Thread: MY PC is hacked... What to do?

Sir, Mam,

I am using the UT300R2U Modem [Data one] and didn't got the Modem driver CD from the Telephone Exchange. So I planned for a network connection and connected to the net as a client. Going through the My network connection, it shows 100 mbps firewalled LAN connection and Intel pro ve 100 network connection[I don't know much about these things]. Some days ago, someone entered into my computer and uploaded some files and then deleted something... I couldn't detect them and they are still using my password or something like that. Would I disable the LAN connection and bring the dial software/driver or what to do now? how to stop those hackers?

if you don't know much about computer security which seems the case then backup your important data.disable all network connections.then check the drives from where files were uploaded/deleted & right click on that drive icon in my computer & disable any sharing.do the same with shared documents.after that re-enable network connections.use some strong pasword for all your windows accounts(especially ADMINISTRATOR & even guest account).

I am curious to know how you found out that someone is using your computer as file storage.

First the basic things

Make sure that you have not shared any folder

Most of the users miss that that by default the c: or in fact all the drives are open shared

Right click on my computer go to manage, click on shared folders, click on shares
there you will see that C$, D$ etc
all these are open share
if i know your IP and guess your password then i can access your complete C and D drive. most of us don't know about this

Right click on C$ and say stop sharing, do that for all the drives which are there, IPC$ may not stop sharing dont worry it is just the printer service

next make sure that your login has a good password, good password in the sense <yourname> is not a good password it should be like <yourname@#1894> or better <your first girlfriend's mom's dog's petname@#1894> is a good password

Most of us don't put password at home comp and that is a way anyone can login into your system if he knows your IP

Make sure that the administrator account has a password, this is the most important login account in the system

for example if you have a account like xyx in you computer, i may not be able to guess that name so i cannot login, but every body know that every system has a default login called administrator and if it is not password protected i can use your hard drive as what ever i want.

try this and let me know

Originally Posted by gardencityboy

First the basic things

Make sure that you have not shared any folder

Most of the users miss that that by default the c: or in fact all the drives are open shared

Right click on my computer go to manage, click on shared folders, click on shares
there you will see that C$, D$ etc
all these are open share
if i know your IP and guess your password then i can access your complete C and D drive. most of us don't know about this

Right click on C$ and say stop sharing, do that for all the drives which are there, IPC$ may not stop sharing dont worry it is just the printer service

next make sure that your login has a good password, good password in the sense <yourname> is not a good password it should be like <yourname@#1894> or better <your first girlfriend's mom's dog's petname@#1894> is a good password

Most of us don't put password at home comp and that is a way anyone can login into your system if he knows your IP

Make sure that the administrator account has a password, this is the most important login account in the system

for example if you have a account like xyx in you computer, i may not be able to guess that name so i cannot login, but every body know that every system has a default login called administrator and if it is not password protected i can use your hard drive as what ever i want.

try this and let me know

hi buddy..

i have few doubts..

if you remove the C$ shares and if u again re login.. again its shared with c$ by default.. i guess...

so how to remove ir permanently...

next..

i hope u cant login by knowing some one's ip and password...

i tried like this...
i shared one dummy folder and typed my ip in run.. as \\myip address...
but it didnt show that share folder and it said.. it doesnt exist...
so hows it possible to login by knowing the ip??

if you remove the C$ shares and if u again re login.. again its shared with c$ by default.. i guess...

you are right!you have to use some 3rd party program or edit the registry yourself to disable this share.

i tried like this...
i shared one dummy folder and typed my ip in run.. as \\myip address...
but it didnt show that share folder and it said.. it doesnt exist...

your IP must be your real one(117.x.x.x) which will not work from inside your computer but only from outside.i.e.someone in your area have to type the IP of your computer & he can access that folder if you have allowed the sharing.

Originally Posted by whitestar_999

your IP must be your real one(117.x.x.x) which will not work from inside your computer but only from outside.i.e.someone in your area have to type the IP of your computer & he can access that folder if you have allowed the sharing.

I cant understand what do u mean by real one(117.x.x.x) ? Do u mean that particular IP should be live when we connect?

I had accessed share folders in many computers connected in internet but i didnt harm them. Few things that i would suggest are
a) Keep strong password both for system and modem
b) Keep control on ports that are opened in your system/modem

I cant understand what do u mean by real one(117.x.x.x) ? Do u mean that particular IP should be live when we connect?

our computers connected to net have 2 IP's---internal(192.168.x.x)& external/real(117.x.x.x).if computers are directly connected to each other like in LAN internal IP will do but to access a computer on WAN like bsnl's network in,say,your city you will need external/real IP of computer.accessing shared folders is very easy but if you know you can take complete control of a system by using administratives shares/expoiting windows holes.

[QUOTE=whitestar_999;22963]you are right!you have to use some 3rd party program or edit the registry yourself to disable this share.

Instead of going to 3rd party pgm, my suggestion is you can block the File Sharing Ports in WINDOWS FIREWALL itself. The ports that are being used for sharing files and folders are
TCP 445
TCP 139
UDP 137
UDP 138

So to block them Open Network Connections Window, then right click Local Area Connection, choose properties.

Then select Advanced Tab, Click Settings, Click ON button. Then choose Exception and ensure that 'File and Printer Sharing' button is not clicked. If it clicked, uncheck it. Click Ok to apply.

Then Disable and enable network connections to make these settings effective.

Thanks whitestar_999. Now i understand what you mean by Real IP. But you might have quoted it as 'Public IP'.

Originally Posted by aruncse30

i shared one dummy folder and typed my ip in run.. as \\myip address...
but it didnt show that share folder and it said.. it doesnt exist...
so hows it possible to login by knowing the ip??

As whitestar_999 said you cant access your sharefolder using Public IP from your machine because in this case your packets need to be NAT twice to same IP which router doesnt do. Thats the reason why you get doesnt exist message.

@skap,good info for other users who posted in this thread.btw i use a firewall & in my opinion windows firewall is not so good.even a good free firewall is much better than windows firewall.some of them are----sygate(now discontinued but still good enough),open armour free,comodo pro,zonealarm free.

if you do that, then you cannot share files via LAN either..

firewalls can be configured in such a manner as to allow file/printer sharing over LAN(like 2 or more computers connected to same modem using pppoe) but not to computers outside local network.

Yes Windows Firewall is not that much favoured mainly for the reason that 3rd party softwares provide many options to define rules, provides detailed alerts and lot of additional features.

Originally Posted by superprash2003

if you do that, then you cannot share files via LAN either..

But blocking in that way as said using Window Firewall will not isolate entirely from all network (LAN/WAN). There is an option after you define the ports in exception list called 'Scope Option' where we can define set of computers for which this port is blocked. There we can specify any network or custom list or same subnet.

also almost all firewalls can differentiate between LAN & internet network(bsnl in this case) & by default LAN is trusted while internet is secured by automatically rejecting any attempt to access LAN resources from outside.

i was talking with respect to windows firewall.. i dont think you can allow only for LAN and not outside ..not sure though..

superprash2003 -
There is an option available in Windows Firewall to block/allow port for custom network segment (i ve mentioned in previous post in this thread)

Originally Posted by aruncse30

hi buddy..

i have few doubts..

if you remove the C$ shares and if u again re login.. again its shared with c$ by default.. i guess...

so how to remove ir permanently...

next..

i hope u cant login by knowing some one's ip and password...

i tried like this...
i shared one dummy folder and typed my ip in run.. as \\myip address...
but it didnt show that share folder and it said.. it doesnt exist...
so hows it possible to login by knowing the ip??

this is kind of hacking
this is just FYI and do not use it in your lan

to access the open share use the command \\xxx.xxx.xxx.xxx\c$ or \\yourip\d$ and this will give access to the complete c drive

Originally Posted by skap

I cant understand what do u mean by real one(117.x.x.x) ? Do u mean that particular IP should be live when we connect?

I had accessed share folders in many computers connected in internet but i didnt harm them. Few things that i would suggest are
a) Keep strong password both for system and modem
b) Keep control on ports that are opened in your system/modem

Guys you dont need to share any folder
the crappy windows has already default shared your complete C and all the possible drives by default, not many of them know about this

In a LAN, like sify it is worst
i can just use few commands in the lan and i will get the IP of all the system
then i would just type \\ipaddress\c$ which will prompt for a username and password, i know that there is a administrator username so i would use that and password if not strong or not set i have you complete C drive in my pocket, even the windows folder is with me

Originally Posted by gardencityboy

this is kind of hacking
this is just FYI and do not use it in your lan

What do you mean by 'this is kind of hacking'?

See, C$ or anydrive$ access require root/admin privilege access. So if you have strong administrative password and also for all local accounts, you can control misuse of this access.

Even in LAN , you cant access anyother machines (say machine-X) without privileges.

Originally Posted by skap

What do you mean by 'this is kind of hacking'?

See, C$ or anydrive$ access require root/admin privilege access. So if you have strong administrative password and also for all local accounts, you can control misuse of this access.

Even in LAN , you cant access anyother machines (say machine-X) without privileges.

you are right , if you have an administrative password set then it is ok
you may not know but many of them do not set password for their administrator account, believe me i know a lot of them

and if you don't set the password then the above method can get you in to the system. i am talking of an average home user

i have seen lot of ppl with password like 1234 or abcd which is not correct

Even password can be broken by using brute force but if your password is long enough like at least 9 to 10 characters then it is almost impossible to use brute force and that way you can be save

gardencityboy is very clear in his description. I am waiting to see reply from thread starter about what he does in his system now

change ur Internet pass & quick format ur HDD (c drive, make sure u bak upimp things). also get some antivirus & enable its firewall.
BTW ur computer is part any network (shared on same network with others PCS?)

BTW ur computer is part any network

we all are part of bsnl network & at least in same locality/area it is very easy to access someone else's computer if security is weak on that computer.its just like using LAN.

I would like you peoples to go through this thread Man In The Middle Attack (MITM) | SKAPadmin - Administration in Security Perspective regarding a hacking scenario in home network.