Author Topic: How can I see if incoming traffic hackers have deleted files on my computer?  (Read 20270 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
The only way I could see someone getting in would be either through Citrix or G2M

When you finish with the computer do you shut down or engage the firewall lock

I sometimes do not shut computer down at night, maybe 3 nights a week or so. I do not use Firewall lock, never heard about it

Did you look at the FRST.txt and ADDITION.txt logs? See my message about it
« Last Edit: June 16, 2016, 05:01:35 PM by Gallery Art-Rotterdam »

REDACTED

  • Guest
The only way I could see someone getting in would be either through Citrix or G2M

When you finish with the computer do you shut down or engage the firewall lock

G2M? http://www.sonuus.com/forum/viewtopic.php?f=5&t=763  ?

REDACTED

  • Guest

G2M? http://www.sonuus.com/forum/viewtopic.php?f=5&t=763  ?


AHA by accident I saw in Google GOTOMEETING, please do not use such cryptic titles like G2M when you actually mean GOTOMEETING :(
« Last Edit: June 17, 2016, 01:58:56 AM by The Prince of Green Art Trade »

REDACTED

  • Guest
The only way I could see someone getting in would be either through Citrix or G2M

When you finish with the computer do you shut down or engage the firewall lock

AHA by accident I saw in Google GOTOMEETING, please do not use such cryptic titles like G2M when you actually mean GOTOMEETING  :(  ADDITION.txt indeed says 10 times CITRIX/GOTOMEETING directories for exe's and dll's. However its not in the windows start menu and windows programs search menu. I can't therefore start GOTOMEETING myself, maybe the hackers can. I think GOTOMEETING was for a webinar months ago, I'm not sure why it seems to be latent present on my windows computer.

Moreover "switch Firewall mode to Public/High Risk: TELE2 ISP network" message in Firewall Log "rules", there is even a log entry when my modem is off (I mean disconnected from the electric grid AND as I said before also when on but unplugged from the internet. However in these cases Google Chrome always said "no internet connection") Can you explain this ESSEXBOY? It can be that my computer is on another WIFI network in my neighborhood, but this than would be a stealth connection, since Chrome does not see it!!! Maybe the GOTOMEETING shit on my computer, makes this stealth connection, however coincidentally this is also the same TELE2 ISP as my genuine internet connection, but this makes it not more unrealistic.

WHY DOES MY AVAST PRO NOT PROTECT OR WARN ME FOR THIS "GOTOMEETING HACK"? OR IS THIS IMPOSSIBLE? :-(
« Last Edit: June 17, 2016, 05:05:37 AM by The Prince of Green Art Trade »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Quote
I think GOTOMEETING was for a webinar months ago, I'm not sure why it seems to be latent present on my windows computer.
That is easy to explain.
It was installed and never removed (properly).
Quote
Moreover "switch Firewall mode to Public/High Risk: TELE2 ISP network" message in Firewall Log "rules"...
So, your ISP is Tele2 and the firewall has detected that at some point.
Since it is a software firewall, it doesn't matter if modem is on or off.
Quote
However in these cases Google Chrome always said "no internet connection"
It would strange/suspicious if Chrome said there was a connection when the modem is off.
If that happens you should start to worry.
Quote
It can be that my computer is on another WIFI network in my neighborhood
No, it can't or Chrome would notice it and use it.
Quote
Maybe the GOTOMEETING shit on my computer, makes this stealth connection, however coincidentally this is also the same TELE2 ISP as my genuine internet connection, but this makes it not more unrealistic.
No, G2M doesn't make a stealth connection.
It uses your existing connection.
Quote
WHY DOES MY AVAST PRO NOT PROTECT OR WARN ME FOR THIS "GOTOMEETING HACK"?
There is no reason for avast to warn because it is no hack.
It is fully legitimate software that you (or someone there) installed for the webinar.
http://www.gotomeeting.nl/

REDACTED

  • Guest
Thanks Eddy for your frank talk!

However I don't recall the software was installed by me at all. But must have been for a webinar or so. Than GOTOMEETING was exploited by hackers, while I left my computer on while I was sleeping for 8 hours or so. I imagine it works like a kind of PCANYWHERE? I was a sleep but I would have seen mouse movements and windows open en close  would have heard clicks in the speakers etc. while the hackers were deleting files.

Could have been that the webinar was in my windows 8.1 period and partly removed during windows 10 upgrade, thats why its latent now on my windows 10 machine?

ESSEXBOY says GOTOMEETING can be exploited by hackers (he thinks)
« Last Edit: June 17, 2016, 09:12:15 AM by The Prince of Green Art Trade »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Well someone installed it and it is as they say 99,99% sure it is not done and/or used by hackers.

REDACTED

  • Guest
Well someone installed it and it is as they say 99,99% sure it is not done and/or used by hackers.

Is it PCANYWHERE like (GOTOMEETING)? Its from CITRIX ;)
« Last Edit: June 17, 2016, 09:55:59 AM by The Prince of Green Art Trade »

REDACTED

  • Guest

Quote
Moreover "switch Firewall mode to Public/High Risk: TELE2 ISP network" message in Firewall Log "rules"...

So, your ISP is Tele2 and the firewall has detected that at some point.
Since it is a software firewall, it doesn't matter if modem is on or off.


Its an entry at every boot!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Does the firewall have a broken memory or something? THINKS HE IS AGAIN CONNECTED BUT IS IN FACT NOT??????

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Guess what happens at every boot...
The firewall starts and initializes.
It just reads the settings and put a entry in the log.
Perfectly normal.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
The tasks highlighted by FRST are just old ones left over from the windows 10 update and are not active now

If you have avast internet security you can block connection to the net with one click when you leave the computer

REDACTED

  • Guest
Guess what happens at every boot...
The firewall starts and initializes.
It just reads the settings and put a entry in the log.
Perfectly normal.

 ;D ;D ;D Thanks for your help and patience! OK It does not say "there is a FRESH connection to ... network established" but indeed only a firewall setting log entry, which is just a little bit misleading
« Last Edit: June 17, 2016, 02:39:51 PM by The Prince of Green Art Trade »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
You're welcome.

If you see him, say hello to Ketelbinkie  ;D
Staat nog steeds op Katendrecht toch ?

REDACTED

  • Guest
You're welcome.

If you see him, say hello to Ketelbinkie  ;D
Staat nog steeds op Katendrecht toch ?

Ja het beeld staat daar, is ook een restaurant in Rotterdam, en een stripfiguur ;-) Maar dat wist je wel JIJ BENT ROTTERDAMMER!!??
« Last Edit: June 17, 2016, 02:54:57 PM by The Prince of Green Art Trade »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Ben er ooit geboren, lang geleden.
Ben er al zeker zo'n 25 jaar niet meer geweest.
Ben nu een wereldburger die in Hengelooo woont.