Re: Vista Hacked

To add insult, many of the law enforcement agencies either don't care about
this problem, or don't have the knowledge to deal with it.
If kiddie p is involved, they do get more interested, however the methods
used may be quite disruptive to your business.

"Charlie Tame" <charlie@xxxxxxxxx> wrote in message
S.Quickness@xxxxxxxxx wrote:
Internet Explore and Windows Host Process Server on my computer are
attempting to connect multiple times a day (20 or more) to numerous ip addresses across a wide viriety of ports in the 45000's.
I have been unable to close the processes. The Internet Explorer
process has been running as a seperate program that I am unable to see
and uses 45,000k of ram. It is also not possible for me to shut the
program down. I have nine svchost.exe (windows host process services)
running which are also attempting to communicate with
These events are of great concern to me as I work for a financial firm
and keep large amounts of proprietary knowledge on my computer. Can
anyone help me determine if in fact I was hacked? If I was hacked, I
am not looking to have this issue repaired, I want evidence to take to
the police so that I do not need to deal with these hassles again.

In the other thread you say the computer was recently "Hacked" and you had
it reformatted. This implies you did not reinstall Vista yourself so who
did? Did they investigate at all or just do as you asked and reinstall? In
other words what confirmation do you have that the original install was
actually hacked?

On my machine there are currently 12 instances of scvhost running and on
explorer.exe that cannot be shut down because it is the desktop. Internet
Explorer is IExplore.exe not explorer.exe.

Often when legitimate processes try to communicate and are blocked they
will repeatedly try again and sometimes use a different port. The fact
that your new "Firewall" is blocking things might in fact be making things
look worse than they are. Software firewalls are sometimes useful but that
depends on what you do with them, they can also be considered "Snake Oil".

Probably the best solution for a firewall is to use a router, even if you
only have a single machine.

You can use this utility

or go start>run?type in cmd and hit enter.
In the window type netstat -af [enter]

Either should show active connections, many of which will be your machine
talking (or at least listening) to itself.

The utility offered at the technet site is somewhat the better one.

If you have Google toolbar or update manager installed then random
connections to google will happen, otherwise I am not sure what the
connection would be between google and some alleged hacker. Can you list
what security / antivirus / antispyware / search software you have
installed if any? I may not be able to get back here before tomorrow but
that information may help someone get a better idea of what is going on.

Getting proof of this type of thing can be difficult, it is one thing to
prove that an IP address did something, quite another to establish who was
using the machine at that time, so "If" something is happening it is best
to stop the offender getting in rather than have it continue while
investigation takes place.