Was I a victim of a hackor today?

I was casually browsing the internet today when I clicked the middle button on my mouse, which usually pops open two arrows, pointing up and down...and I move my mouse up or down and it starts scrolling. Right?... no!

I clicked it once, and the mouse moved to the left, and clicked off of it. I tried it again and again, same thing. My mouse has never freaked out like this before. A "left" move of the mouse was involved, and also a click. Both happening at the same time? Nearly impossible I though. But the, I saw a cursor in the adress line of my browser...scanning the CPF URL from left to right. I was SPOOKED!!!! I tried to shut down my computer immediately, now thinking I was being hacked. I panickedly went to start => shut down. I clicked the shut down button. Nothing. In fear, I must have clicked it about 6 more times. Every other time, it goes into shutdown mode right away....but this time NOTHING was happening. /ubbthreads/images/graemlins/icon6.gif I held down the power button on my laptop, and shut down the comp. Phewf!

Was I hacked? /ubbthreads/images/graemlins/jpshakehead.gif Or a really bad chain of events? Well I was spooked, so I waited a while.

Not only am I behind a hardware firewall, I have my XP firewall enabled too. I also have Norton Anti-Virus, which is always updated. My OS (XP Professional) is always updated too. I intermitently run Ad-Aware and Spybot too.

After waiting a while, to catch my breath, I booted up again. I was very cautious and perturbed, but nothing happened. I did a whole bunch of stuff. I updated Nortong (no new updates though) and ran anti-virus scanner. I ran ad-aware after looking for new updates for it, and also ran spybot. Additionally for added comfort, I installed ZoneAlarm (the basic free kind, that is only a firewall).

So what do you think happened to me? /ubbthreads/images/graemlins/icon3.gif

It does almost sound like Back Orifice... hard to say. Could be just a fluke. If it happens again, don't mess with shutting down... you have a laptop... unplug the phone line or pull the wifi card... immediately!!

well im sure ya know if ya are behind hardware dont enable dmz?and make sure ya didnt forward ports that dont need to be forwared

I have seen this stuff before. Somtimes mice with 3 or more button will "wig out". The extra buttons will quit working or be assigned to the wrong functions. By the way, there are certain keyboard combos that will do what you are describing.

It's like dogbert's tech support: reboot, shut up, hang up

/ubbthreads/images/graemlins/wink.gif

Sasha - Lol, sorry but there is absolutely no unplugging I can do! I have an internal wireless card, so basically I can unplug everything, and have everything work. /ubbthreads/images/graemlins/tongue.gif I now have ZoneAlarm, and there is a "STOP" button that halts all internet activity.

Raggie - I thought I was pretty good as far as only allowing the minimum, I think I was quoted as being in "stealth mode" somewhere, but good idea; I think I'll double check that.

Turbodog - I hope it was just some combo I entered. It seems to have cleared up now, I guess I didn't do anything permanent.

I can understand the mouse clicking off of the middle button scroll feature, or maybe the improper clicking of the shut down button, but I can not explain the cursor moving across the URL in the address box in my browser. I was not using the keyboard at all at that time, and I have no explanation. /ubbthreads/images/graemlins/thinking.gif

Another case of a possessed computer? /ubbthreads/images/graemlins/grin.gif

post a list of everything that begged for net thru za
if anything is in your box it may allow us to spot it.

XP Professional has remote desktop sharing (something like that), see if that is disabled ..... if not, disable it unless you need that feature.

Also, make sure you have all the latest XP security and critical updates using the Windows Update feature.

The problem with any firewall is this. You have to allow your browser and e-mail program access to the Internet. This being the case, you may not readily detect an intrusion if the intrusion is using that connection. You would want to review your firewall logs to see exactly what traffic is going in and out of your computer. You will see lots of information in the log, some of the traffic is normal ...... some may not be. It may be difficult for you to determine what is and what isn't appropriate, but it is worth looking at none the less.

You could try this.
In Zone Alarm you could deny access to the Internet to all your programs and see what tries to get in or out all on it's own. Then review the logs to see what you can see (so to speak). After figuring it all out you would obviously have to allow your programs access once more so you could surf and use your e-mail.


Like you did, update you anti-virus, get a spyware detector, firewall and Windows updates. One other note, don't run Zone Alarm and the Windows XP firewall's at the same time. Disable the Windows XP firewall if your going to use ZA.

