Been hacked

Hello,
I went into window task manager and seen that remote access was running by name of rasman. i tried to stop service and it said unable to stop service the operation could not be completed. Access is denied please someone help me thanks. I have a window vista hp
34 answers Last reply
More about been hacked
  1. Run as administrator Process Explorer and try to kill the process.
    http://www.filehippo.com/download_process_explorer/

    If possible, run #1 and #2 @ http://www.tomshardware.com/forum/8263-63-simple-free-guide-removing-malware
  2. Can u log off? That will kill the connection. And u can disable the remote connection.
  3. i cant kill the connection i Tried it. just says access denied or cant do it. and on when i go to system properties and go to remote i only see the top there no bottom. there no way to disconnect it keeps telling me denied like someone blocked me
  4. Can u log off? Disconnect from the internet.
  5. i disconnected from the internet and in safe mode but i couldnt kill the remote user
  6. Run #1 and #2 @ http://www.tomshardware.com/forum/8263-63-simple-free-guide-removing-malware
    Run it so we can be sure that u don't have infected system, and than we will remove him later.
  7. i Ran all the programs u told me to do i installed them and it came up clean. no malware
  8. also it says im not an administrator even though my computer shows i am.
  9. Can u run Belarc Advisor - Free Personal PC Audit?

    It will show what everything is installed and what is the state of security of your system. Post it.

    http://www.belarc.com/free_download.html
  10. ok im downloading it will let you know result
  11. Check if there is any program that's not yours, by the install date.
  12. System Security Status Security Benchmark Score


    1.88 of 10 (details...)

    Virus Protection Up-to-date


    Microsoft Security Updates 9 missing

    --------------------------------------------------------------------------------

    Computer Profile Summary
    Computer Name: xxxx-PC (in WORKGROUP)
    Profile Date: Thursday, October 13, 2011 7:48:49 PM
    Advisor Version: 8.2f
    Windows Logon: xxxx


    Plan for your next computer refresh...
    click for Belarc's System Management products

    Operating System new – server roles System Model
    Windows Vista Home Premium Service Pack 1 (build 6001)
    Install Language: English (United States)
    System Locale: English (United States)
    Installed: 10/10/2011 9:46:06 PM Hewlett-Packard HP G60 Notebook PC F.35
    System Serial Number: 2CE9101XFJ
    Enclosure Type: Notebook
    Processor a Main Circuit Board b
    2.00 gigahertz AMD Athlon Dual-Core QL-62
    64 kilobyte primary memory cache
    1024 kilobyte secondary memory cache
    64-bit ready
    Multi-core (2 total)
    Not hyper-threaded Board: Wistron 303C 08.49
    Bus Clock: 133 megahertz
    BIOS: Hewlett-Packard F.35 02/17/2009
    new USB Storage Use in past 30 Days (mouse over last used for details) new Hosted Virtual Machines (mouse over name for details)
    Last Used
    Generic- Multi-Card, s/n 20071114173400000, rev 1.00 10/10/2011 9:47:08 PM*


    * Possibly used again before the reboot following this time. None discovered
    Drives new – drive encryption Memory Modules c,d
    250.06 Gigabytes Usable Hard Drive Capacity
    197.28 Gigabytes Hard Drive Free Space

    Optiarc DVD RW AD-7580S ATA Device [Optical drive]

    SAMSUNG HM251JI [Hard drive] (250.06 GB) -- drive 0, s/n S1BVJD9S209159, rev 2SS00_03, SMART Status: Healthy 2814 Megabytes Usable Installed Memory

    Slot 'S1' has 2048 MB
    Slot 'S2' has 1024 MB
    Local Drive Volumes new – volume encryption

    c: (NTFS on drive 0) * 238.37 GB 195.38 GB free
    d: (NTFS on drive 0) 11.68 GB 1.90 GB free


    * Operating System is installed on c:

