How was I forced to join an anonymous remote domain without permission and without credentials/certificates?
I have secured my only home Win XP Pro SP3 PC to the best of my knowledge by going thru some registries and services.
But somehow a hacker or hackers was able to force me to join their remote anonymous domain.
I used netstat /a /o & found their IP address 208.116.56.20:4448 & 208.116.56.21:4448, but do not know who was the mysterious hacker(s) nor where they originated.
I also used wireshark and found several other hackers trying to PING my PC, probably used MTU.
What I found in my PC,
several services were missing
Alerter
Messenger
Computer Browser
Server
Workstation
some registries were also missing
HKLM\System\CCS\services\Browser\Parameters - Browser folder MISSING!
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
- Terminal Server Client folder MISSING! Plus I was unable to disconnect from the anonymous remote domain. I had to call the ISP to disconnect.
HKEY_USERS S-1-5-19 & S-1-5-19 CLASSES folders MISSING!
HKLM\System\CCS\Services\LanManServer\Parameters - LanManServer folder was missing temporarily but was later recovered intact using sfc/scannow
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor er - Policies folder was missing temporarily but was later recovered intact using sfc/scannow
performed:
Start->Run and typed dcomcnfg.exe & clicked OK
Component Services -> Computer, but the window automatically closed.
the hackers were attempting to copy/move my document data from the desktop & from the data backup HDD (I saw a ~$)
I later found some of my documents contain a Macro Word Virus.
there were 3 unidentified users in the winlogon registry
there were also 4 unidentifed users under the IE folder.
I deleted the IE completely.
I completely disabled my modem by unplugging the DSL line and power line & turned off the modem & somehow a newly created IE folder appeared offline.
I finally got a DCOM error message when I bootup my PC stating my PC will be forced to shutdown in 1 min.
I also found out by using Combofix an executable file was created by someone on March 3 2010 - a virus
when I used GMER, several viruses were destroying all of the Windows NT files and the TCP/IP files.
I had to erase/wipe the HDD immediately. There was no way to recover the OS.
How do I avoid being hacked in again remotely?
I tried using a wireless router, but got bricked by a hidden virus
I tried several antivirus/firewall both free and paid versions, all are easily disabled.
I tried using the built-in admin password I created earlier, but somehow I was locked out.
I could try using a strong local admin password, but hackers know all of the tricks to crack & find them.
How do I protect my only home PC against these malicious anonymous remote hackers & I am the only first time admin using the PC?
I know that using the Internet/USB/PC - take them for granted.
This is not a joke & was a rude wakeup call for me.
I DO NOT want to go through this ever again. It was a pure horrifying PC nightmare! Its like turning my PC upside down.
Its just a game. Not anymore (whack, fade to black).
I am currently out of options.
I Request immediate assistance. URGENT.
Reply With Quote
Bookmarks