I should have read your post a little more carefully and seen the part where you mentioned that your using another computer to post, and your reluctant to go online with yours at the moment.
So if you choose to try "The Cleaner" or anything else, you are going to have to either find a way to download them into your friends computer and transfer them to yours by some means (the cleaner is too big for a floppy). Or, your going to have to go online.

Here is what I would do, keep in mind that it is only my opinion. I'm not familiar with the firewall your using, but Zone Alarm is a good one because of it's ability to spot and controll outgoing connections from a computer. http://www.zdnet.com/downloads/partners/zonealarm/download.html
A good place to start would be to install Zone Alarm and only give permission to your browser to access the internet until you get everything straightened out.
Next, I would download and install The Cleaner and scan for trojans.
Dave

As I found out first hand very recently, the probability of being "hacked" is pretty good if you are on a high bandwidth, always-on connection e.g. DSL/Cable, and especially if you have a static IP address - that is an IP address that doesn't change each time you connect.

There are numerous people who "hack" as a hobby, electronic trespassing is not only their recreation but one of their greatest thrills. Whole groups of these "crackers" share information and utilities for scanning and breaking into computers on the Internet.

You have some good advice in the responses so far. One thing I might add is that PC-Anywhere may not be detected as a trojan but if improperly configured it can leave your system wide open. Use good judgement about downloading and running programs, even so-called firewall or trojan scanning utilities can be a threat - know your sources. Even if an email comes from your best friend with an attachment that says something like "runmefunny.exe" don't hesitate to ask your buddy if he actually sent it, and where he got it from.

I've heard Black Ice Defender is a paretty good firewall for Windows, but I have never used it.

On average I get scanned once or twice per session by some script kiddie looking for back orfice, sub-seven, or PC-Anywhere. As long as your computer doesn't respond you are probably invisible -a good firewall will stealth your ports.

Good luck - if it were me and I had any suspicion at all that my system was compromised I would format and start fresh.

do you have hard evident that your system been compromised? check for all running program to find anything suspicious, however, some website make a pop up of their supporter, that COULD be one of the thing. when you said you have packet going in and out, is it alot of packets or a few?

Dear sir or madam,

I am very much hoping you can help me, I have a strong suspicion that somebody may have gained access to my PC via the internet. What has lead me to this belief is that on two or three occasions last week, I was using the net and decided to take a break for a few minutes. As I was sitting down, I had the computer connected to the net still and noticed that it had loaded a web page that I had not seen before. What has also helped further my suspicion is that I have recently installed a firewall program (Syshield) and this program, is giving me some strange reports. One of the functions of the program shows all the websites that have been visited and are being visited and I found several sites on the list I had never even heard of before let alone visited. Another function of the program (if
I remember this correctly), reports that UDM access has been blocked by the program and it shows me some IP addresses under the headings of both incoming and outgoing.

I was worried by the strange occurrences and turned the computer off within a few seconds of these events happening and thought it was the best thing to do. I have not used my main PC for several days and, I used a PC at a friends house to write this message, in case somebody was able to see exactly what I am doing on the net?

I am hoping you can help me find out what exactly is going on and solve the problem by answering the following questions as best as possible:-

1. What is the likeliness that my PC is being acessed by somebody, given the
circumstances and information I have provided?

2. How can somebody access my computer over the net and browse sites without my knowledge?

3. How would it be possible for somebody gain access to my PC via the net?

4. How could I confirm my suspicions that somebody has gained access to my PC?

5. Is it at all possible to trace somebody if they are accessing my computer and if so, how?

6. If I am able to trace someone who is accessing my PC, to where exactly can they be traced and, what can be done about them?

7. Should my firewall program be sufficient in preventing somebody from accessing my PC?

8. How can I prevent someone from accessing my PC via the net in future?

Help deeply appreciated.

Thanks

First off, you may want to download "The Cleaner" and do a scan for trojans. http://www.moosoft.com/
I'll try to post back in a while with some more answers to your specific questions.
Dave

there are many ways for people to access your computer without your knowledge. virus (trpjans, port scans, buffer overruns) to deter these things from happening go get zonealarm. its easy, works great and best of all its free. like dave said use the cleaner to search just in case.

Jason

Basically if you use a dial up connection the chances that you will be hacked is very very slim indeed! As each time you dial in you are asssigned a different ip address by your service provider, always on as cmonster said leaves you vulnerable.

I have used BlackIce defender under win9.x and found it to be pretty good. Make sure if you do have pcanywhere that you have a sensible password (at least have one).

POP ups are a possibility. Don't we all hate them!!

I have a dail up, and still ended up with around 600Mb of stuff that wasn't mine. I couldn't even open them to find out what they were, so BC Wipe took care of them.

I installed ZoneAlarm and the thing went crazy within 15 min., I had blocked around 20 attempts. I was able to trace them back to the local Tech here and contacted their administrator with the info. At first he was skeptical until I started reading the ISP numbers, times and port attempts. Then he stated that he would like the files that had been placed on my computer. He wasn't happy when I told him I'd wiped them, but stated they were having a scanning problem and were trying to catch the responsible parties.

My point is, it's bad enough out in the big world, but it's even more dangerous when you live right down the road from a Tech School whos' main emphasis is computing. Dail up's aren't really that much safer, contrary to what you've heard.

I still get hit about 2-5 times a week, but all have been from out of state or country for the last couple of months. I usually ping them back and trace them and then notify their administrator. (Can't remember who was hit in a previous post by someone in Korea, but I nailed them back as well with a nasty little letter to their administrator at Hansol Tele.)

As for pop-ups, I'm using AdSubtract Pro and it is configured to not allow pop-ups! Talk about boring surfing! http://www.sysopt.com/forum/wink.gif

Harder

P.S. ZoneAlarm has stopped attempts at a large number of ports in my case, (to include up in the 64,000's).

Makes me value my year and a half old hardware firewall via an inexpensive Linksys router (I use a static IP address over my dsl lan) never a prob yet...

Basically if you use a dial up connection the chances that you will be hacked is very very slim indeed!

Don't always believe in this myth. In my case, my backup dialup ISP assigns a block of dynamic IP addresses commonly associated with its rather popular 1-way cable modem service in my region. During peak hours of activity, my firewall can get hit HARD. Using WinRoute Pro with NAT packet filtering and active firewalling, I generally block a couple of thousand invalid packets and connect attempts per day with this ISP! Most are harmless, average Internet operations, but I do notice the occasional port scan or port 139 file share access attempt.

Robert Richmond

[This message has been edited by RobRich (edited 03-30-2001).]

Here is a very helpful site with information on a multitude of articles about computer security, and the weaknesses.
www.astalavista.box.sk (http://www.astalavista.box.sk)

direct link to the search engine: http://neworder.box.sk/

Good luck,
cm.