    Network Drives
    None discovered
    Users (mouse over user name for details) Printers
    local user accounts last logon
    Timothy 10/13/2011 6:17:50 PM (admin)
    local system accounts
    Administrator 10/10/2011 9:59:56 PM (admin)
    Guest never


    Marks a disabled account; Marks a locked account Microsoft XPS Document Writer on XPSPort:
    Send To Microsoft OneNote Driver on Send To Microsoft OneNote Port:

    Controllers Display
    ATA Channel 0 [Controller] (2x)
    ATA Channel 1 [Controller] (2x)
    Standard Dual Channel PCI IDE Controller (2x) LogMeIn Mirror Driver [Display adapter]
    NVIDIA GeForce 8200M G [Display adapter]
    Generic PnP Monitor (15.9"vis)
    Bus Adapters Multimedia
    Microsoft iSCSI Initiator
    Standard Enhanced PCI to USB Host Controller (2x)
    Standard OpenHCD USB Host Controller (2x) Conexant High Definition SmartAudio 221
    NVIDIA HDMI Audio
    Virus Protection [Back to Top] Group Policies
    AVG Internet Security 2012
    None discovered
    Communications new – connection speed & status Other Devices
    HDAUDIO Soft Data Fax Modem with SmartCP


    ↑ Atheros AR5007 802.11b/g WiFi Adapter
    primary Auto IP Address: 192.168.1.4 / 24
    Gateway: 192.168.1.1
    Dhcp Server: 192.168.1.1
    Physical Address: 00:24:2B:C8:13:45
    Connection Speed: 54 Mbps
    Microsoft ISATAP Adapter
    ↓ NVIDIA nForce 10/100/1000 Mbps Networking Controller
    Status: Cable unplugged
    Dhcp Server: none responded
    Physical Address: 00:1F:16:71:CA:A2
    Teredo Tunneling Pseudo-Interface

    Networking Dns Server: 192.168.1.1
    Microsoft AC Adapter
    Microsoft ACPI-Compliant Control Method Battery
    HP Webcam-101
    Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
    Synaptics PS/2 Port TouchPad [Mouse]
    Realtek USB 2.0 Card Reader
    USB Composite Device
    USB Root Hub (4x)
    Generic volume shadow copy

    See your entire network map...
    click for Belarc's System Management products

    Network Map (mouse over IP address for physical address) [Back to Top]
    IP Device Type Device Details Device Roles
    192.168.1.1 Router Netgear DHCP Server, Gateway, Domain Name Server, Web Server
    192.168.1.2 System Apple
    192.168.1.4 Windows Vista Workstation Timothy-pc (in WORKGROUP) Web Server, Browse Master
    192.168.1.45 Physical Address 7C:ED:8D:99:B9:12


    Find your security vulnerabilities...
    click for Belarc's System Management products

    Missing Microsoft Security Hotfixes [Back to Top]
    These required security hotfixes were not found installed (using the 10/11/2011 Microsoft Security Bulletin Summary with definitions version 2011.10.12.4). Note: Security benchmarks require that Critical and Important severity security hotfixes must be installed.
    Q936960 - Important (details...)
    Q950130 - Critical (details...)
    Q951550 - Important (details...)
    Q954038 - Important (details...)
    Q2512827 - Critical (details...)
    Q2538242 - Important (details...)
    Q2538243 - Important (details...)
    Q2565063 - Important (details...)
    Q2617986 - Critical (details...)

    Hotfixes from Windows Update (agent version 7.4.7600.226) install automatically. Last install: 10/13/2011 2:03:08 PM, download: 10/13/2011 4:49:06 PM, check: 10/13/2011 1:25:42 PM.

