forced to join a remote domain first time unannounced
How was I forced to join an anonymous remote domain without permission and without credentials/certificates?
I have secured my only home Win XP Pro SP3 PC to the best of my knowledge by going thru some registries and services.
But somehow a hacker or hackers was able to force me to join their remote anonymous domain.
I used netstat /a /o & found their IP address 208.116.56.20:4448 & 208.116.56.21:4448, but do not know who was the mysterious hacker(s) nor where they originated.
I also used wireshark and found several other hackers trying to PING my PC, probably used MTU.
What I found in my PC,
several services were missing
Alerter
Messenger
Computer Browser
Server
Workstation
some registries were also missing
HKLM\System\CCS\services\Browser\Parameters - Browser folder MISSING!
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
- Terminal Server Client folder MISSING! Plus I was unable to disconnect from the anonymous remote domain. I had to call the ISP to disconnect.
HKEY_USERS S-1-5-19 & S-1-5-19 CLASSES folders MISSING!
HKLM\System\CCS\Services\LanManServer\Parameters - LanManServer folder was missing temporarily but was later recovered intact using sfc/scannow
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor er - Policies folder was missing temporarily but was later recovered intact using sfc/scannow
performed:
Start->Run and typed dcomcnfg.exe & clicked OK
Component Services -> Computer, but the window automatically closed.
the hackers were attempting to copy/move my document data from the desktop & from the data backup HDD (I saw a ~$)
I later found some of my documents contain a Macro Word Virus.
there were 3 unidentified users in the winlogon registry
there were also 4 unidentifed users under the IE folder.
I deleted the IE completely.
I completely disabled my modem by unplugging the DSL line and power line & turned off the modem & somehow a newly created IE folder appeared offline.
I finally got a DCOM error message when I bootup my PC stating my PC will be forced to shutdown in 1 min.
I also found out by using Combofix an executable file was created by someone on March 3 2010 - a virus
when I used GMER, several viruses were destroying all of the Windows NT files and the TCP/IP files.
I had to erase/wipe the HDD immediately. There was no way to recover the OS.
How do I avoid being hacked in again remotely?
I tried using a wireless router, but got bricked by a hidden virus
I tried several antivirus/firewall both free and paid versions, all are easily disabled.
I tried using the built-in admin password I created earlier, but somehow I was locked out.
I could try using a strong local admin password, but hackers know all of the tricks to crack & find them.
How do I protect my only home PC against these malicious anonymous remote hackers & I am the only first time admin using the PC?
I know that using the Internet/USB/PC - take them for granted.
This is not a joke & was a rude wakeup call for me.
I DO NOT want to go through this ever again. It was a pure horrifying PC nightmare! Its like turning my PC upside down.
Its just a game. Not anymore (whack, fade to black).
I am currently out of options.
I Request immediate assistance. URGENT.
:crybaby: :blink: :ohmy: :no:
Re: forced to join a remote domain first time unannounced
1. Keep Your Firewall Turned On.
2. Keep all your software and your operating system up-to-date.
3. Keep your antivirus software up to date.
4. Keep your antispyware up to date Technology.
Connecting to the Internet can pose dangers to unwary computer users. Use a firewall to help Reduce Your Risk.
Installing a firewall Is Just The First Step Toward safe surfing online. You can continue to Improve Your computer's security by keeping "your software up to date, using antivirus software, antispyware software and using.