How do Iknow If i'm being hacked

April 13, 2008

I use Live Messenger and a file sent to me was blocked. I have a wireless

adapter and connect to my neighbours router (yes she gave me the access code)

and I ussualy have a wireless connection logo in the system tray. When I

started up the pc the other night I had an extra icon showing a cable

connection to another computer. I also now have a modem installed in device

manager. I think it is my neighbours computer which I am connecting to but

aint to sure as neither of us is experts. The pc is also running much slower

now. I'd love to know of anyway of identifying a deliberate attack from

someone. Here's what the modem log says.

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\tapisrv.dll, Version

5.1.2600

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdm.tsp, Version

5.1.2600

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\unimdmat.dll, Version

5.1.2600

04-06-2008 21:59:19.375 - File: C:\WINDOWS\system32\uniplat.dll, Version

5.1.2600

04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\drivers\modem.sys,

Version 5.1.2600

04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\modemui.dll, Version

5.1.2600

04-06-2008 21:59:19.421 - File: C:\WINDOWS\system32\mdminst.dll, Version

5.1.2600

04-06-2008 21:59:19.421 - Modem type: Communications cable between two

computers

04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf

04-06-2008 21:59:19.421 - Modem inf section: M2700

04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031

04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2

04-06-2008 21:59:19.453 - Initializing modem.

04-06-2008 21:59:19.453 - Waiting for a call.

04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2

04-06-2008 21:59:19.484 - Initializing modem.

04-06-2008 21:59:19.484 - Dialing.

04-06-2008 21:59:19.500 - Send: CLIENT

04-06-2008 21:59:21.500 - Timed out waiting for response from modem

04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()

Failure, Error=000003e3.

04-06-2008 21:59:21.515 - Send: CLIENT

04-06-2008 21:59:23.515 - Timed out waiting for response from modem

04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()

Failure, Error=000003e3.

04-06-2008 21:59:23.531 - Send: CLIENT

04-06-2008 21:59:25.531 - Timed out waiting for response from modem

04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()

Failure, Error=000003e3.

04-06-2008 21:59:25.546 - Send: CLIENT

04-06-2008 21:59:27.546 - Timed out waiting for response from modem

04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()

Failure, Error=000003e3.

04-06-2008 21:59:27.546 - Hanging up the modem.

04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.

04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to

occour.

04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2

04-06-2008 21:59:29.546 - Initializing modem.

04-06-2008 21:59:29.546 - Waiting for a call.

04-06-2008 21:59:29.546 - Session Statistics:

04-06-2008 21:59:29.546 - Reads : 0 bytes

04-06-2008 21:59:29.546 - Writes: 0 bytes

I certainly didn't set this up, please help

April 13, 2008

Do you have a software firewall ?

If YES , it should be blocking any attacks even if someone is trying to hack

into your network. Windows XP, Vista have Windows Firewall enabled by default

.. Other security products include firewall protections , too.

In order to reverse any unwanted changes , I would recommend you use System

Restore . More about System Restore:

http://www.microsoft.com/windowsxp/using/h...temrestore.mspx

http://windowshelp.microsoft.com/Windows/e...8e79e51033.mspx

http://en.wikipedia.org/wiki/System_Restore

Use this options and restore to a state few days before your issues started

.. The restore is also supposed to remove the modem installation you write

about.

After that , buy yourself your own router and connect to it instead, make

sure the connection is encrupted ( WPA2 or at least WPA ):

http://www.microsoft.com/windowsxp/using/n...y/wireless.mspx

Scan your computer for threats to ensure you are not infected . You can use

your own AV software + some free web resourses such as ESET NOD32 Online

scanner and Windows Live OneCare scanner

http://www.eset.com/onlinescan

http://onecare.live.com/site/en-au/default.htm?mkt=en-au

Regards!

Panda_man

"Sirtokalott" wrote:

> I use Live Messenger and a file sent to me was blocked. I have a wireless

> adapter and connect to my neighbours router (yes she gave me the access code)

> and I ussualy have a wireless connection logo in the system tray. When I

> started up the pc the other night I had an extra icon showing a cable

> connection to another computer. I also now have a modem installed in device

> manager. I think it is my neighbours computer which I am connecting to but

> aint to sure as neither of us is experts. The pc is also running much slower

> now. I'd love to know of anyway of identifying a deliberate attack from

> someone. Here's what the modem log says.

>

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32tapisrv.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32unimdm.tsp, Version

> 5.1.2600

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32unimdmat.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32uniplat.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.421 - File: C:WINDOWSsystem32driversmodem.sys,

> Version 5.1.2600

> 04-06-2008 21:59:19.421 - File: C:WINDOWSsystem32modemui.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.421 - File: C:WINDOWSsystem32mdminst.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.421 - Modem type: Communications cable between two

> computers

> 04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf

> 04-06-2008 21:59:19.421 - Modem inf section: M2700

> 04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031

> 04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2

> 04-06-2008 21:59:19.453 - Initializing modem.

> 04-06-2008 21:59:19.453 - Waiting for a call.

> 04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2

> 04-06-2008 21:59:19.484 - Initializing modem.

> 04-06-2008 21:59:19.484 - Dialing.