    Manage all your software licenses...
    click for Belarc's System Management products

    Software Licenses [Back to Top]

    Avg - IDS 7JNN9FY3ZUSQGMHF27AS
    Belarc - Advisor 124ddbbd
    Cyberlink - PowerStarter CDS080612-02
    Cyberlink - PowerStarter CDS080612-03
    Cyberlink - QuickPlay HQP080710-01
    Cyberlink - QuickPlay MV49742189549015
    Hewlett-Packard - System Properties 2CE9101XFJ
    Microsoft - Internet Explorer 89578-OEM-7332157-00061 (Key: 2R6WF-KYF88-27HYQ-XTKW2-WQD8Q)e
    Microsoft - PowerShell 89383-100-0001260-04309
    Microsoft - Windows Vista Home Premium 89578-OEM-7332157-00061 (Key: 2R6WF-KYF88-27HYQ-XTKW2-WQD8Q)e
    Microsoft - Works 91697-OEM-0400003-00000
    Microsoft - Works 9.0 91697-OEM-0400003-00000 (Key: TM66R-2Q86K-HXPBD-CQ9TR-9WTQY)e


    Find unused software and reduce licensing costs...
    click for Belarc's System Management products

    Software Versions & Usage (mouse over i for details, click i for location) [Back to Top]
    i 2007 Microsoft Office system Version 12.0.4518.1014
    i Acrobat.com
    ı i Adobe Acrobat Version 9.0.0.2008061200
    i Adobe AIR 1.0.1 Version 1.0.1
    i Adobe Reader Version 9.0.0.2008061200
    i Adobe Systems, Inc. - Shockwave Flash Version 10,3,183,5
    i Adobe Systems, Inc. - Shockwave Flash Version 11,0,1,152
    i Adobe Systems, Inc. - Shockwave for Director Version 11.0
    i Adobe Systems, Inc. - Shockwave Version 11.0
    i Agatha Christie - Death on the Nile Version 1.1.0.22
    ı i Application STServices Version 1, 0, 0, 12
    ı i AVG Internet Security Version 12.0.0.1829
    ı i Belarc, Inc. - Advisor Version 8.2f
    i BVRP - NetWaiting Version 2.5.46
    ı i Conexant Systems, Inc. - SoftK56 Modem Driver Version 1.00.15.00
    i CyberLink - DZM Version 2.00.0222
    i CyberLink - PowerStarter Version 6.00.2203
    i CyberLink Corp. - HP DVDPlay Version 3.7.0.5723
    ı i CyberLink Corp. - HP QuickPlay Version 3.7.0.5723
    i CyberLink Corp. - LabelPrint Version 2.5.0.0926
    ı i CyberLink Corp. - MUI StartMenu Application Version 1.00.0924
    i CyberLink Corp. - Power2Go Version 6.0.0.2202
    i CyberLink Corp. - PowerDirector Version 7.00.2201
    ı i CyberLink Corp. - StartMen Application Version 1.00.1224
    i CyberLink YouCam Version 2.00.1616
    ı i Google Chrome Version 14.0.835.202
    ı i Google Update Version 1.2.183.21
    i Google Updater Version 2.4.1441.4352.beta
    i Hewlett-Packard - HP Battery Check Version 3.1.9.1
    ı i Hewlett-Packard - HP Health Check Scheduler Version 3.1.9.1
    ı i Hewlett-Packard - HP Health Check Service Version 3.1.9.1
    i Hewlett-Packard - HP Health Check Version 3.1.9.1
    i Hewlett-Packard - HP Software Update Client Version 4, 0, 10, 1
    i Hewlett-Packard - HP System Information Version 3.1.9.1
    ı i Hewlett-Packard - HP Total Care Advisor Version 2.4.4941.2798
    i Hewlett-Packard - HPHS Launcher Version 2.1.1.0
    ı i Hewlett-Packard - hpwuSchd Application Version 80, 1, 0, 0
    ı i Hewlett-Packard Company - HPTCS Version 1.1.1963.2799
    ı i Hewlett-Packard Development Company, L.P. - HP Quick Launch Buttons Version 6, 4, 8, 2
    ı i Hewlett-Packard Development Company, L.P. - HP Quick Launch Buttons Version 6.4.4.2
    ı i Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Version 3, 0, 9, 1
    ı i Hewlett-Packard Development Company, L.P. - hpqwmiex Module Version 2, 00, 2, 5
