How do Iknow If i'm being hacked

  • Thread starter Thread starter Sirtokalott
  • Start date Start date
S

Sirtokalott

I use Live Messenger and a file sent to me was blocked. I have a wireless
adapter and connect to my neighbours router (yes she gave me the access code)
and I ussualy have a wireless connection logo in the system tray. When I
started up the pc the other night I had an extra icon showing a cable
connection to another computer. I also now have a modem installed in device
manager. I think it is my neighbours computer which I am connecting to but
aint to sure as neither of us is experts. The pc is also running much slower
now. I'd love to know of anyway of identifying a deliberate attack from
someone. Here's what the modem log says.

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\tapisrv.dll, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdm.tsp, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdmat.dll, Version
5.1.2600
04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\uniplat.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\drivers\modem.sys,
Version 5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\modemui.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\mdminst.dll, Version
5.1.2600
04-06-2008 21:59:19.421 - Modem type: Communications cable between two
computers
04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf
04-06-2008 21:59:19.421 - Modem inf section: M2700
04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031
04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:19.453 - Initializing modem.
04-06-2008 21:59:19.453 - Waiting for a call.
04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:19.484 - Initializing modem.
04-06-2008 21:59:19.484 - Dialing.
04-06-2008 21:59:19.500 - Send: CLIENT
04-06-2008 21:59:21.500 - Timed out waiting for response from modem
04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:21.515 - Send: CLIENT
04-06-2008 21:59:23.515 - Timed out waiting for response from modem
04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:23.531 - Send: CLIENT
04-06-2008 21:59:25.531 - Timed out waiting for response from modem
04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:25.546 - Send: CLIENT
04-06-2008 21:59:27.546 - Timed out waiting for response from modem
04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()
Failure, Error=000003e3.
04-06-2008 21:59:27.546 - Hanging up the modem.
04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.
04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to
occour.
04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2
04-06-2008 21:59:29.546 - Initializing modem.
04-06-2008 21:59:29.546 - Waiting for a call.
04-06-2008 21:59:29.546 - Session Statistics:
04-06-2008 21:59:29.546 - Reads : 0 bytes
04-06-2008 21:59:29.546 - Writes: 0 bytes

I certainly didn't set this up, please help
 
Do you have a software firewall ?
If YES , it should be blocking any attacks even if someone is trying to hack
into your network. Windows XP, Vista have Windows Firewall enabled by default
.. Other security products include firewall protections , too.

In order to reverse any unwanted changes , I would recommend you use System
Restore . More about System Restore:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
http://windowshelp.microsoft.com/Windows/en-US/help/9f6d755a-74bb-4a7d-a625-d762dd8e79e51033.mspx
http://en.wikipedia.org/wiki/System_Restore

Use this options and restore to a state few days before your issues started
.. The restore is also supposed to remove the modem installation you write
about.

After that , buy yourself your own router and connect to it instead, make
sure the connection is encrupted ( WPA2 or at least WPA ):
http://www.microsoft.com/windowsxp/using/networking/security/wireless.mspx

Scan your computer for threats to ensure you are not infected . You can use
your own AV software + some free web resourses such as ESET NOD32 Online
scanner and Windows Live OneCare scanner

http://www.eset.com/onlinescan
http://onecare.live.com/site/en-au/default.htm?mkt=en-au


Regards!

Panda_man



"Sirtokalott" wrote:

