Google Answers Logo
View Question
Q: Has my home pc been hacked ( Answered 5 out of 5 stars,   0 Comments )
Subject: Has my home pc been hacked
Category: Computers > Security
Asked by: spinola-ga
List Price: $5.00
Posted: 29 May 2003 00:39 PDT
Expires: 28 Jun 2003 00:39 PDT
Question ID: 210159
Last night when I shut down my home pc (Win 98 / USB ADSL connection
128K) I received a message there is 1 user connected to your pc do you
want to continue with shutdown. I almost pulled the cables from the

Then I rebooted with out being connected to the internet and I got a
message windows 98 is updating your configuration file :-( But
everything seemed fine after that.

So have I been hacked? How can i find what could have been installed
without me knowing? Can someone have accessed more of my hard disk
than the unimportant directory which was shared?

Subject: Re: Has my home pc been hacked
Answered By: chellphill-ga on 29 May 2003 09:34 PDT
Rated:5 out of 5 stars
Hi spinola-ga

      The first thing I recommend is running a thorough virus scan.
You should already have some sort of regularly updated virus scanning
software already on your pc. This is just a "must have" these days.
The biggest problem I noticed amongst home computer users in regards
to security, was having virus scanning software that was not regularly
updated. If not updated on a regular basis, the virus detection
software will not be able to detect the "newest" viruses, trojans, and
other security threats. And believe me, there are people out there
with nothing better to do than to sit around and create new ways of
exploiting weaknesses in firewalls and virus detection software. If
for some reason you do not already have virus detection software
already installed, there are some reputable websites that offer to
scan your hard drive for free.

Online Virus scanning: (Housecall) (reliable antivirus) (Command on Demand
for Netscape) (Command on Demand
for Internet Explorer)
(Panda's online virus scan)

Now, the next thing I will discuss is your firewall. Since you have a
DSL connection, you should have some sort of firewall, as all
broadband users should. You might be able to review your logs from
your firewall to determine what IP addresses you were connected to,
what ports were  being used ect. If your not using a firewall, then
it's vital that you get one now!
A list of some firewalls

How can you tell if you have been hacked?
"Always look for strange behaviours by your computer. It's a good idea
to be pro active and every once in a while look at all the programs
that are running in the background and look for strange or unfamiliar
program names. It is also helpful to always look for listening ports
on your machine. You can do this by typing Netstat -an in a command
prompt (DOS) session. Look for ports that are marked " listening " and
compare those port numbers with several Suspected Trojan port lists
available on the Internet or seek
help from other DSLR members in identifying the purpose of those

If you have trouble understanding the results when you run Netstat,
hackerwhacker has a online form in which you can cut and paste
sections of the output that you have questions about, they then will
attempt to annotate the port and ip numbers with more understandable
results. (
"In a huge majority of the cases, no, because the most popular pc
operating system does not record Internet activity. It is impossible
to know if your computer has been cracked unless the cracker does
something extremely obvious. This is very scary. A cracker might have
been using your computer for years for nefarious purposes and you'd
never know it!
If a cracker is extremely clumsy you might see some indications that
your computer may have been cracked.

Hard drive starting up by itself when nothing is going on. 
Receiving E-Mail from strangers. 
Floppy disk light coming on by itself. 
Sounds playing when they shouldn't be. 
Your computer doing things you didn't ask it to do. 
Your computer suddenly dialing up the Internet. 
Your computer locking up or freezing while you are on the Internet. "

