Questions

How To Get Rid Of A Hacker??

+
4 Votes
Locked

How To Get Rid Of A Hacker??

Diamondgirl54
I've got a hacker who keeps breaking into my computer through my browser. I use both IE 9.0 and Firefox 4.0. It doesn't matter - he breaks in through either one. It started with him breaking into my Hotmail account; now he is breaking into websites where I shop, especially Amazon. How do I get rid of this guy??!! I've got Norton 360 for security, but that certainly isn't working. What to do??
  • +
    2 Votes
    RayFoxxe

    Are you sure that this is certainly a hacker? Not just maybe your family members, friends, or people you know that's getting into your accounts? Not unless you were browsing on scam shop sites or have been shopping on phishing sites or on explicit sites, then you will most certainly be targeted for account and identity theft.

    If this is really serious hacking where you're losing privacy and your money on online accounts, I suggest you first cancel all of your online accounts to your bank accounts or any other financial online services, inform your services that your accounts are in the risk of getting hacked, and if your area has the proper department to deal with online theft, inform the proper authorities.

    +
    0 Votes
    Diamondgirl54

    Yes, I am being hacked via browser. It's not a family member; most of my relatives are older and not computer savvy. I don't do adult sites, and I try to be careful about phishing and scams....but I may have stumbled on one anyway, or at least some malware or something. I have been having this problem since I downloaded the latest version of Norton 360, so I am not sure what to think. I do not bank online, but I am terrified that this person may get hold of my credit card info if I make a purchase. I am going to contact Norton and take a good hard look at my antivirus software, at Windows, etc. All my Adobe products were already updated, so I will look at all of the other suggestions to try to solve my problem. Thanks so much for all input and suggestions.

    +
    0 Votes
    Diamondgirl54

    tried to recover June 8....computer died....will have to buy new. thanks anyway for the help.

    +
    8 Votes
    Mike Bird

    There are some key things to consider.

    1) is your computer fully O/S patched?
    - this means running Windows Update (or the equivalent apple O/S update) until all critical and suggeseted updates are deployed.

    2) is your AntiVirus/Firewall solution updated and correctly configured?
    - While norton is a reasonable product any AV/FW solution is only good if it is kept up to date. This means running (or setting auto) update routines.

    - its no use if its misconfigured.

    It may be worth finding the "reset" option in the AV/FW software and using it to set everything back to the default configuration (which is usually secure) then working your way throught the configuration and setting the options to a "very secure" configuration.

    While this may generate a lot of messages and warnings as you start using the system; which you should be considering carefully; the benefit will be a more secure setup.

    3) Other applications & Devices

    Ensure that things like Adobe Acrobat, Flash Player and Shockwave Player are kept updated.
    If you use another browser (Firefox for instance) then again update that.

    If you view MEDIA files (movies / audio) on your computer then ensure you are careful when any file prompts you to download CODECS. One vector for viruses is to put a tempting file on the net then try to convince viewers that they need to download a CODEC to view the particular type of encoding in that file.

    Remember also that USB memory sticks and even camera memory cards can contain viruses. If its been connected to your computer and the computer is infected. Plugging an infected stick into your computer may well just undo all your work so ensure you configure your AV software to scan removable media devices.


    4) Unsolicited files

    You've just got an email from a friend suggesting you try out a great program which they've thoughtfully attached. You've got an email from a courier company with an executable attachment that they insist you run to get the package they have on hold from you. You're being invited to open a PDF file to get a chance to win 10,000 USD.

    All of the above are likely to be something nasty. If you're in doubt then phone the person up and ask them. Courier companies do not send executable programs via email to schedule deliveries; and lets face it, the majority of advance fraud fee scams on the news should have alerted you to the probablity of these being bogus.

    4) Network Security

    Remember if you've got a Broadband Router this has likely got a degree of protection build into it. Make sure the router is configured correctly
    - ensure your router is not configured to casually permit external connections
    - ensure you have not disabled protections against Port Scan

    If your router is supplied by your ISP then consider contacting them for advise on checking the configuration. Alternatively if your router is your own purchase then note all settings and then consider a RESET (back to manufacturer's base settings) and then reconfigure it from scratch. Many routers automatically detect broadband configuration directly off the line.

