Desperate for assistance

[Annie birdsong]

There is economic sabatage going on!

When I click on Norton (my virus protection) under network, it shows that 12
people are in my network. It gives a physical address and IP address for
each one. But I didn't set up a LAN! This is on my home computer.

They are hooked up to me remotely! I am trying to start a business doing
website design, but they are tampering with my designs in my portfolio making
me look bad! I won't be able to get any business if they continue!

Yesterday, they even changed my passwords so that I couldn't get into my FTP
or email.

I discovered that I had hooked up to my DSL by plugging a LAN cord into the
LAN hole. A technical support professional with my internet service
provider, Cavalier, told me that I could hook up using USB instead of LAN.
But I was told I had to download drivers.

The tech guy gave me a link to click on to download the drivers. (on a
Zhone. com website.) There were about eight files that I downloaded to my
desktop. Then, when I plugged in the blue USB cord, a driver was installed.
But I was upset to see that it was a T1 USB Remote NDIS Networking Device
that was installed. This sounded like something that enables networking,
and that enables computers to hook up to my
computer remotely. I don't want this!!!

Am I correct? Is my intuition correct that I have downloaded software that
enbles
computers to connect remotely to my computer? (T1 USB Remote NDIS Networking
Device.)

A tech guy at Microsoft showed me how to add a firewall rule that blocks all
computers from connecting to mine, but after this, two additional computers
were found in the network so that now there are 12. I could see them when I
click on Norton and network. I clicked to restrict them, but I am afraid new
ones will come when I am asleep and mess with my designs.


Warm wishes,

Annie Birdsong
Birdsong Website Design
http://www.anniebirdsong.com

 

[Galen]

Re: Desperate for assistance

My reply is at the bottom of your sent message.

In news:63B7111B-4E7E-480C-81CC-06733FE27EDE@microsoft.com,
Annie birdsong <birdsong.annie@gmail.com> typed:


> There is economic sabatage going on!
>
> When I click on Norton (my virus protection) under network, it shows that
> 12
> people are in my network. It gives a physical address and IP address for
> each one. But I didn't set up a LAN! This is on my home computer.

You are likely part of a botnet. Flatten, rebuild, and properly configure
your system to allow only the required access permissions. If you are this
far infected there is no real use in trying to clean it as you'll never be
sure that you've cleaned it out effectively. Disconnect from the internet,
backup all your files, and do a complete tear down and restore.

--
Galen (Not Current MS-MVP)

My Geek Site: http://kgiii.info
Web Hosting: http://whathostingshould.be

"In solving a problem of this sort, the grand thing is to be able to reason
backwards. That is a very useful accomplishment, and a
very easy one, but people do not practise it much. In the every-day affairs
of life it is more useful to reason forwards, and so
the other comes to be neglected. There are fifty who can reason
synthetically for one who can reason analytically." - Sherlock
Holmes

 

[VanguardLH]

Re: Desperate for assistance

"Galen" <galennews@gmail.com> wrote in message
news:eki#EsHGJHA.2508@TK2MSFTNGP06.phx.gbl...
> My reply is at the bottom of your sent message.
>
> In news:63B7111B-4E7E-480C-81CC-06733FE27EDE@microsoft.com,
> Annie birdsong <birdsong.annie@gmail.com> typed:
>
>
>> There is economic sabatage going on!
>>
>> When I click on Norton (my virus protection) under network, it shows
>> that 12
>> people are in my network. It gives a physical address and IP address
>> for
>> each one. But I didn't set up a LAN! This is on my home computer.
>
> You are likely part of a botnet. Flatten, rebuild, and properly
> configure your system to allow only the required access permissions.
> If you are this far infected there is no real use in trying to clean
> it as you'll never be sure that you've cleaned it out effectively.
> Disconnect from the internet, backup all your files, and do a complete
> tear down and restore.

Backup your data files first before doing the formatting to flatten your
host. Even if data files have been modified to include code for
malware, the malware has to be present to interpret that code. So you
can later restore your data files to your new build because the malware
shouldn't be there anymore. Just remember when rebuilding your host to
not include superfluous junkware that you accumulated before. Just
start with the OS and your critical applications, one of which should be
a software firewall. While doing the build, make sure you have an
upstream firewall in place, like using a NAT router with simplistic
firewalling. Your rebuild will require updates and that requires being
connected, but you won't need a connection while doing the OS and
critical app reinstalls.