    ı i HideMyIpSRV.exe Version 2.1.0.5
    i Juno Dial-up
    i Macrovision Corporation - InstallShield (R) Version 10.50
    ı i Malwarebytes' Anti-Malware Version 1.51.1118 ı i Microsoft (R) Windows Script Host Version 5.7.0.6000
    i Microsoft Clip Organizer Version 12.0.4518.1014
    i Microsoft Corporation - digital locker assistant Version 1.6.5
    ı i Microsoft Corporation - Internet Explorer Version 7.00.6000.16386
    i Microsoft Corporation - Office Diagnostics Service Version 12.0.4518.1014
    i Microsoft Corporation - Office Diagnostics Version 12.0.4518.1014
    i Microsoft Corporation - Office Source Engine Version 12.0.4518.1014
    ı i Microsoft Corporation - Windows Defender Version 1.1.1600.0
    ı i Microsoft Corporation - Windows Installer - Unicode Version 4.0.6000.16386
    i Microsoft Corporation - Windows Version 1.0.0.1
    i Microsoft Office OneNote Version 12.0.4518.1014
    i Microsoft Office Picture Manager Version 12.0.4518.1014
    i Microsoft Open XML Converter Version 12.0.4518.1014
    i Microsoft® .NET Framework Version 2.0.50727.3053
    i Microsoft® .NET Framework Version 3.0.4506.648
    i Microsoft® .NET Framework Version 4.0.31106.0
    ı i Microsoft® Windows® Operating System Version 11.0.6001.7010
    i Microsoft® Works 9 Version 9.07.0613.0
    i muveeReveal Version 7.0
    i Netzero Dial-up
    ı i NirSoft - IPNetInfo Version 1.37
    ı i NVIDIA Driver Helper Service, Version 176.14 Version 7.15.11.7614
    i Piriform Ltd - CCleaner Version 3, 11, 0, 1550
    i Quick Tour
    ı i RichVideo Module Version 2.0.3027
    i Safer Networking Limited - Secure Shredder Version 1.9.0.0
    i Safer Networking Limited - Spybot - Search & Destroy Version 1, 5, 2, 0
    ı i Safer Networking Limited - Spybot - Search & Destroy Version 1, 6, 0, 30
    i Safer Networking Limited - SpyBot-S&D Version 1, 6, 2, 0
    ı i Safer Networking Ltd. - Spybot - Search & Destroy Version 1, 6, 0, 0
    ı i Snapfish Media Detector Version 1, 7, 0, 7
    i Snapfish Picture Mover - Move Photos in a Snap!
    i SoftThinks - Application CD Creator Version 7, 0, 91, 54
    i SoftThinks - Recovery Manager Version 7, 0, 91, 5
    i Sun Microsystems, Inc. - Java(TM) Platform SE 6 U7 Version 6.0.70.6
    ı i Synaptics Pointing Device Driver Version 11.1.3 17Apr08
    ı i TeamViewer Version 6.0
    ı i ToolbarU Application Version 8, 0, 0, 34
    ı i VProtect Application Version 8, 0, 0, 34
    i WildTangent, Inc. - GameConsole Version 1.0.0.1
    i WizLink Application Version 1, 0, 0, 1
    ı i www.hidemyip.com - Hide My IP Version 5.3.0.17648
    ı i Yahoo! AutoUpdater Version 1.0.0.53
    i Yahoo! Inc. - Y! BrowserPlus Version 2.9.8.0
    ı i Yahoo! Messenger Version 11,0,0,2014
    ı i {StringFileInfo_CompanyName} - {StringFileInfo_ProductName} Version 1.0.0.17700


    Audit your security posture...
    click for Belarc's System Management products

    Installed Microsoft Hotfixes [Back to Top]
    Compatibility Pack for the 2007 Office system
    KB934528 on 10/22/2008 (details...)
    MSXML4SP2
    KB954430 on 10/12/2011 (details...)
    KB973688 on 10/12/2011 (details...)
    Office Home and Student 2007
    KB934528 on 10/22/2008 (details...)
    Office PowerPoint Viewer 2007 (English)
    KB934528 on 10/22/2008 (details...)
    Windows Vista
    KB935509 on 1/20/2008 (details...)
    ......

