Urgent assistance needed

I purchased Norton's AntiVirus 2011 after a computer invasion and theft and distrubtion of data. My Norton and malwarebyte scans yielded nothing. I am currently compiling an IC3 complaint and plan to prosecute. As do five others who have been victimized. I have the IP addresses (including the net range) of the individual responsible (216.69.185.XX and 208.109.80.XX). I want to manually block the addresses. Online information did not help because I do not appear to have the proper settings. Help?

 

[edit: IP Addresses resolved to a website, so they were removed as they are potentially malicious]


In addition, the individual an IP trap web site *dangerous url removed* registered through GoDaddy.com. She knows my dialup IP address which I disabled. She planted a rootkit and Fake AV  Web Page 1 virus in myspace. Attempts to the access the email feature to speak with a tech who is dealing with this hacker on dlisted.com launches an attack (which Norton’s blocked). Norton’s reports the attacking IP address is mine!

Did you post malicious IP's

Did you post malicious sites

Yes, those are the attacking IP addresses.

Thank you AllenM *dangerous url removed*

I'm so sorry. DO  NOT CLICK THAT LINK!

Is it alright to post a link to a entertainment blog where this matter has been discussed? It contains comments about what has transpired. Comments from other victims. Comments from a tech and comments from the individual who has been tracking my every move online such as "You've been fed your cookies today..."

Participation Guidelines and Terms of Service 

I'm sorry. I'm distressed because this hacker has my Outlook address book (and everything else on my computer) and has been posting the names of my family including my brother-in-laws deceased baby girl.

 

Perhaps this is the wrong place to go for help. I will add one more thing then read the guidelines. Prior to diabling my McAfee real-time scanning and disabling my firewall I received the last of hundred of warnings in my Incoming event log.

 

216.69.185.XX ip 216-69-185.XX. ip.net  A computer at 216-69-185.XX. ip.secureserver.net has attempted an unsolicited connection to UDP port 9989 on your computer

 

 

[edit: removed part of malicious IP Address per the Participation Guidelines and Terms of Service.]

 

Hi graceful,

 

Blocking IP addresses and network traffic is done with a firewall.  Norton Internet Security includes a firewall, but Norton Antivirus does not.  Your Windows operating system should contain the Windows Firewall, which you should make sure is enabled if you do not have another firewall running.  If you are on dial-up your IP Address almost certainly will change every time you go online.  That being said, if your system has been compromised, until you get the rootkit removed, nothing you do will really be effective.

You want to block The IP's. So, there's a little complicated workaround.

Just do this-

 

1.  For Windows XP-

Logon with an account with Administrative privilidges. Open Start menu and then Click RUN. Type CMD and press Enter.

     For Windows Vista and 7-

Open Start Menu type cmd. Right click CMD in the Search Results, and then click run as Administrator. Click Continue on User Account Control Window.

 

2. In Command Prompt, type the following -

notepad C:\Windows\System32\drivers\etc\HOSTS

 

3. It will open a notepad window, scroll down until you find 127.0.0.1       localhost. Below it, you can type the name of IP Address you want to block. For example

 

127.0.0.1       localhost

216.69.185.XX [website].com

 

Once done save the file and reboot

 

 

[edit: removed malicious website link per the Participation Guidelines and Terms of Service.]

 

Hi graceful,

 

You can disable this link yourself within the first hour after posting. Go to Options > Edit Reply.

 

I will ask a moderator to disable the link in case you do not get this soon.

 

Allen

Hi graceful,

 

I was about to post some recommendations about the rootkit but wanted to post a reply real quick to let you know you can edit your reply with the malicious link, then I see SendOfJive already commented on the rootkit aspect.

 

If you have a rootkit you should get specialized help in dealing with that threat.

 

Please visit BleepingComputer, register and open a ticket with them. They are quite busy and it can take a while before they respond but they are very good at what they do.

 

Please let us know how it goes.

 

Best wishes.

