[Tiberium]

hi guys! let me try to explain this topic in a short way... well I'm really concerned about my computer security, I've been searching for every recommendations and every "not very nerd" or "tech" advices to protect my pc from the outer network... I've installed Windows XP Pro with SP2 and its updates, my security software are: Norton Personal Firewall 2005 & Norton Antivirus 2005; Microsoft Anti Spyware and NoAdware. These type of applications (Firewall, Antivirus and anti spyware) are the main suggestions in most of the 'security tutorials' to ensure a good protection... however 2 days ago, one of my old colleagues said that he could break into my system easily, we're friends anyway but he didn't explained me how he could break in and how to prevent it.. besides I'm not sure if he wasn't making bluff and tried to impress me cuz he proclaims to being an hacker and he has very proud of it and blablabla, so he told me some things he saw from my desktop, therefore I'm not sure if he was just seeing a printscreen of my desktop I sent to him 2 weeks before.. lol... anyway I would like to obtain your wise advices about this 'fragile' topic, oh I almost forget, you probably will ask me if he sent some executable file (known as trojan) to access my computer easily, or viruses or sort of... nop... we've only exchanging some mp3 files, and I never risk open .exe, .pif and .src and other unknown extensions.... so as I was saying, he seems to access my system just knowing my ip.. and I guess he obtained it from /dns command on IRC. So I would be very grateful if you help me with my concern, telling me what to do, how to ensure a great protection, and any advices you think being useful for this... for example I've been using netstat command but it is bit complicated for my understanding... by the way, I've been doing many firewall tests to check if it's something wrong, I got nice results on Sygate Online Services but in Symantec I was warned about 'hackers exposure', therefore I removed sygate personal firewall and installed norton firewall, and the result was the same, even after following their recommentadions... so guys I'm going paranoic of all this, plz help me! farewell

[Advertisements]

oh I almost forgot, my system is going well except for a problem that happens sometimes after booting, 'explore.exe had a problem and needed to close - send/or not send report to Microsoft' -- this is the unique mal function that happens sometimes, but while system is running I haven't notice any strange thing... cheers!

[Tiberium]

oh I almost forgot, my system is going well except for a problem that happens sometimes after booting, 'explore.exe had a problem and needed to close - send/or not send report to Microsoft' -- this is the unique mal function that happens sometimes, but while system is running I haven't notice any strange thing... cheers!

[dsenette]

https://www.grc.com/x/ne.dll?bh0bkyd2 go here and test your system to see just how many open ports you really have...also...just because he says he's seen things on your desktop "i bet you've got my computer icon up there don't you?" doesnt mean he actually hacked you...i would be willing to bet that the things he mentioned seeing are either things he's seen from a visit, or the old screen shot...or simply assuming you have a desktop icon for a program he knows you both use. if you really want to test him...get him to put a text file somewhere on your system the next time he "hacks" you. plus...the security measure you mentioned are good enough for standard use...the only reason people "hack" personal computers is when you get an irc script kiddie mad...and even then....they don't really have the skills to do anything important.

[Tiberium]

thanks dsenette for your quick reply!

in relation to the website you gave, I found it very nice, specially because I got an A+ in all test services! every port is stealth according to them...
I was thinking the same thing, about testing him if he can read, move or create anything new in my system to check if he's really connected!

ah.. another thing... I think I should mention that 1 of the first measures I took after that 'hacking occurance', was to disable NetBIOS through TCP/IP at WINS advanced options in Internet Connection properties.. I read somewhere that NetBIOS is a very dangerous threat to have enabled cuz he shares printers and our disk and that would be only necessary in LANs.

So I did that, and since then I have it disabled... anyway I did the 'file sharing' test with NetBIOS enabled and disabled, and I got the very same result, (that it could not connect to NetBIOS and that port 139 appear not to exist).

I don't know if this NetBios was the problem (if it really happened)... but at the time I was troubled or at least I thought I was.. I had sygate personal firewall and I don't know if it is so good as this norton personal firewall seems to be... to be honest I don't have any idea which is better or what it does in 'measures of protection'... personally I enjoyed more Sygate due to its notifying connection and traffic logs and it offers a detailed connection details of any file which tryes to connect to the internet. anyway any advices or sugestions from experts are welcome!

As you probably be wondering, I'm all paranoid when it's related about security, although I have a feeling that he wasn't bluffing cuz he's known for being such a 'brain' in this field besides being still an old teen. But I'll follow your advice and test him in a politely way!

But what if he can do it? What shall I do then?
By the way, do you know any mean to check what connections are being made? Such as 'netstat' command but with more features like whois and specific details about server or client sources... still being a pain in the [bleep] about security? I guess.. lol... anyway thank you for your time.

stay cool, regards

Attached Thumbnails

• 

[dsenette]

you can get a program called ethereal, it captures all packets on your network connection...that might help...

[Tiberium]

lolol dnsette.. guess what! I asked 'him' to hack me once more... but this time to do something different as uploading some cool files as images or kind of... and he refused and got zipped... so I guess you were absolutly right.. he was only playing mind games with me... now I guess I understand the old saying "hack is 65% psychic' or sort of... lol

by the way.. sometimes and is getting more and more frequently... my system is having some running problems... I thought it was related with that 'thing that never happened' but I think it's just rundll problems... i.e. lately most of the times I boot my computer I mainly get problems with these files: 'explore.exe' & 'iexplore.exe'.. ok I think it's normal happening these errors sometimes even that I never understood why.. I guess it's just problems with buffering... but now... 90% of times I boot it shows me that 'problem' in that dialog box asking me if I want to send a report to Microsoft... I guess you know what I am talking about.. when some applications have to close inesperatly... so... this is happening too many times repeatly.. well I could put my windows cd to try to repair this problem but I borrowed to my cousin and he's too far away to go get it... lol

don't you know any mean to resolve this problem anyway? thanks I'd really aprecciated your help!

regards

[dsenette]

start > run, type
eventvwr.msc
<enter>

Look under systems and applications for items with red Xs that happened at the SAME time as your problem...list them here.

[Tiberium]

right... I went there and I saw some errors I got yesterday... in the system and applications folders, I'd seen some warnings too, that I haven't noticed while system was running (I guess this is not important)... all this warnings are related with TCP/IP (the source) with an event ID of 4226 and it says "TCP/IP has reached the security limit due to many simultaneous TCP connection attempts"....

related with errors I checked most of them, and they are diverse, in SYSTEM PANE most of them related with DCOM problems (forgive my ignorance, but could you explain what DCOM is? please); others were related with Service Control Manager and Symantec LC Core connection timeouts that were requested before by me... (sometimes Norton AV don't boot at windows startup and I don't know why) and I saw too others about SideBySide (event source) that were complaining about windows controllers (that Windows could not find the specific path)...


--------------------------------------------------------------------------------------------


now related with Application problems pane (the log with those errors that were really annoying) - these which I'll post are those that I think be more relevant

here it goes some pastes (my system is in portuguese, so I'll translate the best I can):

.........................................

error 1:

type of event: Error
event source: Application Error
event category: (100)
event ID: 1000
Descryption:
Missing application: svchost.exe, version 5.1.2600.2180; missing module: wuapi.dll, version 5.8.0.2469; missing address: 0x000118a0.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 32 31 38 30 20 69 0.2180 i
0030: 6e 20 77 75 61 70 69 2e n wuapi.
0038: 64 6c 6c 20 35 2e 38 2e dll 5.8.
0040: 30 2e 32 34 36 39 20 61 0.2469 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 31 31 38 61 000118a
0058: 30 0

--------------------------------------------------------------------------------------------

error 2:

Type of event: Error
event source: Messenger
event category: None
event ID: 1000
descryption: the ID event descryption ( 1000 ) in source of ( Messenger ) was not found. The Local host could not obtained the necessary registry information or the required DLL messages to show the remote's computer messages sent. You can use the sinalizer /AUXSOURCE= to obtain this descryption, search for help and support for further details. the following information is a part of event: msnmsgr.exe; 7.0.816.0; mshtml.dll; 6.0.2900.2722; 000a22ba.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 30 2e 38 31 36 7.0.816
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 68 74 6d 6c 2e 64 6c 6c html.dll
0038: 20 36 2e 30 2e 32 39 30 6.0.290
0040: 30 2e 32 37 32 32 20 61 0.2722 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 61 32 32 62 000a22b
0058: 61 0d 0a a..

...............................

error 3:

type of event: Error
event source: EventSystem
event category: (50)
event ID: 4609
descryption: The registry system of events of COM+ has detected an invalid code envolved while the same running internal process. The HRESULT is 8007043C in line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.

NOTE: err.. what is this thing of COM+ anyway?

........................

error 4:

type of event: Error
event source: Application Error
event category: None
event ID: 1000
descryption: Missing application - explorer.exe, version 6.0.2900.2180, missing module unknown, version 0.0.0.0, missing address 0xc481d487.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 63 34 38 fset c48
0050: 31 64 34 38 37 0d 0a 1d487..

......................................

error 5:

type of event: Error
event source: Application Error
event category: None
event ID: 1000
Descryption: Missing application: iexplore.exe, version 6.0.2900.2180, unknown missing module, version 0.0.0.0, missing address 0x99eb4097.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 39 39 65 fset 99e
0050: 62 34 30 39 37 0d 0a b4097..

NOTE: I saw more errors related with iexplore.exe - is it relevant the different addresses?
.................................

error 6:

type of event: Error
event source: Application Error
event category: None
event ID: 1000
descryption: Missing application explorer.exe, version 6.0.2900.2180, missing module browseui.dll, version 6.0.2900.2713, missing address 0x0000e12d.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 62 72 6f 77 73 in brows
0038: 65 75 69 2e 64 6c 6c 20 eui.dll
0040: 36 2e 30 2e 32 39 30 30 6.0.2900
0048: 2e 32 37 31 33 20 61 74 .2713 at
0050: 20 6f 66 66 73 65 74 20 offset
0058: 30 30 30 30 65 31 32 64 0000e12d
0060: 0d 0a ..


NOTE: I saw more errors related with explorer.exe - is it relevant the different addresses?

..........................................

error 7:

type of event: Error
event source: Application Error
event category: None
event ID: 1000
descryption: Missing application rstrui.exe, version 5.1.2600.2180, missing module msls31.dll, version 3.10.349.0, missing address 0x0000843c.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 72 73 74 ure rst
0018: 72 75 69 2e 65 78 65 20 rui.exe
0020: 35 2e 31 2e 32 36 30 30 5.1.2600
0028: 2e 32 31 38 30 20 69 6e .2180 in
0030: 20 6d 73 6c 73 33 31 2e msls31.
0038: 64 6c 6c 20 33 2e 31 30 dll 3.10
0040: 2e 33 34 39 2e 30 20 61 .349.0 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 30 38 34 33 0000843
0058: 63 0d 0a c..

NOTE: I listed this, cuz he had that particular missing module... (there are some equal errors like this)

..............................

error 8:

type of event: Error
event source: Application Error
event category: None
event ID: 1001
Descryption:
Fault bucket 223607310.

Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 32 33 36 30 37 33 31 22360731
0010: 30 0d 0a 0..


NOTE: what this means?

...............................

error 9:

Tipo de evento: Error
Origem do evento: Application Error
Categoria do evento: (100)
ID do evento: 1004
Descryption: Missing application symlcsvc.exe, version 1.8.54.478, missing module symlcsvc.exe, version 1.8.54.478, missing address 0x0000a9cb.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 79 6d ure sym
0018: 6c 63 73 76 63 2e 65 78 lcsvc.ex
0020: 65 20 31 2e 38 2e 35 34 e 1.8.54
0028: 2e 34 37 38 20 69 6e 20 .478 in
0030: 73 79 6d 6c 63 73 76 63 symlcsvc
0038: 2e 65 78 65 20 31 2e 38 .exe 1.8
0040: 2e 35 34 2e 34 37 38 20 .54.478
0048: 61 74 20 6f 66 66 73 65 at offse
0050: 74 20 30 30 30 30 61 39 t 0000a9
0058: 63 62 cb

NOTE: symantec product problems?

----------------------------------------------------------------------------------------------

ok.. that's enough... to avoid flooding this.. I hidden some things as microsoft help, times, computer name's and blablabla... as far as I boot computer this morning Im not having any of those issues.. but if I get another one (in that time - I'll exactly post it here) - meanwhile you can check those errors... tata

best regards