Announcement

Collapse
No announcement yet.

forced to join a remote domain first time unannounced

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • forced to join a remote domain first time unannounced

    How was I forced to join an anonymous remote domain without permission and without credentials/certificates?

    I have secured my only home Win XP Pro SP3 PC to the best of my knowledge by going thru some registries and services.

    But somehow a hacker or hackers was able to force me to join their remote anonymous domain.
    I used netstat /a /o & found their IP address 208.116.56.20:4448 & 208.116.56.21:4448, but do not know who was the mysterious hacker(s) nor where they originated.

    I also used wireshark and found several other hackers trying to PING my PC, probably used MTU.

    What I found in my PC,

    several services were missing
    Alerter
    Messenger
    Computer Browser
    Server
    Workstation
    some registries were also missing
    HKLM\System\CCS\services\Browser\Parameters - Browser folder MISSING!

    HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
    - Terminal Server Client folder MISSING! Plus I was unable to disconnect from the anonymous remote domain. I had to call the ISP to disconnect.

    HKEY_USERS S-1-5-19 & S-1-5-19 CLASSES folders MISSING!


    HKLM\System\CCS\Services\LanManServer\Parameters - LanManServer folder was missing temporarily but was later recovered intact using sfc/scannow

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explor er - Policies folder was missing temporarily but was later recovered intact using sfc/scannow

    performed:
    Start->Run and typed dcomcnfg.exe & clicked OK
    Component Services -> Computer, but the window automatically closed.

    the hackers were attempting to copy/move my document data from the desktop & from the data backup HDD (I saw a ~$)

    I later found some of my documents contain a Macro Word Virus.

    there were 3 unidentified users in the winlogon registry

    there were also 4 unidentifed users under the IE folder.
    I deleted the IE completely.
    I completely disabled my modem by unplugging the DSL line and power line & turned off the modem & somehow a newly created IE folder appeared offline.

    I finally got a DCOM error message when I bootup my PC stating my PC will be forced to shutdown in 1 min.

    I also found out by using Combofix an executable file was created by someone on March 3 2010 - a virus

    when I used GMER, several viruses were destroying all of the Windows NT files and the TCP/IP files.

    I had to erase/wipe the HDD immediately. There was no way to recover the OS.

    How do I avoid being hacked in again remotely?

    I tried using a wireless router, but got bricked by a hidden virus

    I tried several antivirus/firewall both free and paid versions, all are easily disabled.

    I tried using the built-in admin password I created earlier, but somehow I was locked out.

    I could try using a strong local admin password, but hackers know all of the tricks to crack & find them.

    How do I protect my only home PC against these malicious anonymous remote hackers & I am the only first time admin using the PC?

    I know that using the Internet/USB/PC - take them for granted.

    This is not a joke & was a rude wakeup call for me.

    I DO NOT want to go through this ever again. It was a pure horrifying PC nightmare! Its like turning my PC upside down.

    Its just a game. Not anymore (whack, fade to black).

    I am currently out of options.

    I Request immediate assistance. URGENT.
    Last edited by Dumber; 12th May 2010, 20:55. Reason: All URL's removed...

  • #2
    Re: forced to join a remote domain first time unannounced

    Originally posted by first user View Post
    How was I forced to join an anonymous remote domain without permission and without credentials/certificates?

    I have secured my only home Win XP Pro SP3 PC to the best of my knowledge by going thru some registries and services.
    How do you mean you joined a domain? When you try and logon to your computer, do you have a "logon to" box? THis is what shows you are in a domain (among some other things)
    But somehow a hacker or hackers was able to force me to join their remote anonymous domain.


    I used netstat /a /o & found their IP address 208.116.56.20:4448 & 208.116.56.21:4448, but do not know who was the mysterious hacker(s) nor where they originated.

    I also used wireshark and found several other hackers trying to PING my PC, probably used MTU.
    208.116.56.0 netblock _appears_ to originate from New Jersey, USA.

    What I found in my PC,

    several services were missing
    Alerter
    Messenger
    Computer Browser
    Server
    Workstation

    some registries were also missing
    HKLM\System\CCS\services\Browser\Parameters - Browser folder MISSING!

    HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
    - Terminal Server Client folder MISSING!
    At this point, take your computer off the internet, and reinstall the OS.
    Then, create a second user account that is NOT an administrator. Use this account in future.

    Plus I was unable to disconnect from the anonymous remote domain. I had to call the ISP to disconnect.
    I have to state that I do not understand what you mean here.


    HKEY_USERS S-1-5-19 & S-1-5-19 CLASSES folders MISSING!


    HKLM\System\CCS\Services\LanManServer\Parameters - LanManServer folder was missing temporarily but was later recovered intact using sfc/scannow

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explor er - Policies folder was missing temporarily but was later recovered intact using sfc/scannow

    performed:
    Start->Run and typed dcomcnfg.exe & clicked OK
    Component Services -> Computer, but the window automatically closed.

    the hackers were attempting to copy/move my document data from the desktop & from the data backup HDD (I saw a ~$)

    I later found some of my documents contain a Macro Word Virus.

    there were 3 unidentified users in the winlogon registry

    there were also 4 unidentifed users under the IE folder.
    I deleted the IE completely.
    Reinstall.

    I completely disabled my modem by unplugging the DSL line and power line & turned off the modem & somehow a newly created IE folder appeared offline.

    I finally got a DCOM error message when I bootup my PC stating my PC will be forced to shutdown in 1 min.

    I also found out by using Combofix an executable file was created by someone on March 3 2010 - a virus

    when I used GMER, several viruses were destroying all of the Windows NT files and the TCP/IP files.

    I had to erase/wipe the HDD immediately. There was no way to recover the OS.
    BEst way to move forward is to erase, as you have done so.

    How do I avoid being hacked in again remotely?

    I tried using a wireless router, but got bricked by a hidden virus

    I tried several antivirus/firewall both free and paid versions, all are easily disabled.

    I tried using the built-in admin password I created earlier, but somehow I was locked out.

    I could try using a strong local admin password, but hackers know all of the tricks to crack & find them.

    How do I protect my only home PC against these malicious anonymous remote hackers & I am the only first time admin using the PC?

    I know that using the Internet/USB/PC - take them for granted.

    This is not a joke & was a rude wakeup call for me.

    I DO NOT want to go through this ever again. It was a pure horrifying PC nightmare! Its like turning my PC upside down.

    Its just a game. Not anymore (whack, fade to black).

    I am currently out of options.

    I Request immediate assistance. URGENT.
    1. Firewall
    2. Antivirus
    3. Do not use administrator account
    4. Modify your surfing habits. Do not click on popups that say you have no antivirus, or that a virus is detected, or that you are a winner!!! or anything like that.
    5. Get Adblock Pro, and use popup blockers
    6. Install and regularly run adaware.

    There's probably more..

    Ensure that your computer has at LEAST windows XP Service Pack 3 before you take it online.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: forced to join a remote domain first time unannounced

      For future reference:

      Good advice on selecting security software for your PC
      http://www.malwareteks.com/Protect.php

      General 'good practice'
      http://www.malwareteks.com/HappyPC.php

      Common sources of malware
      http://www.malwareteks.com/articles/MalwareSources.php

      Did you seek third party professional help at any time? If so, what did they say?
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment

      Working...
      X