Hello Alrot,
A pitty that your first multiplayer experience ended like that.
But I highly doubt that was the result of a "hack".
This sounds like a mechanical failure to me.
People flying on a FS Server cannot see your IP Adress.
And it would need a good sniffer and a big portion of luck
to find it out. Hackers usually donīt break into a system
to delete it... but to misuse it for their purpose (bottnets, spam... downloaders etc.). Nearly every Trojan Virus out there must be activated in some way. That means you have
to click on an attachement or you have to visit a manipulated website
that uses some security hole to infect your system.
In that case a firewall wonīt protect you from beeing infected. It just can stop a Trojan from sending home.
To check if someone broke into your system you should
do the following. First check if your Administrator User still has the full rights (Some Trojans/Rootkits remove certain rights from Administrator Users in an infected system)
. Open the task manager and see if you are able to close "svchost.exe" Tasks. These are system Tasks that only can be terminated by a real Administrator. This might
cause a reboot of your system.. but donīt worry.. itīs just for testing.
Next take a look into your User configuration
and look if one or more (unknown) Users were created.
Search your systems for files that were created
on that specific date (the day your HD crashed).
Just use the search function of the windows Explorer.
It has an Option to search for files created on a specific date.
If you find such a suspected file, scan it with your antivirus
or use this exellent website
http://virusscan.jotti.org/ where you can upload files that are than scanned by 15 different antivirus engines.
Check your system with anti rootkit Software like
Blacklight from F-Secure.
http://www.f-secure.com/blacklight/ or
http://www.sysinternals.com/Utilities/RootkitRevealer.html Be carefull some copyright protection systems like "Starforce" (used by some games) use rootkits, too. Removing one of those "legal" Rootkits might cause problems with the Software using it.
You can use the Software "Hijackthis" to see if something
was changed in your Windows Registry.
http://www.merijn.org/downloads.html This software writes out a log file. I suggest you use a
forum like
http://forum.hijackthis.de/ ; (They have an english forum, too) to post this log file. The Professionals there usually can tell you if somethingīs wrong with you Registry.
If you have the feeling there is still something going on in
your system. You can use a software like
"PIAFCTM"
http://www.zdnet.de/downloads/prg/u/x/de0DUX-wc.html to monitor your network traffic.
But you must know. Nowadays there are hundreds.. of script kiddies scanning the internet for open systems.
So when using a software like this you will notice dozens of scans coming in from various IP Adresses. This is unfortunately called "normal" nowadays.
So you really should know wich port/pattern you have to pay attention to.
Get a good free Antivirus Software like AV
http://www.free-av.de/down/windows/antivir_workstation_win7u_de_h.exe ;
or Bitdefender
http://www.bitdefender.de/site/Main/view/Download-Free-Products.html Keep it up to date.. and scan regular.
In general I suggest having XPAntispy installed on your system. This is actually not a protection against Viruses or
Hacker. But it closes a lot of little gaps and disables useless things.
http://xp-antispy.org/index.php?option=com_remository&func=sellang&iso=enStriking back.. is a very bad idea !!!!!!!
(Next to the fact that we are all peacefull adults there are other good reasons)
I donīt know how you came to the IP Adress you posted before. But this is a DYNAMIC !! IP Adress. So if you attack this IP after a while, youīll probabely attack someone else who has no clue whatīs going on !! It also could be just
another infected system that does portscans without the knowledge of its owner (those Zombie PCīs).
Against a dynamic IP you have barrely a chance to do something against. If you get continous attacks from dynamic IP Adresses of a certain provider. You might have a very little chance that the provider gets active.. when contacted. But this is not very usual.
If you follow all these steps you should at least know
if youīve been hacked or not. If you really find something suspecious... Save yourself a lot of problems and reinstall the system from scratch. Itīs easy to delete suspisious
software from system, but itīs hard to say what other
security holes it might have opened..
cheers,
sam (who still doesnīt use a firewall himself
)
ps.. anyway hope to see you online soon !!
Pages: 1
