PDA

View Full Version : Computer help...possible hacker?


Rukdafaidas
10-02-2006, 12:01 PM
I recently switched from cable internet service to DSL. In order to install, I had to disable my firewall.
Since installing the software for my new wireless gateway, I've noticed that I'm missing several folders that were on my desktop. Including a folder that contained all of my pictures from the last few years and folders that contained work information. I've also noticed a couple of new icons on my desktop, such as a folder named GUI,
Does this sound like the work of a hacker? Could it be some sort of virus? Any chance I could do a system restore to recover these items or does anyone have any other suggestions?
Thanks in advance!

Fish
10-02-2006, 12:44 PM
Doesn't sound like a hacker or a virus. Sounds like you did something stupid. Are you logging into the machine with the same account?

Do you know the exact filename of any of the folders or files you're missing? If so do an advanced Search for that folder/file and make sure to include hidden and system folders. Be sure to include other drives if you have more than 1 hard drive/partition.

I'd do a little looking around before considering a system restore.

DaFace
10-02-2006, 12:50 PM
Doesn't sound like a hacker or a virus. Sounds like you did something stupid. Are you logging into the machine with the same account?

That's a strong possibility. If you've somehow logged in as a different user, it will look like everything's missing even though it's just in the folder for a different user.

If that's not the case, and your files actually are missing, a system restore probably won't bring back your pictures, unfortunately. Restore backs up system files only - not data. If you're completely desperate, you can give this program (http://www.pcworld.com/downloads/file/fid,23108-order,1-page,1-c,alldownloads/description.html) a try. It's sometimes able to recover deleted files. Be warned, though - the more work you do on your comptuer the less chance you have of recovering anything.

Regarding the actual problem, however, you could use System Restore after attempting to recover your files if you'd like. Most of the time, that will disable possible hack programs. The only thing is that you'll have to reinstall any programs you've installed since then (like your wireless gateway software).

Regardless, make sure you run scans using AdAware, SpyBot, Windows Defender, and maybe even a couple antivirus programs to make sure you've got everything cleaned off.

If you still seem to be having troubles after all that, post back here and I'll give you a couple more advanced troubleshooting options.

Good luck!

Rukdafaidas
10-02-2006, 01:10 PM
Doesn't sound like a hacker or a virus. Sounds like you did something stupid. Are you logging into the machine with the same account?

Do you know the exact filename of any of the folders or files you're missing? If so do an advanced Search for that folder/file and make sure to include hidden and system folders. Be sure to include other drives if you have more than 1 hard drive/partition.

I'd do a little looking around before considering a system restore.
It's very possible I did something stupid.
I don't know the exact name of any files, but I have searched for folder names and they're not showing up when I search for them.

Fish
10-02-2006, 01:21 PM
It's very possible I did something stupid.
I don't know the exact name of any files, but I have searched for folder names and they're not showing up when I search for them.

Even if you only know part of the file name, you can still search for it.

Say you have a file named Hasselhoffporn.avi

You can do a search for "Has*" and it will return all files beginning with "Has".


You didn't happen to install anything that would have changed desktop settings did you? Some programs like StyleXP have options to clear the desktop of icons, etc. Can you see anything on the desktop that was there before the files went missing?

DaFace
10-02-2006, 01:37 PM
Here's a question - are your favorites the same as they used to be? If not, you've logged in as another user.

Rukdafaidas
10-02-2006, 02:10 PM
Even if you only know part of the file name, you can still search for it.

Say you have a file named Hasselhoffporn.avi

You can do a search for "Has*" and it will return all files beginning with "Has".


You didn't happen to install anything that would have changed desktop settings did you? Some programs like StyleXP have options to clear the desktop of icons, etc. Can you see anything on the desktop that was there before the files went missing?
My camera saves pictures starting with DSCN......., so I did a search and found several files were located under C:\Documents and Settings\my name\Recent and some others were showing up under my computer as internet explorer files.
I went to the recent documents folder and found quite a few documents/pictures in there and all of the folders. If I click on the folder, it browses and comes back empty. ALOT of the documents that were showing up, I haven't viewed in a couple of years.
I'm not familiar with the "my recent documents" folder, but I assume it contains files that have been viewed recently. If this is the case, someone has viewed them and it wasn't me.

