How to trace a hacker?

General technological topics without their own forum go here

Re: How to trace a hacker?

Post by fabianhjr on Thu Oct 28, 2010 6:00 pm
([msg=48272]see Re: How to trace a hacker?[/msg])

kobaltin wrote:I think that I dont have damaged PSU becouse now I have no problems anymore for three weeks. And my BOTH computers acted like crazy, its unlikely that I would have damaged both PSUs. I dont use any voltage converter. When you have 120V from the wall, your PSU must decrease this voltage to 12V or 5V as well. In our place we all have PSUs different from yours, which are made for this higher voltage. No one have problem with this, except me.

sanddbox wrote:THERE IS NO FUCKING HACKER

Thank you.

Can you prove it, please?

Im not any kind of agent you mentioned. I could write about my theory who is doing this and why, but after that you would probably definitely qualify me as crazy.

Hey, just imagine this. If a transformer brings 120 V down to 12 or 5 then it is dividing it by 10 and 24. If you divide 140 or 150 Volts between 24 or 10then you would get 5.8 or 6.25 or 14 or 15 Volts . This could cause the effects you suffered and damage some stuff if it is constant.

If you go to a PD and say: "Someone broke into my computer.(I still believe in the programmer's meaning of hack. :D)". they will tell you:"Prove it.". To do so there are logs and methods to identify if you got malware or broken into; a method is to have another computer monitor bit by bit your suspected computer.

Please, if you got a transformer or PSU don't try to cut costs with it. It ain't that profitable after all...
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: How to trace a hacker?

Post by kobaltin on Sat Oct 30, 2010 5:27 am
([msg=48328]see Re: How to trace a hacker?[/msg])

Finally I have some big news. I ran Kaspersky antivirus and deleted infected files which I wrote about before (I had them on hdd for years). But Kaspersky still said "Your computer cecurity is at risk. Detected legal software that can be used by criminals for damaging your computer or personal data". Next to this message is button "Fix it now", so I pushed that. A moment later my system (win7) started completely messing up, it showed some errors that disappeared so fast that I couldnt read them, all programs were closing and then my pc testarted. After first boot I couldnt run some programs (notepad, total comander), it said something like I dont have access privileges. I pushed "Fix it now" again and same thing happend, pc rebooted. Now I can run all programs so I wont push that button again for a while. Any ideas what to do?
kobaltin
New User
New User
 
Posts: 20
Joined: Fri Oct 22, 2010 10:39 am
Blog: View Blog (0)


Re: How to trace a hacker?

Post by msbachman on Sat Oct 30, 2010 6:54 am
([msg=48331]see Re: How to trace a hacker?[/msg])

kobaltin wrote: But Kaspersky still said "Your computer cecurity is at risk. Detected legal software that can be used by criminals for damaging your computer or personal data".


Curious: do you remember what software that alert was for?

Also did you do anything with the power supply, per everyone's suggestions?
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 685
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: How to trace a hacker?

Post by kobaltin on Sat Nov 13, 2010 4:04 pm
([msg=48859]see Re: How to trace a hacker?[/msg])

Hi everyone, Im back. Please take my apology for time delay, I've had some job obligation and no time for this. I didnt solve anything, but I have interresting informations. Hope you didnt forget me and will help me push on whole thing.

POWER ISSUE
Ok, you pushed me to buy a new PSU. Now Im runnig with Corsair TX650 650W and waiting for something weird to happen. But like I said, any PSU issue didnt happen for last 5 weeks with old PSU so maybe I will be waiting for a very long time. Though I have something unusual: I was playing one song (Horkýže slíže - Baby [Girls]) in Winamp when sound started being snatchy. I checked other songs, but they all ran normally. Sound was snatched only when I played that one particular song. After some time I can play even this particular song without any problems. This time I made a video to prove it:
http://www.uloz.to/6520194/winamp-err-avi

