So a few days ago I was doing some work in my house when I noticed my monitor had movement on it. When I looked at it there were all kinds of documents open and a DOS screen with a ton of commands being entered. It was almost like when a tech remotes to your PC to fix a issue. So I panicked. It took me a few minutes to realize that all I had to do was pull the plug on the internet cable. Just as I was about to do that, my whole pc shut down completely. I pulled the internet cable and restarted the PC. When the PC restarted it something like Primary hard disk drive 0 not found,
No boot-able ". So I was really not sure what to do at this point and as I had thought back about 2 months ago I could have sworn my mouse pointer was moving around while I was reading something and also I had logged into my pc while it was running the screen saver and was always finding documents open that I didn't remember opening. So in fear that someone was actually on my PC, after remembering this I bought an entire new hard drive and installed everything from scratch. I was not to worried about the documents or emails I lost, since I use Gmail, I was able to recover them. I also spoke to a friend who had suggested logging into my router and changing the mac address that the router uses so that I would have a different public IP address in case it was a hacker.
So is it possible that someone had actually hacked me and could they have been monitoring or copying files that I had on my pc?
If so, I did a lot of work for my job at home using a remote vpn connection that connects through a 2008 server, should I tell them that this happened?
Thanks
OS? Laptop or desktop? Optical mouse or mechanical mouse? USB attached mouse or wireless or PS2 connector? Do you also have a touchpad? Are you running any antimalware solution (Trend, Norton, Symantec, etc.).
There are some known issues with the interaction between mice and touchpads on certain computers which can cause this. In particular, on certain computers the touchpad uses a three-byte packet whereas the mice use a four-byte packet which can confuse the BIOS.
Optical mice can be sensitive to stray light, especially if the mouse is on a light, reflective surface (such as a desktop with a clear glass protector).
You say that you bought a new hard drive. Did you try to attach your old drive, after installing a good antivirus solution, and try scanning it for malware?
I'd be careful about changing the MAC address of the public interface of your router. Although the chances of a collision are remote it could happen and it may be that your ISP is using the registered MAC address to verify your DHCP lease.This practice may not be allowed under the terms of your service as some ISPs use MAC addresses to determine the level of service that you have. Finally, it is doubtful that changing your MAC address would fix your problem if you were infected as malware would, most likely, be able to discover your new IP and send that to the C&C.
seanmcl Thanks for the reply.
I had a wired mouse. The old hard drive would not boot up at all once the PC shut down. I put a new hard drive in and installed WinXP. If someone had hacked into my PC, wouldn't having a new hard drive fix that.
Well I took my friends advice and forwarded my PC MAC address to my router which pulled a new IP for the WAN side. So just in case I wouldn't have any issue's.
I believe I may have narrowed down how it happen. I had been given a hacked copy of VNC a few months ago, which a few people had a issue with the copy. They advised they had the same issue that someone had accessed their PC and was doing things to it.
I just wish I new how long they had access for and I already tossed the old hard drive in the garbage. I am worried they may have been accessing my work through my winxp remote network connection and I didn't know it.
Cracked software is a favourite way of spreading malware. I think you will have to assume that you have been compromised since installing the cracked copy of VNC.
From your description of events I think you need to assume that everything that you have done on that machine since would have been compromised.
It will well be worth checking any external USB devices that you have attached for any rogue autorun.inf files that may have been installed by the malware to spread itself to other machines.
Good luck.
I believe I may have narrowed down how it happen. I had been given a hacked copy of VNC a few months ago, which a few people had a issue with the copy. They advised they had the same issue that someone had accessed their PC and was doing things to it.
I just wish I new how long they had access for and I already tossed the old hard drive in the garbage. I am worried they may have been accessing my work through my winxp remote network connection and I didn't know it.
Well, at this point, you also need to be concerned about any legal requirements that you might have. For example, if you had any PCI/PII on your system as part of cases on which you were working, you may have reporting requirements which would allow those individuals to obtain credit protection.
As c_j_g stated, you must assume that you were hacked and treat the information, accordingly.
This is a bit late, but you mentione dyou used a VPN solution from your old PC to connect to work remotely. If you suspect you were hacked and it definately looks like it, I woudl suggest you get your company to delete your old account and create a new one. THeir access logs will also potentially show access at odd times or someone still trying to access after the change which will definately confirm your hack.