Please Help, Being Hacked =/

zookopf · 21-Aug-2009, 04:43 PM #1

Hi, when I started my computer today I noticed the internet was very slow, I installed zonealarm which I had ment to do the day before having just reinstalled wondows. zonealarm started spamming alerts at me and the internet traffic was high even tho I wasn't using it. I didn't like this 1 bit so i decided to restore to factory settings(destructive method) having nothing on my computer I care about losing anyway. when this was finished I installed zonealarm and was still getting these alerts. I then installed avg and did a full scan, there was nothing found except cookies. Im guessing that this person/program was attacking my ip? so thats why the restore didn't work?. Would changing my ip solve this and is that possible on an adsl modem?.

here is a scrn of the zonealarm log

http://img38.imageshack.us/img38/6593/51851420.png

Phantom010 · 21-Aug-2009, 05:30 PM #2

When connecting to the Internet, we are constantly in the flow of network traffic. The log you are seeing is typical of all firewalls. That's why we have a firewall in the first place; to filter traffic. There's nothing unusual about your log.

Read more on firewalls here.

cwwozniak · 21-Aug-2009, 05:47 PM #3

It has been a long while since I have used Zone Alarm but I believe that you should have a setting somewhere to NOT display an alert every time there is a blocked incoming connection request.

As Phontom010 said, you are just seeing typical Internet traffic. Most of those blocked attempts may be coming from virus infected computers that are scanning large blocks of public IP addresses, looking for vulnerable systems.

zookopf · 21-Aug-2009, 06:05 PM #4

Ok, thanks(feeling slightly foolish). I was just worried about the frequency of them and when I had zonealarm before they didn't show up.

I got a couple of these aswell, rated as high in zonealarm.

http://fwalerts.zonelabs.com/fwanaly...5&tab=overview

http://fwalerts.zonelabs.com/fwanaly...2&tab=overview

One of them says my computer tried to contact another computer on my network but I dont have a network, I have 2 computers connected to 1 router/modem but they are not directly connected and the other computer was not turned off at the time. Sorry if im asking more stupid questions, but im just a bit touchy about these things.

**Byteman** · 21-Aug-2009, 06:08 PM #5

Quote:

Originally Posted by ZoneAlarm

Should I be concerned?

No. ZoneAlarm blocked the connection attempt, so no harm can come to your computer from it. Port scans are very common on the Internet and are not usually targeted at specific individuals.

If it was blocked, then things are OK. Your computer may need specific ports to use email, for example, and if you block access to ports you need open you arent going to be happy.

The network one is still not a concern....it's your own computer talking to the network----your network. Follow the directions in "What should I do?" in the answer for that question.....

cwwozniak · 21-Aug-2009, 06:12 PM #6

Both of your links came back as "We are sorry, but the SmartDefense Advisor is unable to service your request at this time." They may only work on your computer. Does ZonaeAlarm report exactly what application is trying to access the other computer

If both computers were on at the same time you might be having Windows trying to check the status of the other computer. Are you using any file or printer sharing?

**Byteman** · 21-Aug-2009, 06:15 PM #7

Their links are working for me with no problem.

http://fwalerts.zonelabs.com/fwanaly...5&tab=overview

http://fwalerts.zonelabs.com/fwanaly...2&tab=overview

I'll copy the second one about the NETBIOS threat so you can read it cwwozniak.....

Quote from http://forums.techguy.org/ [url

http://fwalerts.zonelabs.com/fwanalyze.jsp?record=ZLN13324787138949-1025/d4b473012334e0401203642&tab=overview][/url]

ZoneAlarm prevented your computer from connecting to NetBIOS port 138 on another computer

ZoneAlarm has successfully stopped Internet traffic from leaving your computer. No breach in your security has occurred. Your computer is safe.
What happened?

Your computer has attempted to use NetBIOS port 138 to connect to another computer, located at address 192.168.1.9.

Should I be concerned?

No. 192.168.1.9 should be an address on your local network. One possible explanation for the alert is your computer is attempting to renew an IP address from a DHCP server. Both DHCP and NetBIOS are common on most local area networks using Windows platform domains. The address could also belong to a DNS server or another LAN-specific server.

What should I do?

If 192.168.1.9 is an address on your LAN, you should add your Local Area Network to your Trusted Zone. When security is set to Medium (the default in the Trusted Zone), ZoneAlarm allows NetBIOS communications to pass through the firewall. High security denies NetBIOS communications. To avoid seeing this type of alert in the future, please refer to the ZoneAlarm help files for instructions on adding hosts and IP addresses to the Trusted Zone. If 192.168.1.9 is not on your local network, then perform an updated anti-virus sweep of your computer.

Why upgrade to ZoneAlarm Pro?

Complete your online security with advanced email-borne virus protection, Internet ad blocking, as well as a more detailed analysis of intrusion attempts. ZoneAlarm Pro is the next generation in PC firewall protection. It provides 100% peace-of-mind from hackers and identity thieves. The exclusive Privacy Panel allows you to surf more anonymously by controlling cookies and blocking referring url strings.

As a current ZoneAlarm user, you are a perfect candidate for the advanced protection in ZoneAlarm Pro...ZoneAlarm Pro will pick up all your current ZoneAlarm settings! If you want to increase the security of your personal and private information online, you need the advanced protection of ZoneAlarm Pro. Protect your PC and your privacy from the prying eyes of hackers and data thieves with these ZoneAlarm Pro EXCLUSIVES!

Stop hazardous email viruses from infecting your PC.
Block annoying pop-up windows and banner ads.
Eliminate Web site tracking devices.
Pinpoint the source of intrusion attempts.
Lock down your security settings with password protection.

zookopf · 21-Aug-2009, 06:15 PM #8

ok thanks everyone, one more thing, that is the normal rate as which a firewall incounters these things, 3-5 per minute?

Phantom010 · 06:23 PM

Links are also working for me.

Edited: Links suddently showing same message as the ones cwwozniak described.

Phantom010 · 21-Aug-2009, 06:20 PM **#10**

Quote:

Originally Posted by zookopf

ok thanks everyone, one more thing, that is the normal rate as which a firewall incounters these things, 3-5 per minute?

Approximately yes.

**Byteman** · 21-Aug-2009, 06:20 PM **#11**

Yes, it can be a ton of those alerts....you can also turn off or reduce the amount

I would not advise it right now.

Is there a hardware router at your end...that provides a firewall, you know. It may be overkill to use a software firewall set too strong.

zookopf · 21-Aug-2009, 06:24 PM **#12**

ok, load off my mind, thanks to everyone for your time and patience, i think i know What the network thing was, I had my modem off for a couple of hours so it was probably trying to renew the ip address,

No. 192.168.1.9 should be an address on your local network. One possible explanation for the alert is your computer is attempting to renew an IP address from a DHCP server.

zookopf · 21-Aug-2009, 06:25 PM **#13**

i'll look into my router firewall situation.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!