 

[PA Bear [MS MVP]]

Re: Desperate for assistance

Always state your full Windows version (e.g., WinXP SP3; Vista SP1) when
posting to this newsgroup, please.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Annie birdsong wrote:
> There is economic sabatage going on!
>
> When I click on Norton (my virus protection) under network, it shows that
> 12
> people are in my network. It gives a physical address and IP address for
> each one. But I didn't set up a LAN! This is on my home computer.
>
> They are hooked up to me remotely! I am trying to start a business doing
> website design, but they are tampering with my designs in my portfolio
> making me look bad! I won't be able to get any business if they continue!
>
> Yesterday, they even changed my passwords so that I couldn't get into my
> FTP
> or email.
>
> I discovered that I had hooked up to my DSL by plugging a LAN cord into
> the
> LAN hole. A technical support professional with my internet service
> provider, Cavalier, told me that I could hook up using USB instead of LAN.
> But I was told I had to download drivers.
>
> The tech guy gave me a link to click on to download the drivers. (on a
> Zhone. com website.) There were about eight files that I downloaded to my
> desktop. Then, when I plugged in the blue USB cord, a driver was
> installed.
> But I was upset to see that it was a T1 USB Remote NDIS Networking Device
> that was installed. This sounded like something that enables networking,
> and that enables computers to hook up to my
> computer remotely. I don't want this!!!
>
> Am I correct? Is my intuition correct that I have downloaded software
> that
> enbles
> computers to connect remotely to my computer? (T1 USB Remote NDIS
> Networking
> Device.)
>
> A tech guy at Microsoft showed me how to add a firewall rule that blocks
> all
> computers from connecting to mine, but after this, two additional
> computers
> were found in the network so that now there are 12. I could see them when
> I
> click on Norton and network. I clicked to restrict them, but I am afraid
> new
> ones will come when I am asleep and mess with my designs.
>
>
> Warm wishes,
>
> Annie Birdsong
> Birdsong Website Design
> http://www.anniebirdsong.com

 

[Alun Jones]

Re: Desperate for assistance

"Annie birdsong" <birdsong.annie@gmail.com> wrote in message
news:63B7111B-4E7E-480C-81CC-06733FE27EDE@microsoft.com...
> There is economic sabatage going on!

Indubitably. Whether you are a victim of that, however, is something that I
wouldn't necessarily go assuming immediately.

> When I click on Norton (my virus protection) under network, it shows that
> 12
> people are in my network. It gives a physical address and IP address for
> each one. But I didn't set up a LAN! This is on my home computer.

If Norton is showing the number of people connecting to "your network", it's
doing much more than providing virus protection. And if that's the case, I
think you need to be asking Norton how it is that Norton allowed those 12
people in to your network. On the other hand, it could be that Norton is
telling you that 12 people _tried_ to connect to your computer. That's no
big deal, people on the Internet are trying to connect to computers
uninvited for any number of reasons - malicious or accidental.

Perhaps you can give us the _exact_ text of the message you are seeing. That
will make it far easier to determine what is being said - after all, these
firewalls make their living by convincing you that you are permanently under
attack.

> They are hooked up to me remotely! I am trying to start a business doing
> website design, but they are tampering with my designs in my portfolio
> making
> me look bad! I won't be able to get any business if they continue!

How are they tampering with your designs? What exactly are they doing? Are
they messing with the designs on your personal computer, or the designs that
have already been uploaded to your web site?

> Yesterday, they even changed my passwords so that I couldn't get into my
> FTP
> or email.

Seems like these guys are pretty much all-powerful and have targeted you for
a campaign of terror. That's usually pretty unlikely, so we might want to
check that other things aren't at fault. Contact your FTP and email
providers and find out:
a) When and from what address your password was changed.
b) Whether these accounts are currently in use by anyone, and if so, from
what address.

> I discovered that I had hooked up to my DSL by plugging a LAN cord into
> the
> LAN hole.

That would be the network that you said you didn't set up.

> A technical support professional with my internet service
> provider, Cavalier, told me that I could hook up using USB instead of LAN.
> But I was told I had to download drivers.
>
> The tech guy gave me a link to click on to download the drivers. (on a
> Zhone. com website.) There were about eight files that I downloaded to my
> desktop. Then, when I plugged in the blue USB cord, a driver was
> installed.
> But I was upset to see that it was a T1 USB Remote NDIS Networking Device
> that was installed. This sounded like something that enables networking,
> and that enables computers to hook up to my
> computer remotely. I don't want this!!!

DSL enables networking. You can't use a DSL connection without making your
computer into a network-connected device that is connected to other
networks, and most likely the Internet.

> Am I correct? Is my intuition correct that I have downloaded software
> that
> enbles
> computers to connect remotely to my computer? (T1 USB Remote NDIS
> Networking
> Device.)
>
> A tech guy at Microsoft showed me how to add a firewall rule that blocks
> all
> computers from connecting to mine, but after this, two additional
> computers
> were found in the network so that now there are 12. I could see them when
> I
> click on Norton and network. I clicked to restrict them, but I am afraid
> new
> ones will come when I am asleep and mess with my designs.

It seems like your best bet at this point is to call Norton and see if their
technical support will explain to you how their alleged security product is
recording network connections that you have not authorised.

My guess is that these are not systems connecting to you, but that these are
local systems to which you are (perhaps unwittingly) making outbound
connections to, simply by opening the Network folder in Explorer (which
sends out a "shout" to machines near you asking for any that are listening
for incoming connections).

Norton would be able to give you more support in the correct (or incorrect)
operation of their tools.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.