    Click here to see all available Microsoft security hotfixes for this computer.

    Marks a security hotfix (using the 10/11/2011 Microsoft Security Bulletin Summary)
    Marks a security hotFix that fails verification (a security vulnerability)
    Marks a hotfix that verifies correctly
    Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)
    Unmarked hotfixes lack the data to allow verification


    --------------------------------------------------------------------------------
    a. Processor clock speed is measured at computer start-up, and on laptops may be impacted by power option settings.
    b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
    c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
    d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
    e. This is the manufacturer's factory installed product key rather than yours. You can change it to your product key here http://go.microsoft.com/fwlink/?LinkId=45668 for Windows, or here http://support.microsoft.com/?kbid=895456 for Office.
    Copyright 2000-11, Belarc, Inc. All rights reserved.
    Legal notice. U.S. Patents 5665951, 6085229 and Patents pending.
    --------------------------------------------------------------------------------
  13. it shows administrative account has been disabled as well as guest
  14. meigshigh08, do u have a original install disc? Or back up image?
  15. No I dont have one
  16. said system error 5 has occurred access is denied
  17. I did it this is what it says on cmd


    C:\Users\xxxxxxx>net user administratnet user administrator /active:yes
    The syntax of this command is:

    NET USER
    [username [password | *] [options]] [/DOMAIN]
    username {password | *} /ADD [options] [/DOMAIN]
    username [/DELETE] [/DOMAIN]
    username [/TIMES:{times | ALL}]
  18. Can u use LiveCD to reset the password?
  19. Do u have a USB stick?
  20. live cd???
  21. KNOPPIX® can be used to reset log in password.


    http://www.knopper.net/knoppix/index-en.html
  22. where do i go on there? there is so many of them and files
  23. im reading it but have no cd or usb. would have to get to walmart. cd-rw the cd i want?
  24. Get 5pack CD-r, that will do. But find cheap USB pen drive and u can reuse that one.
  25. ok so i cant go any farther until i do that?
  26. so i would need windows install disc before he locks me out for good? and where can i get one ? im not under warranty anymore been two years
  27. meigshigh08 said:
    so i would need windows install disc before he locks me out for good? and where can i get one ? im not under warranty anymore been two years

    No, what if he locks u out? U don't have any install disc anymore, so what u gonna do?

    If he sets the password on the start up, and u don't know it, what than.

    Anyway, u should re-install, u have some oldies there : )
  28. yea. he cant do nothing if this computer is shut down right? i tried to do some methods of catching it but there no ip address nor ways of stopping it. can you shut anyone down or hack into computer from miles and miles and miles away? or do you gotta be close?
  29. It doesn't matter how far away are u.
  30. What I was wondering, what if u would install a firewall and not let anything in unless u know what it is.
    Download,disconnect from the net physically and install, restart ... Not to let it connect again. If it will let u install at all : )

    http://personalfirewall.comodo.com/free-download.html?key6subkey1=&key6subkey2=CH1608990&key6subkey3=7&key6subkey4=en-us&key6subkey5=US&key6subkey6=1&key6subkey7=personalfirewall.comodo.com%2F&key6subkey8=1101&key6subkey9=19201080&key6subkey10=true
  31. meigshigh08 said:
    yea. he cant do nothing if this computer is shut down right? i tried to do some methods of catching it but there no ip address nor ways of stopping it. can you shut anyone down or hack into computer from miles and miles and miles away? or do you gotta be close?

    Hey, did u got it solved?
Ask a new question

Read More

Security Remote Access Task Manager Hacked Windows Vista Product