Hello Wilders Security Forum world.

I have been looking around and you guys seem pretty high-tech, so I am gonna hope you can get me out of a tough situation.


Bottom line, someone, somehow is getting into my IM's and my emails. They are changing passwords and generally messing with my life.


I have been to other forums, but they have not been helpful.


I have XP on my system and I install the updates.

I am using Norton AV corporate

I have Zone Alarm

I have used Spybot S & D, Adware SE, Hijack this, to name a few.

I was told in another forum after not doing much that I was clean...I know that is not the case because some quoted me on a recent email that I sent someone else in another part of the country, in private.

I have read your forum and seen tons of programs mentioned.

Other than reformatting my hard drive, anyway I can see

1) What program they are using...assuming it is something like a keylogger
2) Less importantly, where is this being sent to
3) HOW TO GET RID OF IT!!

I am a surgeon, so I am not afraid to try to tackle this.

Any help would be appreciated from you guys that know light-years more about this stuff than I ever will!

Thanks!

Mikeinstlouis.

Dose sound like a trojan\keylogger. While we wait for the true experts to check in we can do one quick and easy check. Sense there is a "mechanical" type of keylogger as well as the software based ones. Take a look on the back of your PC and make sure there is not a device plugged in between the keyboard and the PC port. Most likely not but a quick and easy thing to check while we wait.

I thought of that too. Nothing there, at least on my home PC. I think that it is coming from my home computer. I work for a big university and there is a big firewall for the university and the hospital. I think my home is more likely, but I guess it could be from my university computer too.

Whatever advice the experts give me, I guess I can try on all of my pc's

Thanks for the tip though, ThunderZ

Your home PC will be no problem for them to help you with. The University PC may be a different story as it concerns ownership issues. My suggestion concerning that would be to turn it over to the IT staff there. It may involve more then PC on the network. It is very possible as well that one of those PCs` is the source of the problem.

mikeinstlouis,

Download, Update and run a full system scan with A-Squared (http://www.emsisoft.com/en/software/free/)

Then download Dr.Web CureIt (http://www.freedrweb.com) and run a scan with that as well.

Hopefully they will detect something and remove it for you.

Another thing you can do is download Security Task Manager (http://www.neuber.com/taskmanager/download.html)

You can use it free for 30 days, but it's well worth buying. It will allow you to see if there are suspicious programs running in the background and give you the ability to remove them.

And while your at it, you might want give Ewido Micro Scanner (http://download.ewido.net/ewido_micro.exe) a try.

Hope this helps.

Thanks for the advice. I am in the hosptial right now (working) and can't get to my computer until Sunday.

I have told my IT guys about my problems, they blew me off.

What about programs like snoopfree, GesWall and BOClean that I have heard about?

Thanks!!!

-{ Quote: "I have told my IT guys about my problems, they blew me off." }-


Unfortunately not an uncommon response. Many IT Techs. are well versed in configuration and maintenance but not the same when it comes to malware. Have seen it many times.

-{ Quote: "What about programs like snoopfree, GesWall and BOClean that I have heard about?" }-


Do not use any of them but all are mentioned here and generally spoken of highly. In the mean time I would try to think of which PC the e mails and IM`s were sent from. The content of them may jog your memory. If I remember right in your first post in another section you said a friend sent you copies. Did he say how he had obtained them?

mikeinstlouis,

You've thrown a couple of items out, let me pursue them a bit.

1. You've mentioned work and home PC's as possible issues. From which one did you write the email in question? Home or work? Can you access the offending email account from both machines or just one of them?

2. Have you firmly eliminated simple forwarding of your email as a possible route for the events you've experienced? If there is no direct connection, could multiple acquaintances form a possible traceback path?

3. One problem with keyloggers is that some occupy a grey area of application. They are commercial programs which can be used for valid as well as untoward reasons. For any security application that you use, make sure it is set on the highest level possible. Since that can generate false positives, do not automatically assume an alert is real - confirm the result before doing anything.

4. If a work machine is a potential vector for this, and you use this in dealing with patient information, I find your IT staff's reaction curious. On the basis of the potential HIPAA implications alone, blowing something like this off is not terribly understandable.

Just so I get a sense of the prior discussion, could you point me to it? Thanks

Blue

If it was me, I'd DBAN the entire drive and buy a new keyboard. But, with you being in the medical profession I'd sure make every effort to determine the source of it. If it's a keylogger software, it has to communicate over a network or the internet to get that login information back to the attacker (either this or someone is physically collecting it from the machine). Bottom line is, you'll need someone who knows what they're doing to sit down and inspect the machine probably... it's just too bad that the people who can do this properly aren't usually in the yellow pages so to speak..

Edit:

With you being in a medical professional and dealing with sensitive information that not only affects you.. you might be able to get some assistance from the government with this..

The previous post is here > http://www.wilderssecurity.com/showthread.php?t=157317 Really not much. Was initially posted on the wrong Board is all.

-{ Quote: "mikeinstlouis,

...

4. If a work machine is a potential vector for this, and you use this in dealing with patient information, I find your IT staff's reaction curious. On the basis of the potential HIPAA implications alone, blowing something like this off is not terribly understandable.

...

Blue" }-

Yeah, I agree it is curious... I wouldn't be shocked to find out it's one of them. You could always go above their heads on it... Either way, from my experience with those type of IT people... they wouldn't know where to begin anyway.. I would expect a hospital to be using something like http://www.faronics.com/html/deepfreeze.asp anyway.. still could be hardware/keyboard related though..

-{ Quote: "The previous post is here > http://www.wilderssecurity.com/showthread.php?t=157317 Really not much. Was initially posted on the wrong Board is all." }-It sounded as though more in-depth information/discussion had been presented elsewhere...-{ Quote: "I have been to some other lame forums that said useless things like use my Norton AV program. Aside from reformatting my hard drive..." }-for example.

Blue

I don't recall where the email was sent from, besides, it is more than email. It is passwords that I use for certain sites (such as this). Most of the sites I don't ever visit from work, so I am assuming that the culprit is the home computer. For instance, a friend of mine was on the phone and he told me that I was logged onto yahoo messenger, then I logged out. I was in a car en route from Kansas City to St. Louis, so there was no way it was from me. So, they have a way to get my yahoo accounts as well as a few others.

The email that was quoted was one that was sent TO me from someone else, that I responded to. My guess is that they have somehow gotten into my system with some kind of keylogger or worm and they are keylogging my passwords as I log them in from home.

Regarding the criminal nature, I have contacted police...they did nothing.

The IT people at work said our firewall is "too good"

I guess the bottom line is what can I do to check my computer at home so I feel that it is safe for me to put sensitive (passwords) data in. It is not my keyboard. It is the same keyboard that came with the computer.

Thanks for your responses.

My point there was that someone can place a keylogger inside the keyboard...

Nothing is ever 'too good', so that shows that they're clueless imo..

if you had the email still you could look at the header information and get an ip address of where it came from.. not saying this could even be used to track them, because they could be using a free secure account behind a chain of proxies or something...

one thing to be sure of is after you do settle this, change the passwords on everything... maybe even change email accounts or at least use a secure email client with text only or something... also, never use the same login/password for different things.

Like i said, if it was me i'd wipe the entire drive clean... i'd flash the bios... and get some proper protection softwares by downloading them from a trusted computer along with windows updates. I'd unplug my network and not plug it back in until i had did all this, reinstalled and installed/configured the protection software. I'd take no chances with it.. I'd even replace the keyboard and have someone look inside the case that knows their hardware...

You would lose everything on the hard drive in this case, but you never know what may be attached to your files. If you really need some files, at least have someone inspect them on a backup media. It's a tough situation...

You mentioned yahoo. Is this your primary email account? You certainly wouldn't need a keylogger to crack web based applications. I guess my question is how strong are your passwords? Are they something like "dognsuds" or are they something like "%byg43@l016!!z"? The former could be broken with brute force, the latter probably never, without of course a keylogger.


Here are some anti-keylogging software you can try
http://www.spywarewarrior.com/uiuc/soft16a.htm

This free one will tell you the software thats trying to hook into the keyboard, worth a try
http://www.snoopfree.com/PrivacyShield.htm

This pay one is a signature based approach. It's whole point of existence is to sniff out software keyloggers.
http://spycop.com/products.htm

-{ Quote: "I don't recall where the email was sent from, besides, it is more than email. It is passwords that I use for certain sites (such as this). Most of the sites I don't ever visit from work, so I am assuming that the culprit is the home computer." }-OK, that's a reasonable extrapolation
-{ Quote: "For instance, a friend of mine was on the phone and he told me that I was logged onto yahoo messenger, then I logged out. I was in a car en route from Kansas City to St. Louis, so there was no way it was from me. So, they have a way to get my yahoo accounts as well as a few others." }-OK, but not sure what to make of this on the face of it. But is you IM set to autologon in the event of a restart or periodically poll to refresh information (i.e. waiting messages)? I'm not an IM'er, so forgive the naive questions.
-{ Quote: "The email that was quoted was one that was sent TO me from someone else, that I responded to. My guess is that they have somehow gotten into my system with some kind of keylogger or worm and they are keylogging my passwords as I log them in from home." }-Let's think about this for a moment. For someone to be able to quote email that I sent, the possibilities are: Keylogger/trojan of some sort. Aside from yourself, who has physical access to the machine?
Remote access using a known or guessed password to a webmail account. Is you email client local or web-based? Is there a sent folder on the web?
Simple physical access to the machine. Are any of your accounts set to autologon or must you type it each time logging in?
The person you responded to forwarded the email or was somehow the vector to others. Again, are there any possible social connections in the background or does this involve distinctly different branches of acquaintances with no mutual overlap? Not much you can do here except be very circumspect in written communications.

Here is what I would do. It focuses on using available software since, pragmatically speaking, you're not going to become an expert overnight, so I'll skip extensive investigation of the machine state (running processes, SSDT hooks, unknown installed software, etc.). I'll assume that you've already done this to the best of your ability.

As others have mentioned, a complete nuke and reinstall of all software is a very viable approach. It's draconian, but effective, and relatively straightforward if all the needed information (serial numbers, key files, activation codes, etc.) and resources (install disks, etc) are available. It's not unlike what one would do after a hard drive failure. Depending on what you need to reinstall, the time involved could be anywhere from 3 to up to 10 hours of work. At this point you'd be done, but there are downsides. One being that the whether this machine is the issue or not remains an open question. Of course, in some sense I realize that, in principle, remains a very open question unless something is found; coming up empty always leaves the possibility that one didn't look hard enough (or that the problem lies elsewhere...). Let call this option 1.

Option 2 is to switch off on the security software employed. Regardless of cause (use of a "valid" keylogger, installation and approval/exclusion of these applications by a 3rd party with physical access to the machine, lack of coverage by your current software, etc.), a simple step to take is to change the landscape. I'd try to free options initially. I'll assume that you've already done some of the steps mentioned already such as running Dr Webs CureIt! (http://www.freedrweb.com/cureit/). If you haven't, do so now.
Download the trial versions of Kaspersky Internet suite (http://usa.kaspersky.com/downloads/trial-versions.php) and Prevx (http://www.prevx.com/). Do not install them yet. Also download a copy of CCleaner (http://www.ccleaner.com/).
Before you get about uninstalling things, examine the allowed programs and logs of ZA firewall for any suspicious or unknown entries. If you run across something that does not ring a bell, do a quick check at a listing site such as Sysinfo.org (http://www.sysinfo.org/). There are others available, this is just one. Do the same for the StartUp and Service entries (Select Start>Run>msconfig check entries under the Services and Startup tabs). Check back before doing anything in the way of a change or deletion.
Uninstall Symantec AV. Restart and confirm that all vestiges are gone.
Uninstall ZA firewall. Restart and confirm that all vestiges are gone.
Cleanup the system. Install CCleaner. First run the Cleaner and allow deletion of anything found, then select Issues (left hand side of window) and Scan for Issues. Fix all issues identified, but do make a registry backup.
Restart to verify that everything is working as it should.
Install the trial of KIS. Do a complete installation. Make sure that settings which flag "potentially dangerous software" are enabled (review the documentation to change these settings). Basically, max out the settings and perform a complete system scan after updating.
After KIS has been installed and run, and assuming nothing was found, install Prevx. There's a lot of ovelap here, and you certainly don't need all components of both programs, but ignore that for the moment. Allow Prevx to perform a complete system scan. Remove any known malware identified and pay attention to any caution programs flagged.
If nothing turns upwith Prevx, one last verification step that I'd take is to purchase and install BOClean (http://www.nsclean.com/). There is no trial, but there is a 30 day money back guarantee. Install, update and run. It is compatible with the other two. It takes a little more aggressive stance on some riskware applications than some.
If all of these steps yield a clean machine, I'd probably state that in all likelihood, the machine is fine. With scan times factored in, it takes about as long as a nuke and repave of the system. Is it proof of cleanliness? No. On the other hand it would beg the question as to why someone is more interested in reading your mail and IM's than walking through financial sites with impunity.
By all means, at this point change all passwords used to access external sites and accounts.

Regardless of whether this is an actual problem or not with your home PC, you don't trust that PC at the moment and that issue is real.

-{ Quote: "Regarding the criminal nature, I have contacted police...they did nothing." }-To do something, they need something firm to go on. If what you mention is all that there is available, they don't have anything to go on or anyone to go to. This reaction should be expected. They are not PC maintenance guys after all.
-{ Quote: "The IT people at work said our firewall is "too good"" }-Actually, for what you describe, the firewall (assuming site hardware that is) is irrelevant.
-{ Quote: "I guess the bottom line is what can I do to check my computer at home so I feel that it is safe for me to put sensitive (passwords) data in. It is not my keyboard. It is the same keyboard that came with the computer.

Thanks for your responses." }-Yep, that's it in a nutshell.

Blue

Hey Mike, do you have a wireless connection at home ?

With weak WEP encryption, it takes me about half an hour to drop ALL of someone's internet traffic.

POP, SMTP (mail) and some IM packets are sent unencrypted so...

-{ Quote: "Hey Mike, do you have a wireless connection at home ?" }-Excellent point! There are many way to get information and all need to be considered.

Blue

Sorry for the simplistic approach, but do you have a computer savvy teen ager at home? If so does he communicate with other pc savvy teens?

No computer savy teens at home...(fortunately!)

I do have a wireless connection at home, it is my DSL through SBC. I have a wireless lap top. I usually am on my 2wire08 modem, which is said to be secure.

Does that help?

Sorry everyone...that is in addition to my laptop. I recently a few weeks ago reformated my laptop. I guess they can get onto that too now.

One more time...I am a bit sleep deprived from delivering babies in the middle of the night. I have a desk top. I also have a lap top that I wirelessly connect to with the above mentioned modem. I recently (weeks) did a reformat on the laptop. I hope this makes sense....20 more hours to go in this shift!!!! Then I can go home and work on my computer.

Thanks for all the good advice....keep it coming!

Sense you do have a wireless connection the next logical question, is it WPA capable and if so is it enabled and using a strong pass phrase?

I have no idea what you are asking. All I know is that I have to enter the keynumber that is underneath my modem to gain access to it, then it says it is secure.

When you say modem, could you possibly mean router? Is there an external antenna(s) on it? Or do you have another device attached to it that has antenna(s)? What is the make and model number of the modem? Also of the router, if, you have one. Also, the make and model of the laptop. _aKa_Ghost may very well be on to something here. It is VERY easy to to gain access to an improperly secured wireless network. No software or other devices are needed to be installed on your PCs for this to be accomplished. The reason I ask for the makes and models is so we are able to go to the manufacturers site and find out the capabilities of the device so we can advice you in the best possible secure setup.

-{ Quote: "I have no idea what you are asking. All I know is that I have to enter the keynumber that is underneath my modem to gain access to it, then it says it is secure." }-

The fact that you are wireless compounds the issue. Before the wireless fact was brought into the equation, I just assumed you had a keystolke logger on your machine. If you download music from any of the shared music sites, you are succeptible to someone getting one one your machine. Your spouse or anyone with access to your PC could put one on your machine. And finally, there could be a built in keystroke logger on your keyboard or the wire connecting your keyboard to your computer.

So to stop the keystroke logger, you can download a freebie proigram called snoop free. That should stop any software keystroke loggers. I would also buy a new keyboard.

Now, if someone has access to your computer because they can access your wireless network, that's more complicated. You definitely need to enabvle WEP. That is Wireless Encryption. You can also limit the number of people that can access your network by programming the router to only give out one IP address. And finally, you can tell your computer not to broadcast your SSID. These actions would secure up your wireless network. But you will need someone that knows how to do this to help you.

You are covering the keylogger and spyware issue very well so I'll stick with the wireless problem...

As ThunderZ pointed out, we need to check the encryption and logging capabilities of your modem to know if wireless breaking is possible and if we can find the bad guy's computer serial number somewhere...

I'll just add two things:
to sniff the traffic (with aicrack-ng for example), you do not need an IP address, you're just listening. So giving away only one address is good but not enough.

WEP (wired equivalent privacy ;)) is not strong enough. You need WPA (Wifi protected access) or better, WPA2 that both combine encryption and authentication.

Mike,

I.) I suspect the Wireless to be your biggest weak link. Look on the bottom of your 2Wire modem/router.

If your 2wire modem/router is a 1000xx (usually SW), it will have wireless "B" with 128bit WEP. These models are the older ones sold with DSL that is likely 3 years or older.

If your 2wire modem/router is a 1800xx (usually HG), it will have wireless "G" with WPA Encryption. Your DSL is likely 2 years or less.

II.) If you are having issues getting your work's IT staff moving on this issue, I would consult with your work's legal staff. Advise them that you are concerned about the hospital's legal risk involving HIPPA & Sarbanes/Oxley (aka "sox") with a possible breach in security. Nothing like legal forcing the issue to get things moving along.

III.) If you doubt the physical security of your home (for example, did you check the back of your home computer?), then you should consider other "alternate" methods of "backdooring" your home network:
1.) Someone could have physical access to your network. Condo's and apartments have "common" walls and wiring. If you are in a single home, your chances of being backdoored are significantly reduced.
2.) Check the back of your Router for additional pieces of equipment that you did not install.
3.) Could another member of the household be watching you? (I have had a client who's wife suspected him of having an affair and had a professional install a hardware keylogger in the back of his desktop)
4.) If your home is electronically monitored, check with your monitoring company to confirm whether anyone else has accessed your home when you would have normally been away from home. If there is any suspicious activity, notify your monitoring company and change your access code immediately...

could you check the logs on the router itself?
also ive got to say this thread is making me nervous, i use wep encrytion because its the only encrytion supported my my nintendo ds and the new nintendo wii so i cant really use wpa. where i live is generally a safe place.
lodore

yeah, WEP is very weak

Hello All


Well i thank you all for your participation in trying to resolve this issue. What has happened to mike can happen to anyone so we got to be more aware and find better and better ways to protect ourselve against any kind of threat.

I would not get into straight the technical aspects as i see others are covering it very well. But my area of interest is that mike reported that his emails and IMs are getting monitored or recorded? or both

If its monitored then the possibility is that the user has a remote access to Mike's computer either through the broadband or dial or wireless. So the remote user has peneterated through any of these possible network and must be using any of those networks for monitoring the Mike's computer activity.

If its recorded then there are plenty of softwares which do this for legal as well as illegal purposes.... As there are numerous softwares which promises monitoring and recording of your computer activity and sending you via an email all you need is to buy them and install on the computer you want to monitor


Now Mike would you plz tell me did you downloaded anything from the internet and on which computer and through which network?


Secondly when they sent you an email would plz tell us what was in the email and when you say IMs you mean they logging in Yahoo and logging out in your absence?

Plz elaborate as much as you can because that will actually show the source of the problem. Are you sure that your emails and IMs are been monitored by the same person ? Are you sure that this email monitoring has not happened on your freind's end as it could be that its a chain ?



Mknight

-{ Quote: "yeah, WEP is very weak" }-

well i have to use it so i can use my games consoles wirelessly and not have wires trailing round the house.
its a shame Nintendo DS doesn't support wpa.

-{ Quote: "well i have to use it so i can use my games consoles wirelessly and not have wires trailing round the house.
its a shame Nintendo DS doesn't support wpa." }-

I tend to equate WEP as being similar in form to a chain-lock on your front door, whereas WPA is more like a deadbolt.

In that regard, a chain-lock is certainly better than nothing...

Wow guys..thanks for all of the responses. I have been so busy working, I have been unable to keep up with the forum. I am going to print this up and study it tonight.

What I have done was installed snoopfree, and it only identified yahoo messenger. I installed spycop, and it found nothing. I did the Dr. Web's virus scan, and again, clean. Just glancing through the posts, maybe it is NOT a keylogger and something to do with the router.

I have SBC, DSL with a 2wire 1800HG router. The router connects into my ethernet card on the back of my desktop, and wirelessly to my laptop, which is portable.

Like I said, the snoop free and spycop found nothing. I will read through the posts to get what you guys said specifically. I have a lot of reading to catch up on! Thanks!!!

Mike

One more thing, you guys..before I dive into your other responses.

This all began when "Bob" became upset and jealous, because I was hanging out with "Jason". This is incredibly immature on all counts, but it may help you guys.

I was on Jason's computer and I checked a couple of my email accounts. Mistake number one.

Since Bob was mad at Jason too (I do not know Bob well at all...never spoke with him since then), he allegedly dropped a "worm" on Jason's computer through an email attachment (as reported by Jason). He then got my passwords and messed with my accounts. He did email me back with the correct passwords and told me to never *&^% with a hacker. I changed all of my passwords. Jason bought a new computer.

Since then, I have had my yahoo passwords changed on numeous occasions. I did change my verification questions, and they have not been changed since.

Jason told me last week that Bob sent him an email with copies of emails that I sent to other friends of mine, basically telling him that I was not a loyal friend. Jason said he deleted them, but did quote some of my emails accurately.

Bottom line, either Jason or Bob have access to my accounts. They live in a different part of the city than I do, so unless they sit outside with surveillance equipment, I don't know how they can get into my business.

I don't want to even mess with Bob...just get my stuff fixed and let him play tricks on someone else.

That is why I don't think an IT guy from work put it on my compter, it was one of these guys.

I have checked my keyboard...no external connection.

I have not seen any suspicious hardware to my router, but I will look

I hate to say that this type of thing occurs with grown men. Bob, apprantly has no life except to look into other's business. Sad, if you think about it. I am no longer part of that situation with him, but Jason said he started sending emails to him again. Jason claims that he has since blocked his address.


Bottom line is that this started because some guy did not get the attention he wanted so he decided to be nasty.

I hope this helps. I will read your responses. Thanks again!!!

Mike,

If you want to understand if you need to do anything, you have to break the problem down. You last message provides a flood of detail, and some of that would have helped at the outset to provide some additional context. Also, use Occam's razor in considering options...

With respect to e-mails - as I already asked - Is your email client local or web-based? Is there a sent folder on the web? If the e-mails that you sent were composed from a web client with a web based Sent folder, that would point in a different direction than if you knew that you composed them on your home PC with a local Sent folder. Maybe you're not sure, fair enough. But the two options are highly divergent - one points to an insecure web account, the other points to an insecure local PC - they require vastly different solutions.

With respect to the router - just make sure that remote (WAN side) administration is not enabled, that the wireless is secure, and don't worry about it.

Sometimes when all these applications are coming up empty, it's for a reason and the reason is that the problem lies elsewhere. Your acquaintances have pulled some sophomoric BS... nice crowd that you hang with..., but it sounds like you basically handed the needed information to them. I realize that wasn't your plan.

Before going further, are you certain that you are still experiencing current issues and that it is simply not the continued fallout of past events?

Blue

I did not know the details would be so helpful, but I will try to answer your questions.

Firstly, I use yahoo as my email. I do have a sent mail folder, which I have been starting to delete. I am not sure if this answers your questions, but I am not as eloquent in pc lingo as you. Also, an account that they were logging into is a dating account (such as eharmony...) They were messing with that account too.

I called SBC and told them about the problems. They said that they did not see any suspicious activity on my account, and stated that all of the computers using the account were from inside my condo.

I live in a condo that is full of older people...unlikely hacking into my email.

SO...I am not sure how you would know if it was a faulty/leaky pc vs a weak email. I dont' know how to answer your questions as you write them.

Thanks

Mike

Hi Mike

I am NOT an adviser/helper here, but have read your thread with interest. I was more or less in your situation about 15 months ago, but the real difference is that I'm no longer working and have been able to spend hundreds of hours simply investigating the mysteries of 'computing' and all the bad things that happen on the Internet.

Others have often said to me 'on-line' .... "Google is your friend"

What they mean is that you can often learn a great deal simply by 'Googling' on a specific word. For example, just Google on WAN - something you said you didn't understand earlier in the thread. I get 56 Million answers!

Probably more frightening, though, if you haven't ever done so, 'Google' for 'mikeinstlouis' - I now know 454 snippets about you and know what you have said in other forums etc (I had no interest in reading them, but your 'friends' may have done!).

Similarly, you can carry out the same exercise on anyone else posting here (including me!) or anywhere else that you have been before!

It took me a while to discover this - it might just be helful to you (and others who may be as naive as I had been!).

David

-{ Quote: "Similarly, you can carry out the same exercise on anyone else posting here (including me!) or anywhere else that you have been before!

It took me a while to discover this - it might just be helful to you (and others who may be as as I had been!).

David" }-


Very true, and it can be scary to the naive. However, it is a big World out there. www = World Wide Web. In my case, ThunderZ, turns up about 21,600. The majority of which have nothing to do with me at all. While mikeinstlouis has narrowed down his possibilities considerably by giving a name and location there still could be more then one. While you make a good point on on general privacy considerations it may be a bit OT for this thread.

-{ Quote: "I called SBC and told them about the problems. They said that they did not see any suspicious activity on my account, and stated that all of the computers using the account were from inside my condo." }-Your account activity will be associated with the IP addresses of the computers using it. SBC is saying that there is one address associated with your recent account activity and that is the one provided to your router (you laptop, decktop, and any other PC connected to your router will get private IP addresses from the router). If someone is genuinely logging in, they are either physically using your PC's or wirelessly connecting to your router. Thus, for the Yahoo account, nobody is logging in from a remote location.

However, you go on to mention eHarmony. You basically have to ask them the same questions that you posed to SBC. Go through the same explanation and ask if recent logins come from a single originating IP address. Home user IP addresses are dynamic, so they can change over time, but they are stable for reasonable periods of time.

Your extrapolation regarding your living situation is likely correct - your neighbors are low probability hackers.

Finally, what specifically does "They were messing with that account too" mean? Were they posting from it? Responding from it? Actively changing the password or does the site provide for a facility with which a user having trouble logging in can arrange to have a new password created by the service provider, which is then sent to the registered e-mail address associated with a specific account name?

Blue

Possibly they got your eharmony information right off the yahoo emails from eharmony. Maybe something to consider. If your HiJack This logs are clean, chances are your PC is clean. Unless you have a rootkit installed.

http://www.f-secure.com/blacklight/

The above is an easy anti-rootkit scanner to run. Just because it comes up clean doesn't necessarily mean you are clean. But then that most likely isn't the problem.

I think it is unlikely that anyone dropped any "worm" on anyone's system in your scenario. I imagine he got physical access to your friends machine, and used a password sniffer, or the login details were stored on the machine. His comment about Zone Alarm is telling. Either he really knows his business, which I doubt by his level of maturity. Or he is just full of bravado and is talking trash.

That said, the problem, as BlueZannetti has pointed out, could well be an insecure web account. And if you are changing passwords, again as Blue pointed out, are you still having problems?

I have changed my passwords, but not web accounts.

The eHaromony thing was basically a password change, and quoting messages went back and forth...obviously able to read my mail from there.

-{ Quote: "I have no idea what you are asking. All I know is that I have to enter the keynumber that is underneath my modem to gain access to it, then it says it is secure." }-

How about the Google Toolbar? Do you anything Google on your computer? I know someone who had all of their hotmail emails read via some sort of google application that a colleague put on their desktop.

Please check for the google toolbar or any google applications and uninstall.

-{ Quote: "Very true, and it can be scary to the naive. However, it is a big World out there. www = World Wide Web. In my case, ThunderZ, turns up about 21,600. The majority of which have nothing to do with me at all. While mikeinstlouis has narrowed down his possibilities considerably by giving a name and location there still could be more then one. While you make a good point on on general privacy considerations it may be a bit OT for this thread." }-


We all take differing views, ThunderZ ! ::)

Mike may not be naive - but he appears to be a busy doctor and may not have realised that this information about him is available for all to see. One of his 'friends' may have discovered information without ever needing to 'hack' his PC.

I therefore assessed my comment as being ON topic ;)

David

Thank you Boater Dave. If I were an expert at all of these things, I would not be here on this forum.

I do realize that there is a wealth of information out there on mikeinstlouis...but who cares?

I am asking for help. If the thief knows that I am out there looking for help, how does that change anything?


How does someone googleing "mikeinstlouis" help me with my problem? How does it worsen my problem? What does that even have to do with my problem?

The REAL problem is how do they know that it is MIKEINSTLOUIS???


I have stated that I did not understand much about the router situation. Sure, I could google it, but the truth is that I don't have the time! I am a busy doctor, I came here for help.

Aside from the wonderful suggestions of software programs that have been suggested to remove keyloggers and rootkits, (THANKS!, some GREAT suggestions!)

Other than the fact that somehow, someone may be hacking into my system via my DSL/router (which other than me calling SBC, no one has given me recommendations on how to check other than to GOOGLE and read the 52,000,000 hits)

And besides the fact that I admittedly am "naive" and don't know all of this (which I always thought was the point of a help forum)

WHAT MORE CAN I DO???


To those who have been offering helpful, friendly advice, I thank you. For those who write nothing but belittleing comments and things that don't even relate to my question (ie NINTENDO!!!!), it is ok if you don't try to help me out.

Once again, to the legitimate folks out there helping...I appreciate it. Any further advice?

Assuming that:
1- Your computer is clean
2- The problem isn't at work
3- Wireless Router isn't a problem since no hacker lives next door

The problem is when you check e-mails elsewhere, like friend's place, public place, etc., that keeps password or something.

Maybe the solution is already met:

1- You've changed all passwords
2- You don't have the same password for everything
3- The password isn't the dog's name
4- You've secured the wireless router to be on the safe side (advice above)

Be careful from now on, and check if the problem persists. It shouldn't.

Note: i'm no expert, just trying to settle this. If anyone disagrees with this, that would be a good 2nd starting point:o :P

You can try using any of the online scanner programs listed on my signature line. No guarantee that they will find anything, of course. Your system could be compromised through an external means. I would post a Hijackthis log on another help forum to see if anything odd shows up on your registry. There are too many variables that come into play when you go online or access a network. If you are really paranoid and want to monitor every step that your computer performs when you use it, there are many programs that will do that for you. But being someone from the medical field, that may be very annoying and time consuming. I was a previous Pre-Med who later got into Computer Science. E-mail and P2P services cannot be made completely secure unfortunately. Hopefully, you will get at the source of who is accessing your accounts.

-{ Quote: "Other than the fact that somehow, someone may be hacking into my system via my DSL/router (which other than me calling SBC, no one has given me recommendations on how to check other than to GOOGLE and read the 52,000,000 hits)" }-Gee, I thought I did. Above, I noted:-{ Quote: "With respect to the router - just make sure that remote (WAN side) administration is not enabled, that the wireless is secure, and don't worry about it." }-Expanding a bit..., at some point I assume you logged into your router. The manual that came with it will explain how to do that and if that's not available, go to that manufacturer's website and download the pdf manual.

Hopefully, the first time you logged into your router, you changed the default password. Remote administration is generally disabled by default, but log onto your router to verify this is currently the case.

As for the wireless side, read the details regarding WEP/WPA in the manual and enable WPA or whatever is available on your hardware.

-{ Quote: "WHAT MORE CAN I DO???" }-Based on what I've read, I'm not sure there is much. Given the software arsenal that you have examined your machine with, it is difficult to believe that it is infected. The one caution that I would again note is that many surveillance type applications are commercially valid applications and therefore may or may not be flagged. This is extremely unlikely given the set of products used

The basically leaves other paths if this is a continuing problem.

However, if you feel that you still have an issue with one of your machines, get ahold of a local professional who can personally assess your machine, computing habits, and so on. There is no replacement to having physical access to the machine and a pro will be able to pull the drive on your system, slave it to his/her own, and examine it under very controlled conditions. This can be a pricey solution, so it comes down to using your time and getting expertise or your money with someone else's expertise.

Blue

Mike

I wasn't in any way trying to confuse/obfuscate, simply remind you that on many of the forums 'helpers' often use terms with which you (or I!) do not always fully understand.

Google is good to quickly determine an answer. If you carry out a HijackThis scan yourself, you may copy one 'entry' yourself (any line of text/numbered entry) from your saved scan and then paste it, just as it is, into Google. It is amazing what you can find!

Another very useful site is www.Answers.com - using it can help relieve the stress which I know you are feeling, simply by quickly explaining a particular term - like WAN, for instance. Try it and see.

As I mentioned before, I am NOT trying to pretend that I can help you solve your problem - I'm still not absolutely sure about my own desktop PC even now, yet it's 18 months since my identity was stolen on-line (PayPal/eBay). The perpetrator, in follow-up emails after I'd had my money back from PayPal, knew everything about me - my name, my wife's name, the name of my adult daughter who was living with me at the time, when I bought my house, how much I had paid for it, my full address and the name and phone number of my next door neighbour! ... and, of course, my email address.

And I had thought I was being extremely careful!
I'm currently posting from my wife's newish Laptop!

I hope this helps you just a little. The experts here will, I'm sure, help you much more if you 'stick with it!' ...... but waiting seems like an eternity, doesn't it?!! ;)

David

Whether your wireless connection is the source of the leak or not I would still advise reading (as was mentioned) the instruction manual that came with your router (not modem) as well as the manual that came with the laptop. There should be a section concerning the wireless capabilities. In particular look for a reference to WPA in both and how to enable\use it. You may not live in "Crackers Cove" Condos 8) . But it only takes one curious visitor ??? with a laptop and a little knowledge, or, the term War Driving :lurking: comes to mind. I have dabbled in it. :-[ Never for\with malicious intent. You would be amazed at the places I was able to gain access to the Internet from via an unsecured access point (router) . Never went any further then that, but could have. This was using only my old t21 Thinkpad with a simple wireless G card. With the equipment available legally on the Internet, as well as free software the sky would have been the limit. Best of luck resolving your issue. I will continue to follow this thread.

Thanks for the advice...so you think that the phone call to SBC and the fact that he said that there did not appear to be any malicious activity was good enough??

I explained my situation in detail to the guy, and he was a 2wire specialist. Only ports that were open were for a torrent site.

Thanks again

-{ Quote: "Thanks for the advice...so you think that the phone call to SBC and the fact that he said that there did not appear to be any malicious activity was good enough??

I explained my situation in detail to the guy, and he was a 2wire specialist. Only ports that were open were for a torrent site.

Thanks again" }-


Have heard horror stories about torrents too. Do`t get me wrong, I use them but in a very limited manner and only while I am there to monitor. Just against my nature to intentionally leave open ports. Having said that, only time will tell if your problem is solved. Be aware of what you do, where and what you post on the net. Try to at least keep a mental note of correspondence, in particular which PC is used when sending them. If you have the problem again, this is the only way I can think of to narrow it down to the source.

Hi Mike!

Do something for me if you have a moment spare.

Start/Search/All files and folders Type in: .bat (include the dot)

Make sure you search in hidden files too.

Please post back your result.

Thanks.

David

Someone mentioned Occam's Razor (http://en.wikipedia.org/wiki/Occam's_Razor) a bit earlier, but I do not think that the most basic possibility has been mentioned yet. Occam's Razor generally refers to the thought that "All things being equal, the simplest solution tends to be the best one." So let us list the possibilities you've addressed so far:
You have come pretty close to confirming that your work network and computer are not the weak points, allowing someone remote access to your computer.
You have confirmed that your home computer has not been tampered with, allowing outsiders remote access to your home computer.

Here are some more obvious possibilities, which I have not heard discussed previously...

1.) What about direct access to your computer at work when you are away from your desk or off-duty? Is your computer physically locked behind a securable office door that these other people do NOT have access to? Is the desktop daily login password protected?

2.) What about direct access to your home computer when you are at work? Assuming someone had a key to your home, how realistic is it that they could walk into your home and wake-up your computer and simply print-out the e-mails in question to your own printer? If there is no one else in your household, no alarm, and your home computer is not password protected, this seems like the most likely method of entrance...