# IP Address Hacked



## StanleyPaul (Jan 13, 2010)

Hello Sir / Ma'am,
Im Cyril, Im working in pvt sector, I was searching to know whether my Ip address is hacked and someone in google suggested to type NETSTAT to know the address connected to my IP Address, so when i typed i saw in Foriegn Address lot of foriegn addresses, I dont what to do, I dont even know whether Im hacked or not, if i saw in other computer i see only local address, please somebody help me, im very much afraid. what shall i do now. Please help.

Thank You 
Cyril


----------



## lunarlander (Sep 22, 2007)

First of all, you need to determine whether you have been hacked. Are there any strange things happening on your PC ? Some hackers try to disrupt a working PC. For example, they may disable Internet Explorer from working. So see if any programs are not working as before.

Some hackers prefer to lurk and not disrupt anything, and just sit and watch. These types may install keyloggers and screen scrapers. I use Webroot's Spysweeper and it claims it can detect keylogging programs. Don't know what can be done against screen scapers though, these take snapshots of your screen.

Run msconfig and look at the startup tab. That screen list all the programs that run at startup. See if there is any program that you don't recognize. Uncheckmark the ones you don't want to run.

Start task manager and see if there are unknown programs running. But if you are not that familiar with Windows, then you won't know which is which.

Do you have a router? If not, go buy one. Even if you only have one PC. Routers are low end hardware firewalls and they can stop most hackers.

Do you have a software firewall ? If not, go download Online Armor Free version, which is a pretty good firewall.

Is your PC up to date with Windows security patches? If not, you must do Windows Update now. Hackers hack into PCs by taking advantage of system weaknesses -- unpatched Windows. Also go and download the latest version of Adobe Flash. Then download Secunia's PSI. Found here:

http://secunia.com/vulnerability_scanning/personal/

This program scans and detect vulnerable software that you have installed, and provide you with links to download the patched versions. A Very good program to have.

If you still don't trust that you have not been hacked, then the best thing to do is to reformat and re-install Windows. That will get rid of the hacker 100%. Then run Windows Update.


----------



## StanleyPaul (Jan 13, 2010)

Hello Sir, Good Morning,
As you said i did all the method but after installing Online Armour and Secunia PSI my internet explorer is not opening, i mean it opens and immediately it closes, when i scanned using PSI software it shoed some six errors and asked to repair it, after i did that it installed internet explorer 8 automatically, but now its not opening, what shall i do ?

Thank You
Cyril Stanley*


----------



## lunarlander (Sep 22, 2007)

So I assume IE7 was running properly before upgrading to IE8 ? Maybe something is stopping IE 8 from opening. Try running malwarebytes and scan your pc. Available here:

http://download.cnet.com/Malwarebyt...4572.html?part=dl-10804572&subj=dl&tag=button

Try downloading another browser like Opera and see if that works.

http://www.opera.com/browser/download/

I run IE8 only when I have to, because IE is too integrated into Windows and can load any ActiveX on the system, even if they are not meant for internet use. Some security problems happened that way in the past.


----------



## perfume (Sep 13, 2008)

Dear Stanley Paul,
Hi there! In addition to the excellent advise lunarlander has given in his first post, i will add a simple but effective utility. It is called "KeyScrambler". The only reason why Lunarlander might not have mentioned it is, if "probably" you have hackers playing in your pond, then the utility is of no use!

Can you kindly elaborate as to what triggered this suspicion that your ip has been hacked? website of Key scrambler : http://www.qfxsoftware.com/. Best wishes and may the SandGod shower His/Her blessings on you( not very sure about that particular Big Boss has a mustache or not)! Cheer up, you have come to the right site:up:!(You're a member, you should know!).


----------



## StanleyPaul (Jan 13, 2010)

Hello Sir, Thank You for your reply,i little know about hacking, so i was searching in google for the procedures to find out whether my IP address is hacked, while doing i saw netstat command will explore all the details ,so when i did that i found that many foriegn connections connected to my computer, seeing this i posted here, & after following what lunar lander said, i saw many keyloggers, and in onloine firewall its still showing that my IP address is connected to germany japan france and all, im extremely afraid, I did everything what Sir lunar lander said, now i will do with what you said Sir,apart from this i don't know whether im hacked, even i saw something like tracking cookies, and many unknown things happening. 

Thank You
Cyril Stanley Paul


----------



## antech (Feb 23, 2010)

In addition to lunar's post ,consider running a quick scan with SAS(Download link in my sign)

It will detect any hidden spywares that *might* be sending info to the hacker


----------



## antech (Feb 23, 2010)

In addition to lunar's post ,consider running a quick scan with SAS(Download link in my sign)

It will detect any hidden spywares that *might* be sending info to the hacker


----------



## StanleyPaul (Jan 13, 2010)

Hello, Thank You everybody, now everything is fine Sir, i again typed NETSTAT in cmd now its not showing any foriegn address, but system has become little slow, but thanks a lot Sir's for your guidence.

