords? Mayhaps you have a keylogger running on your system.
Hit CTRL-ALT-DELETE. Windows Task Manager will come up. Take screen shots of that, scrolling through it and taking multiple shots if necessary. Post the results... let us see what you have running.
|
|
IP Logged |
Rock beats Scissors.
|
|
|
maffumatt
Guest
|
do a virus scan in safe mode.Wouldn't be surprised if the sober-x worm is to blame. It will send replicate itself in emails and send them from your computer.
|
|
IP Logged |
|
|
|
Opus
New Board Hall of Famer
(Insert witty comment here)
  
Gender:
Posts: 2509
|
|
Re: Dear HACKER
« Reply #5 on: Nov 30th, 2005, 6:58pm » |
Quote Modify
|
Do the above to see if your computer is owned by a spammer,
if it is clean then try reopening the account with a strong password if you haven't tried that. All passwords should be a combination of letters, numbers and symbols. Make a super strong password like H9*ga2%1.Z Ish&, if the account becomes owned again, then you know it is an inside job.
Either inside your ISP, or more probably inside your computer.
Opus/Paul
|
|
IP Logged |
Zed-Zed-nine plural-Zed alpha,
There is no place like home.
|
|
|
Jonny
CH.com Alumnus
New Board Hall of Famer
Give me a shovel Ill dig my own grave!
Gender:
Posts: 26213
|
|
Re: Dear HACKER
« Reply #6 on: Nov 30th, 2005, 7:07pm » |
Quote Modify
|
on Nov 30th, 2005, 5:44pm, Rock_Lobster wrote:| Hit CTRL-ALT-DELETE. Windows Task Manager will come up. Take screen shots of that, scrolling through it and taking multiple shots if necessary. Post the results... let us see what you have running. |
|
The applications or the processes?
|
|
IP Logged |
It is up to YOU to educate yourself and then help your doctor plan your treatment. If you just sit down in front of your doctor and say "make me better" you are setting yourself up for a great deal of pain.
- Guiseppi
|
|
|
cootie
New Board Hall of Famer
sumday I'm gonna be sumbody........ ..
Gender: 
Posts: 8406
|
|
Re: Dear HACKER
« Reply #7 on: Nov 30th, 2005, 11:07pm » |
Quote Modify
|
I got a notice the other day that about 30 emails I sent out could not be sent......I never heard of any of them addy's and all were .com addy's too. Seen the email addy on some of them sumthing/spammer ? I wasn't sure if it was a fluke email wantin me to do sumthin or what ? I'm not too computerly enhanced to know what is what Pam
|
|
IP Logged |
Cause and Effect......"Cause is the effect concealed, Effect is the cause revealed"
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: Dear HACKER
« Reply #8 on: Dec 1st, 2005, 12:59am » |
Quote Modify
|
on Nov 30th, 2005, 7:07pm, Jonny wrote:
The applications or the processes?
|
|
processes
|
|
IP Logged |
Rock beats Scissors.
|
|
|
cootie
New Board Hall of Famer
sumday I'm gonna be sumbody........ ..
Gender:
Posts: 8406
|
|
Re: Dear HACKER
« Reply #9 on: Dec 1st, 2005, 1:15am » |
Quote Modify
|
Hey I did that with the task manager and all it said was 'owner....network service,system, local service under processes. Did that sound ok ? Only said 'owner' under users. I dunno much bout this stuff so am tryin to keep up. Hock up a hacker Pam
|
|
IP Logged |
Cause and Effect......"Cause is the effect concealed, Effect is the cause revealed"
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: Dear HACKER
« Reply #10 on: Dec 1st, 2005, 9:09am » |
Quote Modify
|
I dunnno... i would have to look at it. I am guessing that 'owner' is your user name. But what is actually running under each category is the important thing.
Here is an easier way to try this...
go here to download Iarsn TaskInfo...
http://downloads.iarsn.com/tskinf62.exe
When you fire it up, hit CTRL-ALT-C or go up and select Edit/Copy All Info To Clipboard.
Then paste it here (CTRL-V in a reply).
It is a shitload of info. Paste the whole thing here. Actually I am most interested in the Process Pane initially.... the first few pages... so if you have problems then just gimme that. Teh top of it will look like this...
[Process Pane]
|ProcessID| |Process| |% CPU| |CPUGraph| |LT % CPU| |Time| |Sw/s| |InMem KB| |Private KB| |Total KB| |Th||Pri| |Ver||State| |Handles| |Windows| |USER Obj| |GDI Obj| |Start Time||Path|
+ Interrupts Time 3.00% 2.40% 0:20 2234 0 0 0 1 Hard 4.0 0 0 0 0 Interrupts Time Placeholder
+ DPC Time 0.50% 0.98% 0:04 2114 0 0 0 1 DPC 4.0 0 0 0 0 DPC Time Placeholder
+ Idle 94.99% 85.80% 6:26 223 16 0 0 1 Very Idle 0.0 0 0 0 0 System Idle Process
4 + System 1.44% 0:12 139 220 28 1,876 66 Norm 0.0 308 0 0 0
1044 + smss.exe 0 376 168 3,800 3 BNorm+1 5.132 Con 21 0 0 0 12/01/05 07:56:28C:\WINDOWS\System32\smss.exe
1196 + csrss.exe 0.06% 0:02 261 3,716 1,388 24,692 10 High 5.132 Con 474 0 56 43 12/01/05 07:56:29C:\WINDOWS\system32\csrss.exe
|
|
IP Logged |
Rock beats Scissors.
|
|
|
cootie
New Board Hall of Famer
sumday I'm gonna be sumbody........ ..