Rukdafaidas
10-02-2006, 02:14 PM
Here's a question - are your favorites the same as they used to be? If not, you've logged in as another user.
Yeah, I'm definitely not logged in as another user. Nobody else in the family ever uses this computer and I'm the only user that has an installed wallpaper, which is still up. I've also tried shutting down and restarting with no success.
Most of my icons are still showing on my desktop. As far as I know, I'm only missing the folders with personal/work information in them.

Rukdafaidas
10-02-2006, 02:22 PM
OK, now I'm freaking out. All of the files that are showing up in the recent folder are files that a hacker would like to see, such as, mine and my mothers freaking Turbo Tax return files and confidential work files.

Fish
10-02-2006, 02:27 PM
OK, now I'm freaking out. All of the files that are showing up in the recent folder are files that a hacker would like to see, such as, mine and my mothers freaking Turbo Tax return files and confidential work files.

Don't worry about stuff in your My Recent Documents folder. It only saves links to those files, not the files themselves. You should see little arrows in the bottom left corner of the file icons telling you they are shortcuts.

DaFace
10-02-2006, 02:33 PM
Don't worry about stuff in your My Recent Documents folder. It only saves links to those files, not the files themselves. You should see little arrows in the bottom left corner of the file icons telling you they are shortcuts.

Although, if he hasn't used those files recently, the fact that they are in "recent files" is a bit to be concerned about, IMO.

Rukdafaidas
10-02-2006, 02:36 PM
Don't worry about stuff in your My Recent Documents folder. It only saves links to those files, not the files themselves. You should see little arrows in the bottom left corner of the file icons telling you they are shortcuts.
I realize that, but I haven't viewed my tax return files since April and they're showing up in the recently viewed folder. It's also showing business files that I haven't opened in over 2 years.

Fish
10-02-2006, 02:53 PM
I realize that, but I haven't viewed my tax return files since April and they're showing up in the recently viewed folder. It's also showing business files that I haven't opened in over 2 years.

I have links in my folder from 3 years ago. Don't be overly alarmed if you see some pretty old stuff.

Check the modified date and see if you notice any modifications that you know you didn't make. Has your tax doc been modified since you sent your taxes in?

Valiant
10-02-2006, 06:24 PM
Didn't read any other comments yet, but did your autowizard move your pictures of the screen because you did not use them???

Are the pictures completly gone from my pictures or did you use another folder?

Rukdafaidas
10-03-2006, 03:37 AM
Didn't read any other comments yet, but did your autowizard move your pictures of the screen because you did not use them???

Are the pictures completly gone from my pictures or did you use another folder?
I'm 99.9% sure I was hacked. I downloaded an undelete program which found most, if not all, of my pictures. :thumb:
It took most of the night to get them recovered, but I'm glad I did. I hadn't backed them up in a long time, but they're all on CD now.

htismaqe
10-03-2006, 08:18 AM
sounds like you've got a backdoor trojan on your machine

Run Webroot Spysweeper, AdAware, or Spybot and look for Trojans.

If they don't find anything, you might have a rootkit installed try this:

http://www.f-secure.com/blacklight/try_blacklight.html

Rukdafaidas
10-03-2006, 04:20 PM
sounds like you've got a backdoor trojan on your machine

Run Webroot Spysweeper, AdAware, or Spybot and look for Trojans.

If they don't find anything, you might have a rootkit installed try this:

http://www.f-secure.com/blacklight/try_blacklight.html
AdAware found around 43 infected files/regkeys/regdata. The registry was infected by a program called Bargain Buddy, which doesn't sound too serious.
Blacklight didn't find anything.
Thanks for the help.

ChiefsFanInSeattle
10-04-2006, 11:36 PM
Just a friendly word of advice from someone in the computer business. If you suspect your machine has been compromised, then do NOT continue to use it as normal!

Here's what you need to do:

1) Disconnect the machine from the network
2) Back up any data in some way (CD, DVD, external hard drive, whatever).
3) Either format the entire drive clean and reinstall, or find a competent technician to do it for you - I can't stress this enough - you have no way of knowing for SURE you were able to remove all traces of the compromise without this step
4) Prior to restoring data, scan each and every file on your backup media for viruses - I suggest AVG Anti-Virus, as it's free for home use and quite effective.