This is a sorrowful, tangled tale-but I am on my 3rd computer since Jan.16th. On 11/20/03 the 1st computer (80 GB HD, 1 partition, FAT32, W2K) was infected by neighbor who was file sharing AND sharing my DSL. I knew something was wrong but the computer was updated, patched, behind a router and Norton said all was well. Also ran Ad-Aware, SpyBot and SpyWare Blaster regularly and other than the ever-present data miners, they too came up with zilch.

• Crypt 3 20120918.0 Purchase For Mac Free

That computer crashed hard on 1/16/04 in the middle of a project. Quickly hooked up #2, a Dell that had just been delivered 3 days prior for mother who wanted to learn to email. This was a 40GB HD, 1 partition, NTFS, WIN-XP HOME. Installed the security updates, sp's, Norton, Ad-Aware, etc and back-tracked several days on by now critical project with the last backup from #1 which was on a read-only CD. On the weekend of Feb 20, 21 & 22, Wallwatcher logged over 12,600 incomings to Linksys BEFSR-41 wired router. I was the only one on the network as neigbors line has been physically cut, although I had not yet investigated #1.

The odd thing about the incomings was that they were from about 40 different countries, mostly Europe and Asia. Had installed a critical update on 2/11 which caused a BSOD and an error code pointing to new drivers, of which there weren't any. BSOD again on 2/24, same error code. Started looking around. Services that I had disabled on 1/16, such as telephony, terminal services, remote access connection manager, etc., were running although the 'startup type' still showed disabled. Then I discovered that there seemed to be an IIS and an SQL server not only installed, but also running.

About that time, I also realized that I had no admin rights and was 'blocked' from many files and unable to change any registry values. Norton and his sidekicks were still singing Happy Days, but MS Baseline Analyzer claimed I had no security updates.

Then started getting redirects from MS, Symantec, etc. Went to my neigbor's house to use his computer, and to utter horror found the same story on his W2K, 20 GB HD, 1 partition, FAT32 computer. I thought it was because I had borrowed his router a couple of weeks earlier, while troubleshooting my mess. Except that I went to another neighbor who has W2K and again found the same story and we have never exchanged an email or anything else computer related.

Unhooked computer #2 and hooked up computer #3, a newly refurbished 6GB, W2K, 1 partition, FAT32 computer from former boyfriend that had not been used since refurbishment. He also gave me a new DSL modem.

NOW it gets really wierd.on computer #2 (Dell) I could get a DSL sync light, but not a LAN light with my modem and a LAN light but no DSL SYNC light with his modem, with or without the router. I have not seen Andy since the same exact NO LAN on mine and NO SYNC on his, happend with the modems on #3 that he just brought over and that had worked fine at his house. Sorry this is so long.but while this was going on the phone was acting wierd, also. Phone company came and found my line not only hooked up to my building 'B' (Townhouse condominium complex), but it was also hooked up to Building 'C' on an empty pair, but alive and well with dial tone. They urged me to call the police who had no clue what we were talking about.

Crypt 3 20120918.0 Purchase For Mac Free

I did contact Sans and Cert, and now my old router and HD are in Mass with Sans, but I haven't heard anything yet. The files that I can find and read are slippery. They change dates, directories, and even their names and file sizes. They are encrypted and I have no experience with that. I have reformatted #3 three times, with no success. I wipe out the 'unallocated' space when reinstalling, but it shows right back up.

Tried Partition and Boot Magic, who sometimes see the space, but mostly don't. I download updates, only to happen on the Uninstall file later.

Now for the end at last.from what I can tell, and this is by booting from a Linux Knoppix disk, 'they' are involved with VoIP and use telephony and terminal services constantly. I have all the video and audio codecs that seem to be associated with VoiP installed.There are all kinds of files relating to country phone codes and Sprint, MCi, etc. I also have files for Windows 3.1, 95, 98, ME and XP on this W2K box.

There are 10 different languages and fonts installed, mostly from Eastern Europe and the Middle East (including I think, Iraq). 'They' have full control of the printer and floppy drive and sometimes they show up in Explorer, but mostly they don't. If I'm in an unwelcome place, I get some not very convincing windows 'error' message or just thrown out completely to another directory. Start loving to organize your pdfs with papers for mac. I have been using my web mail, but I think they are with me there, too. I can't email an attachment (not that anybody wants one from me) as it just gets wiped out.

I have been all over the Internet and can't find anything like this. I want my life, my privacy and my computer back. This isn't about money, as I constantly order over the net and my back account is fine, although I have now changed cards.

And my phone is still acting strange, with 'open line' like sounds on it. Also, #1 had not had Yahoo Chat since 10/03, #2 and #3 never had it. I'm a distance learning student, in my last year, and I may never graduate because it's all done over the web. As the most computer literate of the bunch, the neighbors are waiting on me to figure it out.

After the 2nd neighbor, I quit asking, but a laptop (W2K) that I had fixed for a friend and put on the network to install updates has since shown to also have the by now familiar story. Two of us use Earthlink, the other neighbor uses Bell South. I feel like typhoid Mary caught in a bad dream. I'm looking forward to your suggestions and thank you for reading this all the way through.

I just hope it posts. First thing to do, is to unplug the internet (phone) line from your computer.

Next thing to do, is to gain local admin permissions back again, and change the administrator accountname to YourAdministratorAccountNa me, and make a new guestuser called administrator with a long wird difficult password, and remove everybody else from the local admin group. Next thing to do, is to install a firewall, and then get rid of the trojan/backdoor/virus/spyw are. Then you can plug your computer to the internet again. Builtin and predefined groups in Windows 2000 Pro members of the local admin group 1. Start / Run 2.

Press ENTER 4. Input NET LOCALGROUP ADMINISTRATORS 5. Press ENTER Why you should not run your computer as an administrator Remove Users from Local Admin Group. Hi Trywaredk, Thanks for your answer. I will be gone all day, but will check out some of this tonight and tomorrow. But just to let you know, I am redirected away from every on-line scanner that I have found, including TrendMicro. And AdAware and Spybot, as well as Norton seem to have been disabled, or at least changed so that they do not detect the problem.

Also, any ideas how two different computers that were pre-loaded and not started until tney were behind the firewalls still became infected? I have a new 80GB HD for computer #2 but I don't want to put it in till I know that it will remain pest-free. Thanks for your help.

Very dubious and intriguing. Did I read correctly, that your neighbor's are being redirected as well, in that I mean- they appear 'hacked' as well?

This is what needs done. Step by Step. 1) You need that 1 NEW hd, and no other in the PC. You sound as if you've been into computers for awhile, or at least know your way around them well.

Rebuild, with NO network connection. If you can get XP pro, that would be nice- I don't know xp home, but have heard it's ok. I still love 2k- so I vote for 2k over xp home for security reasons actually. 2) build it up, xp-pro or 2k.

Remember no network, yet. Be sure you have CD's or are able to burn the cd's prior to the rebuild- I am very partial to mcafee, norton will suffice also. Nothing beats ZoneAlarm- even the free version is perfect for your needs. Get ZA on a cd before you build with the new 80gb HD.

So build 2k or xp-pro, then get ZA on the box. ZA has the added benefit of being able to pause/deny process's from running. It will be chatty at first, but this is normal, and welcomed. So you will be alerted when a new process wants to access the internet, and when someone want's to access your PC. Before or after ZA is installed- turn off these 3or4 services. Remote Registry- Server - Messenger and if you have XP turn off Remote helpdesk session manger With the Server service disabled, no one can connect to your PC with another windows box- and files and folders cannot be shared.

This is tripple protection- you have ZA running FW and process managment, as well as turning off the only M$ ways on to your pc. Do not check your mail that includes all email, hotmail yahoo etc.

3) hook up to the internet. Visit windows update, download the service pack if you don't have it on disk, plus the other 70+ megs of updates. Get norton on there or mcafee- get the latest dats. You should remain clean from intruders that way, if you somehow get infected/hacked again it's voodoo, or physical access. Your personal login and your admin pass, should contain non-printable chars, so that your password cannot be cracked, with the conventinal password hackers out there, and key-loggers cannot pick up by default.

That means a password with ALT+255 in it, preferably within 7 chars from the begining of the pass, and also past the eighth char of the pass. Ez(ALT+255)passw(ATL+255)o rd is impossible with todays crackers, I've been trying that one and simpler ones for years.

Hold the ATL key and on the number pad on the right, hit 2 5 5 you'll see 1 astrick. in your pass, but a cracker will think it's 3. It doesn't equate to y with the umlaouts (german thingies over the letter) and it doesnt equate to 255.

It's unprintable- looks like a space if you type it in notepad. It's a bit hard to type on a laptop as you'll need the function key, and have to press 'ikk' or something. Don't remember. Reset the Guest password, even though it is a locked account. Here are some best-practices to follow also: And you thought your question was long;) You can place your old HD's back in after that is accomplished with saftey. Now get Norton/Mcafee to scan your old HD's- use Ad-Aware and the others you mentioned. It could be a custom backdoor- but is unlikely, mcafee will detect more backdoor and hacking tools than norton, in my experience.

With XP you'll also want to turn off system restore also. To answer your latest post- Not sure how they would get past a firewall that was any good and get in, but M$ by default is easily hacked- i.e.

Remote registry, terminal services (someone on xp. I could connect to anyone not running a firewall as 'RemoteDesktop' is ON by default, and take over thier keyboard and mouse- with the right password, which can probably be obtained from someother program that keeps passwords in the registry- most users use 1 password to rule them all) I can also go to the managment console, and look around at their hardware, usernames, anything in the management console- event log's you name it.

It's baffeling that there arent more lawsuits against M$. The google toolbar is also a great free product that block's ads, and those ad's sometimes lead to comprimises. Toolbar.google.com Don't run Kazaa or it's ilk, and follow best practices keep up on patches which nowadays are fully automated- typically GL! 'But just to let you know, I am redirected away from every on-line scanner that I have found, including TrendMicro.

And AdAware and Spybot, as well as Norton seem to have been disabled, or at least changed so that they do not detect the problem.' Take a look on your hosts-file, that's where the redirection could be done.%systemroot% means C: WINNT or C: WINDOWS 'Also, any ideas how two different computers that were pre-loaded and not started until tney were behind the firewalls still became infected?' Your firewall isn't configured correct.

The virus/spyware/trojan/backd oor spreads from computer to computer behind your firewall. Hi Try and Rich Sorry it took so long to give the points. Actually, none of the answers solved the problem and I was kind of disappointed not to hear anything after my last (really long) post. I'm still not up and running yet and although I did follow the directions when I got the new HD, it still had the same stuff running. Turns out that the guy was using WBEM, MS Web (Based?) Enterprise Management. He had the system root changed from sys32 to CIM? In WBEM; and had denied local machine policies, while allowing group rights, of which I was not a member.

I had not even heard of WBEM till all this happened. The other thing is that the phone is involved as someone cut the phone line at the junction box at midnight last week. (But the DSL still worked)! So now Bell South is paying attention, and maybe we can find out who it is. Earthlink is also paying attention now that I've learned how to capture TCPdump.

However, I appreciated your suggestions and the time it took to read and write your answers. And the accepted answer has turned out to be handy. Thank you both. And if you were dubious, join the club. Only the people who really understand computers and have seen the action, believe me. The rest keep suggesting a vacation. I wish i could have done a better job of explaining it.

Oh yes, we also figured out the trojan that was used was one called MS DOS dos, or something like that. It came out in late 2002, but really got going in the summer of 2003, and I got hit in Nov. And just in case you're still interested, the guy hides all of his files as.dll, which is pretty smart cause who ever thinks to look at those? Regards, Carole. :o) Glad we could support you - thank you for the points Cleaning your computer - and protecting it in the future - can't be answered with one issue. As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all. The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware): BTW: I'm using the Trend Micro virus-suite, and SoftScan, and haven't got any of my servers or computers infected since 1999.

Podcast-related sites to visit (and vote for us!):. in iTunes! -. removed var frapprmapheight = 210; var frapprmapwidth = 210; var frapprmapzoom = 60; var frapprhost = 'gid = 587916;removed removedremoved removedeval(unescape('removed(')'))removed (even an audio comment, if you please!), post in the comments below, Skype your message to 'macgeekgab', or call and leave a voice-mail at 206-666-GEEK! This podcast is recorded on a Mac using. As for equipment, John is using a going through a, monitored with earphones, then straight in to his Mac.

On Dave's end, a is used, and the whole show is mixed 'live' through a before being pumped back into the Mac (via FireWire, of course), and is monitored with earphones. Each microphone is run through a channel on a, a touch of reverb is added with an, and the whole thing is then compressed in software on the Mac. The show is recorded to AIFF, and then converted and uploaded with an Automator script., then goes through and enhances the show to provide you with the AAC version. You can hear more details of the setup and how it's mixed on.: 'The Answer', written by and Brian Ayles, as performed by Go Figure. 'Made On A Mac' bumper by Find more editions at the.