I've been hacked!


The smart alec’s probably watching me type this right now :mad: .

I’m running Norton Antivirus (I just did a scan of the system and nothing came up, virus defs updated yesterday) and their firewall program too (Norton Internet Security).

Someone has managed to hack my computer and control it from afar. So far, they’ve only been playing around - trying to get my email passwords by tabbing back to the ‘name’ field so that instead of ***, they can see me typing the word out clearly (didn’t work). Also, I typed in the word “Hello?”, and they responded by increasing the text size.

Anyone know how to counteract this dire threat to my mental health? I am on call-up internet access, but I’m on quite a bit.

Firstly, I’ve found Norton prone to giving false alarms.

Go to www.grc.com and run their “shields up” to check your vulnerabilities.

Review your firewall settings and decide whether you’re giving net access to programmes which really don’t need it.

Update your virus scanner now and do a deep scan.

Information about your OS would help.

According to this weekend’s SMH, Microsoft has had to release many security patches in the last few days, but they are specific to certain applications which have been breached.

I don’t know the name right off the bat, but if you will put “free personal firewall” without the quotes into GOOGLE , you should be able to download one that will protect you.

I tried this once myself, but my computer went a little crazy because I have ADSL with BellSouth.net and they have their own firewall.

I’m sure one of our other friends will be along in a moment with more information for you.



Two great replies in a little over ten minutes :smiley: - thanks folks! (I hope I don’t miss one while typing this) - I tried grc.com, and came up with a perfect report, which is a bit strange. I’m going to do a ‘deep scan’ a bit later.

Zonealarm is the name of the Free Personal Firewall…

Website - http://www.zonelabs.com/products/za/

Good luck!!


Zonealarm is the free personal firewall I use - you can download it from grc.

Shouldn’t need to double up on the firewalls though.

my suggestion(s):

  1. stay offline till you’re sure you’ve fixed it. that way the intruder cannot access any of your data or control your comp.

  2. get a techie friend over to take a look and clean up the rogue files(if exist).

  3. Opal musta done it.

  4. Do a ctrl-alt-del and look for suspicious programs running in the background. end-task those that seem suspicious. run dr. watson and see where they are running from. delete suspicious files and entries from the registry. ofcourse, make backups before you begin to do all this.

if you could be more specific about the kind of things that the intruder has or seems to have access to, then perhaps i can tell you which trojan is running on your comp and give you instructions for removing the threat.

What OS? Someone has remote control s-ware on your machine, it sould be TB2, terminal server, or any number of things

BellSouth doesn’t have anything of the sort. In fact, I like the BellSouth because they have no filtering at all - they leave you wide open, so you can do whatever you want.

Of course, people can get you back too. A multitude of customers run hardware, software, or both types of firewall with great success.

That having been said - the situation described in the OP sounds almost unbelieveable. Get ZoneAlarm, as mentioned by others, and see if it says people are accessing you on odd TCP ports.

I thought I pointed out, I’m actually running Norton firewall, and I got a full ‘stealth’ readout on the grc.com website.

Is there any other thing that can cause my text to go large all of a sudden, if I don’t have a virus or someone hacking me? (As well as the bizarre ‘tab back’ when I’m trying to enter my Yahoo password)?

I’m sorry if that sounded snooty :frowning: - I’m just a bit unsure of what’s going on, and I don’t need this right now.

Not to sound mean but why would some one want to hack your computer?

OK, your OP asserted that someone had hacked your computer, rather than asking what was going on. I assumed you had some additional evidence, and if so, then obviously your choice of Firewall was poor.

Just because it says “Norton” doesn’t mean it’s worth a shit.

That having been said - is this behavior only happening when you are on the Web? I mean - you haven’t told us any of the following items:

Computer type.
Computer OS.
Browser type.
Browser settings.
When exactly it happens - when you are online? Offline too? When you are on the Web only? When you are in a Word document? When you are debugging a program? In chat? ICQ/AIM/Whatever?

Sure, we may not be able to tell you another thing after knowing this, but at least give us some idea of what exactly is going on. Without us knowing any of these things, you have no chance of receiving anything back but vague guesses and suggestions.

For all I know you have some sort of crazy-assed java error that is doing Stupid Browser tricks. I have an extremely secure connection and often see my browser doing crazy fucking shit due to misbehaving or incompatible Java/ActiveX/whatver applets.

People are suggesting ZoneAlarm because it is the “gold standard” for software firewalls, rather than Norton which is “average” at best. They are not taking the time from their day to post that here because they just wanted to make your life worse today, or to taunt you.

Talk about irony; I just got a javascript alert as I was trying to reply to this thread…

First of all, if you’re using Norton, you should have a log file - can you cut and paste the penetration attempts as logged by your system here so we can have half a chance of working out what is going on and why you believe you’ve been hacked?

Secondly, as Una has already pointed out - and she has WAY more computing power at her disposal than I do - the large text thing is not at all uncommon. When is the last time you defragged your system and what kind of memory manager are you using? I have a really sucky low powered PC, and if I hit graphics intensive sites like messageboards without setting my caches very carefully or clearing my temp files very often, then I get the same problem. Sometimes, I get the problem even WHEN I’ve done all of the above - it’s a hiccup. Refreshing - or closing your browser and re-opening it - should fix the problem. If re-booting doesn’t fix it (and this will very much depend on your browser settings - mine are set to empty all caches when the browser closes, you can set your PC to only empty on command or on reboot), then possibly there is something wrong.

I simply cannot use any of the prospero powered sites without my screen looking like smudged newsprint within about 30 minutes - the only way I can fix it is to reboot. In my case, it’s that I simply don’t have the system resources that their messageboards want to use.

If you have a reasonable firewall, and reasonable virus-protection, and you update them both on a regular basis and run them then it’s fairly unlikely that your problem is being caused by a virus.

Theere are some good freeware memory managers out there, which are highly configurable - sounds to me like this might be your problem rather than a virus.

Doesn’t take a hacker to do that. IE will do that all on its own under certain circumstances. If you’re loading a website that calls for a user name and password, and it’s taking a while because you have a slow connection, and the page finishes loading while you’re typing your password in, the cursor will automatically jump back to the first field in the form, which is your name field. That used to happen to me all the time on Yahoo mail before I got DSL.

You should always know what is running on your computer and why. While ctrl-alt-del gives you an overview and you should know everything you see there, there are better tools. MSinfo32 i believe comes with Windows and in the “software environment” will give you far more information about what’s running on your machine.

Maybe somebody thinks he’s that other Henry Spencer.

(To the OP - I don’t know if you know it or not, but you share your name with somebody relatively famous in early UNIX circles - the guy who wrote one of the widely distributed USENET versions, among other things. A brief look at your posted articles makes it clear you aren’t him, on the basis of having mentioned your age, if nothing else, but the first time I saw the user name, I wondered.)

Holding down the Control key and rolling the mouse wheel will change the text size.

In theory, this could be the same thing causing what you typed to suddenly become all caps. If the javascript calls for converting what you enter to uppercase when you change fields, and the page does what Bob describes, then it will probably take effect. You did say you were on dialup, so this is most likely the case where the page takes a while to load.

There’s really no worth in hacking/taking over a dialup computer, unless someone is specifically targeting you. Have any enemies or do people know you have a lot of money?

Also, I have Norton Internet Security as well. You should turn off autoconfiguration in the Firewall, so that it will ask you every time a program tries to access the internet (incoming or outgoing). You can remove all the programs from the access list to get a fresh start as well. It’s a pain at first because you have to permit each application, but there’s the “Always use for this program” checkbox at the bottom of the verification window. Doing this should also alert you to the presence of a trojan horse program, though some of them are smart enough to disable the firewall before starting.

Boy, I’ve really messed up this asking for help thing :frowning:

A big big BIG thank you to everyone who took the time to help out here - I’m not a total idiot when it comes to computers (I wish the world had stuck with MS-DOS - I ran version 3.2 for five years without it crashing once :wink: ), but I am completely out of my league when it comes to Windows and internet issues.

OK, for more details, I’m running Windows 98 on a Compaq PIII with IE 5.01. the thing has only happened a few times. I’m happy with the explanation of the web page automatically ‘tabbing back’ to the first field - the strangest thing was when I typed the word ‘hello?’ in, after it kept happening, the text on my screen suddenly and immediately went to maximum size, and I could not resize it back with my mouse wheel (only by selecting View->Text Size).

Strangely, the exact same thing happened when I went back to view the SDMB to check up on this question.

As to why someone would want to hack my machine, I guess there’s no accounting for taste :p. Maybe they want to find out if I’m still in touch with David Lynch. I certainly don’t have a lot of money (I’m one of those jetsetting unemployed prospective students), or maybe they saw my pictures from the Meldope thing and are trying to find out my hair styling tips.

I never assumed it was a hacker until the computer seemed to respond to something I did in an odd way.