Allen

If your system is compromised, and even if you are a Norton AntiVirus customer with valid subscription, Norton wouldn't be able to detect malware properly because Norton's install was also compromised by viruses. In that case, go to a non-infected PC, and download Norton Bootable Recovery Tool ( http://security.symantec.com/nbrt/nbrt.asp). After downloading it'll help you to create a Norton Bootable CD. Go to the infected PC, reboot the system, insert the CD, scan for viruses, delete them and you are done. To block malicious IP's -

You want to block The IP's. So, there's a little complicated workaround.

Just do this-

 

1.  For Windows XP-

Logon with an account with Administrative privilidges. Open Start menu and then Click RUN. Type CMD and press Enter.

     For Windows Vista and 7-

Open Start Menu type cmd. Right click CMD in the Search Results, and then click run as Administrator. Click Continue on User Account Control Window.

 

2. In Command Prompt, type the following -

notepad C:\Windows\System32\drivers\etc\HOSTS

 

3. It will open a notepad window, scroll down until you find 127.0.0.1       localhost. Below it, you can type the name of IP Address you want to block. For example

 

127.0.0.1       localhost

216.69.185.XX [website].com

 

Once done save the file and reboot

 

 

[edit: removed malicious link per the Participation Guidelines and Terms of Service.]

 

Hi graceful,
 
Blocking IP addresses and network traffic is done with a firewall.  Norton Internet Security includes a firewall, but Norton Antivirus does not.  Your Windows operating system should contain the Windows Firewall, which you should make sure is enabled if you do not have another firewall running.  If you are on dial-up your IP Address almost certainly will change every time you go online.  That being said, if your system has been compromised, until you get the rootkit removed, nothing you do will really be effective.

 

Hi SendofJive,

 

Thank you for responding.

 

My firewall is enabled but I have seen it briefly turned off several times. I have also seen my downloads disappear before my eyes. I found a 1394 connection (Firewire) installed. Norton's alerted me that 286 MGs were being accessed on my hard drive. I will purchase the Norton's firewall.

 

I live in a small state. My dial-up ISP out sources. It's true my IP addresses always change and it always routes out-of-state. I disabled dial-up it when Norton's reported the attacking IP was my address. I know my system has been compromised because she has literally been posting names from my address book and researched my family, friends and colleagues. She knows my address and has posted the last four of my home phone.  What scares me the most is she has written death threats to everyone she has victimized including me. I contacted the FBI and state police. Hence, the IC3 complaint.

 

Can you recommend a rootkit removable tool?

Thank you for all the responses. I'm exhausted tonight. I will catch up in a few minute.


graceful wrote:

Can you recommend a rootkit removable tool?


HI graceful,

 

Please see my earlier post.

 

Please let us know how it goes.

 

Best wishes.

Allen

Thank you, Swapnilrustagi. I will try your suggestion and also download from an uninfected computer as advised.

Thank you, AllenM, I removed the dangerous link. I appreciate you best wishes and advice about Bleeping computer. I will do that as soon as possible.  I will re-read your earlier post before logging out.

I promise to let everyone know how it goes.

A heartfelt thank you to all.

Hi graceful,

 

Don't rush to purchase more security software, such as another firewall, until things get a bit more sorted out.  What is McAfee doing?  You should not run Norton and McAfee at the same time.

 

FIrst, is there any other place where this person could have acquired your address book information besides Outlook on your computer, such as a Hotmail, Gmail, or Facebook account?   Did you ever open an email attachment from this person?

 

SendofJive, she crippled McAfee and my computer. I could not even access my E: drive (CD/DVD) or printer. I used my recovery disk and installed Nortons. McAfee was not reinstalled.

 

Regarding Hotmail, Gmail, or Facebook account, it's not a possibility. The information about my family, friends and colleagues was only available in my Outlook account. I do not use social networking such as Facebook or Twitter. The only reason I opened a myspace account was to discuss this matter with a computer engineer who has been stalked by the same individual.  Based on my reading of her comments disclosing personal information from my address book the intrusion occured prior to opening the myspace account.

 

I will try Swapnilrustagi's suggestion tonight. I appreciate you recommending I wait before investing in more software. I will wait until after following AllemM's advice to go to Bleeping Computers before purchasing a Norton's firewall.

 

Should I remove the hacker's IP addresses too?