Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Finally back!

16 Apr 2010   #1
DreemWarrior

Windows 7 ultimate X64
 
 
Finally back!

Hey everybody!
Wow, it's only been a week since my network was intruded upon, and I havent been in here-or elsewere for that matter-since then.
It feels like much longer!. Anyway, I utilized that time to learn all I could about networking and network security.(havent even scratched the surface, I know) BUt suffice it to say I remedied the situation and dont think that will be an issue( of that magnatude) again. I just wanted to thank all those who shared and helped me with it. I missed you guys*sniff*
You know, I didnt realize just how many PW I would have to change due to all this. What a PITA!( I never use the same one twice)
Oh, well. Alls well that ends well.
My System SpecsSystem Spec
16 Apr 2010   #2
Brink

64-bit Windows 10 Pro
 
 

Welcome back Joey.

I sure hope that you will not have any more security breaches again.
My System SpecsSystem Spec
16 Apr 2010   #3
DreemWarrior

Windows 7 ultimate X64
 
 

Quote   Quote: Originally Posted by Brink View Post
Welcome back Joey.

I sure hope that you will not have any more security breaches again.
Thanks Shawn. You and I both. I never thought networking/commands could be so...interesting. I think I'll be doing most of my work on systems VIA cmd prompt from now on!
My System SpecsSystem Spec
.

16 Apr 2010   #4
zzz2496

Windows7 Ultimate 64bit
 
 

Wow, I read your other thread, what happened? Care to share?

zzz2496
My System SpecsSystem Spec
16 Apr 2010   #5
DreemWarrior

Windows 7 ultimate X64
 
 

Quote   Quote: Originally Posted by zzz2496 View Post
Wow, I read your other thread, what happened? Care to share?

zzz2496
Well, if you read the other thread, you know my network/rig was compromised. It seems someone got in and used windows power shell to run remote commands to copy files and modify windows environment, ect. Even tried rewriting/editing event logs to mask their presence. I was one big proxy server apparently. I stumbled upon part of a script which just happened to have a partial IP along with a computer name(theirs) which after MUCh studying and trial and error (cmd line utilities)I managed to remedy the situation.
And would you believe that somehow in the proccess, it seems THEIR computer admin PW got changed, and the puter remotely shut down? Not sure how that happened
Thats the Cliffs notes version anyway. It took many hrs and plenty of foul language, though...
My System SpecsSystem Spec
16 Apr 2010   #6
zzz2496

Windows7 Ultimate 64bit
 
 

Quote   Quote: Originally Posted by DreemWarrior View Post
Quote   Quote: Originally Posted by zzz2496 View Post
Wow, I read your other thread, what happened? Care to share?

zzz2496
Well, if you read the other thread, you know my network/rig was compromised. It seems someone got in and used windows power shell to run remote commands to copy files and modify windows environment, ect. Even tried rewriting/editing event logs to mask their presence. I was one big proxy server apparently. I stumbled upon part of a script which just happened to have a partial IP along with a computer name(theirs) which after MUCh studying and trial and error (cmd line utilities)I managed to remedy the situation.
And would you believe that somehow in the proccess, it seems THEIR computer admin PW got changed, and the puter remotely shut down? Not sure how that happened
Thats the Cliffs notes version anyway. It took many hrs and plenty of foul language, though...
Whew, one hell of a ride, huh? Glad you made it through...

I'm curious, how did the "hacker" get into your network? Did you not have a firewall in place (some box that stands between your network and the internet)?

zzz2496
My System SpecsSystem Spec
16 Apr 2010   #7
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by DreemWarrior View Post
Hey everybody!
Wow, it's only been a week since my network was intruded upon, and I havent been in here-or elsewere for that matter-since then.
It feels like much longer!. Anyway, I utilized that time to learn all I could about networking and network security.(havent even scratched the surface, I know) BUt suffice it to say I remedied the situation and dont think that will be an issue( of that magnatude) again. I just wanted to thank all those who shared and helped me with it. I missed you guys*sniff*
You know, I didnt realize just how many PW I would have to change due to all this. What a PITA!( I never use the same one twice)
Oh, well. Alls well that ends well.
Glad you are back and that all is finally well. That is a real bummer that you had to go through this.
My System SpecsSystem Spec
17 Apr 2010   #8
DreemWarrior

Windows 7 ultimate X64
 
 

Quote:
I'm curious, how did the "hacker" get into your network? Did you not have a firewall in place (some box that stands between your network and the internet)?
I was using windows native firewall, as well as the routers firewall, as well as WPA personal for wireless.(WPA2 maybe?)
I honestly believe the script originated from a website maybe. But it initiated a RDC (Remote Desktop Connection) Or thats my hypothesis at any rate. And I did find key/mouse drivers replaced with .sys file extentions. As I said, I dont know that much about the process other than what I learned on the fly. One thing still concerns me though. And it may be purely unrelated. But my desktop display doesnt quite fill my monitor(wide screen). Its lacking like 3/8" from fill, and nothing I've tried helps. Almost like an image of the desktop in the screen. Any guesses on that one?

