It's free to register, to post a question or to start / join a discussion
Need to Help A Friend NetBIOS over TCP/IP Attacks
Likes # 0
Posted March 20, 2013 at 11:22PM
Wondering if you can shed light on this one one of my Friends is having on off problems with his computer It's an Alien Ware By Dell and his O/S is Windows 7 64bit he's had this problem for a couple of years.
It's become apparent he's a victim of a NetBios attack TCP/IP Where some random person is scanning ip and ports in order to connect to his computer.
He seems to think that this random person is using Herins Boot CD on his computer.
He's using a Cable Modem Connection and has tried a few routers to combat this problem but he says these attacks keep happening.
I for one looked up about this attack and it doesn't work with Windows 7 Or Does it? He's trying so hard to get rid of this and has frequently re-installed his O/S but the issue keeps coming back.
I'm not sure of the Security Setup he has.
I've googled on how to block this from happening and I've come up with this link:
So how do I help him further and am I on the right lines in order to help him solve the problem?
Likes # 0
Likes # 0
Posted April 26, 2013 at 11:45PM
Gparted and part magic dont work, they see 2 partitions.. OS and UEFI .. there are no other partitions (which is a problem for alienware) there needs to be 4 (2 for dell 2 for the OS and boot) gparted was meant for LINUX.. just fyi and most of the old drives were turned into linux file system so I cant even read them.
know of a way to change all partitions back to win os from linux recovery from hirens?
Gparted Was used BY THE HIJACKERS and yes .. all are changed and were mounted to EXT2 ext3 ext4 installing gpart or partition magic didnt solve nor see anything more than what i can see in windows without them 6-9 partitions and missing files and space
At the moment he's trying to figure out how to re-install Windows 7....
windows disc worked on a usb dvd I got from a friend.. then I booted windows, installed (or I wouldnt be in windows now) but the dvd I have barely works and its set to odd settings.. max read 2x max write 2x takes 10 hours for a dvd to burn and then its unreadable cd music never works etc
It seemed his Disk Media is naff I suggested to contact Dell to send replacement Disks He said..
"dell DOESNT SEND discs.. ever anymore.. not even with new machines. I cant afford that. its something easy... just no one can seem to even link me to firmware pages or whatnot to make sure my drive is ok not even dell.
if you ask for recovery discs they cant do that either as alienware is not the same as most dell not even the same company yet its owned by dell
you have to A. make recovery discs (which i cant do since the partition is gone) aka no respawn or B. ask for a real disc which I HAVE... both real discs win7 ultimate.. 64 bit and drivers for this .. 2 dvd .. not 6-12 dvds with bloatware
So he does have his recovery disks!!!! Hurh????
Likes # 0
Posted April 27, 2013 at 12:39AM
In one of the earlier posts you said " They also took out his Phone and TV!!! PC dead in the hands of hackers.
Not sure if telephone cables the same in USA but the line could be tapped.
Cable TV and Broadband I wouldn't know.
Time to report to the authorites by now I would think, especially it was suspected a few years ago.
That or move house and never buy a Dell again :-\
Likes # 0
Posted May 15, 2013 at 5:33PM
Your friend is not crazy. I have been going through the exact same issue since early March 2013. I was tipped off one day when I noticed all lights on router were off but one laptop (Win 7 Samsung) was still connected to Internet. I unplugged the router and the Win 7 stayed connected. Win 8 did not. I researched more and noticed I had a Microsoft Mini Adapter in the network sharing folder. I never activated that. I went to Cmd prompt and typed netsh wlan stop hosted network. I got confirmation it had been stopped. I then typed rasdial disconnect. Again got conf. it disconnected. I then typed netsh wlan start hosted network. That's when another "name" appeared under my private connection in network sharing folder. It said QuickCash PC * -work 5570 (the * is for my husbands name) My husband swears he knows nothing abt it. I started typing net users it listed my husband as admin. a guest as admin and updatuser as admin all with passwords set to expire in 30 days. yet last log in dates/times were the exact log in date/s times as MINE. Everytime I could not figure out why my husband was listed as admin. There were supposed to be 3 users. ME (admin) my husband (standard user NO admin rights) ME (standard user) however, when I typed "net user me" I didn't exist. I started opening folders properties and found built-in special in objects. users, admins, built in special. I unchecked one at a time, then clicked advanced, then find...it listed all users within that group. Everything had a down arrow next to admins, down arrow next to my husbands name, and anything that had remote Access. Then there was a strange "user" with a red ? and "unknown" s-1-21-5 and many many more numbers after that. Oh and WMI. I made sure shared files and network discovery and streaming were turned off. But I would check an hour or so later and "Streaming is on" would be showing, although streaming WAS NOT check marked. anything that allowed XBOX was disabled. I could see when they logged on, my wallpaper would change and I could see the cursor change. then boxes would pop up asking me if I wanted to continue changing file info. i tried every malware and AV out there. all said nothing found. I used Shields up which said I had registry leaks (associated with S-1-5-21....If I changed firewall settings blocking anything remote, they were changed back until one day I was blocked form firewall settings both in windows firewall and Norton with a message saying "for your protection some settings have been blah blah..something to do with group policy and special permissions. Sure enough I could not change the group policy ACCESS DENIED. Then the calls from the bank started ..fraud..fraud..fraud.. 146.00 here another 100 there...cancel cards start over. all my excel password sheets ...(password protected) GONE POOF...the more I cleared access check boxes for S-1-5 the more appeared. some were shortened to S-it1-5-7- or some crap. the entire number of each set were the same except for last 4...1001, 1002, etc. I finally found connection between S-1 and WMI and a Google Drive folder (although GD was not installed on my pc) I woke up one day to an Windows NT enterprise persistence..a domain (using my name at first...then one day logged into WIN 8 Laptop, there was an established homegroup...there was one on the WIN 7 as well but it had a totally different password...Then the "fun started" boxes on win 8 started opening asking if I wanted to change more files. the pc was on the table, i wasn't touching it. I found a file in WIN7 which alerted someone when either machine was logged onto as well as scheduled tasks. Finally, the same VPN files on Win 7 I found on husbands android only by connecting via cable to laptop and using ES file explorer. the android file only shows when attached to pc via cable. I have paid people to look at it they find nothing and think Im paranoid. Mon may 13 had someone remove everything form both laptops, and clean install. 7 pm May 14 same exact files back on win 7. Warranty voided b/c Geeks say since some of the files that reappeared were files I personally named, then someone tampered with laptop by reinstalling the files. This is causing a divorce. Hubbs SWEARS hes not hiding anything, but looks bad. I need help, Im not kidding abt divorce. we had the "divorce" fight today over him saying "U don't trust me" I'm saying "heres what Geeks say. looks bad" H-E-L-P!
Likes # 0
Posted June 10, 2013 at 1:58PM
I find that most bizarre - for that issue there must be a fix out there!!
Likes # 0
Posted June 11, 2013 at 4:32PM
This one beggars belief, cant believe I am reading it. I bet someone is having a good laugh.
Reply to this topic
This thread has been locked.