Use Windows 98 utilities to identify security risks and threats:
This page gives you instructions on how to install and use some of the
Windows 98 utilities such as;
Lets you see who is using the shared resources on your computer at any
given moment in time, across the network.
System Monitor: 
Within System Monitor, click on the Add button and choose Microsoft
Network Server from the category field. Choose the parameters that you
want to track. This will be added to the chart. Use this to determine
if your system is slowing down on account of shared resources. You may
need to disconnect a user or un-share a shared resource to remedy it.
Win IP Config:
 Win IP Config lets you view all your current TCP/IP settings in a
single menu. By clicking on More Info, additional information
regarding the network can be viewed.
If the IP address was dynamically allocated by a DHCP (Dynamic Host
Configuration Protocol) server, then you can use the Release and Renew
buttons to release and renew the IP address.
Use Netstat to display protocol based statistics as well as all
current inbound and outbound connection. Netstat can be configured to
display all connections and listening ports and Ethernet statistics,
as well as statistics on a protocol basis. This would include
statistics for TCP, UDP, ICMP and IP. This is a very useful command
line utility that lets you know who is accessing the machine.
The Net utility in the command line contains a host of other
interlinked utilities. You can choose to do basic network
configuration, diagnostics, inspect print queues, as well as
connecting and disconnecting to the network from the command line.
Type in net /? on the command line to access more information on the
different commands within the Net utility.

Detecting Backdoor Programs:
Some of the various backdoor programs and the ports they use.

Things you may want to think about implementing to avoid future
incidents. (Sheilds up)
Scans your computer online for ports that are vulnerable.
Another online port scanner
recommended Anti-Trojan programs 
Grisoft's free anti-virus protection software
Microsoft recommends Windows 98 users should take the following steps
to ensure security;
1. Visit the Windows update site and install the latest critical
2. Familiarize yourself with these Best Practices in Enterprise
3. Update your anti-virus tools and signature files from viruses.
Check out the Virus Alerts regularly.
"Defense in depth is a military practice that applies directly to
information security. To rely on a single piece of software or a
single device to provide all protection is insufficient: compromise
that single layer and there is no more security.
Protecting your home computer isn't a one-time task. You need to be
diligent here: install a personal firewall, install and frequently
update a virus scanner, and keep your computer up-to-date with
security patches. Visit and
subscribe the Microsoft Security Notification Service. When you
receive notice of a security patch ("hotfix") that applies to your
computer, install it right away. "

Not sure of when your last update was?
Instructions on how to access your Windows Update log file. (This log
file will give you details about all of the updates installed, as well
as build (version) numbers and the dates and times when they were
Help in choosing a firewall

Determine if file and print sharing is needed, if not, then disable
" Part of the functionality that windows offers is network file
sharing and printer support. If you only have one machine chances are
you do not need these features"
"Enabling windows printer and file sharing can allow an attacker to
gain access to your machine, and the same goes for Windows network
client. Installing these components and enabling them is the default
in Windows, so unless you specifically disable or remove them they
will be present. With these software component installed a remote
attacker can find out a lot about your computer. By querying your
machine remotely they can learn your login name and your workgroup
name and the hardware address of your computer (which can give them
enough information to know what brand of computer you own!)"
Windows 95 & 98 security
Security for DSL users.
 Common Sense Guide for Home and Individual Users: Recommended Actions
for Information Security

Other links to check out:
Windows 95/98 Computer Security Information
Steps for Recovering from a UNIX or NT System Compromise (although
intended for UNIX or NT Systems, this page does offer some good ideas)
Security for home Networks
File and Printer Sharing (NetBIOS)
Home Computer Security
A great sight that lists the top current security threats and the
ports used.
Lists various backdoor trojans
List of trojans and the ports commonly used
How firewalls work
Get info on an IP address,2000034930,20274660,00.htm
You've been hacked: What to do in the first five minutes,2000029582,20274851,00.htm
You've been hacked: what to do in the first hour
What to do if you find your computer being hacked.
An interesting article on a computer owners liability if their
computer is hacked and used as a weapon to attack other computers.
How can I tell if I've been hacked? 

Web pages directly pertaining to the error message "There are 1
user(s) connected to your computer.
Shutting down your computer will disconnect them. Do you want to
continue?" (tiny url for a post from a Google newsgroup) (tiny url for a post from a Google newsgroup) (tiny url for a post from a Google newsgroup)  (tiny url for a post from a Google newsgroup)

I you have any questions about the information I have provided, please
feel free to request a clarification of my answer. Be sure to give me
enough time to respond before you rate the answer!

Best of luck to you!