Gender:
Posts: 8406
|
|
Re: Dear HACKER
« Reply #11 on: Dec 1st, 2005, 10:42am » |
Quote Modify
|
How do you take SCREEN SHOTS ?? I tried to copy the procceses window and can't. Yeah I am listed as OWNER it says under users so would imagine OWNER is me. Most was owner ? Didn't recognize half the stuff but then I am not computer SAVOY in alot of areas. I don't go on wierd sites but alot of links for research were NOT what they were supposed to be. Strange daze in computerville Pam
PS: downloaded the link.......kinda cool even tho I don't understand it All. What is "help U save"....it is also running and says I own it ?? Does the program work without buying it ? Sum cut ya off after so many uses.
|
| « Last Edit: Dec 1st, 2005, 11:00am by cootie » |
IP Logged |
Cause and Effect......"Cause is the effect concealed, Effect is the cause revealed"
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: Dear HACKER
« Reply #12 on: Dec 1st, 2005, 11:23am » |
Quote Modify
|
Within TaskInfo you can used the EDIT tab to cut the data to your clipboard. The you can paste the info here.
Alternatively you can take a screenshot by hitting the Print Scrn button on your keyboard. That would put a bitmap of the screen to your clipboard. Then you paste the image into something such as MS Paint, then save the image and share it with us.
Which is why I presented TaskInfo as a solution. Just use that... fire it up and cut/paste the info here.
Help U Save is most likely malware.
|
|
IP Logged |
Rock beats Scissors.
|
|
|
Racer1_NC
CH.com Alumnus
New Board Hall of Famer
"Beeeyul the Cat"
Gender:
Posts: 1887
|
|
Re: Dear HACKER
« Reply #13 on: Dec 1st, 2005, 12:10pm » |
Quote Modify
|
Quote:| Help U Save is most likely malware |
|
Dang sure is............
Bill
|
|
IP Logged |
"Everybody's Gotta Learn Sometime."
Eventus stultorum magister.
|
|
|
ExplodingEyeBall
New Board Hall of Famer
I can't think of anything clever to put here.
Gender:
Posts: 2589
|
|
Re: Dear HACKER
« Reply #14 on: Dec 1st, 2005, 12:59pm » |
Quote Modify
|
Go to this URL.
http://www.lavasoftusa.com/support/download/
Click on the 'Software' button.
Install the program that downloads.
Update it and then do a complete scan and let it remove anything it finds.
It may not be a cure all but it's a good start.
|
|
IP Logged |
Just poke out my eye and get it over with!!!
|
|
|
Azrael
New Board Hall of Famer
Sometimes... Being good just ain't worth it.
  
Gender:
Posts: 1786
|
|
Re: Dear HACKER
« Reply #15 on: Dec 1st, 2005, 1:20pm » |
Quote Modify
|
Hold on... So all the evidence you have is that you're gettin' messages bounced back to your e-mail address? You have no other signs of either your internet or mail accounts being cracked? Have you checked the bounced messages for the IP address the original message came from, or the mail server it was originally sent from. Most mailer daemons will attach this information. I'm guessin', the e-mail was not sent from your computer, or an IP address you have ever been assigned, or for that matter an IP address that your ISP even owns. Prolly didn't get sent through your ISP's mail server either.
Do all this other stuff, just to cover your arse, because ya don't want to be caught with your arse hangin' out... But I don't think any of it'll stop the mailer daemon messages. I don't think the problem is from your system and/or account being cracked or having malware (God only knows what DDoS attacks your zombified system has been involved in though)... I believe what you have is just a simple little brain dead script kiddie spoofing your e-mail address on his spam and/or virus messages, so that he doesn't find himself sharing a very small, but very secure apartment with his new girlfriend Bubba. Prolly a bunch of script kiddies form the sounds of it. Did ya do anything to piss off a 14 year old pimple faced moron lately? How about a 46 year old who still lives with his mother and her 86 cats? Or maybe it's just because they like your address... Dunno... Don't matter.
Problem is... They've got your address, they're prolly spoofin' it on a pedophile newsgroup as we speak... And there's nothing you can do about it. Delete the account, or live with the bounced messages. Who knows... Maybe you and mailer daemon will become penpals.
PFDAN............................................... Drk^Angel
|
|
IP Logged |
"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
|
|
|
byoung111
New Board Junior
It's just one of those days!
