1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Multiple ppl connected using Cox host riding my wave

Discussion in 'Networking' started by BrotherPorter, Apr 29, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. BrotherPorter

    BrotherPorter Thread Starter

    Joined:
    Apr 27, 2015
    Messages:
    4
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: AMD Phenom(tm) 9550 Quad-Core Processor, x64 Family 16 Model 2 Stepping 3
    Processor Count: 4
    RAM: 3071 Mb
    Graphics Card: NVIDIA GeForce GT 220, 1024 Mb
    Hard Drives: C: Total - 305244 MB, Free - 263410 MB;
    Motherboard: ASUSTeK Computer INC., M2N-MX SE Plus
    Antivirus: Webroot SecureAnywhere, Updated and Enabled
    -----------------------------------------------------------------------------------------------------
    I've been using Norton Security for 2 months but these people have pierced every Security/firewall I've used and Norton refuses to admit it happened to them even when they connect to you and you show them the page that proves it. Cox refuses to admit and believe it also. I've had this intrusion (hack since last July) filed with I3Cs and FTC, local PD don't have cybercrime unit so won't take report. I'm technically astute because I was part of startup company called Pacific Bell Internet back in 1994 and we created dialup, ISDN, DSL, etc... even before big cable monopolies only @Home had started. anyway,
    no matter what computer I use, 3 different versions of windows XPsp1, XPsp2, Win7hom3prem sp1 I've never had admin rights since they've connected.
    Currently for past couple of months I've elimminated wireless card, router and only ethernet, LAN card on motherboard but they still have multiple folk, they've even using my gmail account and Udemy (school courses that they logon as mobile as I'm logging off).
    I would have tried searching all forums but just overwhelmed by the 2 notebooks full and 5 flash drives of info I've collected so I'm going to put info as you wish to get rid of these. we have noted things back & forth via notepad, and of course, yes, I know I shouldn't have made it personal... I don't have anything to hide in any of this since this; I have gone to library but shown the librarians the screen pop when I login to gmail or google or use some of my flash drive. They can even manipulate some of my files here at home. I could use some help here guys. Thanks for the help.
    BrotherPorter
     

    Attached Files:

  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    Hi,

    Why did you post those screen shots ? I don't get the meaning of providing them.

    Since you have eliminated router and wireless card, the only thing left are your PCs, which I suspect have some hacker tool remote admin program installed. The loss of your admin rights in Windows proves that. The only way to get rid of your hackers is to re-install Windows. Then immediately doing Windows Update. Then download the latest version of your favorite browser, browser plugins like Flash. Remember not to surf with IE before the updates are finished. Also remember that Windows Updates come in batches, so you must check for more updates when one batch is finished.

    It is crucial that you obtain update versions of the programs that you use. Especially your browser and plugins. These companies put out new features and introduce new security bugs with each release. And a new release comes along and fixes some of the bugs and introduce yet more new features. So the update cycle never ends.

    If you have downloaded any apps through bittorrent, do NOT re-install them, as they may have backdoors. It is pretty common to rig a bittorrent download with a backdoor. Since backdoors are not viruses, ie they don't replicate nor damage Windows, the antivirus firms don't deal with them as they take a rather strict definition of the word virus.

    Attacks to Windows often use old security vulnerabilities. The hackers reverse engineer Windows Update patches and create exploits. That's why it is important to do Windows Update as soon as possible after an install of Windows.

    You mentioned that you use gmail. Gmail has a 2nd factor authentication and can place a voice call to your cellphone to tell you a passcode which you key in before they let you access your mail. Enable that feature. Now nobody without access to your cellphone can log in to your gmail.

    In case you haven't noticed, Windows XP has reached end-of-life. And MS is no longer providing security patches to it. It is not secure to use Windows XP to connect to the internet.
     
  3. BrotherPorter

    BrotherPorter Thread Starter

    Joined:
    Apr 27, 2015
    Messages:
    4
    you're right, they renamed one of my images. I promise I'm not Mel Gibson in Conspiracy Theory! I'm among like minded folk. OK the OpenDNS image shows a 92.x.x.x Network. That is NOT a Cox network IP address and it is CERTAINLY not my generally COX ip address. I've had Cox Solutions guy tell me they are leased about 2 weeks. at the time, my IP was 70.179.136.99 and OpenDNS tech support asked me to check with Cox to see if they were using some type of proxies on their network -- cox response was no. went no further.
    Now what you don't see is the Belarc image which they renamed which shows the network images of the connected 70.179.136.x which have multiple connections with different routers/modems and I don't know how to disconnect them. How are they bridging or are they the 6/4s? I don't have a router connected.


    Here is what that image was supposed to have been. You can see I'm the windows 7 workstation and my card is the NVidia nforce 10/100 Mbps Ethernet. DNS servers are cox


    Microsoft 6to4 Adapter
    Microsoft ISATAP Adapter
    ↑ NVIDIA nForce 10/100 Mbps Ethernet
    primary Auto IP Address: 70.179.136.99 / 20
    Gateway: 70.179.128.1
    Dhcp Server: 172.19.121.31
    Physical Address: 66:77:44:22:33:10
    Connection Speed: 100 Mbps
    Teredo Tunneling Pseudo-Interface

    Networking Dns Servers: 68.105.28.11
    68.105.29.11
    68.105.28.12
    Network Map (mouse over IP address for physical address) [Back to Top]
    IP Device Type Device Details Device Roles
    70.179.136.1 Network Device Cisco Linksys
    70.179.136.2 Physical Address 2C:33:7A:95:8B:B2
    70.179.136.99 Windows 7 Workstation Mbphvice (in WORKGROUP),
    mbphvice.ks.cox.net
    70.179.136.110 Physical Address 48:5A:B6:EB:A6:9C
    70.179.136.111 Physical Address 00:24:21:84:C5:2B
    70.179.136.112 Network Device Netgear
    70.179.136.132 Network Device Netgear
    70.179.136.133 Physical Address 00:11:11:49:D2:65
    70.179.136.134 Physical Address 7C:B2:1B:29:7D:16
    70.179.136.166 Physical Address 94:10:3E:55:77:D9
    70.179.136.167 Physical Address 00:40:77:BB:55:11
    70.179.136.168 Network Device Netgear
    70.179.136.200 Physical Address 60:EB:69:5F:51:B9
    70.179.136.201 Network Device Cisco Linksys
    70.179.136.202 Physical Address 00:FF:F0:78:1F:1D
    70.179.136.203 Network Device Zyxel
    70.179.136.204 System Dell
    70.179.136.205 Network Device Cisco Linksys


    the history image shows multiple ppl using my Gmail account to send/receive mail from other countries, etc. I have one picture where they've just had a baby. One asks to change the Netgear password (router) and Netgear replies that it is out of warranty. I want to forward that to Google to show imitation but can't find that link. I thought of buying a new hdd because I've tried to low level format but the wd software won't run and I suspect they are preventing that from happening. they move all the windows folders to created folders including all the windows update items. I've resinstalled after formatting at least 8 times since last July when this all started. I'm an alpha tester for a national firm and I told them I couldn't continue right now until I was certain they couldn't pierce their firewall like they have webroot, Norton,
    thanks for the help.
     
  4. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    The most common way to take over Windows is to use a remote admin tool. These tools connect outbound to your attackers and most firewalls allow programs to call outbound and only stop things from reaching inwards. Or they have latched on to a program known to the firewall and call out.

    You said you have re-installed Windows several times. But you may have neglected to do Windows Update immediately or re-installed a vulnerable application. It is crucial to do Windows Update immediately. And install only up to date programs. There is a security vulnerability in your set up, that much is certain. Because that is the only way for an attacker to gain an initial foothold.

    When you re-install Windows 7 again ( I assume that is your main computer) , turn off the Windows XP machines. Since you say they have compromised them. Having an internal compromised machine makes it trickier because they can use the internal machine to attack you. And Windows by default trusts things inside your network. Configure your firewall telling it that you are in a public place - that is the most secure option. Because if you set the firewall profile to home/private then certain ports are left open for things like File and Printer Sharing etc.

    Is the Netgear device listed above your router? What is the model number?

    Note that you want to update ALL network facing programs. That includes your browser, browser plugins, chat and email programs. Also the list includes things like Adobe Reader and MS Word, because you use them to load things downloaded from the internet; that is, they take indirect input from the internet.

    Enable Gmail's 2nd factor authentication. It is a must do item if you want to secure your email.

    The only known way to counter hackers is to harden your Windows. That means to configure Windows so that it only does what you normally do and nothing else. This creates a smaller attack surface for your attackers to manipulate. Google for "hardening Windows 7" and you will see some guides on how to do that.
     
  5. BrotherPorter

    BrotherPorter Thread Starter

    Joined:
    Apr 27, 2015
    Messages:
    4
    OK, I only have 1pc at home; it has NO router; I stopped using it and pulled my NVIDIA plugin card even though I enforced MAC filtering. Remember somewhere in that first post, I said I was a techie. I don't even plug in an rj45 until after I've installed windows completely and I have the sp1 bookmarked so I don't have to wait for piecemeal delivery of each KB. I tried doing a LLF using WD software but it wouldn't complete. I've had 2nd factor authentication on any account that uses them and I use Nortons VIP access token and I also use Yubico. I'm not a noobie. Cox won't accept culpability in recognizing these are all their IP addresses and Norton won't accept the fact their pride and joy has been pierced. I now have 2 emails with baby pictures that have come through emails and another that when I look at the source file and start identifying some of the receiving email servers, they pass through UK Ministry of Defense -- it can't get much better than that. Are we talking Wahlberg in Shooter? Anyway, have to keep some humor in this ridiculous farce when nobody has a solution that is viable. Even the forums hit the wall but thanks for your suggestions.
     
  6. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    There is a even safer way to do installs. First you download 2 things: your service pack to a USB memory stick, and WSUS Offline.( http://download.wsusoffline.net/ ) WSUS offline is a windows update batch downloader. It creates an ISO with all the critical updates. After creating this DVD, then you install Windows offline as you have done. Then run the service pack installer. Then insert the DVD generated by WSUS and it will patch Windows. So now you have an almost fully patched Windows before ever going online.
     
  7. BrotherPorter

    BrotherPorter Thread Starter

    Joined:
    Apr 27, 2015
    Messages:
    4
    the stick is certainly a good idea but the back door has to do, I think, with the IP address, they really don't change that often with Cox unless you leave the coax unplugged for a long time; the solutions store told me they change automatically every couple of weeks.

    It's a difficult position; this is not the only Board that hasn't come up with a whitehat answer. There is one that advertises in the craigslist here but how do you learn to trust he/she won't put a backdoor in. Once this happens to you, your trust erodes completely in many areas. Anyway, your ideas have been a great source of wisdom.
    Thanks.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147443

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice