• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Internet connection piracy?

Teresa.Hall

Scholar
Teresa.Hall
Joined
Jun 17, 2007
Messages
113
History: Visited a link a friend sent me to look at his Picassa album. I left the computer on that site for an hour or so while I was doing other things. My friend then sent me a message that his Picassa site had been hacked by "Russians" because all of his picture names and captions had been changed to the Russian language. The next thing I know the "Fair Use Policy of my Hughes.net ISP was exceeded and they shut my internet connection down to a dribble. 500 megs was downloaded using my internet connection somewhere besides my computer. I told them I didn't do that and they reset the Fair Use policy back to normal. I went and downloaded McAfee's Security Center and ran scans but found nothing. two days later my internet shut off again because over 350 megs which is my limit was downloaded in just a short period of time. Three times now that's happened. I haven't downloaded anything and in fact was nowhere near the computer when it happened. I don't have any programs that update themselves to the tune of 300-500 megs.

Lately to stop the ISP theft I've been locking down the firewall when I'm not using the computer.

My problem is I use this computer for work and if the thief starts blowing up my internet while I'm working (firewall has to be unlocked) I'll have to work at the hospital instead of transcribing from home.

Any suggestions of what to do, or how to stop this from happening?:con2:
 
Do you have a wireless router? If so, check that you have wireless security enabled (preferably WPA); you may also want to change your wireless password just in case.

I'd also suggest using other malware programs, specifically SpyBot Search & Destroy and possibly Avast or AVG Anti-Virus (all free for personal use).

If you're really paranoid, get a live Linux CD (e.g. Ubuntu), boot off that, and use ClamAV to scan your hard drive. More work, but it might catch hidden ("root kit") malware.

Your firewall should also be able to tell you what is generating traffic.

Finally, presuming you have a cable or DSL modem with blinken lights, you can watch them for activity.

Worst case: take your computer to trusted shop (if you can find one) to be scanned. They can scan the HD without booting from it, and should be using multiple good quality tools. (A hack shop, though, will just run basically what you've done.)

ETA: The reason for the wireless question is that there are at least two attack vectors. One is via your wireless network, and would have nothing to do with your computer; it'd be basically someone nearby connecting to your network. The other attack vector - and the one you're suspecting - is malware on your computer(s). [If you have multiple computers, or other networked devices, they should be checked as well.]
 
Last edited:
Password-protecting your wireless router is a good thing to do when this happens to you. Otherwise, officials consider your router to be 'public-access', and you have no recourse, even if they do catch whoever is using your service.

I'm guilty of using other people's wireless routers at times; but I try to not do anything excessive (no downloading movies or software) when I'm on these. Not everyone is so innocent, though...
 
The router isn't wireless. I could understand if I was running a wireless router.

I'm running a Dell computer on a network with another computer and a Lynksys cable/dsl router plugged in to the computers ethernet cards, and to the hughes.net receiver.

I've downloaded Spybot Search and Destroy. It caught some internet cookies and I got rid of everything it found. It wasn't much, maybe 20 items.

I've also run McAfee three times now and it hasn't caught anything at all. I might also mention I use Microsoft remote desktop for work as I connect to my company's computer using that.

I'm running a Dell XPS 400 media center McAfee Security Center Spybot Search and Destroy, Windows XP Pro OS, Hughes.net HN7000s satellite internet receiver and a Linksys non wireless router. The Dell has been hard reformatted little over a month ago.

I wouldn't mind someone using my internet connection if they didn't blow it up every time.

I went to the site you suggested Dancing David and got:

Sorry, 'www.malwarebtes.org' does not exist or is not available.
 
Last edited:
Beats me, then. I got out of the hacker scene when we were still manually dialing phone numbers to find computers to hack... :D
 
Teresa.Hall said:
I went to the site you suggested Dancing David and got:

Sorry, 'www.malwarebtes.org' does not exist or is not available.
Click to expand...
That's malwarebytes

Everyone needs to know that website.

Aslo - MajorGeeks malware removal guidelines

ETA: it sure sounds like you have malware that allows someone to use your PC remotely. This is quite common and is said to be how bad guys trade child porn and other illegal stuff. But, you said the re are two computers connected to the router... is there a teenager in the house?
 
Last edited:
No teens or children of any age. It's just my husband and myself. The other computer is very rarely used, perhaps once or twice monthly and then only for a few minutes.

I downloaded the Malware Bytes and am running a full scan. I'll post if it finds anything.
 
Last edited:
That sure sounds like a zombie pc, which probably means a rootkit has been installed. If the above scan doesn't turn anything up, try upping the stakes with Rootkit Revealer
 
Check both computers; it could be that the other computer is compromised. Particularly if one has been compromised, often everything else on the same network gets compromised too.
 
grmcdorman said:
Your firewall should also be able to tell you what is generating traffic.
Click to expand...

This is very important! I've bumped into a lot of XP users who have no firewall at all and have not upgraded to the latest service pack

Teresa - do you have a firewall installed and running? If not, put that on your to-do list. You can get one for free by running windows update and installing their default security pack.
 
Is your firewall in the Linksys router, or just on your PC?
Make sure the router firmware is up to date, and double-check the settings (firewall settings too.)
Just to cover all the bases, is it possible that someone is physically hacking your connection? Meaning, an illegal connection to the wiring outside your home?
 
Teresa.Hall said:
The router isn't wireless. I could understand if I was running a wireless router.

I'm running a Dell computer on a network with another computer and a Lynksys cable/dsl router plugged in to the computers ethernet cards, and to the hughes.net receiver.

I've downloaded Spybot Search and Destroy. It caught some internet cookies and I got rid of everything it found. It wasn't much, maybe 20 items.

I've also run McAfee three times now and it hasn't caught anything at all. I might also mention I use Microsoft remote desktop for work as I connect to my company's computer using that.

I'm running a Dell XPS 400 media center McAfee Security Center Spybot Search and Destroy, Windows XP Pro OS, Hughes.net HN7000s satellite internet receiver and a Linksys non wireless router. The Dell has been hard reformatted little over a month ago.

I wouldn't mind someone using my internet connection if they didn't blow it up every time.

I went to the site you suggested Dancing David and got:

Sorry, 'www.malwarebtes.org' does not exist or is not available.
Click to expand...


Sorry , not one of my better days, 'www.malwarebytes.org' it is usually effective at getting stuff otherwise you can go to HijackThis and their forums.
 
Last edited:
madurobob said:
That's malwarebytes

Everyone needs to know that website.

Aslo - MajorGeeks malware removal guidelines

ETA: it sure sounds like you have malware that allows someone to use your PC remotely. This is quite common and is said to be how bad guys trade child porn and other illegal stuff. But, you said the re are two computers connected to the router... is there a teenager in the house?
Click to expand...

Ah the geek to it hurts, love them.

I hate to say this but it might be your work computer is bugged as well.
 
Last edited:
Z said:
Password-protecting your wireless router is a good thing to do when this happens to you. Otherwise, officials consider your router to be 'public-access', and you have no recourse, even if they do catch whoever is using your service.

I'm guilty of using other people's wireless routers at times; but I try to not do anything excessive (no downloading movies or software) when I'm on these. Not everyone is so innocent, though...
Click to expand...

I am a royal jerk, I use the security settings to block MAC ADDR that are not ours.
 
Are you sure your router isn't wireless? A large car dealership over the road from me was pumping out a wireless signal, the router admin password was set to the factory default (we had the same router where I worked) and file and print sharing was turned on!. I called them up to tell them and they told me they "didn't have a wireless router"...

When I invited him over and showed him I could access his computer's folders, he made a really quick call to his IT support guy!
 
You must log in or register to reply here.

Back
Top Bottom