Gender:
Posts: 67
|
|
Re: Dear HACKER
« Reply #16 on: Dec 1st, 2005, 1:21pm » |
Quote Modify
|
on Nov 30th, 2005, 5:21pm, unsolved1 wrote:OK...someone is seriously screwing with me.
Someone is using one of my accounts to send out spam and viruses. I'm getting the mail demons. (some with viruses attached)
|
|
Just curious...How do you know they are sending mail using that account?
My guess it that your email address on that account is the reply to address on the spam mail that was sent. In other words the spammer is sending mail using your address as the return address. If that make sense. So your account was probably not hacked. Just something else to look at.
Brian
Modified: Drk^Angel beat me to it.
|
| « Last Edit: Dec 1st, 2005, 1:23pm by byoung111 » |
IP Logged |
|
|
|
Azrael
New Board Hall of Famer
Sometimes... Being good just ain't worth it.
Gender:
Posts: 1786
|
|
Re: Dear HACKER
« Reply #17 on: Dec 1st, 2005, 1:23pm » |
Quote Modify
|
I think there's an echo in here... here... here... 
PFDAN............................... Drk^Angel
|
|
IP Logged |
"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
|
|
|
unsolved1
Guest
|
I am just assuming that they're using my account because of the mail demons that never even made it to their destination (I'm recieving them)
Here's a look at my task manager top to bottom
PS> I have no idea what ITunes is ! LOL!
|
| « Last Edit: Dec 1st, 2005, 1:36pm by unsolved1 » |
IP Logged |
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: Dear HACKER
« Reply #19 on: Dec 1st, 2005, 2:09pm » |
Quote Modify
|
Not too shabby.
rlvknlg is adware/spyware. AdAware, which EEB pointed you toward, should nail that.
The Itunes stuff should not hurt you, but if you did not put it there then I would suggest whacking it.
I would say that your rig is fairly clean, and that it is as those guys suggested... your address is being spoofed... which is not a biggee at all and you can do nothing about anyway.
|
| « Last Edit: Dec 1st, 2005, 2:11pm by Lobster » |
IP Logged |
Rock beats Scissors.
|
|
|
Racer1_NC
CH.com Alumnus
New Board Hall of Famer
"Beeeyul the Cat"
Gender:
Posts: 1887
|
|
Re: Dear HACKER
« Reply #20 on: Dec 1st, 2005, 2:17pm » |
Quote Modify
|
rlvknlg.exe is Adware........but nothing that would do what you discribe.
Like others have said.......more than likely the emails are just a spoof.
Download the AdAware program......also SpyBot Search and Destroy. Run them weekly.....
Bill
|
|
IP Logged |
"Everybody's Gotta Learn Sometime."
Eventus stultorum magister.
|
|
|
Racer1_NC
CH.com Alumnus
New Board Hall of Famer
"Beeeyul the Cat"
Gender:
Posts: 1887
|
|
Re: Dear HACKER
« Reply #21 on: Dec 1st, 2005, 2:21pm » |
Quote Modify
|
Echo in here......sorry. That's what I get for forgetting to hit post when I finished typing. Sheesh.
Bill
|
|
IP Logged |
"Everybody's Gotta Learn Sometime."
Eventus stultorum magister.
|
|
|
Jonny
CH.com Alumnus
New Board Hall of Famer
Give me a shovel Ill dig my own grave!
Gender:
Posts: 26213
|
|
Re: Dear HACKER
« Reply #22 on: Dec 1st, 2005, 3:29pm » |
Quote Modify
|
Hey Wrokk, how about this mess?....LOL 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\hp\bin\cloaker.exe
c:\hp\bin\commands.exe
c:\windows\system32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
c:\hp\bin\MsgAction.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\ABP\Border Cam Alert\SBI Alert.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Opera75\opera.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe
|
|
IP Logged |
It is up to YOU to educate yourself and then help your doctor plan your treatment. If you just sit down in front of your doctor and say "make me better" you are setting yourself up for a great deal of pain.
- Guiseppi
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: Dear HACKER
« Reply #23 on: Dec 1st, 2005, 3:51pm » |
Quote Modify
|
You are looking clean.
Heh heh... the border patrol cam app... heh heh!
Not sure what that Omnipass stuff is... guess it is password management... which is fine as long as you put it there.
Cloaker.exe made me go 'oh shit', but it turns out it is ok if it came from HP.
|
|
IP Logged |
Rock beats Scissors.
|
|
|
Jonny
CH.com Alumnus
New Board Hall of Famer
Give me a shovel Ill dig my own grave!
Gender:
Posts: 26213
|
|
Re: Dear HACKER
« Reply #24 on: Dec 1st, 2005, 4:00pm » |
Quote Modify
|
LMAO....Im watching the border, man!!
Thanks Bro!
|
|
IP Logged |
It is up to YOU to educate yourself and then help your doctor plan your treatment. If you just sit down in front of your doctor and say "make me better" you are setting yourself up for a great deal of pain.
- Guiseppi
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
Remove
test rss