hacker on my comp as we speak

loool...

i was just about to ask for steve's ip..

lemme guess, that hacker got you to download a file or open something with an .exe extension.
it prolly was some sub7 version, but it could be any trojan ..
if the hacker was leet, then he would have used an own trojan...
but seeing that even norton got it (they are quite fast in developing new antivir-updates) he must have used an too easy version or a known trojan.

next time, do what mong said and don't spam around here.
anyone getting your ip could have tried the usual client programms and would have been able to use the server proggy (trojan) on your comp, to do the same **** this hacker did.

on another note: no "real" hacker would get himself noticed with stuff like opening a chat, opening cd etc ... maybe after he has finished, but not before.
and no "real" hacker would ever delete your data, thats bad and doesn't do him any good.

[Steve_G]

i think he only came on to play around with me. he started opening porn sites, playing with my cd-rom drive, watching my chats and trying to send ICQ msg's and shut down my comp

i mentioned to someone its like hes talking to me thru my comp and shortly after he opened a chat and said no, this would be talking to you thru your computer, then i checked my logs and got his IP and told a few people, minutes later the firewall logs were deleted heh

he used backdoor netdevil.15 , could only find stuff for up to .11b tho

oh and also he changed around a few things on my start list, deleted some key files for my firewall at the time, noticed most of tehm and fixed or replaced it

anyways alls good now so =)))

[Gayle29uk]

From the symantec website...

Quote:

When Backdoor.NetDevil runs, it does the following:

It copies itself to the %System% folder. The file name that it uses may vary, because the hacker who creates this backdoor Trojan can choose any desired file name.

NOTE: %System% is a variable. The Trojan locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location.

It adds a value that refers to the dropped file to one of the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices

When the hacker creates the BackDoor.NetDevil server file, there are many functions that can be added. For example, the file can be programmed to:

• Display a fake error message to conceal its true nature.
  Choose the ports that are used by the backdoor to communicate with the hacker. By default, it uses port 901 for direct control, port 902 for communicating logged keystrokes, and port 903 for file transfer.
  Use different notification methods to send information to the hacker about the compromised computer.
  Attempt to kill running firewall and antivirus processes.

When Backdoor.NetDevil runs, it allows the hacker to remotely take control over the compromised computer. This allows the hacker to

• Obtain full control of the file system
  Upload files to and download files from the host computer
  Run files of the hacker's choice
  Kill running processes
  Display messages
  View the contents of the screen
  Log keystrokes
  Perform annoying actions, such as manipulating the mouse, opening and closing the CD-ROM drive, turning the monitor on and off, and so on.

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

• Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
  If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
  Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
  Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

Note the bold section, security is your responsibility and that includes staying up to date...

Fortunately none of that is gonna get anywhere NEAR my firewall

[Nodrog]

i had to format my harddrive because of a virus last week

sigh.

[W]

A:

Quote:

Mr X said bad words to me on irc, and banned me from his channel, so now I will make up a story of how he hacked me, and put his ip on the board to cause him trouble.

B:

Quote:

Hi, I'm a complete computer newbie, and I want to complain about all the bad hackers out there. Today some guy sendt me an exe file, and when I ran it, it started doing many nasty things to my computer! Help, help, what should I do, I don't know anything!

C:

Quote:

Hi, I'm one of the gazillion PA forum trolls, and now I will post about the funny topic of hackers, and pretend I was hacked, to generate many pages of nonsense, and get the geeks to show how geeky they are

Take your pick...

[Steve_G]

Quote:

Originally posted by W
A:
B:
C:

Take your pick...

d: NONE OF THE ABOVE

heh

[Steve_G]

just thought id give everyone an update, his ISP has told me that there now investigating him on this matter heh =)

[Starbucks]

Quote:

Originally posted by Steve_G
just thought id give everyone an update, his ISP has told me that there now investigating him on this matter heh =)

did this email come almost instantly after yours by any chance?

[Steve_G]

Quote:

Originally posted by Starbucks


did this email come almost instantly after yours by any chance?

no you tit it wasnt an automated reply

i just got it a few hours ago when i 1st emailed them after i put up a new firewall and removed teh virus

[meaple]

YUO MUST UES TEH ZOENALRAM!!!!!!!!!!!1111

*yawn*

Mr.IGOTHACKED#2192919010210291201010 ...

[Steve_G]

Quote:

Originally posted by meaple
YUO MUST UES TEH ZOENALRAM!!!!!!!!!!!1111

heh i was using pcchilling2002 at the time, now im running windows xp firewall with only 3 ports open, and norton 2003 (until trial runs out then ill prolly download avp)