> 04-06-2008 21:59:19.500 - Send: CLIENT

> 04-06-2008 21:59:21.500 - Timed out waiting for response from modem

> 04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:21.515 - Send: CLIENT

> 04-06-2008 21:59:23.515 - Timed out waiting for response from modem

> 04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:23.531 - Send: CLIENT

> 04-06-2008 21:59:25.531 - Timed out waiting for response from modem

> 04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:25.546 - Send: CLIENT

> 04-06-2008 21:59:27.546 - Timed out waiting for response from modem

> 04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:27.546 - Hanging up the modem.

> 04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.

> 04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to

> occour.

> 04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2

> 04-06-2008 21:59:29.546 - Initializing modem.

> 04-06-2008 21:59:29.546 - Waiting for a call.

> 04-06-2008 21:59:29.546 - Session Statistics:

> 04-06-2008 21:59:29.546 - Reads : 0 bytes

> 04-06-2008 21:59:29.546 - Writes: 0 bytes

>

> I certainly didn't set this up, please help</span>

April 16, 2008

0x000003E3 error maps into "The I/O operation has been aborted because of

either a thread exit or an application request."

Sounds like there is something which is trying to use your modem when you

are trying to connect to internet. I'd suggest to install tools from

sysinternals and monitor processes (procmon), tcptable (tcpview) and

probably all IRPs at tdi level (tdimon).

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"Sirtokalott" <Sirtokalott@discussions.microsoft.com> wrote in message

news:419D185B-88A5-4776-BF0B-0D9827F5DD4E@microsoft.com...<span style="color:blue">

>I use Live Messenger and a file sent to me was blocked. I have a wireless

> adapter and connect to my neighbours router (yes she gave me the access

> code)

> and I ussualy have a wireless connection logo in the system tray. When I

> started up the pc the other night I had an extra icon showing a cable

> connection to another computer. I also now have a modem installed in

> device

> manager. I think it is my neighbours computer which I am connecting to

> but

> aint to sure as neither of us is experts. The pc is also running much

> slower

> now. I'd love to know of anyway of identifying a deliberate attack from

> someone. Here's what the modem log says.

>

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32tapisrv.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32unimdm.tsp, Version

> 5.1.2600

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32unimdmat.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.375 - File: C:WINDOWSsystem32uniplat.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.421 - File: C:WINDOWSsystem32driversmodem.sys,

> Version 5.1.2600

> 04-06-2008 21:59:19.421 - File: C:WINDOWSsystem32modemui.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.421 - File: C:WINDOWSsystem32mdminst.dll, Version

> 5.1.2600

> 04-06-2008 21:59:19.421 - Modem type: Communications cable between two

> computers

> 04-06-2008 21:59:19.421 - Modem inf path: mdmhayes.inf

> 04-06-2008 21:59:19.421 - Modem inf section: M2700

> 04-06-2008 21:59:19.421 - Matching hardware ID: pnpc031

> 04-06-2008 21:59:19.453 - 19200,8,N,1, ctsfl=1, rtsctl=2

> 04-06-2008 21:59:19.453 - Initializing modem.

> 04-06-2008 21:59:19.453 - Waiting for a call.

> 04-06-2008 21:59:19.484 - 19200,8,N,1, ctsfl=1, rtsctl=2

> 04-06-2008 21:59:19.484 - Initializing modem.

> 04-06-2008 21:59:19.484 - Dialing.

> 04-06-2008 21:59:19.500 - Send: CLIENT

> 04-06-2008 21:59:21.500 - Timed out waiting for response from modem

> 04-06-2008 21:59:21.500 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:21.515 - Send: CLIENT

> 04-06-2008 21:59:23.515 - Timed out waiting for response from modem

> 04-06-2008 21:59:23.515 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:23.531 - Send: CLIENT

> 04-06-2008 21:59:25.531 - Timed out waiting for response from modem

> 04-06-2008 21:59:25.531 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:25.546 - Send: CLIENT

> 04-06-2008 21:59:27.546 - Timed out waiting for response from modem

> 04-06-2008 21:59:27.546 - Failed to send command because of WriteFile()

> Failure, Error=000003e3.

> 04-06-2008 21:59:27.546 - Hanging up the modem.

> 04-06-2008 21:59:27.546 - Hardware hangup by lowering DTR.

> 04-06-2008 21:59:29.546 - A timeout has expired waiting to comm event to

> occour.

> 04-06-2008 21:59:29.546 - 19200,8,N,1, ctsfl=1, rtsctl=2

> 04-06-2008 21:59:29.546 - Initializing modem.

> 04-06-2008 21:59:29.546 - Waiting for a call.

> 04-06-2008 21:59:29.546 - Session Statistics:

> 04-06-2008 21:59:29.546 - Reads : 0 bytes

> 04-06-2008 21:59:29.546 - Writes: 0 bytes

>

> I certainly didn't set this up, please help </span>

Sign In

How do Iknow If i'm being hacked

Recommended Posts

Guest Sirtokalott

Popular Days

Popular Days

Guest Panda_man

Guest Volodymyr M. Shcherbyna

Join the conversation

Browse

Activity

Support