Sounds like this thread to me...
Very similar to this thread...https://www.sevenforums.com/network-sharing/20284-login-rdp-without-bumping-current-session.html
I wonder how one would scan for something that for the most part ISNT unnatural programs/processes??
My System SpecsSystem Spec
17 Apr 2010   #9
zzz2496

Windows7 Ultimate 64bit
 
 

Quote   Quote: Originally Posted by DreemWarrior View Post
Quote:
I'm curious, how did the "hacker" get into your network? Did you not have a firewall in place (some box that stands between your network and the internet)?
I was using windows native firewall, as well as the routers firewall, as well as WPA personal for wireless.(WPA2 maybe?)
I honestly believe the script originated from a website maybe. But it initiated a RDC (Remote Desktop Connection) Or thats my hypothesis at any rate. And I did find key/mouse drivers replaced with .sys file extentions. As I said, I dont know that much about the process other than what I learned on the fly. One thing still concerns me though. And it may be purely unrelated. But my desktop display doesnt quite fill my monitor(wide screen). Its lacking like 3/8" from fill, and nothing I've tried helps. Almost like an image of the desktop in the screen. Any guesses on that one?

Sounds like this thread to me...
Very similar to this thread...https://www.sevenforums.com/network-sharing/20284-login-rdp-without-bumping-current-session.html
I wonder how one would scan for something that for the most part ISNT unnatural programs/processes??
Did you put your computer in the DMZ zone? I'm curious as this experience can benefit us all, to protect self from being hacked...

I personally NEVER USE DMZ, and every incoming/outgoing traffic is always logged by my router, and it has it's own traffic log/bandwidth usage log, so whenever I feel the network being slow or if I smell something fishy, I can always review the logs/bandwidth monitor in my router.

zzz2496
My System SpecsSystem Spec
17 Apr 2010   #10
DreemWarrior

Windows 7 ultimate X64
 
 

Quote:
Did you put your computer in the DMZ zone? I'm curious as this experience can benefit us all, to protect self from being hacked...

I personally NEVER USE DMZ, and every incoming/outgoing traffic is always logged by my router, and it has it's own traffic log/bandwidth usage log, so whenever I feel the network being slow or if I smell something fishy, I can always review the logs/bandwidth monitor in my router.
Is that what I did? lol I suppose so. So how do I go about SAFELY networking my home office? Or is that an oxymoron?
BTW I just had a peek at your tutorial.Looks WELL informed. I guess I'll curb any further questions until after I study that. I know I need to get rid/uninstall a LOT of network adapters that pose a potential weak link. And yes, I am logging everthing with router as well.
I already put out the bait by being in DMZ I guess!
My System SpecsSystem Spec
Reply

Thread Tools


Similar help and support threads
Thread Forum
Ah yes I finally got the call ! I had to choke back the laughter......
In my best Indian (dot not feather) accent. My home office number rings: Hello……..hello I’m calling from Microsoft OS support and we have reports that your computer is sending many error reports and virus detection's. We see they've reached maximum levels and could cause a crash down. If left...
Chillout Room
Finally here.
Every time I get a part, why is it it`s the last delivery of the day ? LOL :D
Chillout Room
Finally!
Finally, guys, finally! I got my hand on a brand-new Windows 7 Home Premium! It's a full version, too. I really have to thank my dad because otherwise I wouldn't be proceeding to backup everything today! http://i28.photobucket.com/albums/c210/lebon14/DSCF0727.jpg But, I'll be keeping Vista...
General Discussion
Finally back at my job, After 28 months on disability
I don't recall if I had previously posted that I received a liver transplant last October. It saved my life, I would be dead now if someone had not donated a liver to me. Anyway, I'm recovered almost completely and yesterday I started back at my old job as a Network Engineer/Analyst at a company...
Chillout Room
Hi, how many of you have finally done it?
Hi all, this is my first post on the forum, but i've been reading with interest for some time befoere jumping in! I'm ready to do a clean install, so i'd like to ask, So, how many people on here are running Windows 7 Beta as their main OS now? Do you have Vista installed as a backup,...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:33.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App