Has my computers been hijacked?

January 5, 2006 at 19:34:14
Specs: XP / 2kpro, a few

I have a small home network. I usually run about 3 computers, one for general internet browsing, one as a file server, and one for downloading.

All but one have up to date antivirus as I rarely ever run the file server on the internet.

I have the errie suspicion that my main web surfing computer has been hijacked. When there is no one around My Documents seems to open on it's own, and Remote desktop pops up on my downloading computer.

Only my downloading computer has remote desktop server running on it not my web browsing one. All ports are firewalled through my router except for a few for the downloading programs. I really can't tell if it's happening to my downloading computer as I rarely ever sit down in front of it I mainly connect via remote desktop client.

I have always had my XP computer disabled so there can be no remote connections to it. I have never installed any remote servers on it either just a client.

I use Real VNC, for remote desktop, AVG antivirus, Spybot S/D and mostly firefox for a browser.

I have noticed My Documents opening before when I was doing some web surfing but what got me paranoid was the Remote Desktop poped up. I had all applications shut down but yahoo messenger and was going to shut down my computer, when I went into the kitchen to get something to drink I came back sat down and looked at my desktop and the client was connected to my downloading computer and a folder was open where I download my documents too. To get into my downloading computer via remote desktop, I also have to enter a password for it. What are my chances of forgetting I logged into the computer, opened a folder and left lol. I must be going nutz.

Nothing seems to be missing or arranged but I would like to know if there are any programs to detect if anything is hidden running on my computer that I cannot see.

Mabey i'm just paranoid?

Just for kicks I unplugged my DSL modem from the router and changed my password then reconnected my modem to the router.

I'm also conserned about if my computer has been hijacked would there be any keyloggers?

Should I go to a friends house, log onto all my accounts and change all my passwords just in case?

Any advice? or am i just being paranoid?



See More: Has my computers been hijacked?

Report •


#1
January 5, 2006 at 21:40:42

Download HiJackThis, install & run to get a log file. Don't fix anything yet.
You then post the log file at a site provided below & it will tell you what to fix.
http://www.merijn.org/downloads.html
http://tomcoyote.com/hjt/

HijackThis log file analysis & repair ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://startup.networktechs.com/page-68.html
http://hjt.iamnotageek.com/


Report •

#2
January 6, 2006 at 14:06:31

There are many, many keyloggers and backdoors out there. Make sure your systems are totally clean before you change all your passwords.

WILL POST FOR FOOD.



Report •

#3
January 6, 2006 at 15:03:40

Well I posted my log at http://tomcoyote.com Guess i'll wait and see what they can tell me.

I like your sig Zentih will post for food! ha Have you gotten any yet?

If I start swappin passwords I'll go to my friends house and use his computer to change online passwords and such. I used one of them I rarely get online with to change my router password and buttoned up some extra ports too.

I completely disconnected it from my DSL modem just incase someone was watchin me lol.

hopefully there are no keyloggers involved!

ASUS A7V8X
Athlon XP 2700+ @ 2.17ghz
1GB DDR 2700
nVidia 128mb FX 5200
80GB WD SE + 200GB Maxtor
NEC ND-3500AG DVD R/RW


Report •

Related Solutions

#4
January 6, 2006 at 15:29:42

"Well I posted my log at http://tomcoyote.com Guess i'll wait and see what they can tell me"

I just had a look at you log & your HiJackThis version is out of date.
You can post your log here, run the below 1st.
http://computing.net/security/wwwboard/wwwboard.html

Keyloggers & others, run these.

a² free
http://www.emsisoft.com/en/software/free/
Update after installing.

ewido security suite free for Windows 2000/XP
http://www.ewido.net/en/features/
http://www.ewido.net/en/download/
Please use the online update after the installation. Only then can the recent signature database be transferred and installed.



Report •

#5
January 12, 2006 at 13:07:45

Hey Johnw I posted my log here and at http://tomcoyote.com fourms.

Been having some internet troubles sorry it took so long.

ASUS A7V8X
Athlon XP 2700+ @ 2.17ghz
768MB DDR 2700
nVidia 128mb FX 5200
WD 80gb SE
NEC ND-3500AG DVD R/RW


Report •

#6
January 12, 2006 at 15:25:15

OK ludedude25, you are in good hands now.

Report •

#7
January 12, 2006 at 15:45:51

Looks like you will have to post here again ludedude25, need to ask if it is OK, before posting your log.

Report •

#8
January 12, 2006 at 16:50:03

Well I posted here but it was removed

I also posted again at http://tomcoyote.com

ASUS A7V8X
Athlon XP 2700+ @ 2.17ghz
1GB DDR 2700
nVidia 128mb FX 5200
80GB WD SE + 200GB Maxtor
NEC ND-3500AG DVD R/RW


Report •

#9
January 12, 2006 at 16:51:08

Well I posted here but it was removed

I also posted again at http://tomcoyote.com

I have no idea whom to ask about posting the log file.

ASUS A7V8X
Athlon XP 2700+ @ 2.17ghz
1GB DDR 2700
nVidia 128mb FX 5200
80GB WD SE + 200GB Maxtor
NEC ND-3500AG DVD R/RW


Report •

#10
January 12, 2006 at 17:11:35

Do it this way & you will be OK here.

"Looks like you will have to post here again ludedude25, need to ask if it is OK, before posting your log"


Report •

#11
January 13, 2006 at 15:33:28

Well it still won't let me post it here and I don't know who or how to ask about posting the log here.

I tried the deal that says test here when you try to post a logfile and everything is reported safe except IE which it says is out of date. I rarely use IE anyhow.

ASUS A7V8X
Athlon XP 2700+ @ 2.17ghz
768MB DDR 2700
nVidia 128mb FX 5200
WD 80gb SE
NEC ND-3500AG DVD R/RW


Report •

#12
January 13, 2006 at 15:42:55

Just word a New post exactly as you did on this page, Do Not post a log until asked.

Report •

#13
January 18, 2006 at 08:56:10

Oh well i think i'll just trust the hijackthis log reader.

ASUS A7V8X
Athlon XP 2700+ @ 2.17ghz
768MB DDR 2700
nVidia 128mb FX 5200
WD 80gb SE
NEC ND-3500AG DVD R/RW


Report •


Ask Question