Cyril Stanley


----------



## antech (Feb 23, 2010)

Sorry for the double post ,guys


----------



## lunarlander (Sep 22, 2007)

Hi StanleyPaul,

Hope you are still reading this thread. 

Note that the Netstat command is only a taking a snapshot in time. So, while there may be no connections now, doesnt mean that the hacker has fully left. Check Netstat every now and then, to make sure there are no more connections to strange addresses.


----------



## StanleyPaul (Jan 13, 2010)

Hello Sir, as you said i checked, but there are still some foriegn address's connected. What Shall i do Sir ?


----------



## StanleyPaul (Jan 13, 2010)

Thank You a lot Sir for suggesting "Keyscrambler" software. It's very usefull...


----------



## lunarlander (Sep 22, 2007)

Were you surfing when you ran the netstat? Those foreign addresses may be your browser surfing to those places.

The only real way to get rid of a hacker is to format and reinstall windows. Hackers can hide their tools on your pc in a way you can never find them. 

What Windows are you using? Vista ? XP ? Win7 ?

Were you able to get IE 8 running again?


----------



## StanleyPaul (Jan 13, 2010)

Hello Sir how are you ?
Yes, as you said i was surfing yahoo while checking netstat, even in cmd it showed lot of address ending with yahoo. but some two ip address is established which is starnge to me. Im working in "Windows XP" Sir.Yes Sir IE is working now, its shortcut was corrupted i think, because i typed in run as iexplorer it opened.

Thank You
Cyril *


----------



## lunarlander (Sep 22, 2007)

I hope you copied down those 2 strange ip addresses. See if these 2 address appear again at different times. That could mean that it could be hackers connected to your machine.


----------



## StanleyPaul (Jan 13, 2010)

hello Sir, how are you, Yes sir it's not hacking i think but my local ip address. but in my system Host file got deleted automatically. I mean in drivers there's one folder called host. it got deleted automatically.

Cyril *


----------



## perfume (Sep 13, 2008)

Dear Stanley Paul,
May i suggest that you kindly stop using "sir" in your posts! I feel embarassed , whenever you call me that! Call me "perfume"!
In India, the pirated versions of XP (PRO or HOME) are rampant and thus lack of Microsoft updates can cause all kinds of havoc! Since your PC is being "listened into" by foreign addresses, as LUNAR LANDER pointed out "hackers" may have entered. If you know of any Computer guys who know what they are doing, you should get the PC over-hauled as suggested! I agree with Lunar Lander that it is the first and firm step you should take! We are here to provide advice and assistance (from there on) as to how to minimize the chances of a Hacker sneaking in! Don't you worry, we'll nuke these Black hat hackers to Pluto or to my mother galaxy(the baby boom) ! Best wishes!


----------



## antech (Feb 23, 2010)

Perfume,
do you know that 95% of OS here are "Pirated"?
Anyone cannot successfully implement any kind of anti-piracy laws here.


----------



## perfume (Sep 13, 2008)

antech said:


> Perfume,
> do you know that 95% of OS here are "Pirated"?
> Anyone cannot successfully implement any kind of anti-piracy laws here.


Dear antech,
I based my assessment on the conclusions drawn by the Managing Director of MS India, Neelam Dhawan" Microsoft is the worst affected company due to software piracy, Dhawan said about 73 per cent of Micorsoft products sold in India are pirated".

Russia and particularly Moscow is eating into the vitals of Win. 7 OS(original) sales! Chiina and India have the dubious honor in following suit!

Quote " I think its disgraceful the amount pirated copies of Windows 7 being sold, and those who are buying them are even bigger fools than the ones who are distributing them. Lots of software now a days will not install unless it can certify that you have a genuine copy of Windows and they are constantly releasing updates and patches which will deactivate your illegal copy of Windows". Source : http://windows7news.com/2010/02/10/the-biggest-windows-7-pirate/


----------



## StanleyPaul (Jan 13, 2010)

Hello Perfume, how are you, i didnt understand what you said fully, but i guess u said about updating windows. i did it already, but from day before yesterday in host file whatever i write it gets deleted after i save & exit. Do you have any suggestion for that & i feel very uncomfortable to call somebody's name, because you're a senior, so i use to call everybody elder than me as Sir & ma'am. atleast i feel like using Mr.Perfume.

Thankyou

Cyril*


----------



## perfume (Sep 13, 2008)

Dear Stanley Paul,
I am glad you called me "perfume"! To avoid confusion, as to whom you are addressing a question or an answer, you can just use the name( how do you know whether any name belongs to a male or a female?) for addressing!

What *lunar Lander *and myself were saying wasthat your Windows as of now needs to get a " clean uninstall and a fresh installation( reformatting)". Since we are assuming that it may be a hacker who has done the damage, you most probably cannot save anything! I too had to face this problem twice, before i became a member of techguy. My core philosophy is "what's lost is lost and absolutely no regrets for the past". Start afresh and forget about HOSTS file,etc because all what has happened will only make you un-happy! Hosts File did not save your bacon ,because it MUST have been corrupted and that's it! I guess you work in an office and ask around for any good computer technicians or better still, is to lug it to the shop where you bought it or got it assembled and they will surely get you out of this situation! Best wishes!:up:


----------



## StanleyPaul (Jan 13, 2010)

Hello Perfume, Thanks for the reply. But recently i formatted my computer and installed newly, if i ask the technical people to format again,its not possible now. apart from that is there any other method or solution for this ?

Thank you

Cyril *


----------



## antech (Feb 23, 2010)

Even the corporate's here are using pirated version of windows!
The survey seemed wrong to me as I live in India and all of my friends either have pirated windows or have a Preinstalled windows(I mean OEM Windows,not retail ones).


----------



## perfume (Sep 13, 2008)

Dear Stanley Paul,
I would suggest you run a Rootkit scan using Sophos Anti-Rootkit! I am giving a link below from where you can download and run the Anti-rootkit. : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html.

If you find "ANY HIDDEN ITEMS" after the scan is completed, kindly come back and tell us what is what! I am suggesting this strategy because the rootkit infection is grossly UNDERESTIMATED and may be creating all this havoc!:up:


----------



## perfume (Sep 13, 2008)

Dear antech,
I guess you are with the wrong crowd(Just Joking--JJ) ,because most of them do not seem to have the original OEM installed! What beats me, is how do they expect to get on without updates and like! Only two kinds of people can survive in such situations, either geniuses or fools! Period. My smilies are dead today!


----------



## Phantom010 (Mar 9, 2009)

Hi *StanleyPaul*,

Please click *here* to download and install *version 2.0.2* of the *HijackThis Installer.* 

Run it and select *Do a system scan and save a logfile*.

The log will be saved in Notepad. Copy and paste the log in your next post.

*Do not fix anything*

If you can't connect to the Web to download the program, do it from a working computer and save HijackThis to a USB flash drive. Then, plug it into your faulty computer and run the program. Or, you can try the link with your faulty computer but after booting into Safe Mode with Networking. 

Please do run HijackThis in *Normal Mode* though.


----------



## StanleyPaul (Jan 13, 2010)

Hello Phantom im sorry i did'nt recieve any email from tech support guy, now when i opened the website i saw you reply. yes sir as you said i did the scan and i've attached the report which you asked. please refer it.

Thank you
Cyril


----------



## StanleyPaul (Jan 13, 2010)

Hello Perfume, im sorry i didnt recieve any mail to my mail id so i didnt reply, yes as you said i scanned and i got lot of hidden files, it showed like "UNKNOWN HIDDEN FILES",& adays system shutsdown automatically many times a day. i saw more than 10 hidden files, in different locations in computer. whaty shall i do now.
Thank you
Cyril *


----------



## Phantom010 (Mar 9, 2009)

Your computer is infected with MyWebSearch, a well known parasite here on TSG. This thing gets all over the registry. It may slow your computer down significantly. I'd suggest clicking on *Report* to kindly ask to be moved to the *Virus & Other Malware Removal *forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!

You're also running an outdated version of Internet Explorer, IE6. It's no longer supported by Microsoft. For security reasons and more, you should update to IE8.


----------



## perfume (Sep 13, 2008)

Dear Stanley Paul,
Do you have the original XP pro installation CD? Even though the tech people there have done a reformatting, i can give you a tip or two to go about it properly all over again, if you don't mind! I may be of help in creating a rescue cd and a backup and restore. The ball is in your court now!:up::up:


----------



## StanleyPaul (Jan 13, 2010)

Hello Perfume, yes I have the CD. what should i do with it now.

Cyril


----------



## StanleyPaul (Jan 13, 2010)

Hello Phantom, what should i do after going to report page, i dint understand? Im sorry, i mean what shoul i write in that box ?


----------



## Phantom010 (Mar 9, 2009)

StanleyPaul said:


> Hello Phantom, what should i do after going to report page, i dint understand? Im sorry, i mean what shoul i write in that box ?


Kindly ask to be moved to the *Virus & Other Malware Removal *forum.


----------



## antech (Feb 23, 2010)

I will do that for you ,Stanley.


----------



## dvk01 (Dec 14, 2002)

before we move or consider amove to malware cleaning

Is this a company computer or a computer at home

if company we WILL NOT ASSIST

your first post suggests it belongs to a compnay & is not aprivate computer 
*IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS*

Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results.


----------



## StanleyPaul (Jan 13, 2010)

Hello Perfume, Antech, Phantom, dvk01.... Thanks everybody for your help, but i formatted and installed everything newly... so i think henceforth no problem with computer... And yes as Sir.dvk said its not my personal comp but office's... But thanks for your help... See you.. and sorry for late reply...I was on leave....

Cyril


----------



## Phantom010 (Mar 9, 2009)

You're welcome!


----------

