# Have I been 'hacked'???



## Chosen1985

I know this may sound paranoid guys but i think it's a strange coincidence, there's a guy that lives on my street, he doesn't live there permanently probably on business etc but every single time he is home and i'm talking like about 8 occasions now my computer runs slow i.e in the task manager cpu is between 40 and 50% when i'm not running anything plus the memory usage is about 100 or so MB up too, and also the other day on the firewall status a strange country of origin popped up as soon as i booted up - what seemed like a central asian country it also had N/A for remote address....i didn't even have any browers up and running either.......then after that my router stopped working so i unplugged it and restarted it then it was ok but i decided to do a system restore but it hasn't worked....i've done a virus scan and spyware scan plus rootkit scan but to no avail......i've heard he can do it remotely somehow without my virus scanner and everything else detecting it. lots of people including my family have said it is strange. 

Anyone know what I can do? thanks guys, Gary


----------



## matty6660

Well if you really want to be sure that your pc isn't hacked is to back-up all your files/programs onto an external hard drive, then delete all of your files and uninstall all your programs from your hard disk. Then run a virus scan, and after that transfer all your files/programs back onto your pc from your ext. hard drive. That way you can scan your basic computer without all your files/programs interferring. 

If your computer still runs slow, then try another suggestion from someone else. Hope it helped.


----------



## Concordedly

He would still need more information about your computer. Do you use wireless? It is possible he could have entered your network if you have no passcode or encryption set up. As for the weird Asian address, there are proxy programs one could download to mask their IP, and one of them my friend's father uses allows you to use international IP masking, which would make the most sense. Another thing is to check "netstat" for any incoming/outgoing connections by going to: Start>Run Type in "Cmd" then type netstat and it should provide you a list of all incoming and outgoing connections. Run it while you are not using Internet Explorer or messengers to get a better look. If you aren't running a wireless router/modem gateway, then this seems highly unlikely.

For your processor speed, you can sort by CPU usage in task manager, or find a freeware program that monitors your processor usage in real-time and see what program(s) are using the most resources and investigate them. You may considering upgrading your security software.. I don't know what you are using but I recommend ESET Smart Security if you can afford to pay for it. Run a full system scan in Safe Mode (Not with Networking) and see if your anti-virus picks up anything. Get Malwarebytes and scan that in Safe Mode too. The final step to any security package to to do a full scan with HijackThis! and post your log on here, or on any forum that supports reading HijackThis logs and get an expert to look at it and their opinion on files that are running in your memory.

Hacking probably isn't near as dead as I consider it to be, but there is a lot more these days hackers have to consider before doing it and if this guy is only home now and then, from a psychological standpoint I doubt he's after your files, etc. The way internet connections work, if you're on cable for example we all connect through one node and then it's split out to houses. That doesn't explain processor speed really, but it would explain slower internet times/download times. Maybe this person is doing some heavy internet work i.e downloading programs, music, videos, etc. And that can create some congestion in your speeds too; especially if he is tapping into your network wirelessly.

A final thought, use WPA encryption or WPA2 if your router supports it for your wirless signal. WEP can be cracked using Linux for the most part, though once again it depends on the knowledge of your neighbor. Setting up a WPA2 passcode with 20+ characters; letters, numbers, and symbols.. almost guarantees you not to let your wireless be shared with anyone. 

Let us know,
Tim


----------



## Chosen1985

Hi Concordedly, thank you for your response......very rarely I use my router for wireless...mostly I use an ethernet cable....this is what i got from netstat: 

Active Connections

Proto Local Address             Foreign Address         State
TCP 192.168.1.64:50110      ww-in-f156:http        TIME_WAIT   

So is this normal after i have closed Internet Explorer? I know the TCP destination is my ISP anyway. but I don't have a clue what 'Foreign address' is.
As for my Anti Virus I use Avira and for my firewall I use Online Armor. My router uses a WPA2 encryption and I have a long password to access wireless. I've heard that the guy works with computers so is it possible even with the level of security I have that he's still managed to get in without any evidence or would you say i'm safe to bank online etc? Thanks once again. by the way I forgot to mention I'm on ADSL and not cable.


----------



## Concordedly

If it is WPA2 then it shouldn't be accessible whether or not the guy is good with computers. Even the best crackers estimate it would take something close to 300 years to crack a well designed password ecrypted with WPA2 after a certain length. I read that in an article somewhere, sorry for no source.

I'd recommend checking the devices listed as connected in your router settings. There must be some sort of detection somewhere. If you could post everything netstat says and not just the foreign TCP, that would be helpful. Don't share your external IP address with us, but list everything else. 192.168.1.64 looks like a router assignment not an external IP address. Also, what is your IP address that is assigned to your computer from your router. Probably something like 192.168.1.1 or 192.168.1.12, use cmd and then type in ipconfig to see.


----------



## Chosen1985

Hi Tim thanks for reasuring me about WAP2, my 'default gateway' is 192.168.1.254. and this is what netstat says when i'm running IE.

