Security → I was just hacked, right now.

I came home from driving around town, getting a hair cut.
And my cpu is on, it wasn't when I left.
The firewall was off.
Virus definitions were zero, they were up to date.

And I'm telling you this so you know we live in troubled times, shoot, now I have to reformat.:[ weinerdogriningatyou

A computer that doesn't work the way it should was not necessarily hacked. No paranoia, please.

Most likely a CPU Ghost.

Or a power glitch. I have a box if I don't turn off
the back ATX power switch. When there is a power glitch
the machine turns on.

Yes, could be a power glitch. He should have checked his system before reformating. It's probably too late now, I guess.

I hate jumping to decisions too quickly....

Did that a few times, costed me a lot of time/data...

said by jdong:

---

I hate jumping to decisions too quickly....

Did that a few times, costed me a lot of time/data...

---

I made similar experiences, jdong.

I would say there is no need for paranoia here, but surely there is a cause for some investigating.

It could be a power problem. He should check to see if any clocks are blinking, etc. and if the bios is set to restart on a power loss.

But one thing...the virus def's are gone. I have never seen a power problem cause def's to be zero'd as he said.

said by catahoula7:

---

...the virus def's are gone. I have never seen a power problem cause def's to be zero'd as he said.

---

Neither have I. That's very strange indeed. Nevertheless, he should checked his system first. Maybe it would not have been necessary to reformat.
[text was edited by author 2003-07-12 19:34:01]

said by catahoula7:

---

But one thing...the virus def's are gone. I have never seen a power problem cause def's to be zero'd as he said.

---

If the databases get corrupted (common for power outages), then sure, the database will zero out.

When you leave the "door unlocked," what did you expect?

Was it just these security programs that had been closed?

This is one of the reasons why Im scared of enabling WOL (Wake on Lan) on my machine. I like this feature, but so might hackers who know my MAC.

First, my computer power was OFF, so was my ethernet connection.

Second, they were both on when I got home.

Third, my firewall was disabled, it wasn't even on my start panel.

And fourthly, my virus definition was zero, nothing.
I just updated and scanned 10 hours before.

Fifth, power blips make this stuff happen ?

When reformatted, not my first choice but a final solution that works, what is your setup. A single computer a home network? Lock down your OS as mush as possible by shutting off stuff you do not need. If no LAN why file share etc. Even without a firewall there are many unnecessary things that can be turned off. If they are needed for a home network they can be tightened up.
My bank passwords etc. I never let the browser of microsoft store them for me. Enter each time. Never trust any computer but my own for that either. Two computers so my private stuff is off the net and private. Would probably be ok on my net computer but I am not that good yet. Getting there.
So a firewall is good, but take some time and learn some more. Tighten up the OS itself for fewer open ports or even no open ports. If a home network at least have a router for some basic NAT protection from WAN to LAN.
I have had just a glitch in an AV program. Personally I would have disconnected from the web, reloaded the AV and firewall. Made sure they were working, updated reloaded AV and ran a scan. Gone from there. Maybe if that showed nothing picked a couple good free online scans on web, and then if still nothing say a free trial trojan scanner.
(Oh first thing when I found the computer netstat -an at command prompt to see ports that are connected and listening etc. )_
Now what type programs did you have running, any filesharing, IRC, and other web type programs games etc..
All possible holes.
Now I have XP home and know just enough to be dangerous. One of the more common free firewalls asks do you want so and so to connect. Programs all well and good. Clients etc. like do
you want spooler to connect. Well let me try NO. So what firewall do you have. Might you have let an unnecessary process thru for your operating system? Like me still learning XP.
Reformat is ok, but some forensics may have been good to help learn what went wrong besides no firewall. Maybe you did leave it on?? and it was shut down. Maybe it was just a power glitch.

P.S. I hate haircuts, so blame it on the haircut. I really, really need a haircut this weekend. May I use must look after the computer to get out of it. LOL
[text was edited by author 2003-07-12 20:54:01]

--------------
First, my computer power was OFF, so was my ethernet connection.
--------------

WOL works even if your computer is "OFF".

said by sat2:

---

--------------
First, my computer power was OFF, so was my ethernet connection.
--------------

WOL works even if your computer is "OFF".

---

Exactly, if the power is on to the PC's power supply, then WOL can occur if enabled.
If you have the PC connected to a power strip, then just turn that off, and then there will be no chance of a WOL event.
Of course I recommend that you disable WOL in the BIOS.

Now one for the pros. WOL will some firewalls still protect that or not. If so which ones will???

Hardware firewalls will, software firewalls will not.

Can't guess what your problem is but we just installed a new pc,AMD Athlon,WinXP pro and noticed that when we shut down and don't turn the rear power switch off,on the atx case,the red light on the mouse and the activity light on the cable modem keeps blinking,if I dont turn the monitor off after it turns black and just touch the mouse it will reboot. I must turn the rear power switch off to be sure the entire system is off. We just started calling our support people since we are still under warranty for anything---- I Hope

I've been able to make my computer come on when I was fiddling around with a screwdriver and touched it against something on my modem card. Bingo! The computer booted, and it wasn't in sleep mode.

I have a fellow programmer friend who works for a gov't defense contractor, and she was telling me in the lab they have stuff that can remotely boot a computer in someone's house by sending some voltage down the phone lines. She wasn't specific, but said she now stores nothing on her personal computer at home, and carries around everything on floppy disks.

On a Mac, you can make it boot by momentarily shorting pins 2 and 4 on the ADB keyboard/mouse port.

You probably had a Wake-On-LAN or Wake-On-Ring. A power spike could have done that, either on the WAN or modem.

There's many ways to boot a computer besides the ON button.

Any chance you were in "Stanndby"/"hibernate" mode instead of shutdown? This is usually what causes the machine to "boot" (it's actually just restoring) when the mouse moved, keyboard is pressed, etc.

Nope.
I turned the machine off.
I come back and my computer is a mess.
What would you think ?

Could you have been burgled ?

said by Grinatme:

---

Nope.
I turned the machine off.
I come back and my computer is a mess.
What would you think ?

---

Some one was playing with my computer again! (like my kids)

OK, could any one else access the box? With the power off and the Ethernet connection off, how did the hacker get into your computer? Do you have any prankster friends???
[text was edited by author 2003-07-13 10:07:40]

put a digi cam direct at your PC. this way.. you can see if its a GHOST or a friend or a pet or a hacker..

now back to reality.. something doesnt add up.. unless you have sensitive material on your computer.. which i doubt b/c of the type of hardware and software your running.. i find it very hard for a unknown hacker, so to say, to do sometihng like this..espcially to U.. what i think is.. its just a fluke or some1 did it on purpose .. any1 living with you? or has access to your place? .. or.. the computer is telling you something.. follow the white rabbit..

knock knock...
_

I know nobody else was in the house when I left to get a hair cut, I don't own any animals.

Was I burgled or was it a prank ?
No, nobody laughs at me like that, and nobody would break in just to fool with my mind by messing with my computer.

The same thing happened to me yesterday. Zone alarm pro and Norton anti-virus would not load with windows. I could not un-install them. When I tried, windows would give an error message. Luckily I had made a ghost image a week prior, was up and running in minutes.

This doesn't necessarily mean you were hacked. In fact, if a hacker does get into your system, screwing around with Norton won't be his top priority...

I'd attribute it to more of a power failure / random system failure.

It is indeed very unlikely that a hacker's top priority will be to "screw around with Norton", as jdong put it. If it had been a hacker, I can imagine that he would have done worse things. I also attribute it either to a power failure or to a friend/family member who had access to this computer.

It was yer cat...again.