I have had a lot of hacking problems so I'm trying to find out how to solve them. I have had Spybot for a while now but I am wondering why the Immunize page says I have 193 cookies, 11618 software domains, 36 IPs, and 708 plugins even though I clean it regularly. The numbers always stay the same.

I have 1 desktop computer and have nothing hooked up to a router. Anyone got any ideas of what may be going on? Any advice would be greatly appreciated!

Thanx

The Immunize page isn't saying that you have the cookies, etc. Those are the immunizations that SpyBot Search & Destroy offers.

When you first click on the Immunize button on the main page, the Immunize page opens and the current active immunizations for the machine is scanned and compared to the ones in SpyBot S&D's database(the 3 columns) showing which haven't yet been applied. Click the Immunize button(with the green plus sign) in the top right and the new immunizations will be applied.

Ok, I see, thanx

now if I could just fonf help for my hacking problem...

Find, sorry about the typo!

Hello Ravenna,


my hacking problem...

Could you give more details please. :)

Best regards.

Here are some pics:

Well, I tried to insert them, then I thought maybe it will give away to do that when you click submit, but it didn't, then I found the little icon where you can get get something off a website, but I don't store on a website.

Hello Ravenna,

Could you explain your "hacking problem" in words? :)

If you believe the computer is infected please see this FAQ, "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) copy paste the HJT log into it and a volunteer analyst will advise you when available.

Best regards.

Yes, thanx for asking -

First I'll say that I know it's not a virus because, although we have had bugs and malware, the things that are done to us would require a demented, psychotic brain...

Hard to know where to start so I'll just write them in the order that they come into my head...

The latest one is that someone keeps erasing my Internet History. I want to keep it there so that I can revisit places I've left posts. Now I'm putting them onto my fave's but some of those are getting immobilized. I have checked the right boxes in the settings to allow them to collect, but they don't - or sometimes they are there when I check, then they are gone the next time I check.

They've been sending my private files out online somewhere. Sometimes they turn into e's and dissappear. I don't even know how to store things online so it can't be me being absent-minded.

They delete most of the logs, but sometimes in the Event Viewer logs I will see something like "The computer is publishing to the Network" Can't think of the exact words.

They've set it so that the files don't open on sepatate windows even though I've set them to in both places. It says so on the check list but it isn't true.

The same thing happens with when I shut off services that allow remote access. It says "Disabled" but it isn't. The Event Viewer shows them starting and stopping. Everything I do is overridden. It's like when you give a baby a toy steering wheel in a car - they think their driving, but you are, really. That's how we are being treated.

They reconfigure our security software. Over and over and over. No matter what one I use.

They won't let me arrange my icons the way I want them so I've given up. I just leave them how the creep wants them.

They delete my nice fonts and replace them with awful ones. If I put the nice ones back on they do it again. Sometimes they even install ones I haven't chosen when I picked them out.

They take off our desktop pics and leave them black. There have been times when we've been doing something and suddenly the desktop pic changes or just goes black.

They take off the screensavers (and we never use downloaded ones)

We can't have the side bar because they keep changing our local city weather and time back to Redmond, Washington. We don't care what the weather's like in Microsoft Land. Speaking of Microsoft, you are the first person from Microsoft who has ever responded to anything I've put on Microsoft sites...and when I called once and talked to someone, he suggested if I didn't want to be hacked when I surfed I should just not use the internet! Gave me the impression they cared about nothing but money. Thank God there are people like you who do care about US!

They uninstall our printer and we "Don't have permission" to install anything so I can't reinstall it till the NEXT time (there've been hundreds) we can scrape together enough money to get a reformat done. Right now we can't use it. It's "theirs" again.

They uninstall our Flash Player, Java, and Adobe so that we can't get You Tube, Streamed Radio or see certain things on websites.

They sometimes lock up our disc drive - Says it's "Locked for exclusive use"

They sometimes interfere when we can use the CD Drive - take files off the disk, add ones we didn't want, erase and write protect them so that we have a blank disk that we have to just throw away.

They delete files - Docs, Pics, Music, Logs

They interfere when we are writing a letter sometimes (like by making it so you can't move columns where you want and things like that)

They change the pages when we are trying to read on a website.

They block us from sending emails - they even tried to break up me and my Husband when we first met. (We met on the computer in a chat room) by sending us emails (supposedly from each other) emails that said stuff like that we'd been thinking about things and wanted to call it quits. Fortunately, we both knew better.

They interrupted our IMs constantly and cut us off when we talked about things like a future together or one of us said, "I love you" We solved the problem by getting married, but we can't do IMs with anyone else now either.

They change our passwords.

They have managed to lock us out of our Yahoo accounts and keep us from being able to use new ones we try to start.

Twice they changed things in my Husband's Yahoo Profile when they were still letting him use it. That was months ago.

They have sent spam from our computer.

They have woke it up remotely. We know we didn't bump the mouse because it has happend when we we nowhere near the computer.

We have been able to see what kind of things they were looking up by doing "ipconfig /displaydns" We could even do this when we were being confined to "Local Only" and couldn't get online ourselves. I even got
"arp -a" readings a few times. This is why I think we are on a LAN. You only get "arp -a" readings if you ar connected to a network of some kind.

We don't want to be on a LAN. We were'nt asked. The reason I called MS was to see if someone could tell me how to get off of a LAN.

Oh, yeah, I tried using Be Larc for a while and have some screensots showing that we were sharing with someone who calls themself "Guest" registered on the "System" We were on the "Local" I have actually found them in the E.V. logs, but they don't reveal their IP or anything.

Well, anyway, I'm sure you can see can see that this is quite distressing, and it's been going on for five years...

If you can help us we would be ever so greatful!!!!:angel:

:thanks:!!!

@Ravenna,

Sounds pretty bad.

I know what I would do, but I am not a Forum Helper or anything, so by the TOS, I cannot give you any advise.

You have my sympathy. Good luck!

Hello Ravenna,

Sorry to hear of the problems. I noticed you posted about them here (http://www.dslreports.com/forum/r23189732-Hacking-problems-from-someone-on-our-LAN)but I don't see a follow up post to sortofageek.

Best regards.

That's because she cut the thread

Had I been able to continue that night, I was going to tell person who asked what ISPs I had that it was Mid Rivers for 4 years, HughesNet for 10 months, and now Verizon Wireless. I have the following programs:

AVG security Suite (Scans show nothing - says it's fine)
AVG Anti-Rootkit Free (Scans show nothing - says it's fine)
Threatfire (Scans show nothing - says it's fine)
Sysprot (don't understand it very well - says a lot my files are access denied)
Spybot (Scans show nothing - says it's fine)
Malwarebytes (Scans show nothing - says it's fine)
Adaware (Scans show nothing - says it's fine)
WIN32Kdiag (says it can't access anything because everything's access denied)

Bug finders don't get rid of someone who has set themself up as Network Admin because they don't know the person is intruding. As far as the security software knows, everyone who has authorized access to a computer is approved by it's owner to be there. Therefore it won't block anyone who has authorization. That's my WHOLE problem.

I've done (how many?) clean-and installs and I had it checked for a delayed batch file by a tech.

...the people who asked why I had a router if I only had one computer, and suggested I try the experement with my router, that it wasn't mine, so I couldn't. But my son has a gadget that can find router signals and there are two strong signals from different ones right in my living room. (Where my PC is) I have actually had (over the years) 6 router numbers on my logs that weren't mine. Also my HN9000 had the capabitlity to hand out 254 IPs and was configured to act as a local router. Network Magic showed that I was connected to a router. Trend Micro called it a "Network Device" and the What is my IP site called it a "Suspected Network Sharing device" My Mother has Mid Rivers and uses a wireless router and she only has the MAC of her own computer on the arp -a reading. When I had MRs I never had less than 4 without a router, and up to over 100. (Same now) I live 4 blocks away from her. I had up to 4 PCs on my direct network maps. I'm not using an antivirus that has one now.

OK, that's why I think I'm getting picked up wirelessly on a LAN.

The person who said it looked like I was trying to do someone else's job for them - I AM. I'm trying to do an ISP head tech's job - looking for a way to NOT get hung up on a wireless LAN because I get hacked on it. After 5 years of begging both MRs and HN to either block the hackers (who's IP and MAC adds I found myself and GAVE to them) I know I will never get any action from them. I am not in an office building and I should be the network admin because I bought the computer, but I'm not. Someone else decides where my icons should be, that Redmond Wa's time and weather have to be on the sidebar (yes, I know how to change it, but they keep changing it back and I gave it up) that I can't have Yahoo Messenger or Launchcast, what fonts I can have and deletes any I put on - and logs, and net history...the list is very long.

Another question asked on the forum page was why I didn't (can't remember the exact words but...) protect my wireless connection - It was because when I found out that the installer didn't connect the cable to the dish outside, as I had asked him to, so that we could have a direct route without broadcasting, but set it up for wireless instead, I asked them on many occations to so. If I had known how I would have done it myself. Could they at least change the 192.168.0.1 to something more imaginative because that is a default number? They refused. I asked them over and over and over. They also refused to change the modem from the "Server" setting, change us to a static IP and only allow ONE IP through.

Then there's why I think the ISPs are turning off my firewalls - because one of HN's phone staff, who said his name was Jimmy, told my Mother HN had been, and the problems we had when we were with MRs were identical to the ones we had with HN, including the firewalls being turned off and reconfigured. (I don't think Verizon are doing it, but I am still getting caught in that LAN)

Anyway, she had asked him why they kept saying I wasn't getting hacked and I was. He told her I wasn't and they went through the "Are you using a router...?" thing they always did, and she gave him the same answers I always did. When he asked her if I was using a firewall,

she said, "Of course she's using a firewall! But they even turn off her firewalls and reconfigure her security!"

He said it was THEIR firewall that disabled ours. I thought:

"????????????????!!!!!!!!!!!!!!!!!!!!!!!!?????????????????"

She said, "No wonder she's getting hacked if your turning off her firewalls!"

He said it was because theirs was sufficient.

She said, "It isn't sufficient because she's getting hacked!"

She asked him if there was any security I could use that theirs wouldn't turn off and he said, "None"

Then I said something in 'Fench' and added, "I don't care about the early cancellation fee, I'm outa here!"

We got out of the early cancellation fee because I sent some screen pics to the bank and Hughesnet couldn't argue about it so they waved it and refunded the $600 I asked to have back that we had paid. I had wandered into their engineer's info when we were confined to "Local Only" but still fully capable of getting the router pages up and being hacked. I got bored one day and clicked that little man on the top of the page. There it was! Everything I needed to know! Including the IP of the network admin THEY had assigned, and it was one of the MAC addresses and two of the IPs I had given them.

Had they been on the level they would have told me about it. There was even confirmation that we were on a VPN. I haven't got a clue what most of this means. Oh, how I wish I would have stumbled onto this BEFORE we had been cut offline! I could have seen what and who they had us connnected to in full glory, but alass...

I wrote it case sensitively but some of the spacing may have gotten lost or added in translation.

Things off of the HughesNet Engineers' Pages:

pepMySpwAddrShow -
ox(200105b0:00000000:00000001:f40144e3)

Peerlist:
IP:0xf60000a2 Type: Permanent 92.242.140.11

SDS IP Address...192.168.0.1
Switch Dest Ports...80,8080

Bypass Rules:

Dest IP Dest Mask
----------------------------------------------------------------------------------------------------------------------------------------------------
69.193.112.0 225.225.254.0
70.243.112.0 225.225.254.0
207.71.43.0 225.225.255.0
64.186.176.0 225.225.240.0
63.251.179.0 225.225.255.255
66.82.20.50 225.225.255.255
208.81.96.2 225.225.255.255

Server Statistics:
DhcpDiscoverRx 2
DhcpRequestRx 21
DhcpOfferTx 2
DhcpAckTx 21

dcaStatusShow:
server functionality is enabled

Virtual Port IP Sdress Config:
port # [0]: 1
Our Virtual Port IP Address[0]:244.1.68.227
Pep Enabled[0]: 1
DHCP Relay Enabled
TCP Spoof Enabled
Port Adaption[1]: 0 (LAN)
Port State[1]: 0 Active

IP Task Level 3 Statistics:
User Port 1
LAN Status (Active/Idle: 1
Lui Rqst 96
pa MaxChannellLpading = 24.00
ShowMctDAT:
FID 12 DestAddress262148
BID 2 TMF 75
VPN 255

NAT CORE
pkts_xlat: 30845
pkts_not_xlat: 30530
napt_xlats: 12
inbound_xlats: 12
outbound_xlats: 30833
proxy_not_xlats: 61072
int_not_xlats: 30845
icmp_xlats: 196
tcp_xlats: 74
udp_xlats: 30575
pkts_filtered: 3

Misc:
local_lan_pkts: 1965

Configuration:
notes_received: 1
nat_instances_created: 1
intnat_instances_created: 1

Extranet Multihoming:
Num pkt from LAN filtered: 3
Ping to GI NAPT address from space: 12

SCHP IP Address...127.0.0.1
Hsb Domain: sslxl: com

Network Information:
St Mgmt IP Address: 72.0.11.28 *
St MAC Addr: 00-80-AE-A3-FC-C5
St Upam IP Address: 169.254.0.1

* I looked up 72.0.11.28 and found it belonged to a company called "Citi Street"
The MAC Address belongs to a device made by a company in Sweeden called "Packet Front" and is owned by Hughes Net
IPs 169.254.121.117 and 169.254.121.118 both also belong to that MAC Address. The latter was a Bluetooth device and when I typed that IP into Google I got a site about a Nokia 6000 cell phone. THIS person must have been VERY local.

TL4 General configuration...
TL4 Swotch Enabled
Total Applications - 1
MGT Operation Mode - Disabled
Max Retx SYNs - 2
TCP Checksum - Disabled (Validation)

CCB Stats...
Peak CCBs - 1
Effective CCBs Allocated: 151
CCBs in Free List: 150
Current CCBs State: <Guess I missed this one>
Closed: 150

TCP Pkt Stats:
Rcvd from SDC...13
Sent from SDC...13

MAC Address LAN 1:00-80-AE-A3-FC-C5
IP 169.254.121.117,
IP 169.254.121.118,
IP 72.0.11.28

MAC Address LAN 2:00-80-AE-A3-FC-E2
(OUR MODEM)

Rnable AtVP flag is FALSE

MultiCastGatekeeper IP 0.0.0.0
Virtual Port Number = 1
Virtual Port Address = 32.1.5.176 (0)
Virtual Port Address = 0.0.0.0 (1)
Virtual Port Address = 0.0.0.1 (2)
Virtual Port Address = 244.168.227.3 (3)

Proxy Auth Reqd
SCHP IP Address 127.0.0.1
SCHP Listen Port 2000

IP Addr [1] : 192.168.0.1 (c0a80001) subnet Mask [1] : ffffff00
Broadcast Addr [1] : 192.168.0.255 (coa800ff)

Then someone said I shouldn't be seeing B-Root servers. I would really like to talk more about that! I looked them up and found they are in California. We saw them on our logs when we were with MRs.

Hi Ravenna,

A frustrating situation I'm sure. :sad:



Speaking of Microsoft, you are the first person from Microsoft who has ever responded to anything I've put on Microsoft sites..
I am not from Microsoft. ;)

I'm afraid the problem you are experiencing is beyond the scope of this site which is to provide support for our software and a malware removal forum for those with infected computers.

Do you know anywhere else I could go?:confused:

Hi Ravenna,

Do you know anywhere else I could go?:confused:

Normally I would direct you to the malware forum so someone could check the system but that was suggested at dslreports also and it looked like you passed.


They uninstall our printer and we "Don't have permission" to install anything so I can't reinstall it till the NEXT time (there've been hundreds) we can scrape together enough money to get a reformat done.

Have you thought of reformatting the machine yourself rather than paying someone?



and it's been going on for five years...

What is the operating system and how old is the computer?

Best regards. :)

>Normally I would direct you to the malware forum so someone could check >the system but that was suggested at dslreports also and it looked like you >passed.

:sad:I passed because it required a very complex routine that I found daunting, especially because it ordered printing out instructions and since my printer has been uninstalled (remotely) by the creeps, the suggestion just made me want to cry. I can't reinstall my printer till the next time we can afford to get it reformatted again. I have done all of those things before and had MANY many reformats and even bought a new PC. I've tried all of the best security softwares as well.

If it was just malware or viruses I would have been able to get rid of the problem long ago. It's not that I don't want to listen to good advice, it's just I know it has been futile before and am discouraged about doing it all YET again.

>Have you thought of reformatting the machine yourself rather than paying >someone?

I've done it myself many times but I have had to ask Dell for 3 replacement disks because they have been stolen. (probably by the person(s) who are doing the hacking) I don't have one at the moment.

However, even when I did it myself, it was a matter of moments before the "remote admin" was back and starting it all again. I did it 3 times in a row once (in 1 night) and couldn't get rid!! :sick:

>What is the operating system and how old is the computer?

I had an XP and now I have a Vista. I bought it in January of 07. Had all of the same problems with both.

When I was with Mid Rivers I shared an access point of some sort with 3 other computers. From logs and network maps I got their IPs and the MAC Address of the device in question, which were:

72.250.136.1
72.250.139.1
216.228.50.1

00-0D-66-25-4C-01

The IPs all belonged to MRs. The sharing device turned out to be made by CISCO and also belonged to MRs.

For a short time I had Spiceworks ajnd they confirmed it, even giving the whole name of the device, which was:

c20.r1.mtsdny.infoave.net
IP: 216.228.50.1

MRs refused to do anything so we went to Hughes, who were no better.

I also have all those IPs you saw on HN.

Hey, you know what's REALLY COOOL?;)

Since I've been with Verizon, I am still getting hacking problems, but MRs and HN both stopped all posts I wrote to seek help and sent them back as spam. Even emails I wrote to my older son, who knows a lot of things about computers himself. I started wondering if all of my mail was going through filtering as I noticed that they all would have all this gibberish that looked like scoring for certain words. The numbers for the words were always consistant...
My son fixes PCs, but knows only the basic things about security.

Verizon won't do anything about the hacking either, but they aren't sensoring my email. At least I am finally finding people that may not be able to help me directly, but the fact that anyone cares is VERY comforting and it is really helping me get out of the dumps! :):thanks::)

Hey, I forgot to say, last night that the creeps always change to whatever ISP I do, but I'm gonna call it quits here. I'm gonna look for a strictly security site.

It was nice knowing you

Thanx

Bye

:bigthumb:

Take care Ravenna and good luck. :)