someone is hacking into my PC ?

haxx · September 21, 2007, 5:39pm

hi all
i am new here…searched for right place to ask my question and thought this is the right place.
moderators forgive me for this but this urgent.
i think someone is hacking into my pc.

just tonight i was surfing the net with fire fox for more than 2-3 hrs…after that i went to dinner.
and when i came back what i found on my PC was a window the image is attached.

i cant use ff any more when i tryed to uninstall ff the same window came in.

please help me guys i am really shocked to see this…

anderow · September 21, 2007, 5:53pm

What antivirus/antimalware and firewall are you using?

Try using hijack this to remove it:

Download and install the program. Then run it and scan your system.
look for the following entry:

O4 - HKLM..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt

delete this…

after that open task manager and end a process called “svchost.exe”…there will be 4 or 5 processes with this name…try to end them one by one…one or 2 of these is a genuine windows process others are one of the malwre’s…if you end the one belonging to windows then a message comes that the “system is shutting down because some vital process has terminated unexpectedly”…then just restart the system and end the right one from the task manager( also repeat the step with hijackthis)…

after that search using advanced options for hidden folders and system files for the word “heap”…a folder will appear in the result (this is a hidden folder)…delete this…if ‘access denied’ message pops up thin use an application called “unlocker” (download this from: Download Unlocker 1.9.2 for Windows - Filehippo.com ) to delete it…

after you restart the system this problem should be gone…

If this does not work you might want to try this:

http://sarathlakshman.info/?p=94

:SMLR

haxx · September 21, 2007, 6:09pm

hi
thanks for your help.
i use avg antivirus but no fire wall.

someone hacked into my PC.no doubt about that.
this pic itself says that

is it possible to know who is hacking in…

i mean at least the IP of the person.

anderow · September 21, 2007, 6:13pm

You should try Comodo Firewall to help prevent things like this in future.

As for whether you have been hacked or whether you picked this up surfing is difficult to tell. This nasty can also be caught from an infected USB drive.

The firewall would help show ingoing and outgoing connections and IP addresses so this could help trace any unusual connections. However, I think you need to get rid of the infection before installing the firewall.

:SMLR

haxx · September 21, 2007, 7:07pm

hi
thanks for all the help
that solved the problem.

but i am not able to delete svchost.exe file from the processes.
everytime i tried the system restarts.

the problem is solved is it fine to keep that svchost.exe in the processes.

cheeers

Little_Mac · September 21, 2007, 7:28pm

There is a legitimate svchost.exe; it’s a Windows file. However, it has a different file location - c:\windows\system32\svchost.exe

It is the Generic Host Process for Win32 Services. Because of the way it is used by Windows, malware frequently tries to use similar names to trick the user into allowing. You will note that the file location NTTW gave is completely different.

There will also be multiple entries for svchost.exe in TaskManager, as NTTW noted.

LM