Hacker has changed code; need original to compare.

[Renie]

I have an unusual problem. I am using Windows XP
Professional and IE6.

I have a hacker who constantly bothers me. About a week
ago, they changed my Internet access code so that when I
log onto Windows, it immediately dials my ISP to connect
to the internet.

If I click to cancel, it immediately redialmc It seems
that they also have it set to dial an unlimited number of
times in rapid succession. (Like a repeater.)

The only way I can limit them from dialing up the net, is
to set my privacy controls to a "protected password"
statumc But, this doesn't stop the dialer.

It will continue to dial and just give an error message,
reset and redial.

I then don't bother to cancel, so I have the 2 boxes then
displayed on my desktop. The one that says it
is "Connecting" and the one that give the "Error" message.

This will remain in place, as long as I am working on my
desktop.

To access the net, I have to go into my connection
settings, change my privacy settings back to "unsecured
password"; and click cancel on their dialer box, and try
to quickly beat them connecting to the internet so I get
on and they don't. Which is what I have done to get here.

I have purchased bCentral Web Hosting and additional
products which I cannot use now, as I am afraid to let
this individual know about them. So, he is not just
causing a waste of time, but a waste of money, also.

This person is a real hazzard to the internet. I have
traced the activities of this person, found his location,
and have their identity.

In my tracing activity, I have found that he also changes
my ISP number from one day to the next, depending upon
what he is using my computer as a portal to obtain from
the net.

In my state, I can prosecute them. But, I need a copy of
the original code that dials up IE6, and compare it to
the code that has been changed as my proof.

I believe that this may be in the INF files, as I have
done a search and have seen where certain files were
changed during the past 2 weekmc I also searched for a
separate .EXE program file but found none.

Can anyone tell me

1. If I should look for a specific Program name?

2. How I can obtain the original code pages for the
comparison? It would be greatly appreciated.

3. Or, if this is an activity that is being totally run
on the outside?

Any help dealing with this sick individual will be
GREATLY APPRECIATED.

 

[Doug Knox MS-MVP]

See www.dougknox.com, Win XP Utilities, Startup Programs Tracker. This
small utility scans your system for startup programs and running processes.
It also allows you to create a log file that can be copied and pasted into a
newsgroup post. The contents of the program window are also copied to the
Windows Clipboard, automatically.

For newsgroup replies, it generally isn't necessary to include the Running
Services section of the log file.

 

[wayne]

-----Original Message-----
I have an unusual problem. I am using Windows XP
Professional and IE6.

I have a hacker who constantly bothers me. About a week
ago, they changed my Internet access code so that when I
log onto Windows, it immediately dials my ISP to connect
to the internet.

If I click to cancel, it immediately redialmc It seems
that they also have it set to dial an unlimited number of
times in rapid succession. (Like a repeater.)

The only way I can limit them from dialing up the net, is
to set my privacy controls to a "protected password"
statumc But, this doesn't stop the dialer.

It will continue to dial and just give an error message,
reset and redial.

I then don't bother to cancel, so I have the 2 boxes then
displayed on my desktop. The one that says it
is "Connecting" and the one that give the "Error" message.

This will remain in place, as long as I am working on my
desktop.

To access the net, I have to go into my connection
settings, change my privacy settings back to "unsecured
password"; and click cancel on their dialer box, and try
to quickly beat them connecting to the internet so I get
on and they don't. Which is what I have done to get here.

I have purchased bCentral Web Hosting and additional
products which I cannot use now, as I am afraid to let
this individual know about them. So, he is not just
causing a waste of time, but a waste of money, also.

This person is a real hazzard to the internet. I have
traced the activities of this person, found his location,
and have their identity.

In my tracing activity, I have found that he also changes
my ISP number from one day to the next, depending upon
what he is using my computer as a portal to obtain from
the net.

In my state, I can prosecute them. But, I need a copy of
the original code that dials up IE6, and compare it to
the code that has been changed as my proof.

I believe that this may be in the INF files, as I have
done a search and have seen where certain files were
changed during the past 2 weekmc I also searched for a
separate .EXE program file but found none.

Can anyone tell me

1. If I should look for a specific Program name?

2. How I can obtain the original code pages for the
comparison? It would be greatly appreciated.

3. Or, if this is an activity that is being totally run
on the outside?

Any help dealing with this sick individual will be
GREATLY APPRECIATED.
.
Wow, interesting story. You should consider a hardware

firewall that automatically privately IP-addresses your
machine (under $100), adds a nice layer of protection to
any software protection, eg XP's built-in Internet
Connection Firewall. You do at least have software
protection, that's enabled, don't you? To access ICF, r-
click Network Places, select Properties, select Advanced
tab, and check the box to enable (you should not use in
conjunction with another software firewall, eg Trend PC-
Cillin, or Norton Internet Security).

 

[Longhorn]

A hacker is doing all that? ...what makes you think so?

 

[Mike Brannigan [MSFT]]

(top posted due to length of original mail)

Renie,

The originals of any Windows XP components are on your original Windows XP
CD ROM.
If the person has made code changes you could perform a repair install to
restore all the system files to as shipped.
If they have only made configuration changes this will not be fixed by a
repair install. If you are unable to remove their changes then backup you
application data and rebuild your PC. Take the appropriate measures to
secure your PC before you reconnect to the Internet.
--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Guest]

To Wayne:

Thanks for your help. But, I HAVE 2 EXCELLENT firewalls,
including the one that comes with XP turned on. But,
don't fear, the reason they can change the ISP has to do
with their personal identity and something the normal
user would NOT have to be concerned about.

 

[Guest]

Mike,

Thank you for your kind help.

I know where the code is located, but it is on "Cab
Files" and I don't know how to access and read them.
Also, at this point I am not interested in changing my
machine back to the original as I just did that last
month and the Bum hit me again. In fact, last month he
gave me 6 wormmc I haven't even finished downloading all
of my files, and am working off of CD's for the most part.

This time, I need the comparison code for the FBI so I
can show them the before and the after. The code is the
proof I need for them to make a case. That code change
was my first thought. But, if I can use the programs
recommended by Doug, then I will also have proof, and the
FBI can move in and they can compare the code. I am going
to follow Doug's recommendations and see where that can
help me.

 

[Renie]

THANK YOU, Doug. You were the most help. I am going to
your sites and read and will run the ulitity program.
This will definitely give me the proof I need to get this
person out of his "business" and off the net. I will
then leave it up the the FBI to "compare" my machine.
Microsoft is truly blessed with your presence. You are
truly a 5 star Expert!

 

[Guest]

This makes NO sesce at all


To access the net, I have to go into my connection
settings, change my privacy settings back to "unsecured
password"; and click cancel on their dialer box, and try
to quickly beat them connecting to the internet so I get
on and they don't. Which is what I have done to get here


I think you need to renew your Rx or double the dose!!

 

[Mike Brannigan [MSFT]]

Mike,

Thank you for your kind help.

I know where the code is located, but it is on "Cab
Files" and I don't know how to access and read them.
Also, at this point I am not interested in changing my
machine back to the original as I just did that last
month and the Bum hit me again. In fact, last month he
gave me 6 wormmc I haven't even finished downloading all
of my files, and am working off of CD's for the most part.

This time, I need the comparison code for the FBI so I
can show them the before and the after. The code is the
proof I need for them to make a case. That code change
was my first thought. But, if I can use the programs
recommended by Doug, then I will also have proof, and the
FBI can move in and they can compare the code. I am going
to follow Doug's recommendations and see where that can
help me.

If the file you require is in a CAB file - you can just click on it in
Windows Explorer - see the file and drag it out to a new folder - it will
automatically be pulled out.
If the file has an extension like xxxxxx.ex_ then you need to decompress it
..
Use the Expand command from a command prompt. e.g.
Expand c:\temp\xxxxxx.ex_ c:\temp\xxxxxx.exe
This will expand the compress file back to an exe.

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Daniel L. Belton]

I have an unusual problem. I am using Windows XP
Professional and IE6.

I have a hacker who constantly bothers me. About a week
ago, they changed my Internet access code so that when I
log onto Windows, it immediately dials my ISP to connect
to the internet.

If I click to cancel, it immediately redialmc It seems
that they also have it set to dial an unlimited number of
times in rapid succession. (Like a repeater.)

The only way I can limit them from dialing up the net, is
to set my privacy controls to a "protected password"
statumc But, this doesn't stop the dialer.

It will continue to dial and just give an error message,
reset and redial.

I then don't bother to cancel, so I have the 2 boxes then
displayed on my desktop. The one that says it
is "Connecting" and the one that give the "Error" message.

This will remain in place, as long as I am working on my
desktop.

To access the net, I have to go into my connection
settings, change my privacy settings back to "unsecured
password"; and click cancel on their dialer box, and try
to quickly beat them connecting to the internet so I get
on and they don't. Which is what I have done to get here.

I have purchased bCentral Web Hosting and additional
products which I cannot use now, as I am afraid to let
this individual know about them. So, he is not just
causing a waste of time, but a waste of money, also.

This person is a real hazzard to the internet. I have
traced the activities of this person, found his location,
and have their identity.

In my tracing activity, I have found that he also changes
my ISP number from one day to the next, depending upon
what he is using my computer as a portal to obtain from
the net.

In my state, I can prosecute them. But, I need a copy of
the original code that dials up IE6, and compare it to
the code that has been changed as my proof.

I believe that this may be in the INF files, as I have
done a search and have seen where certain files were
changed during the past 2 weekmc I also searched for a
separate .EXE program file but found none.

Can anyone tell me

1. If I should look for a specific Program name?

2. How I can obtain the original code pages for the
comparison? It would be greatly appreciated.

3. Or, if this is an activity that is being totally run
on the outside?

Any help dealing with this sick individual will be
GREATLY APPRECIATED.

I don't think that a hacker is doing this... It sounds more like you
have some type of trojan or virus installed. Since you use a dialup
ISP, then your internet address will be different everytime you dial in.
Get you a good virus scanner and spyware scanner... I would recommend
spybot and adaware to search for some trojan program.