Mike

I don't know how much you actually tweak, but here are two easy things that will prevent problems...

Disabling windows xp services that are not useful, like messanger and remote registry.. you can find a guides here:

http://www.blackviper.com/WinXP/servicecfg.htm

and here...

http://www.techspot.com/tweaks/winxp_services/index.shtml


Running this small registry entry file that adds thousands of sites into the "restricted sites" list that are known for spamming, cookies, etc... you can find that here...

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD



You seem to be doing everything right otherwise.. hardware firewall, antivirus, you should be secure unless a trojan got in. Sometimes things just go screwy, especially if you buy generic mice on ebay like I did once. I'll stick with microsoft /ubbthreads/images/graemlins/tongue.gif

I've seen mouse drivers do wacky things, to the extent that I couldn't click on anything and had to use keyboard shortcuts to shut down.

is your mouse wireless?

ctrl-alt-delete

Mike

I really don't think you have a trojan or been hacked. So the mouse acted funny... I had alot of mice that have acted funny. Mostly wireless mice. If you've ran Spybot...and ran a full system scan with a good av prog... then you are most likely fine. It is a good idea to do scans with other progs too. Go to www.nonags.com and go to the security section of their software listings..and d/l a good trojan scanner...and do another scan... That way if the other scans missed something...there is a better chance of detection if you are infected. Otherwise, don't worry about it. Make sure you are taking preventive measures (On access virus scanner...spyware blocker...etc..)

You can use ctrl/alt/del to see what's running at the time...but some trojans run use common service names...only capitalized or with slight spelling alterations. They may be difficult to spot.... For example... I checked out a friends system that was having problems with search page redirection and popups... I used ctrl/alt/del and found a trojan running as SVCHOST... at startup there was a registry entry that ran this file in the background. Unlike the other svchosts running in the background...this one was capitalized. Norton did not detect it either. A week later I think they had it in their definition files update. This trojan was not always running though... so ctrl/alt/del will not always be a reliable way to check for such things.

You have not been hacked! My mouse (a Logitech) does the same exact thing as yours when I click the scroll wheel. It is completely normal. I guess it is for folks who don't like scroll wheels and you can click that and move the mouse to scroll up and down a page.

Negeltu,

In other words, when in doubt restart your computer ...... ctrl-alt-delete. In some rare cases, you need to shut the machine off and unplug it. By unplugging it, you kill power to the motherboard. This forces internal as well as external components to reset. Some mother boards have warming circuits in them, consequently a simple restart does not accomplish the same thing as actually killing the power to internal components and some peripherals.

We used to have customers kill power to the machine to get modems to properly re-initialize. This was usually software based modems.

Or, as you have stated you can see what's running and not perform a restart.

However, restarting a machine can do wonders. Especially if you tend to leave your computer on for extended periods of time. The reason for this is ........ when you open programs and then close them. The operating system is supposed to release the resources it took to run that program. Unfortunately, many operating systems do not always properly release those resources. Your machine may seem slow and/or start acting strange. A restart obviously releases all the resources and you start with a clean slate. Things seem faster and everything works fine (for awhile).

Mike

I have a corded Logitech 4-button mouse.

Biker, try clicking the various buttons on your mouse to see if you can replicate the arrow scrolling thing.

On occasion when I'm on line (not e-mail) my HD will start and run for a long time. I've since installed SpyBot & Ad Aware & update the few Windows Me fixes remaining. Yeah, I know, dump the Me OS. Out of ignorance of what to do I shut down the PC when that happens. Why will the HD take off and keep running sometimes? Thanks.

Ok, a little off-topic here, but...

Being a mildly paranoid type, whenever I hear my hard drive start thrashing about for no apparent reason, I pull up the task manager and have a good look.

On one occasion I found that McAfee was running a task called alogserv.exe, which keeps a log of what has been scanned and what hasn't. This task was bogging down my computer incredibly, so when I killed it and took it out of the startup process, my machine went back to being it's normal zippy self. If your machine doesn't have msconfig.exe (Win2k doesn't have it, other versions do) then go to www.mlin.net and download Mike Lin's Startup Control Panel, a great tool. This makes it easy to control what runs automatically at startup. There's a standalone version and a version that installs itself into the Control Panel. It's free and no spyware included.