Sign in with
Sign up | Sign in
Your question

How to trace a hacker?

Last response: in Networking
Share
December 17, 2010 1:36:53 PM

I suspect, or rather I'm pretty sure, that someone controls my computer. I need to find out who's doing that, somehow find him/her. Because I'm unfamiliar with this topic at all, I try to find someone experienced, who would be able to help me with this. I'd be very grateful for any progress, becoming really hopeless..

Besides I would like to say that I can learn new things pretty well and if someone capable is willing to help, I believe that you will not be bothered with idiocy too much.

I can't speak english very well and also I wrote to some other forums with this topic so I apologise if I would have bad respond time. Now I'll explain closely my suspicion to make it clearer that I'm not hunting for the fiction. Quite a lot of weird things happed on my pcs, so I don't mention everything. Fact that all just CAN be interpreted as a coincidence makes me crazy, but there is so much incidents.... So for example:
1. One time my computer was spontaneously rebooting several times a day. Without apparent reason it stopped itself again.
2. I was looking for a job in one town and every time I opened any offer (from many different sites) in that place (specially only that place), the browser crashed. Other sites worked fine.
3. While communicating through ICQ it often switches to different language on keyboard, so I can't write correctly. It happens mostly when talking to one person and at times when it's somehow sharpened between us. This never happened to me before and I use icq for cca 10 years..
4. One day the computer failed to start. I decreased overclocking, which ran steadily before, and it worked again. Later I had to decrease it again to get even boot to windows. More later I could set almost equal frequency like I had before problems. Its weird to me..
5. Once I played the game and every time I made a mistake of inattention (like missed the turn onto the road or died), the game crashed. It was happening many times consecutively, so I had to stop play. And again, it works fine now without apparent reason.
etc....I had also many other problems. I'll describe them later if necessary.

I installed a new OS, but these anomalies was still there. And it happend on my both pcs:
1. board asus a7n8x-x, amd athlonXP 2500+, radeon 9800, seagate hdd, os XP, antivir NOD32, firewall netlimiter2
2. DFI NF4 Infinity, amd opteron 144, radeon hd4850, 2x hdd seagate, hdd samsung, os XP + 7, antivir and firewall in XP like above and in 7 Kaspersky.
My home network consists of adsl router and switch.

I tried to use Wireshark and I didnt find anything (but Im not very experienced with this program), there is log file, maybe somebody can say more:
http://rapidshare.com/files/432802713/20101124.pcap
It was captured after I exited all apps which makes connections, these remains in win7 network monitoring:
  • SYSTEM
  • schvost.exe (NetworkService)
  • schvost.exe (netsvcs)
  • schvost.exe (LocalServicePeerNet)
  • schvost.exe (LocalServiceNetworkRestricted)
  • schvost.exe (LocalServiceAndNoImpresonation)
    Wireshark still gives me some new connection entries every second and network traffic is continually somewhere 5kb/s.

    Also I tried scan with antiviruses. NOD32 found some infiltrations, but only in files that I have in my pc for many years and it didnt do any problems before. I checked them all and there wasnt nothing unknown. Problems didnt stop after cleaning these files.
    Files which were marked as threats by Kaspersky are:
  • POPCAPGAME1.exe - from game Plants vs. zombies
  • PRIME95.exe
  • GF35ZIKM.bat - from GMER (Rootkit Detector and Remover)
  • MSSETUPEX.exe - marked as "PDM.DNS Query", dont know origin, root is "H:\USERS\PETR\APPDATA\LOCAL\TEMP\{DEC6A2B0-7D45-42B2-AC8E-2CE0DB41424D}\"
  • MSSETUPEX.exe - marked as "PDM.Invader (loader)", root is same as above
  • WDICT32.exe - from PC Translator
    With Kaspersky is performed "Full scan" at first and deleted suspicious files. After that it says "Your computer security is at risk. Detected legal software that can be used by criminals for damaging your computer or personal data", so with pushing button "Fix it now" antivirus disable programs to be executed (it looked like this). In a few moments Kaspersky restarts pc without any warning. Then Kaspersky says that some postprocess is needed, so I performed it, but threats are still there. Now antivirus again says that "Full scan" is needed and that there is still mentioned "security risk".

    Naturally I asked myself who could do this, for what reason.. and everything fits me to one person who is capable to do ANYTHING. I dont want write out about her motives now. Its obvious that nobody would do this to random stranger.
  • More about : trace hacker

    December 17, 2010 8:36:08 PM

    Just rebuild your computer and start over.
    December 17, 2010 9:00:32 PM

    that wont help me. If I've been hacked in a way which describes this topic:
    http://www.hackthissite.org/forums/viewtopic.php?f=37&t=6178&sid=b12a4ce3a4f72180989c21c52b2c5c08
    this hacker without any doubt would infiltrate even my new computer. And I didnt mention that I have hacked even my mobile phone, and there are secret agents around me in real world and they all (even normal people) pretend they dont know me, but I know they do.... Should I continue with spilling my heart? :sol: 
    Related resources
    December 18, 2010 1:35:14 AM

    First of all, if there is a hacker you probably won't find him unless he sucks at what he does. The connection will jump through multiple addresses before actually reaching the hacker himself.

    Secondly, viruses cannot survive a format+reinstall unless the virus is actually on the installation media. Therefore. if you have that much crap on your PC, then first thing to do would be to simply reformat and reinstall OS. Once done, do not execute or reinstall any of your old software, just do a Windows Update, install at least Microsoft Security Essentials (version 2 just out BTW) and do a full system scan. You might find infected files, but they should all be on other drives that you OS drive. Moreover that doesn't mean your PC is infected again; those file might contain the virus, it doesn't mean they were activated.

    Third and not least, hacking a PC without the operator's "help" (having him execute a malicious program to open a door) is not that easy and close to impossible if the remote PC is behind a router (which I hope you are). Therefore, make sure you know what you are really installing on your PC when you do.
    December 18, 2010 2:18:39 AM

    Quote:
    Actually its not. Backdoors disguise themselves as legal processes. The theres RATS and cryphters
    I meant a real "cold hack", without any malicious code having to be executed by the operator on the target PC (which includes backdoors). To do that you need the PC to be reachable (complication #1 if behind a router), then have a idea of the services that are running (preferably with version), find known flaws in those services, design an exploit of those flaws and possibly a payload to open a wider door into the system. All that can be done without anyone having to actually touch the target PC, I've done it (part of a security class I took).

    Once compromised even by a simple backdoor (opened by a cold hack or a software the operator thought legitimate), then everything becomes easy I agree.
    December 18, 2010 4:01:51 AM

    if you've got "secret agents" around you as in they're investigating you, then your computer should be the least of your worries.
    December 19, 2010 12:29:15 PM

    That is why I always suggest using a router, even a cheap one. The NAT/firewall makes direct access to the PC "impossible".
    !