VIRUS ISSUE
Files which were marked as threats by Kaspersky are:
  • POPCAPGAME1.exe - from game Plants vs. zombies
  • PRIME95.exe
  • GF35ZIKM.bat - from GMER (Rootkit Detector and Remover)
  • MSSETUPEX.exe - marked as "PDM.DNS Query", dont know origin, root is "H:\USERS\PETR\APPDATA\LOCAL\TEMP\{DEC6A2B0-7D45-42B2-AC8E-2CE0DB41424D}\"
  • MSSETUPEX.exe - marked as "PDM.Invader (loader)", root is same as above
  • WDICT32.exe - from PC Translator
I tried more with Kaspersky and realized how it works. At first is performed "Full scan" and deleted suspicious files. After that it says mentioned "security risk", so with pushing button "Fix it now" antivirus disable programs to be executed (it looked like this). In a few moments Kaspersky restarts pc without any warning. Then Kaspersky says that some postprocess is needed, so I performed it, but threats are still there. Now antivirus again says that "Full scan" is needed and that there is still "security risk".

THEORY ISSUE
Now more about my theory, couse anyone still dont believe in my opinion. I see thats impossible to convince anybody without any explanation. So I will give one but since it is all about private stuff, i wont go too deep. Person who I suspect is around 30 years old with unpredictably knowledge (intelligent human can learn anything, doctoral degree=sufficient intelligence). Our relationship remained unexplained and at the beginning there was a long blue eyed look.

1. I went to public chat and had a little strange conversation. I had never seen both involved persons before. I began speak to "Blue.eyed". Hope nothing will lost in translation:
Code: Select all
kobaltin: why dont you have your eyes on a photo?
Blue.eyed: though you wouldnt blame me later
kobaltin: for what reason would I do this?
Blue.eyed: though I could bewitch you through glance and you wouldnt like rest of me after that
kobaltin: no way, you can do this through a photo?
Gvoald: she knows much...
kobaltin => Gvoald: really? Like break to someones pc and do here whatever she wants?
Blue.eyed => kobaltin: he overcasts, Im not so handy
kobaltin => Blue.eyed: well, but if you would have a photo with your eyes, there would be everything around them to see, you dont have to hide anything
Blue.eyed => kobaltin: Im not hiding anything, but I dont want to exhibit to everyone, what if Im too secret agent
Isnt it so weird, that some stranger spontaneously says to ME something about secret agents? In addition with "too" word.... For information, Im not saying that she is secret agent or likewise. I only mention, how weird it is saying that, specific to my person.

2. At the beginnig of this topic, I wrote about spontaneous language switching on QIP icq client when talking to one specific person. I dont want to demonstrate these switch situations, but Im showing some behavior of this person. I "made-up" (quotes explained later) some situation and wanted to know her opinion:
Code: Select all
X: but we arent talking about this situation
kobaltin: so, about what situation we talk about?
X: we talk about love, when two people likes each other, not when first is smeghead and second isnt far from this
kobaltin: aha, and who is who?
X: thats the point, Im not sure with this at all
kobaltin: this everything is absurd. What if he is totally fucked up with everything, that he almost doesnt care what she does and she wants to tease him like this at the same time. Thats bullshit and it cant pass
X: thats already his problem, becouse he headed for topic, which I wont discuss
kobaltin: so he will do with this problem whatever he wants and nobody wont talk about it
X: definetely not me
kobaltin: surely
I want to pick up this: "he headed for topic" - whole chat was spoken in third person, but at this place she talks to me using word "he", becouse "I" headed for this topic and she doesnt want to talk with "me". So she identifies me as person "he", who we were talking about in this "made-up" situation.

3. Now more about person "X" from icq: She claims that she cares about me, but doesnt want to see me in real world, never. She believes in everything what I wrote to this topic, but says that she has nothing to do with it and when I start talk about it, its always a big problem for her and she tries to suggest me, that Im obsessed with it. From my opinion, alone fact, that she believes me everything what I said here in this topic, is very extraordinary. Besides I didnt have to try hard to make her believe, she took it as fact almost immediatelly. Her words: "but interesting combination... paranoid and ham actor", or to the question "when will she stop it?" answers "till you kill her perhaps :-D"...

I had many and many situations like this so I cant leave my opinion. I have to trace up that bitch.
(curious how you will qualify me now :geek: )
kobaltin
New User
New User
 
Posts: 20
Joined: Fri Oct 22, 2010 10:39 am
Blog: View Blog (0)


Re: How to trace a hacker?

Post by fabianhjr on Sat Nov 13, 2010 8:45 pm
([msg=48863]see Re: How to trace a hacker?[/msg])

Well, the corsair are really nice PSUs, what we suggested was a peak suppressor, voltage regulator, or NoBreak to be put between the AC Outlet and any electronic equipment.

Nice buy, it will last long and server you good.

Get http://free.antivirus.com/hijackthis/HijackThis
Run it and it should generate a log. Post it here for review.
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: How to trace a hacker?

Post by kobaltin on Sun Nov 14, 2010 4:20 am
([msg=48870]see Re: How to trace a hacker?[/msg])

True, still dont have any protector, will take a look at this.
Log file from HijackThis is at the top of the second page of this topic :)
kobaltin
New User
New User
 
Posts: 20
Joined: Fri Oct 22, 2010 10:39 am
Blog: View Blog (0)


Re: How to trace a hacker?

Post by fabianhjr on Sun Nov 14, 2010 10:19 am
([msg=48873]see Re: How to trace a hacker?[/msg])

Code: Select all
[?] - O4 - HKCU\..\Run: [Infium] "H:\Program Files\QIP 2010\qip.exe" /autorun
[?] - O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
[?] - O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Those are unknown. Rest are considered safe and clean.
QIP looks clean. Please check it's exact size in Bytes.
http://www.runscanner.net/lib/qip.exe.html

MCTAdmin looks clean. Please check it's exact size in Bytes.
http://www.fileinspect.com/fileinfo/mctadmin-exe/

Code: Select all
   It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses. You can look here for a good anti-virus scanner.

   We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.


Also, try having it handy, if the problems come back just run it and post a new logfile.
I declare you clean.(Can anyone with more experience confirm?)
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: How to trace a hacker?

Post by kobaltin on Sun Nov 14, 2010 3:35 pm
([msg=48878]see Re: How to trace a hacker?[/msg])

I dont have exact sizes, but with mctadmin.exe they say "usually" and my qip isnt listed in their database...

Does anybody know how could I determine if some undesired signals are guided through my network cable? I can run Wireshark and monitor my network, but there are so many connections that I cant say what shouldnt be here.
kobaltin
New User
New User
 
Posts: 20
Joined: Fri Oct 22, 2010 10:39 am
Blog: View Blog (0)


Re: How to trace a hacker?

Post by fabianhjr on Sun Nov 14, 2010 3:42 pm
([msg=48880]see Re: How to trace a hacker?[/msg])

When you search for malware this way it is wise to exit any programs that use the network like the borwser, bittorrent, im clients, multiplayer games, servers, etc.

Just leave it running for a while.
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: How to trace a hacker?

Post by kobaltin on Mon Nov 15, 2010 4:42 am
([msg=48901]see Re: How to trace a hacker?[/msg])

When I exit all apps which makes connections, these remains in win7 network monitoring:
  • SYSTEM
  • schvost.exe (NetworkService)
  • schvost.exe (netsvcs)
  • schvost.exe (LocalServicePeerNet)
  • schvost.exe (LocalServiceNetworkRestricted)
  • schvost.exe (LocalServiceAndNoImpresonation)
However wireshark still gives me a new connection entry every second and network traffic is continually somewhere 5kb/s. I cant say what is normal.
kobaltin
New User
New User
 
Posts: 20
Joined: Fri Oct 22, 2010 10:39 am
Blog: View Blog (0)


PreviousNext

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests