1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can someone help?

Discussion in 'Virus & Other Malware Removal' started by LucieMumOf2, Feb 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. LucieMumOf2

    LucieMumOf2 Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    2
    I have reason to believe that someone has been remotely accessing my laptop without my permission. I have included a log from hijack this scan. Would this be able to tell me if my suspicions are right?

    Logfile of HijackThis v1.99.1
    Scan saved at 00:24:19, on 13/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe


    Thanks for your help. Lucie
     
  2. tjamnz

    tjamnz

    Joined:
    Jun 15, 2004
    Messages:
    774
    Lucy, I checked out your running processes, and everything appears to be ok.
    Why do you think someone is remotely accessing your machine? Please describe what happened, and then i can make a more accurate assessment. Also, Where do you usually network your computer, wirelessly or wired (ethernet)? home, work, coffee shops?

    There was a situation once, where I know someone who forgot to log off of their email at a coffee shop (they realized it later), and some of their email had been messed with. At first they thought someone might have hacked their computer. Anyways, there are quite a few instances... buggy software, missing or misplaced files, bugs, spyware (didnt see anything on your pc however) that can cause one to believe such a scenario. If your worried about such a breach, change you admin password to something like MyPWD101! (upper, lowercase phrase with a symbol) and that will make your system more secure from prying eyes etc..

    Also run and install ad-aware from downloads.com. its free and easy. (anti spyware prog) If you come up with anything besides tracking cookies id be suprised. They cant harm your system. If you do find anything else after the scan let me know, and i'll look into it.

    Also.. I think AVG is ok and everything, I just dont trust it quite as much. Ive had a few virus in the past and AVG couldnt remove them, or didnt detect them. Every since I upgraded to McAffe, Ive never had a problem. McAffe has pretty good support too. My ISP comcast offers the service download for free. Other that that its 30 bucks at target or wherever.

    -Tate
     
  3. LucieMumOf2

    LucieMumOf2 Thread Starter

    Joined:
    Feb 12, 2007
    Messages:
    2
    Thanks for that!

    I run a wireless network at home. I am admin on a parenting forum and we have had a few problem members and threats to get into my machine:rolleyes:

    Just when i was typing to a friend in an MSN convo last night too loads of stuff was written that I didnt type. Just all seemed a little odd.

    Will look into the spyware. Thanks so much for your help.
     
  4. tjamnz

    tjamnz

    Joined:
    Jun 15, 2004
    Messages:
    774
    Yeah... see if you can set up a log (contact your web developer or webhost) to log the ip's of guests if you cant do that already, just in case. Im sure your webhost will gladly let you know about how they secure your systems. Plus wouldnt it be fun :D to learn a little bit about computer security? (you might want to ask them how they handle "instrustion detection", if your concerned about it)

    And in regards to your home pc, It takes quite a bit of skill for someone to hack a computer thats behind a nat router, has good reliable and up to date antivirus solution such as McAfee or Norton (they'll find rootkits or trjoans before they can take over your system), and make sure to enable auto-updates for your operating system. Also.. I always shut down my system at night. You cant hack a box when its not running. You might want to consider using a firewall also that can log any attempt to access your home pc. You can find all kinds of tutorials online about firewalls. I use ashampoo firewall... its very easy to use and has a nice interface. (zone alarm is also highly recommended in net circles)

    Just remember that if you try a new one, you can't run two firewall programs at the same time. So you'd have to disable your windows firewall if you install a new one.

    And last but not not least... If you want ultimate protection... sign up for one of those proxy vpn services. They'll encrypt your data through whats called a Virtual Private Network. If you take a few minutes to read about them youll realize that hackers would consider this type of connection (to attack) a complete waste of time. Not worth the effort and time to try and sniff your communications. SSL cant be cracked by a novice, or some kid with a few free internet tools (scripts).

    Megaproxy.com

    AliveProxy

    The sweet thing is about these services is that you can use your notebook or desktop and browse the internet at home, coffee shops, wireless hotspots etc.. all via your VPN account. Theres usually a small monthly fee to use em. In the future I believe everyone will use this sort of service by default.

    good luck with everything
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543580

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice