• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

Have I been hacked??

I know there have been some posts before on this issue, but I cannot find them or the answers, so I'll post here

Windows Vista with Vista Service Pack 2

Norton Antivirus 2008 ( yes I'm one of those who don't like change)

So I found this the other day

Security History

   Internet Worm Protection

     Alert Summary

 

 

Program name:  Microsoft Generic Host Process for Win32 Services

Program path: C:\Windows\System32\svchost.exe

risk level: low

Default Action: Allow

Action Taken: Allow

Local Computer:  My PC    500 (port?)

remote Computer: 67.226.54.11   500 (port?)

Traffic Description: inbound UDP 500

 

"Microsoft generic Host Process for Win32 services was allowed to communicate with 67.226.54.11"

 

Then there was also this entry under Internet Worm Protection: Alerts

"User Has created a rule to permit communication"

 

**Now when I check my connection log, I see no connection around that same time and nothing that would indicate any bytes were exchanged

** When I look up this IP 67.226.54.11, It shows it belongs to Houston Community College in Houston Texas USA

So I know this is not one of my programs getting an update

** I have run several scans and all show clean

** Inbound Firewall still shows blocking of other attempts from other IPs trying to enter my computer

This has raised many questions/worries  for me:

1. First, what the heck is this??

2. Is this someone hacking into my computer?

3. is this someone trying to "ping" me?

4. Is it just some goofball seeing if they can connect and then moved on?

5. When it says "User Has created a rule to permit communication" I never created a rule, so is it the firewall program itself that it  refers to as "user"?

6. The fact that no data appears to be exchanged mean nothing was "dropped" on my system"?

7. It seems that the program rules for in my norton set up for Microsoft Generic Host Process for Win32 Services is set at default to allow from all computers and all IPs. Is that really the default?

8. is this a situation where ( what I read on here) the multiple layers of protection contained in Norton products come into play?

   Where the priogram needs to keep port 500 open, and thus from time to time connections are made that are not legit, but if that connection tries to go further Norton will stop it?

Replies

Kudos0

Re: Have I been hacked??

Hi, psdns,

Using Norton AntiVirus 2008 is fine, although, when your Subscription is going to Expire, I would think about Upgrading to N.I.S. 2010.

____________________________________________

Now, on to your main Issue.

Have you Completed a Full System Scan with Norton, Dis-Connected from the Internet, making sure you Run LiveUpdate just before dis-connecting?  If not, I would suggest doing this and letting us know the Scan Results.  Thanks!

Could you also please Run a HiJackThis Log for us, so we can see what's Running on your computer:

Download HiJackThis, http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis, the third .exe (Executable) Version in the list; run it, Creating a Log.  If using Vista, Right-Click and "Run as Administrator".  Open that Log and Copy & Paste it here, or use the "Add Attachments" just below the orange "Post" button to Upload it to the Forum.

Message Edited by Floating_Red on 08-23-2009 01:17 AM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Have I been hacked??

Please download SysProt here http://homepages.slingshot.co.nz/~crutches/SysProt  and run it.

Choose the Log tab and select all the items in the Write to log box. Then select Create Log to start scanning. When it is done, a message window will appear with the location of the log file.

Please attach the log file to a post here; the Add Attachments links is below the orange Post button. Thanks
Win7 x32 SP1

Replies are locked for this thread.