New Mars Forums

Official discussion forum of The Mars Society and MarsNews.com

You are not logged in.

Announcement

Announcement: This forum is accepting new registrations by emailing newmarsmember * gmail.com become a registered member. Read the Recruiting expertise for NewMars Forum topic in Meta New Mars for other information for this process.

#1 2003-03-18 16:24:39

clark
Member
Registered: 2001-09-20
Posts: 6,374

Re: PC HELP PLEASE!!!!!! - Blocking remote access

I am by no means an expert on PC's. I realize I am out of my element, so I am placing myself at the feet of all those who know better:

How do you stop someone from having remote access to your PC?

Yeah, a pretty FUBAR question, and I am dreading the "dude, time to reinstall the OS."

I believe someone has taken control of my PC to use to download stuff. I can't connect to the internet via that PC.

When I check to see which programs are running in the background, I notice an unknown program "downloading software". I have disabled all the programs that start at boot using the 'msconfig' options. But it still comes up (after all boot-up programs have been disabled!). I'm using Win98SE with no firewall, so I know I deserve this. sad

Any suggestions from anyone who knows anything at all?

I will provide any information that might help if I haven't included it. It's a ADSL line and I've already contacted the ISP, and there are no problems there. The PC works fine, other than not being able to connect, and having this weird program running.

Offline

#2 2003-03-18 18:34:55

PaganToris
Banned
From: Exeter,Ca
Registered: 2002-07-17
Posts: 105
Website

Re: PC HELP PLEASE!!!!!! - Blocking remote access

well the best thig i can say is to re format yer harddrive and reinstall windows and make sure u get a firewall that is a verry important program to have on the internet i personaly use ZoneAlarm and it works verry well when u reformat yer harddrive it will erase everything u have opn yer computer sad.
hope this helps.


ZIGIE ZOKKIE  ZIGIE ZOKKIE OY OY OY
ZIGIE ZOKKIE  ZIGIE ZOKKIE OY OY OY
ZIGIE ZOKKIE  ZIGIE ZOKKIE OY OY OY
if u know what show thats from than where cool smile

Offline

#3 2003-03-18 19:38:06

Josh Cryer
Moderator
Registered: 2001-09-29
Posts: 3,830

Re: PC HELP PLEASE!!!!!! - Blocking remote access

clark, if you have AIM or something you could PM me your screen name and I could give you some live help, if we're online at the same time, that is.

Go here and get the ?Windows 95 Kernel Toys Set,? yes, I know it says, ?This download is not intended for use on computers running Microsoft? Windows? 98,? but don't worry about that. We're just going to use a program that comes with it.

Running it extracts the files to whereever, but you can use winzip / winrar to open the file (it's just a self extracting .exe).

What you want to run is the file called wintop.exe. This file lets you look at processes running in the memory, and their path-name. It's very useful when you want to track down unknown programs.

Once you've found what you think is the program, by basically looking at the task manager and making some educated guesses, do some exploring (go to Google or whatever). I'm certain, if it's a trojan, you'll find something about it (just search for the filename).

Easiest way to clean yourself is to use whatever programs come up with a google search, but if you want to do it manually, pop open the start -> run menu, and type in ?regedit? (without the fancy quotes of course). Then type Control+F and type in the filename of the executable. You may have to basically extend the search a couple of times (F3) if the program has multiple registry enteries, and if you're brave, you can just delete the offending keys.

Oh, and you're going to want to note the pathname of the file within WinTop, that way you can delete it from that location, too (actually, if you delete the file you wouldn't have to use regedit, you might feel safer doing this). A lot of trojans leave lots of backups of themselves, though, and if you can't really find a cleaner on Google, you might some more complicated help.

I find myself cleaning out unwanted programs that startup when Windows starts this way. Usually it doesn't cause any problems. (Quicktime and Real Player like to reside in memory on startup, they're evil.)


Some useful links while MER are active. [url=http://marsrovers.jpl.nasa.gov/home/index.html]Offical site[/url] [url=http://www.nasa.gov/multimedia/nasatv/MM_NTV_Web.html]NASA TV[/url] [url=http://www.jpl.nasa.gov/mer2004/]JPL MER2004[/url] [url=http://www.spaceflightnow.com/mars/mera/statustextonly.html]Text feed[/url]
--------
The amount of solar radiation reaching the surface of the earth totals some 3.9 million exajoules a year.

Offline

#4 2003-03-18 20:53:03

dickbill
Member
Registered: 2002-09-28
Posts: 749

Re: PC HELP PLEASE!!!!!! - Blocking remote access

Clark, you can also set up a firewall through a router. Of course a router is most useful if you share internet with more than 1 computer but the router can also set up a firewall.
Routers are pretty cheap those days, I had the SMC4004ABR for less than 80 bucks, which by the way causes me plenty of trouble right now, so even if a router is not the perfect solution, it might be an option.
And you can still keep the router for the days you get another PC.