    5) WIFI security.
    If you don't use WIFI then SWITCH THE FUNCTION OFF ON THE ROUTER.

    If you are using it then consider if you need to use it. For instance POWERLINE type devices can provide excellent data connections direct to your router as long as you have a power socket near your desk location.

    If you must have WIFI enabled then ensure you setup your router
    - To hide the SSID (not broadcast)
    - To use a complex password (a mix of Upper/Lower letters, Numbers and at least one ! @ or * or other non-letter character) (ensure you note the password down and store it OFFLINE)
    - To use WAP or WAP2 encryption (NOT WEP)

    6) ONCE YOU'VE GOT ALL THAT DONE
    - Put your computer into SAFE MODE and do a full scan of the computer
    - Go and download the freeware versions of tools like Malwarebytes Antimalware and AVG Free and use those to independently check and scan your computer.

    From ANOTHER COMPUTER which you have a confidence is clean then change all your passwords. Remember to use complex passwords as per my note on Wifi above.

    Now go back to your computer and run those anti virus scan again.
    At that point you have a reasonable confidence of having a secure computing environment.

    +
    0 Votes
    Diamondgirl54

    Mr. Bird, you are one very thorough human being, and I am extremely grateful for your input. Yes, I do think I am being hacked via browser. This is my story: Several weeks ago, while I was logged into my Hotmail account, I noticed the marquee above the URL (the spot where it says "Hotmail" and gives your email address) began to flicker wildly. When it stopped flickering, the marquee said "Hotmail (1)", the (1) giving an indication that a second window for my email account was open somewhere in the world. Whenever I switched folders, the second person would get kicked out - but within seconds, the marquee would begin to flicker wildly again and soon the "Hotmail (1)" would return, showing the account open in 2 places. I did not want to lose the account, as I have several years worth of Internet Marketing info archived in it. So I moved almost all of my current email activity to another account. I thought this had solved my problem, until I began going to other websites, places like Amazon (that does not require a password to enter and browse), and suddenly as soon as I entered the website the marquee would flicker wildly, until the hacker managed to get in, then the flickering would stop, and there would just be a double connect every time I went to a different page. I got mad and began just flipping back and forth very quickly between pages on the Amazon website; the marquee began to flicker wildly each time I quickly changed pages until I stopped and gave up. At that point he broke through again, and my pages began to double connect again as he followed my every move. Eventually he realized I wasn't going to buy anything, and he pulled out, causing my screen to jump. I knew he was gone because the marquee stopped flickering and the double connect problem stopped. He keeps showing up now, but only at websites where I usually buy things. There is always the flickering, and the double connect once he/they break through. The only thing I can think is that he may be following me based on when my IP address shows active, (I am the only person at my house who uses my computer) and then he/they follow me to certain shopping websites to see if I will give any credit card info. Thank you again Mr. Bird; I will look at and try to implement your suggestions to see if I can solve my problem.

    +
    0 Votes
    TobiF

    Great advice from Mike, but I DISAGREE on one small point:
    You should NOT hide SSID on your wireless network.

    If SSID is not being broadcast by the router/access point, then your computer must to be configured to try its own list of "hidden SSID" whenever it wants to connect to the network.
    Let's say, your hidden SSID at home is "MyHiddenSSID". When you turn your laptop on at the airport, the first thing your wireless card will do is, when it sees any network with hidden SSID, it will try to connect, using the SSID "MyHiddenSSID". So a bad guy could simply program a fake access point to behave as if it has a hidden SSID, and then <strong>automatically accept any connection attempt</strong> and, obviously, serve lots of nasty things, or at least sniff on all your email passwords etc before you even know it.
    In short: Always show your SSID, do use WPA security and do employ really hard to guess Wifi passwords, like "0gqe9G6gerHe4@$..#^$^\\/f?=oig" (OK, don't use this particular one, since it's already taken :)

    +
    0 Votes
    Diamondgirl54

    Tried to do recovery June 8 and computer died. will have to start over. Thanks anyway for all of the help and suggestions.

    +
    2 Votes
    robo_dev

    You need to disconnect your PC from the Internet and get it disinfected. Some malware and viruses can be very difficult to remove, so it may be faster/easier to simply backup the data and re-load the OS of the computer.

    On a different PC, go and change ALL your online passwords, and be sure that you NEVER reuse the same password for multiple sites.

    +
    0 Votes
    Diamondgirl54

    I tried to do a recovery June 8 and my computer died. thanks anyway for all the advice.

    +
    2 Votes
    ohiomike12

    I agree with the other posters, and it may be time for you to reinstall windows if you have some nasty malware. use different passwords at each site, make them complex enough, and use 2 factor authentication on your email (google it. as a matter of fact, google may offer it). consider that it may be a family member and you can install free whole disk encryption such as truecrypt.

    +
    2 Votes
    Alpha_Dog

    Step one: I'm going to assume you are running XP. If you are running Seven or Vista, the process is similar. You will need an active internet connection. Do a google search fo "combofix". Download this product from a site called "bleepingcomputer .org" Run it in safe mode on the administrator account. If you have any issue at this stage, find a buddy who can do this for you.

    When Combofix runs in safe mode, handle the warnings as they come up. if it says Norton's is still running, terminate Norton's process. After you are sure it's closed, continue through the warnings.

    This part will take a while. As it runs through, it may ask to download something from Microsoft. Allow it to do so. Eventually it will want to reboot. When it does put it back in safe mode administrator account to complete the last part and review the log file.

    When this is complete, reboot and go to housecall.trendmicro.com and run the program. When this is complete you should be clean. Now, before he comes back, ditch Norton and use something like Avast! for your antivirus.

    Finally, lock down your network with a good hardware firewall, like the ones you find in the Cisco/Linsys line, but make sure you lock it down as best you can. If you need something a little more serious, use a Cisco IOS based firewall or call our sister company, Lobo Savvy Technologies, about their firewall solution.

    +
    0 Votes
    huttd

    Remote Assistance and Remote Desktop can be very useful when you need them. But, most of the time you don't, and can leave you open to attack.

    1 Right-click on My Computer
    2 Select Properties
    3 Click on the Remote tab
    4 To disable, or turn off, Remote Assistance, simply uncheck the box next to Allow Remote Assistance invitations to be sent from this computer
    5 To disable, or turn off, Remote Desktop, simply uncheck the box next to Allow users to connect remotely to this computer.

    +
    0 Votes
    Mike Bird

    DG:

    The entry I produced above is a handout I have for staff in my own office if they ask questions about Home/Personal PC security.

    If you believe your "hacker" is following you based on your IP number then the simple thing is to change your external IP address.

    1) Go to www.whatismyipaddress.com
    note the IP Address number it gives you in the upper right corner of the page.
    its in fairly large blue text so you can't miss it.

    2) Power down your computer
    3) Power down your ROUTER

    4) GO TO WORK.

    Now, the way that most ISPs work is that they randomly assign an IP number when a Router connects to the internet and validates itself against their service. If you switch your router off, and leave it for a while, then another PC will likely get the IP number you had, and your router when you switch it back on later will get a new number.

    5) Return from work
    6) Switch on Router and give it 5 minutes (reasonable time to boot up and connect).
    7) Switch on your PC and login, check the same page.

    If the IP number is different then see if your "friend" is still following you.
    If the IP number is the same then either your ISP has setup a FIXED IP NUMBER on your router configuration - OR - they have a longer timeout factor on the allocation (it takes longer for the number to be moved from your "switched off" router to the "ready to reallocate" table.)

    Either try switching it off for a whole 24 hours or speak with your ISP and ask them how the router is assigned IP (DHCP or STATIC) and if DHCP then what the TIMEOUT is on DHCP allocation.

    However I don't really consider this to be a plausible diagnosis. More likely you're infected with something that is logging your keyboard activity and its relaying this back to someone else. From the sound of things, they're being pretty aggressive (and stupid) in following you this closely.