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    192.168.1.64:49169     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49170     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49171     ww-in-f154:http        TIME_WAIT
  TCP    192.168.1.64:49172     ww-in-f138:http        TIME_WAIT
  TCP    192.168.1.64:49173     ww-in-f138:http        TIME_WAIT
  TCP    192.168.1.64:49174     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49175     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49176     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49179     ww-in-f138:http        TIME_WAIT
  TCP    192.168.1.64:49180     ww-in-f138:http        TIME_WAIT
  TCP    192.168.1.64:49181     ww-in-f154:http        TIME_WAIT
  TCP    192.168.1.64:49182     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49183     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49185     wzvpscp:http           TIME_WAIT
  TCP    192.168.1.64:49186     ww-in-f138:http        TIME_WAIT

C:\Users\Gary>


----------



## tlarkin

Chosen1985 said:


> Hi Tim thanks for reasuring me about WAP2, my 'default gateway' is 192.168.1.254. and this is what netstat says when i'm running IE.
> 
> Active Connections
> 
> Proto  Local Address          Foreign Address        State
> TCP    192.168.1.64:49169     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49170     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49171     ww-in-f154:http        TIME_WAIT
> TCP    192.168.1.64:49172     ww-in-f138:http        TIME_WAIT
> TCP    192.168.1.64:49173     ww-in-f138:http        TIME_WAIT
> TCP    192.168.1.64:49174     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49175     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49176     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49179     ww-in-f138:http        TIME_WAIT
> TCP    192.168.1.64:49180     ww-in-f138:http        TIME_WAIT
> TCP    192.168.1.64:49181     ww-in-f154:http        TIME_WAIT
> TCP    192.168.1.64:49182     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49183     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49185     wzvpscp:http           TIME_WAIT
> TCP    192.168.1.64:49186     ww-in-f138:http        TIME_WAIT
> 
> C:\Users\Gary>



If I recall those ports aren't reserved for anything so you should be able to set them to whatever app.  Are you running any P2P apps or torrent apps?  That is most likely your problem and you probably downloaded malware.  If you are behind a router running NAT and WPA2 I highly doubt anyone is hacking you.


----------



## Concordedly

I agree. I'm thinking malware/spyware. Not a hack.  Download HijackThis and Malware bytes and post your logs. Also run a free scan for viruses here. http://housecall65.trendmicro.com/

Time to clean up and finish this off.


----------



## bomberboysk

Chosen1985 said:


> Hi Concordedly, thank you for your response......very rarely I use my router for wireless...mostly I use an ethernet cable....this is what i got from netstat:
> 
> Active Connections
> 
> Proto Local Address             Foreign Address         State
> TCP 192.168.1.64:50110      ww-in-f156:http        TIME_WAIT
> 
> So is this normal after i have closed Internet Explorer? I know the TCP destination is my ISP anyway. but I don't have a clue what 'Foreign address' is.
> As for my Anti Virus I use Avira and for my firewall I use Online Armor. My router uses a WPA2 encryption and I have a long password to access wireless. I've heard that the guy works with computers so is it possible even with the level of security I have that he's still managed to get in without any evidence or would you say i'm safe to bank online etc? Thanks once again. by the way I forgot to mention I'm on ADSL and not cable.


WPA2 is essentially uncrackable at the moment, WPA and WEP are, but WPA2 isnt.


----------



## tlarkin

bomberboysk said:


> WPA2 is essentially uncrackable at the moment, WPA and WEP are, but WPA2 isnt.



You can still brute force it with dictionary attacks, so if your password is "password" it could be easily cracked.

However, you are correct in the sense that if someone tried to hack the encryption they would be doing it for decades before they got through.


----------



## bomberboysk

tlarkin said:


> You can still brute force it with dictionary attacks, so if your password is "password" it could be easily cracked.
> 
> However, you are correct in the sense that if someone tried to hack the encryption they would be doing it for decades before they got through.


Well, anything can be brute forced eventually...might take 20 years though for complex ones hehe. Which is why random combinations of letters numbers upper and lowercase work well, defeat dictionary attacks. I was referring to the algorithm used cannot be cracked like WEP and whatnot though


----------



## tlarkin

bomberboysk said:


> Well, anything can be brute forced eventually...might take 20 years though for complex ones hehe. Which is why random combinations of letters numbers upper and lowercase work well, defeat dictionary attacks. I was referring to the algorithm used cannot be cracked like WEP and whatnot though



I know what you meant, but I am not sure if everyone else knew, so I just clarified.

AES encryption is not crackable yet, and if you can crack the NSA has a 4 billion dollar prize waiting for you since they want to crack it to listen in on skype calls.

I think it would take a cluster of super computers like 100 years to decrypt AES or something like that...


----------



## bomberboysk

tlarkin said:


> I know what you meant, but I am not sure if everyone else knew, so I just clarified.
> 
> *AES encryption is not crackable yet, and if you can crack the NSA has a 4 billion dollar prize waiting for you since they want to crack it to listen in on skype calls.*
> 
> I think it would take a cluster of super computers like 100 years to decrypt AES or something like that...


I heard about that, if i had the skills id be a billionare hehe.


----------



## Concordedly

Let's not deviate from helping this guy, but good to know


----------



## Chosen1985

Thanks for all your messages guys, but I've now reinstalled my system and the problem whatever it was (still not got a clue lol) has now gone. I've read about WAP2 and yeah there's no chance he or any other person for that matter could get into my PC. So once again thanks guys for your help and if I have anymore problems I'll come back here.


----------



## tlarkin

Chosen1985 said:


> Thanks for all your messages guys, but I've now reinstalled my system and the problem whatever it was (still not got a clue lol) has now gone. I've read about WAP2 and yeah there's no chance he or any other person for that matter could get into my PC. So once again thanks guys for your help and if I have anymore problems I'll come back here.



If your WPA password was something like apple or banana I am sure he could have gotten into your wireless pretty easily if he really tried.


----------



## bomberboysk

That doesnt work with WPA2, brute force is the only way to crack WPA2-PSK.

Second, providing those links are against forum rules.....


----------

