Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Recommendations My friend's PC got hacked last night, My friend's PC got hacked last night

views
     
TSfsyap73
post Mar 26 2015, 07:22 PM, updated 10y ago

New Member
*
Newbie
10 posts

Joined: Jul 2013


My friend's PC got hacked last night

The guy passed through VNC remote access, and hacked into my friend's PC.
The guy opened firefox and browsed on something like "where is my ip address" to track the PC location.
The guy also downloaded a zip file, and executed the contents on the computer.

I found that the router's port forwarding table had one more line added, and the program name field named as "cs"

The guy also left a few unclosed dosbox/command prompt, which appeared as hlds.exe in task manager.

1. Is there any way to know what he intended to do (to install counter strike) ?
2. Is there any way to know what he has done to the computer ?
3. Is there any way to know what his ip address was ?


Below are the contents of the hlds.exe dosbox/command prompt:

20.0 fps 3/32 on fy_buzzkill
Console initialized.
Protocol version 48
Exe version 1.1.2.7 (cstrike)
Exe build: 10:44:49 Aug 28 2012 (5758)
STEAM Auth Server
Server IP address 192.168.0.28:27041
No IPX Support.

Metamod version 1.19p32 Copyright © 2001-2006 Will Day
Patch: Metamod-P (mm-p) v32 Copyright © 2004-2007 Jussi Kivilinna
Metamod comes with ABSOLUTELY NO WARRANTY; for details type `meta gpl'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `meta gpl' for details.


AMX Mod X version 1.8.2-dev Copyright © 2004-2006 AMX Mod X Development Tea
m
AMX Mod X comes with ABSOLUTELY NO WARRANTY; for details type `amxx gpl'.
This is free software and you are welcome to redistribute it under
certain conditions; type 'amxx gpl' for details.

[DPROTO]: Version 0.4.8p Windows
[DPROTO]: Loading config './dproto.cfg'
[DPROTO]: LoggingMode = 2
[DPROTO]: Config sucessfully loaded.
[DPROTO]: Done.
L 03/25/2015 - 03:19:51: -------- Mapchange to fy_buzzkill --------

Orpheu configuration started.

Parsing mods configuration started.
Parsing mod file "cstrike"
Parsing mod file "dod"
Parsing mod file "esf"
Parsing mod file "esf_openbeta"
Parsing mod file "ns"
Parsing mod file "SvenCoop"
Parsing mod file "tfc"
Parsing mod file "ts"
Parsing mod file "valve"
Parsing mods configuration ended.

Parsing libraries configuration started.
Parsing file "monstermod"
Added library monstermod identified by cvar monster_spaw
n
Parsing file "podbot"
Added library podbot identified by cvar pb_version
Parsing libraries configuration ended.

Parsing type aliases started.
Parsing folder "CBaseEntity"
Adding alias"CBaseEntity *"
Parsing folder "CGameRules"
Adding alias"CGameRules *"
Parsing folder "charPointer"
Adding alias"char *"
Parsing folder "CMBaseMonster"
Adding alias"CMBaseMonster *"
Parsing folder "long"
Adding alias"long"
Parsing folder "VectorPointer"
Adding alias"Vector *"

Parsing type aliases ended.

Orpheu configuration ended.

Orpheu functions search started.

Parsing functions started.
Parsing file "SV_Rcon" started
Argument type "pointer" validated
Searching for signature "[0x55][0x8b][0xec][0x81
][*](...)" ... FOUND
Parsing file "SV_Rcon" ended
Parsing file "SV_Rcon_Validate" started
Searching for signature "[0x56][0x57][0xe8][*][*
](...)" ... FOUND
Parsing file "SV_Rcon_Validate" ended
Parsing functions ended.

Orpheu functions search ended.

Orpheu virtual functions search started.

Parsing virtual functions started.
Parsing virtual functions ended.

Orpheu virtual functions search ended.

Orpheu memory structures search started.

Parsing memory structures started.
Parsing memory structures ended.

Orpheu memory structures search ended.
[ANTI HLBRUTE v1.1]: ONLINE
L 03/25/2015 - 03:19:51: [CSservers.Ro] Fisierul <addons/amxmodx/configs/csserve
rs.cfg> a fost incarcat cu succes!
Failed to load Steam Service
ServiceStart: failed to start
BOpenService failed
ServiceStart: failed to start
Connection to Steam servers successful.
VAC secure mode disabled.
Reconnected to Steam servers.
VAC secure mode disabled.
Reconnected to Steam servers.
VAC secure mode disabled.
Reconnected to Steam servers.
VAC secure mode disabled.
Reconnected to Steam servers.
VAC secure mode disabled.
Reconnected to Steam servers.
VAC secure mode disabled.


Thank you very much.
SlamberGamer
post Mar 31 2015, 09:57 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2014


best thing to do reformat that pc and use better anti virus with private firewall for extra protection..

and dont forget to chage all password for his account probally all already leeched

This post has been edited by SlamberGamer: Mar 31 2015, 09:57 PM
asunakirito
post Apr 4 2015, 12:13 PM

Regular
******
Senior Member
1,068 posts

Joined: Oct 2012
Also disable remote access on your home PC.

 

Change to:
| Lo-Fi Version
0.0137sec    0.22    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 06:44 PM