Request for Answer Clarification by spinola-ga on 29 May 2003 11:14 PDT
Hello chellphill-ga,

The answer is excellent! Just a quick question which if you can answer from
experience do so, otherwise there is no need to spend any time on this as
your answer covers the subject very well as it is. The shields-up link
was particularly impressive.

If someone had managed to install a program (I am going to read the
trojan checker info asap!) would that normally show as a task when you do
ctrl-alt-del. Or is it more likely that although someone may have 
connected to the share it is less likely they installed some software?

Clarification of Answer by chellphill-ga on 29 May 2003 13:39 PDT
     In regards to your question, "If someone had managed to install a
program would that normally show as a task when you do ctrl-alt-del?"
     The answer is.... maybe. It all depends. Some viruses and
backdoor programs will show up in your task list. For example
shows a few of the backdoor programs, and how they might show up in
your task list.

Here are some other examples:
Backdoor.Easyserv does not display any indication that it is running.
You can verify that the Trojan is running by opening the Task list
(Ctrl+Alt+Del), where you'll see the name of the running Trojan in the
list. The name of the Trojan is usually Server.exe (see note that
follows). You can remove Backdoor.Easyserv from memory by selecting
Server.exe and then clicking End Task.
"Select Antihack.exe, and then click End Task. If Antihack.exe does
not appear in the list, the backdoor is using a different file name
and could be very difficult to locate. Refer to the steps below for
using an antivirus program to remove the backdoor."

However, there are also quite a few that will not show up in your task
"The only feature making this utility to be classified as malicious
trojan software - the silent installation and execution. When this
program runs, it installs itself into the system and then monitors it
without any requests or messages. If you already have it installed on
the computer, you cannot find this application in the task list. The
trojan also does not manifest its activity in any way. "
"Programs that are classified as "backdoors" are network
administration utilities that allow for the controlled removing of
computers on a network. "Backdoors" are similar to commercial network
administration packages that are developed and distributed by software
The only feature of these utilities classifying them as malicious
(Trojan) software is the silent installation and execution. When such
a program runs, it installs itself into the system and then monitors
the system without any requests or messages. If you already have it
installed on your computer, you cannot find this application in the
task list in most cases. The majority of known backdoor Trojans also
do not indicate their activity in any way."

Sometimes trojans, viruses, and backdoors can be in your task list,
but disguised as something legitimate, for example;
". If the operating system is Windows 95, 98, or Me, the Trojan
registers itself as a service process to hide itself from the task

What I would recommend is doing a ctrl+alt+del and take a good look at
what is running in your task list. Have a pen and paper handy and jot
them down that way you will be familiar with them, plus you may want
to look up any unfamiliar tasks on google. Make a note of what is on
your task list at boot up, then start your dsl connection (if it isn't
already connected) and note if any new tasks have been added.

Another great site is
It has a long list of various backdoor programs. You can register
(it's free) and choose a backdoor program, and security space will
scan your computer for it.

As to the second part of the question, "Or is it more likely that
although someone may have
connected to the share it is less likely they installed some
The following links give a bit of insight as to what a hackers goal is
once they gain access to your system.
"Once inside the system, the hacker’s second goal is to get what is
called "root" access. That usually requires finding a technical
weakness. Root access means the hacker has unrestricted access to the
inner workings of the system."
"The backdoor for most intruders provide two or three main functions:
Be able to get back into a machine even if the administrator tries to
secure it, e.g., changing all the passwords. 
Be able to get back into the machine with the least amount of
Most backdoors provide a way to avoid being logged and many times the
machine can appear to have no one online even while an intruder is
using it.
Be able to get back into the machine with the least amount of time.  
intruders want to easily get back into the machine without having to
do all
the work of exploiting a hole to gain access."
An interesting article on what hackers do, and how they do it.
Detecting keystroke loggers and backdoors.
spinola-ga rated this answer:5 out of 5 stars and gave an additional tip of: $5.00
Hello chellphill-ga,

Really good information, I will be busy this weekend following up on
the links you have given me, installing a firewall etc.



There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy