Is my computer compromised?

  • Thread starter Thread starter Kompu Kid
  • Start date Start date
K

Kompu Kid

I have built myself a new computer recently. I still have not fully
deployed it and keep using the old computer.

Today I started the computer and discovered that some internet related
software such as Skype, MSN messenger, etc. are not working.

Digging deeper I found out that the computer is not seeing the router.
I started the repair process, no success.

When I tried to find out what IP the computer has with the cmd window,
I found out that there was a "regedit" command issued recently--the
"run" box keeps the last command issued.

I also found out that the computer has an "169.254.187.13" IP address
instead of 192.168.2.5 that it usually gets through DHCP.

The computer is running XP professional and has the latest updates. I
have AVG's basic version as an antivirus software and the security. I
also have Spybot-SD.

I am able to get the computer connected to Internet by manually
assigning it an IP address, etc. DHCP won't work.

I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?
I cannot figure out what was done with the regedit command. Any idea
how I can do this?

I am currently running a scan with AVG and will later run Trendmicro's
"Housecalls".

What else would you do?

Thanks!

Deguza
 
I have built myself a new computer recently. I still have not fully
deployed it and keep using the old computer.

Today I started the computer and discovered that some internet related
software such as Skype, MSN messenger, etc. are not working.

Digging deeper I found out that the computer is not seeing the router.
I started the repair process, no success.

When I tried to find out what IP the computer has with the cmd window,
I found out that there was a "regedit" command issued recently--the
"run" box keeps the last command issued.

I also found out that the computer has an "169.254.187.13" IP address
instead of 192.168.2.5 that it usually gets through DHCP.

The computer is running XP professional and has the latest updates. I
have AVG's basic version as an antivirus software and the security. I
also have Spybot-SD.

I am able to get the computer connected to Internet by manually
assigning it an IP address, etc. DHCP won't work.

I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?
I cannot figure out what was done with the regedit command. Any idea
how I can do this?

I am currently running a scan with AVG and will later run Trendmicro's
"Housecalls".

What else would you do?

Thanks!

Deguza
Click to expand...

If either of the above scans finds anything, report it here.

Try running the free versions of MBAM *AND* SAS:

<http://www.malwarebytes.org/mbam-download.php>
<http://www.superantispyware.com/>

Also make a rootkit check with GMER:

<http://www.gmer.net/index.php>

Please update this thread with your progress.

Pete
 
The 169.x.x.x address is assigned by Windows when it set to use DHCP and
cannot ocntact the DHCP server.

Is your router still serving addresses correctly?

At the command prompt try:

ipconfig /release

then...

ipconfig /renew

(In both cases there is a space between ipconfig and the /)
 
From: "Kompu Kid" <[email protected]>

| I have built myself a new computer recently. I still have not fully
| deployed it and keep using the old computer.

| Today I started the computer and discovered that some internet related
| software such as Skype, MSN messenger, etc. are not working.

| Digging deeper I found out that the computer is not seeing the router.
| I started the repair process, no success.

| When I tried to find out what IP the computer has with the cmd window,
| I found out that there was a "regedit" command issued recently--the
| "run" box keeps the last command issued.

| I also found out that the computer has an "169.254.187.13" IP address
| instead of 192.168.2.5 that it usually gets through DHCP.

| The computer is running XP professional and has the latest updates. I
| have AVG's basic version as an antivirus software and the security. I
| also have Spybot-SD.

| I am able to get the computer connected to Internet by manually
| assigning it an IP address, etc. DHCP won't work.

| I did some search on "169.254.187.13" IP address, but I cannot figure
| out who owns it. Any ideas as to how I can find out?
| I cannot figure out what was done with the regedit command. Any idea
| how I can do this?

| I am currently running a scan with AVG and will later run Trendmicro's
| "Housecalls".

| What else would you do?

| Thanks!

| Deguza

See Zebby's reply.

IP address 169.254.x.y is IP AutoConfiguration. That's what you get when a PC setup for
DHCP can't get an address. In your case your Ruter.

Look at your Router and make sure its functioning correctly. Reboot it, etc.
 
In
Kompu Kid said:
I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?
Click to expand...

Addresses in the 169.254.xxx.xxx range are assigned when a valid address
can't be obtained from the DHCP server. They're "link local" addresses and
will only allow communication with other hosts on your own local LAN.

http://www.ietf.org/rfc/rfc3927.txt

This document describes how a host may
automatically configure an interface with an IPv4 address
within the 169.254/16 prefix that is valid for communication
with other devices connected to the same physical (or
logical) link.

IPv4 Link-Local addresses are not suitable for communication
with devices not directly connected to the same physical (or
logical) link, and are only used where stable, routable
addresses are not available (such as on ad hoc or isolated
networks).
 
Kompu said:
I have built myself a new computer recently. I still have not fully
deployed it and keep using the old computer.

Today I started the computer and discovered that some internet related
software such as Skype, MSN messenger, etc. are not working.

Digging deeper I found out that the computer is not seeing the router.
I started the repair process, no success.

When I tried to find out what IP the computer has with the cmd window,
I found out that there was a "regedit" command issued recently--the
"run" box keeps the last command issued.

I also found out that the computer has an "169.254.187.13" IP address
instead of 192.168.2.5 that it usually gets through DHCP.

The computer is running XP professional and has the latest updates. I
have AVG's basic version as an antivirus software and the security. I
also have Spybot-SD.

I am able to get the computer connected to Internet by manually
assigning it an IP address, etc. DHCP won't work.

I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?
I cannot figure out what was done with the regedit command. Any idea
how I can do this?

I am currently running a scan with AVG and will later run Trendmicro's
"Housecalls".

What else would you do?

Thanks!

Deguza
Click to expand...

I found out that there was a "regedit" command issued recently--the"run" box keeps the last command issued.
Click to expand...

did you mean that someone *other than you* had entered "regedit" in the
run box? If that's what you meant, then yes, if an unauthorized
possibly malicious person has had physical access to your computer, it
is entirely likely that your computer has been compromised, completely
aside from any symptoms you may actually be seeing.



--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
I have built myself a  new computer recently. I still have not fully
deployed it and keep using the old computer.

Today I started the computer and discovered that some internet related
software such as Skype, MSN messenger, etc. are not working.

Digging deeper I found out that the computer is not seeing the router.
I started  the repair process, no success.

When I tried to find out what IP the computer has with the cmd window,
I found out that there was a "regedit" command issued recently--the
"run" box keeps the last command issued.

I also found out that the computer has an "169.254.187.13" IP address
instead of 192.168.2.5 that it usually gets through DHCP.

The computer is running XP professional and has the latest updates. I
have AVG's basic version as an antivirus software and the security. I
also have Spybot-SD.

I am able to get the computer connected to Internet by manually
assigning it an IP address, etc. DHCP won't work.

I did some search on "169.254.187.13" IP address, but I cannot figure
out who owns it. Any ideas as to how I can find out?
I cannot figure out what was done with the regedit command. Any idea
how I can do this?

I am currently running a scan with AVG and will later run Trendmicro's
"Housecalls".

What else would you do?

Thanks!

Deguza
Click to expand...

Thank you for all of you who helped me in this matter. I guess my
router's DHCP server was acting up. I did not realize that the
"169.254.187.13" IP address is a default in cases like this.

As for the REGEDIT issue, it is still a mystery. But scans showed no
problems.

Deguza
 
Back
Top