I think a hacker may have gotten into my computer. I'm normally good about standard security practices. I have ZoneAlarm, Norton AV as well as Adaware and Spybot. I also have all the current patches from Windows update, downloaded and installed on my system. However, recently I've had some strange activity on my computer. I had some Java software installed on my computer and I believe I may have somewhere along the line went to a malicious website that may have exploited a vulnerability. I have been getting odd alerts and requests from my zonealarm firewall. When I try to load IE or Mozilla Firebird browser, zonealarm keeps on listing the destination IP address for them as being 127.0.0.1 which is the address for the localhost, my computer and it gives odd port numbers in the high range, not the standard port 80 for web browsers. Sometimes while I'm also in the middle of browsing, those requests by the browser keep on popping up even though I already have the browser loaded and it continuously asks for access, asking for a different port number each time. It's unfortunately doing this with both browsers. I had run Norton a little while back and it detected one virus that was a trojan exploit of some sort and I got rid of it. I ran both adaware and spybot, which got rid of some spyware for me. I then later at another time when I was having more of these problems, ran Norton again, but it didn't detect anything. This time I went to the pcpitstop website where I ran their online Panda virus scanner. That scanner wound up detecting 3 viruses(virii) that Norton didn't pick up. They were all in a Java cache folder of mine and they were listed as some Trojans called something like byte verify exploit or something like that. I don't remember the name. So it seems those got onto my computer which possibly enabled someone to remotely access my system and run whatever exploits he could do. It has seemed to have hijacked my browser with some of these dummy files as they were called, perhaps masquerading as my browser file so that it would launch each time I would try to start up those programs. There was one time when I was running a software program for monitoring network traffic on my computer and I noticed some frequent, odd traffic to and from my computer when I was leaving it idle(IGMP,UDP,TCP and such) and I saw in some text of the packet data something referring to common folders such as My Documents and a reference to pics, windows media and such, as if the packets were looking for things to search on my computer. Well, lo and behold, I later discovered, that a couple of those select folders my My Docs, and My Music, where I had some files stored at, were suddenly empty. I just have mysteriously lost some files I had stored in those files. They're just gone and I have a sneaking suspicion I had an intruder who broke into my computer and deleted some of my files. Well, after I had run that online scanner I just decided to delete all my java files in that directory and got rid of the viruses stored there. However, after getting rid of those files, I still have these same odd requests to my firewall from my browsers. I'm wondering if my browser files are infected and are really some sort of "dummy files", some trojans masquerading as browser files. I don't know what to do now to find out for sure about this and how to fix it short of possibly uninstalling and reinstalling my browsers or just completely formatting my drive. If anyone has any idea, please help.

Hi JDenigma, You seem to be on top of your problem, even though it's still there. Use these three for real-time monitoring of what's going on. TcpView has an IP-resolver, so you can see the DomainName, and possibly identify the hacker's IP. ▫ ProcessExplorer (SysInternals) ▫ FileMonitor & RegMonitor (SysInternals) ▫ TcpView (SysInternals) As far as scanning your system-files, use the sfc /scannow command from a CommandPrompt or RUN-box. However, to make sure that one isn't compromised as well, I would extract a new sfc.exe from the XP CD before doing the scan, which will check & replace the system-files, so you'll probably need the XP CD anyway. ___________________________________________ ☺ [Belgium, GMT+1]_________________________svg