Getting Hacked! Need help!!!!

[ThePentiumGuy]

Guys,
I really need your help here.
!!!

Just tonight, AIM went crazy saying "Your Screenname has been signed on in 2 locations".. so ithought it was an error

then a few hours later my Zone Alarm went crazy saying (this is at the top of my ehad here)
"Someone has tried to access Port 139" .. so I thought it must be AIM being retared.

but no, some program tried to access port 139 42 times!!! SOMETHING IS GOING ON! (sorry for beign crazy but im being hacked here!)


I restarted my machine, and its STILL HAPPENING!! NOW I CANT OPEN AIM, MSN, or ANYTHING! I see a new user called iwam_yup4 on my control alt delete.. somone PLEASE help me!! what do i do .. first time im being hacked. I CANT CONTROL ALT DELETE HIS USER OUT OF MY LIST.. I CANT LOG HIM OUT IN THE "USERS" LIST BECAUSE HE DOESNT APPEAR THERE!!

I opened AIM, tried again, and now i cant even CLOSE the damn program, i cant cloes explorer.exe, i cant do ANYTHING!! I CANT CONTROL ALT DELETE OUT OF ANY PROGRAM! It wont let me shut down, save changes, ANYTHIGN!!
the most I can do is manually turn off the computer.

GOD HELP ME!

Sorry for acting like a psychopath, but seriously, this is not cool at all. It's kind of hard to remain calm in this situation O_O!!. Please tell me what I have to do.

Thank you all in advance

pent

 

[sjn78]

format.......and hope he can't get back at you when you have a clean OS

 

[ThePentiumGuy]

I'm backing everyting up to CD's right now. Is ther any program where I can change my IP or mask it or something? (anything that wont mess my internet connection up).

sighs.. at least everything will be backed up. Why did this happen to me! Argh.
I think the queasy feelignm in my gut has sort of releived now.

I'm buying more Firewall programs lol. Zonealarm trial expires next week (if they release a new version might as well get that trial as well :b)
I think i might buy a Norton Firewall. My Network Firewall encryption integrated into my router is now set to 64-bit. I have 3 firewalls running as of now:

ZoneAlram pro trial
Norton Trial
XP Firewall

Heh.. my internet speed has been cut down to 1/4th of what it was earlier.


*Sighs* its been a long day, its a good thing i was awake when this happened (or actually, im misfortunate not to have slept and turned off my computer :s). If i can get a good IP changing program - then maybe I can get rid of this IDIOT. Why the hell does he want to hack me? I dont have anything of importance to him.. this is some crazy ****! He should go and hack a company or something adn get himself caught.. freakin dumb***.

If the IP changing program doesnt work.. then i'll reinstall this OS.

Thank you all (and uhh pardon me if my language is "intrusive" - sorry)
Pent

 

[Wessel]

If your'e being hacked, there's not much you can do about it besides using a firewall. Try booting in safe mode, or pull your modem plug and boot (DUH). Then try to locate any programs he may have put on your computer, because a firewall can block ingoing connections, but not outgoing connections.

 

[PlausiblyDamp]

Firstly Port 139 is a common port for attackers to attempt access on - it's one of the MS NetBios ports (specificaly the one used for File and Print Sharing). Getting 42 attempts to access this isn't too uncommon when online for any length of time - also it looks like the firewall has done it's job (blocked and noted the attempts), so not a particular reason for concern in my opinion.

Secondly is your PC called yup4 by any chance? IIS during install will create a user called IWAM_<PC Name>, this is used for launching processes that run outside of IIS itself. On it's own the presence of this account doesn't indicate anything untoward happening.

If you bring up task manager is there any process hogging the CPU? Have you recently run a spyware removal tool - if not do so. Do you have an up to date anti-virus package installed (and are getting the updates regular), if not you really should.

Thirdly running 3 firewalls on the one PC at a time could be causing problems - you should really only need to run 1, multiple firewalls will be conflicting with each other in trying to open / close ports etc - this could be causing problems with internet access and most definately cause the speed reduction.

Having a backup is a good idea, doing a reformat and install may be a bit harsh though. As to why you - your on the internet. Being hacked (or attempted hacks anyway) are just part of the rich experience that is the internet

 

[ThePentiumGuy]

Wow, reassuring words PD .
It could be possible that Iwam_yup4 there earlier, and i was freaked out thinking someone was hacking me via that account. -but no, my PC isn't called Yup4

I guess you're right - al I have is ZAP and XP firewall now. (hopefully it wont go too slow). Heh, i have 0 spyware when I scanned with adaware lol (when i gave my dad the admin account, he never used the computer lol, so i'm sort of lucky XD)

If I get any more access attempts - and crazy stuff happening, if it says "It blocvked thiese attempts", i should be safe right?
lol PD, you just totaly changed my view of getting hacked - not as a "help wth is happening" thing, but more like a "ok my stuff is backed up and my firewall is blocking it".

So far nothing has happened since last night(probably becuase I restarted my modem whcih changes my IP)

Pent

 

[PlausiblyDamp]

I would still only run 1 firewall rather then 2 - if you are using a 3rd party one just disable XP's built in one - it will be a lot more stable, trust me.

Like I said attempted hacks are part of being on the internet these days, clicky for some scary statistics on the average time an unprotected PC can expect to survive being connected to the internet.

 

[ThePentiumGuy]

:s! So i guess gettin hacked is a common thing huh?

Thanks evryone,
pent

 

[neodammer]

I host a site at home and P is right, you are almost guaranteed to get some attempts if your online for a given length of time. Dynamic IP addy's dont really help much anymore since alot of folks use services such as www.dyndns.org etc.. The sad part is dial-up modem users are probably the safest Btw two firewalls is basicaly overkill and wont do anything more than hog resources.

 

[Shazbots]

I would still only run 1 firewall rather then 2 - if you are using a 3rd party one just disable XP's built in one - it will be a lot more stable, trust me.

I actually heard the opposite. You should run both firewalls as they work at different levels. The built-in XP on works at the hardware level where firewalls such as Black ICE, Zone Alarm etc work at the software level. Although the XP one is unesacary if the hardware you use at home already has a hardware (router etc) firewall built-in.

Like I said attempted hacks are part of being on the internet these days, clicky for some scary statistics on the average time an unprotected PC can expect to survive being connected to the internet.

So true. I was infected with msblast in its peak as i installed my modem drivers before my firewall after a format and within 6 mins or so I had MS BLASTER. I learnt my lesson. :-\

After only 6 months there has been over 7000 attempts at accessing my computer to compromise security or so my firewall says.

Regards
-Shaz

 

[PlausiblyDamp]

The built in XP firewall is still only a software solution - just like ZA, Kerio, Norton etc. Running two firewalls will not only tie up resources but they will conflict with each other - a Firewall should have exclusive access to the ports it is controlling, two firewalls on the same PC will not both be able share a given port number.
If your router has a built in firewall then also running a firewall on the PC is another matter - routers are what is known as an 'edge firewall', they are designed to allow traffic out but block traffic comming in unless configured otherwise.
A software firewall on a PC will often allow you block outbound traffic - either by port or application and can help to limit the access a trojan or piece of spyware on your system can actually do.

 

[neodammer]

I would think modern or future Software firewalls should detect other firewalls on the system/network for easier config.

 

[fenris]

I have a router that has a built in firewall. I am not overly concerned about attacks as it works quite well. I also run a software firewall on all of my computers. I know that they shouldn't detect anything abnormal as the hardware blocks these attempts. However I want them to alert me if any program is trying to connect to the internet. This way any virii, trojans, worms and malware can be detected quite easily when they try to connect to the internet...


Just my two cents...