Offline

#5 2003-03-18 20:59:08

soph
Member
Registered: 2002-11-24
Posts: 1,492

Re: PC HELP PLEASE!!!!!! - Blocking remote access

If it is a hacker or virus, the router-based firewall is pretty weak.  There's a program called Spector's (or something like it) that can scan your computer for any viruses and delete them.  This works on even those nasty bugs that you supposedely have to reformat your PC for.

Offline

#6 2003-03-18 21:05:26

Josh Cryer
Moderator
Registered: 2001-09-29
Posts: 3,830

Re: PC HELP PLEASE!!!!!! - Blocking remote access

A router based firewall would be better than a software firewall (for the longest time I used Tiny Personal Firewall, which is actually quite good), since it requires you to actually set up the ports which are to be forwarded, with software firewalls, you may accidently give a program permission without noticing (you have to train a software firewall about which ports it should make available).

BTW, clark, I should note that this may not fix your connection problem, as they could be wholly unrelated issues (though it seems probable you could have a trojan, the symptoms are there).


Some useful links while MER are active. [url=http://marsrovers.jpl.nasa.gov/home/index.html]Offical site[/url] [url=http://www.nasa.gov/multimedia/nasatv/MM_NTV_Web.html]NASA TV[/url] [url=http://www.jpl.nasa.gov/mer2004/]JPL MER2004[/url] [url=http://www.spaceflightnow.com/mars/mera/statustextonly.html]Text feed[/url]
--------
The amount of solar radiation reaching the surface of the earth totals some 3.9 million exajoules a year.

Offline

#7 2003-03-18 21:25:50

soph
Member
Registered: 2002-11-24
Posts: 1,492

Re: PC HELP PLEASE!!!!!! - Blocking remote access

Either firewall is permeable.  I'm not talking about using a firewall.  But any LAN has a firewall (router), and a software backup is built into some OSs (I believe win 2k pro-which i run, and win xp, have built in firewalls).  A double layer is never a bad idea.

My opinion on those anti-virus programs is a little mixed.  They are pretty much obsolete by the time they reach the stores.  I like Spectors because it scans for file types, not specific viruses.  I don't know of anything that it doesn't catch.

Offline

#8 2003-03-18 21:38:59

Josh Cryer
Moderator
Registered: 2001-09-29
Posts: 3,830

Re: PC HELP PLEASE!!!!!! - Blocking remote access

If a firewall is used properly (and doesn't have any exploits like software overflows), no one can get through it. That's the point of a firewall.

Please educate me how properly used firewalls are permeable.


Some useful links while MER are active. [url=http://marsrovers.jpl.nasa.gov/home/index.html]Offical site[/url] [url=http://www.nasa.gov/multimedia/nasatv/MM_NTV_Web.html]NASA TV[/url] [url=http://www.jpl.nasa.gov/mer2004/]JPL MER2004[/url] [url=http://www.spaceflightnow.com/mars/mera/statustextonly.html]Text feed[/url]
--------
The amount of solar radiation reaching the surface of the earth totals some 3.9 million exajoules a year.

Offline

#9 2003-03-18 21:42:45

soph
Member
Registered: 2002-11-24
Posts: 1,492

Re: PC HELP PLEASE!!!!!! - Blocking remote access

E-mail bugs that use different codes can get through, hackers can break any firewall if they are skilled enough (I believe even Cisco, who makes many of the best firewalls had their files hacked). 

If someone is skilled enough, and wants to take over your computer, they can.  It's just doing the best to protect yourself and fix it when they're done.

Offline

#10 2003-03-18 21:52:36

Josh Cryer
Moderator
Registered: 2001-09-29
Posts: 3,830

Re: PC HELP PLEASE!!!!!! - Blocking remote access

Sure, but those things would fall into improper use. These viruses would be downloaded by you, not sent to you via some sort of TCP attack. A firewall would block requests, so, for example, IIS viruses (which there have been quite a number of) would be completely ineffectual. I actually run a local webserver on my lan. Usually there is no outside access to it, unless I explicitly forward the port on the router.

Hardware firewalls leave very little room to be hacked. I would think that any hack would still require some sort of flashing. I've never even read anything about a hardware firewall hack in all the time I've been online. Default password hacks don't count.

No one is skilled enough to take over my computer, I'm not that stupid. smile


Some useful links while MER are active. [url=http://marsrovers.jpl.nasa.gov/home/index.html]Offical site[/url] [url=http://www.nasa.gov/multimedia/nasatv/MM_NTV_Web.html]NASA TV[/url] [url=http://www.jpl.nasa.gov/mer2004/]JPL MER2004[/url] [url=http://www.spaceflightnow.com/mars/mera/statustextonly.html]Text feed[/url]
--------
The amount of solar radiation reaching the surface of the earth totals some 3.9 million exajoules a year.

Offline

#11 2003-03-19 09:55:16

clark
Member
Registered: 2001-09-20
Posts: 6,374

Re: PC HELP PLEASE!!!!!! - Blocking remote access

No one is skilled enough to take over my computer, I'm not that stupid.

Apparently I am. wink

Thank you all for the advice, and the tips. I will try out several of them. I really appreciate the help.

Offline

#12 2003-03-19 14:07:40

Josh Cryer
Moderator
Registered: 2001-09-29
Posts: 3,830

Re: PC HELP PLEASE!!!!!! - Blocking remote access

Everyone makes mistakes. smile

I recall a little while ago when I was using AOL dialup to connect to the internet, when my cable modem would go out (it was going out freuently during some upgrades). I'd forgotten that my shares (I share several hard drives on my LAN so that they're easier to access) would be available if open to the outside world (which they would be since I wasn't using my router, but dialing up to a different ISP), but apparently the new AOL 8.0 blocks many of your outgoing ports (especially NetBIOS, etc)! A very wise thing for AOL to do. Of course, I would have figured it out (I'm quite computer conscious), but had someone been really trying to get into my computer at that momment, and had AOL not made the decision to block these ports, I would have been screwed.

This just goes to show that one must design things for ?stupid? people, even though ?intelligent? users will exist.


Some useful links while MER are active. [url=http://marsrovers.jpl.nasa.gov/home/index.html]Offical site[/url] [url=http://www.nasa.gov/multimedia/nasatv/MM_NTV_Web.html]NASA TV[/url] [url=http://www.jpl.nasa.gov/mer2004/]JPL MER2004[/url] [url=http://www.spaceflightnow.com/mars/mera/statustextonly.html]Text feed[/url]
--------
The amount of solar radiation reaching the surface of the earth totals some 3.9 million exajoules a year.

Offline

#13 2003-03-19 15:33:29

dickbill
Member
Registered: 2002-09-28
Posts: 749

Re: PC HELP PLEASE!!!!!! - Blocking remote access

also Clark, if you choose the router solution to set up a harware firewall, be very carefull which router you buy.
Mine (a SMC7004ABR) worked wonderfully for a time, on a AOL timewarner cablemodem connection, and I networked successfully a PC and a mac, but after 2 months or so, suddenly the connection failed and I never figure out what was wrong in my router. It might very well be the firewall function of the router which prevent me to share internet.
Rebooting and reinitializing the router and modem changes notin.
If indeed the router/firewall is the culprit, then it is very efficient, even me I cannot connect to internet through this router !

So, ask your ISP wich router they do not advice.

Offline

#14 2003-03-19 16:09:57

Josh Cryer
Moderator
Registered: 2001-09-29
Posts: 3,830

Re: PC HELP PLEASE!!!!!! - Blocking remote access

dickbill, it's actually quite likely that your ISP changed authentication modes or something, and require that your router send the cable modems host name and domain, etc.

Try browsing to http://192.168.1.1 and typing 'admin' for the password or something. That would be the routers config screen if it's anything like my router. I use a LinkSys. Almost all of my network equipment is LinkSys. LinkSys has never failed me.

If changing the authentication doesn't work (you'll have to ask your ISP the host name of your computer, I imagine), try perhaps forwarding the whole port range for each computer on your LAN. Really insecure (basically turns off the firewall aspect), but at least it'd be a good router test.

Then again, maybe AOL doesn't like people using routers. Seems likely, since that's a service they would want a monopoly over...


Some useful links while MER are active. [url=http://marsrovers.jpl.nasa.gov/home/index.html]Offical site[/url] [url=http://www.nasa.gov/multimedia/nasatv/MM_NTV_Web.html]NASA TV[/url] [url=http://www.jpl.nasa.gov/mer2004/]JPL MER2004[/url] [url=http://www.spaceflightnow.com/mars/mera/statustextonly.html]Text feed[/url]
--------
The amount of solar radiation reaching the surface of the earth totals some 3.9 million exajoules a year.

Offline

#15 2003-03-19 16:19:25

PaganToris
Banned
From: Exeter,Ca
Registered: 2002-07-17
Posts: 105
Website

Re: PC HELP PLEASE!!!!!! - Blocking remote access

but still the best this i can say to be on the safe side would be to reformat yer harddrive! and reinstall windows and set up a firewall i have sone alarm it is a pretty good firwall! also if u dl something from someone make sure if its a picture download make sure it doasnt have .exe at the end of the pic file that will allow someone full access to yer PC.


ZIGIE ZOKKIE  ZIGIE ZOKKIE OY OY OY
ZIGIE ZOKKIE  ZIGIE ZOKKIE OY OY OY
ZIGIE ZOKKIE  ZIGIE ZOKKIE OY OY OY
if u know what show thats from than where cool smile

Offline

#16 2003-03-20 21:52:18

soph
Member
Registered: 2002-11-24
Posts: 1,492

Re: PC HELP PLEASE!!!!!! - Blocking remote access

but still the best this i can say to be on the safe side would be to reformat yer harddrive! and reinstall windows and set up a firewall i have sone alarm it is a pretty good firwall! also if u dl something from someone make sure if its a picture download make sure it doasnt have .exe at the end of the pic file that will allow someone full access to yer PC.

That would be retarded.  You can clean your PC without reformatting-it destroys all your stuff.  Not worth it.  You can get it fixed and preserve the data.

Offline

Board footer

Powered by FluxBB