am i being hacked?

D

drunknbass

Limp Gawd
Joined
Nov 24, 2005
Messages
235
i notie a wierd icon by my taskbar and i cant click it or close it and when i put my mouse over i see this
hack.jpg

and then my avast antivirus pops up this message which is kinda wierd cause it has the same address as the text when i hover that taskbar item, but it says something about utorrent?
hack1.jpg

i closed utorrent and the icon is still by my clock and that message comes up from avast like every 5 min.

whats going on?
 
just a casual observation

.edu domains are normally ok...unless its a student machine.
 
Kaos said:
just a casual observation

.edu domains are normally ok...unless its a student machine.
Click to expand...

When I worked IT in college, every now and again a local business's IT dept would call and be like, "one of your IP addresses is trying to access my box." Usually it was just a worm. Still funny though :)
 
Kaos said:
just a casual observation

.edu domains are normally ok...unless its a student machine.
Click to expand...


I'd say it is a student machine (worse yet, a personal student machine). Resnet is usually 'residental network', for the dorms.. and note the 'housing' part of the hostname. Its odd that its trying to connect to TCP/25, which is SMTP (for sending email).
 
Perform a "netstat -a" from your DOS Prompt during one of these episodes and paste the content here...we should be able to decipher the output to determine legitimate versus potentially malicious content.
 
Every time I've dealt with hackers, the ip addresses tracked back to a college or highschool.

3 of the same schools in 4 different instances...
 
could that be an incoming VPN connection?
Provided that you are not a student at Hawaii.edu, you can always e-mail Hawaii.edu helpdesk about this connection coming from their network. Make sure you talk to someone in Network Operations. They were the ones at my undergrad school that nobody wanted to piss off. I am sure that they'd rather not have someone call them about this issue, as it clearly interferes with their policy:
http://www.hawaii.edu/infotech/policies/itpolicy.html#appendixa said:
§708- Unauthorized computer access in the third degree.

(1) A person commits the offense of unauthorized computer access in the third degree if the person knowingly accesses a computer, computer system, or computer network without authorization.
Click to expand...

yeah netstat would be helpful
 
Perhaps it's someone trying to get around the uni's p2p/bandwidth hogging/port blocking by using SMTP/port 25 (which would of course be a violation of the networks rule I'm sure)? You are bound to get hits on your uTorrent port for a while until the clients all get the hint that user xxx has left the swarm.
 
No one here seems to have answered the first problem that he doesn't recognize the icon in the first place. While I personally don't know what it is the fact that it's there and you don't know where it came from isn't good. However, the good part of this is that if it were a hacker he's either really sloppy, really stupid, or both. No legit hack in his right mind will leave traces of himself around.
 
To find out what that icon is, you can pull up your Windows Task Manager and filter the active processes by recognizable programs.

You can also type "msconfig" and look at what processes are scheduled to launch at startup (obviously located at your startup tab).
 
its kinda wierd. it sometimes comes into the taskbar when i use utorrent, but i completly exited utorrent that day i took the snapshots and even checked the taskmanager to make sure it was completly shut down.
i saw it again today, i saw the same icon once at work when i was using outlook and i hovered the icon and it listed my mail server as the domain.
but this domian i see i have no idea where its coming from, im not in a college and im not even in hi, im in ca.
all i can think is either the new utorrent has a bug in it, or someone is trying to enter my system through an open port via utorrent.
 
im thinking that connection is just another connection thats being seeded to, but for the icon, just a bug i presume, and the message from avast kinda confirms what i first said the connection to you from him times out, you are seeding correct?

close utorrent, maybe even reinstall, put windows firewall or any u have, might have to configure utorrent not sure, fire up a torrent and see if it happens again.

also might i suggest a easier or at least different torrent client u might be happy with.
www.bittornado.com

if u try bittornado make sure you download the stable version not experimental only more problems could arise as with any beta program.
 
ill try out bt again, i havent used it in a while. when i use to use it there was no autoresume feature. well see how speeds are. maybe ill try azureus again also.
 
It looks to be a worm scanning for open SMTP relays, for the sake of sending spam.
 
Go to a command prompt and type in 'netstat -o'. Note the "PID" column on the far right side. Find the foreign address that is using port 25 and note the PID number.

Go into Task Manager, click the "Processes" tab, then select View from the menu bar at the top of the window. Pick the "Select Columns" option, and check the "PID (Process Identifier)" box from the window that pops up; it should be the second one on the list, right under a grayed out "Image name" box. Click OK to get back to Task Manager. Click the "PID" column in the Processes tab to sort by process ID. Find the PID that matches the one in netstat and note the "Image Name". Fire up google and search for that image name to see what it is, and/or post it here. It might just be utorrent, and someone might have it configured weird on their end.

That little icon has a process associated with it, and you need to find out what it is.

There is a file at the link below that'll do the same thing I outlined above. It's called TCPView.
http://www.sysinternals.com/NetworkingUtilities.html

[EDIT] Fixed a typo.
 
You must log in or register to reply here.
Back
Top