> I use Live Messenger and a file sent to me was blocked. I have a wireless
> adapter and connect to my neighbours router (yes she gave me the access code)
> and I ussualy have a wireless connection logo in the system tray. When I
> started up the pc the other night I had an extra icon showing a cable
> connection to another computer. I also now have a modem installed in device
> manager. I think it is my neighbours computer which I am connecting to but
> aint to sure as neither of us is experts. The pc is also running much slower
> now. I'd love to know of anyway of identifying a deliberate attack from
> someone. Here's what the modem log says.
>
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\tapisrv.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdm.tsp, Version
> 5.1.2600
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdmat.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\uniplat.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\drivers\modem.sys,
> Version 5.1.2600
> 04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\modemui.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\mdminst.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.421 - Modem type: Communications cable between two
> computers
> 04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf
> 04-06-2008 21:59:19.421 - Modem inf section: M2700
> 04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031
> 04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2
> 04-06-2008 21:59:19.453 - Initializing modem.
> 04-06-2008 21:59:19.453 - Waiting for a call.
> 04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2
> 04-06-2008 21:59:19.484 - Initializing modem.
> 04-06-2008 21:59:19.484 - Dialing.
> 04-06-2008 21:59:19.500 - Send: CLIENT
> 04-06-2008 21:59:21.500 - Timed out waiting for response from modem
> 04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:21.515 - Send: CLIENT
> 04-06-2008 21:59:23.515 - Timed out waiting for response from modem
> 04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:23.531 - Send: CLIENT
> 04-06-2008 21:59:25.531 - Timed out waiting for response from modem
> 04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:25.546 - Send: CLIENT
> 04-06-2008 21:59:27.546 - Timed out waiting for response from modem
> 04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:27.546 - Hanging up the modem.
> 04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.
> 04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to
> occour.
> 04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2
> 04-06-2008 21:59:29.546 - Initializing modem.
> 04-06-2008 21:59:29.546 - Waiting for a call.
> 04-06-2008 21:59:29.546 - Session Statistics:
> 04-06-2008 21:59:29.546 - Reads : 0 bytes
> 04-06-2008 21:59:29.546 - Writes: 0 bytes
>
> I certainly didn't set this up, please help
 
0x000003E3 error maps into "The I/O operation has been aborted because of
either a thread exit or an application request."

Sounds like there is something which is trying to use your modem when you
are trying to connect to internet. I'd suggest to install tools from
sysinternals and monitor processes (procmon), tcptable (tcpview) and
probably all IRPs at tdi level (tdimon).

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Sirtokalott" <Sirtokalott@discussions.microsoft.com> wrote in message
news:419D185B-88A5-4776-BF0B-0D9827F5DD4E@microsoft.com...
>I use Live Messenger and a file sent to me was blocked. I have a wireless
> adapter and connect to my neighbours router (yes she gave me the access
> code)
> and I ussualy have a wireless connection logo in the system tray. When I
> started up the pc the other night I had an extra icon showing a cable
> connection to another computer. I also now have a modem installed in
> device
> manager. I think it is my neighbours computer which I am connecting to
> but
> aint to sure as neither of us is experts. The pc is also running much
> slower
> now. I'd love to know of anyway of identifying a deliberate attack from
> someone. Here's what the modem log says.
>
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\tapisrv.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdm.tsp, Version
> 5.1.2600
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdmat.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\uniplat.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\drivers\modem.sys,
> Version 5.1.2600
> 04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\modemui.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\mdminst.dll, Version
> 5.1.2600
> 04-06-2008 21:59:19.421 - Modem type: Communications cable between two
> computers
> 04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf
> 04-06-2008 21:59:19.421 - Modem inf section: M2700
> 04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031
> 04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2
> 04-06-2008 21:59:19.453 - Initializing modem.
> 04-06-2008 21:59:19.453 - Waiting for a call.
> 04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2
> 04-06-2008 21:59:19.484 - Initializing modem.
> 04-06-2008 21:59:19.484 - Dialing.
> 04-06-2008 21:59:19.500 - Send: CLIENT
> 04-06-2008 21:59:21.500 - Timed out waiting for response from modem
> 04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:21.515 - Send: CLIENT
> 04-06-2008 21:59:23.515 - Timed out waiting for response from modem
> 04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:23.531 - Send: CLIENT
> 04-06-2008 21:59:25.531 - Timed out waiting for response from modem
> 04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:25.546 - Send: CLIENT
> 04-06-2008 21:59:27.546 - Timed out waiting for response from modem
> 04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()
> Failure, Error=000003e3.
> 04-06-2008 21:59:27.546 - Hanging up the modem.
> 04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.
> 04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to
> occour.
> 04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2
> 04-06-2008 21:59:29.546 - Initializing modem.
> 04-06-2008 21:59:29.546 - Waiting for a call.
> 04-06-2008 21:59:29.546 - Session Statistics:
> 04-06-2008 21:59:29.546 - Reads : 0 bytes
> 04-06-2008 21:59:29.546 - Writes: 0 bytes
>
> I certainly didn't set this up, please help
 
Back
Top