    I am slighly confused by your description of seeing (1) in the "marquee", and your assertion that this is a second computer accessing the same site with your login details. Perhaps you could screencap an example to me? (follow the entry for my profile and use the "send contact a private mesage").

    With due respect to Alpha_Dog, i'd personally stay away from COMBOFIX (and any automated diagnosis/fix tool) unless you are quite competent. It doesn't fix every problem and I am always wary of any tool that plays with the registry.

    However the information on the BLEEPINGCOMPUTER.COM website is of course a valuable resource for all provided you take the time to read and understand the resource.

    +
    0 Votes
    Diamondgirl54

    Mr Bird,
    I want to thank you again for all of your great ideas and attempt to help. I tried to do a recovery June 8 and my computer actually died on me. Back to the drawing board....-sigh- Thanks anyway for all of the suggestions.

    +
    1 Votes
    Spitfire_Sysop

    I'm going to agree that this sounds like a Virus. It's not that someone is directly connected to you computer issuing commands. It's an automated process. It sounds like it is collecting passwords and sending them to a real person somewhere. The sound advice is to completely reinstall windows and then change all of your passwords for everthing ever. You could go to bleepingcomputer and try to learn how to fight viral code by hand but this is time consuming. The reinstall is faster and more safe. Back up crucial data to another hard drive and format the infected one. Be sure to have security software ready to install on the new OS before it goes back on-line. Keep it unplugged. Scan all of your backed up files on the external drive before using them.

    +
    0 Votes
    alexisgarcia72

    Stop trying to figure it out if you have a virus, malware, spyware, etc. Go effective with this high end measures:

    1- disconnect your computer from the internet.
    2- backup your documents to external hard drive
    3- format and reinstall your Operating system
    4- install antivirus, antimalware, windows updates, service packs, flash updates, IE updates, java updates, etc.
    5- change all your passwords (hotmail, gmail, att, facebook, youtube, etc)
    6- report this intrusion to authorities
    7- do not use administrator accounts in a daily by day basis!

    +
    0 Votes
    snauc

    Even that you have Norton 360 this is not going to give you a full protection against mailware and tracking programs and cookies. Suggestion is to download Malwarebytes Anti Mailware do the scan in live mode and that will 99% find the infections. Definitely change the pasword in your hotmail account and also increase your system security by running the program such as IObit security 360 and Ad-Aware combine which will give you real time protection while you are on the net. More advice you can find if you log on at my web site Technology For Sick Computers - http://snauc.webs.com

  • +
    2 Votes
    RayFoxxe

    Are you sure that this is certainly a hacker? Not just maybe your family members, friends, or people you know that's getting into your accounts? Not unless you were browsing on scam shop sites or have been shopping on phishing sites or on explicit sites, then you will most certainly be targeted for account and identity theft.

    If this is really serious hacking where you're losing privacy and your money on online accounts, I suggest you first cancel all of your online accounts to your bank accounts or any other financial online services, inform your services that your accounts are in the risk of getting hacked, and if your area has the proper department to deal with online theft, inform the proper authorities.

    +
    0 Votes
    Diamondgirl54

    Yes, I am being hacked via browser. It's not a family member; most of my relatives are older and not computer savvy. I don't do adult sites, and I try to be careful about phishing and scams....but I may have stumbled on one anyway, or at least some malware or something. I have been having this problem since I downloaded the latest version of Norton 360, so I am not sure what to think. I do not bank online, but I am terrified that this person may get hold of my credit card info if I make a purchase. I am going to contact Norton and take a good hard look at my antivirus software, at Windows, etc. All my Adobe products were already updated, so I will look at all of the other suggestions to try to solve my problem. Thanks so much for all input and suggestions.

    +
    0 Votes
    Diamondgirl54

    tried to recover June 8....computer died....will have to buy new. thanks anyway for the help.

    +
    8 Votes
    Mike Bird

    There are some key things to consider.

    1) is your computer fully O/S patched?
    - this means running Windows Update (or the equivalent apple O/S update) until all critical and suggeseted updates are deployed.

    2) is your AntiVirus/Firewall solution updated and correctly configured?
    - While norton is a reasonable product any AV/FW solution is only good if it is kept up to date. This means running (or setting auto) update routines.

    - its no use if its misconfigured.

    It may be worth finding the "reset" option in the AV/FW software and using it to set everything back to the default configuration (which is usually secure) then working your way throught the configuration and setting the options to a "very secure" configuration.

    While this may generate a lot of messages and warnings as you start using the system; which you should be considering carefully; the benefit will be a more secure setup.

    3) Other applications & Devices

    Ensure that things like Adobe Acrobat, Flash Player and Shockwave Player are kept updated.
    If you use another browser (Firefox for instance) then again update that.

    If you view MEDIA files (movies / audio) on your computer then ensure you are careful when any file prompts you to download CODECS. One vector for viruses is to put a tempting file on the net then try to convince viewers that they need to download a CODEC to view the particular type of encoding in that file.

    Remember also that USB memory sticks and even camera memory cards can contain viruses. If its been connected to your computer and the computer is infected. Plugging an infected stick into your computer may well just undo all your work so ensure you configure your AV software to scan removable media devices.


    4) Unsolicited files

    You've just got an email from a friend suggesting you try out a great program which they've thoughtfully attached. You've got an email from a courier company with an executable attachment that they insist you run to get the package they have on hold from you. You're being invited to open a PDF file to get a chance to win 10,000 USD.

    All of the above are likely to be something nasty. If you're in doubt then phone the person up and ask them. Courier companies do not send executable programs via email to schedule deliveries; and lets face it, the majority of advance fraud fee scams on the news should have alerted you to the probablity of these being bogus.

    4) Network Security

    Remember if you've got a Broadband Router this has likely got a degree of protection build into it. Make sure the router is configured correctly
    - ensure your router is not configured to casually permit external connections
    - ensure you have not disabled protections against Port Scan

    If your router is supplied by your ISP then consider contacting them for advise on checking the configuration. Alternatively if your router is your own purchase then note all settings and then consider a RESET (back to manufacturer's base settings) and then reconfigure it from scratch. Many routers automatically detect broadband configuration directly off the line.

    5) WIFI security.
    If you don't use WIFI then SWITCH THE FUNCTION OFF ON THE ROUTER.

    If you are using it then consider if you need to use it. For instance POWERLINE type devices can provide excellent data connections direct to your router as long as you have a power socket near your desk location.

    If you must have WIFI enabled then ensure you setup your router
    - To hide the SSID (not broadcast)
    - To use a complex password (a mix of Upper/Lower letters, Numbers and at least one ! @ or * or other non-letter character) (ensure you note the password down and store it OFFLINE)
    - To use WAP or WAP2 encryption (NOT WEP)

    6) ONCE YOU'VE GOT ALL THAT DONE
    - Put your computer into SAFE MODE and do a full scan of the computer
    - Go and download the freeware versions of tools like Malwarebytes Antimalware and AVG Free and use those to independently check and scan your computer.

    From ANOTHER COMPUTER which you have a confidence is clean then change all your passwords. Remember to use complex passwords as per my note on Wifi above.

    Now go back to your computer and run those anti virus scan again.
    At that point you have a reasonable confidence of having a secure computing environment.

    +
    0 Votes
    Diamondgirl54

    Mr. Bird, you are one very thorough human being, and I am extremely grateful for your input. Yes, I do think I am being hacked via browser. This is my story: Several weeks ago, while I was logged into my Hotmail account, I noticed the marquee above the URL (the spot where it says "Hotmail" and gives your email address) began to flicker wildly. When it stopped flickering, the marquee said "Hotmail (1)", the (1) giving an indication that a second window for my email account was open somewhere in the world. Whenever I switched folders, the second person would get kicked out - but within seconds, the marquee would begin to flicker wildly again and soon the "Hotmail (1)" would return, showing the account open in 2 places. I did not want to lose the account, as I have several years worth of Internet Marketing info archived in it. So I moved almost all of my current email activity to another account. I thought this had solved my problem, until I began going to other websites, places like Amazon (that does not require a password to enter and browse), and suddenly as soon as I entered the website the marquee would flicker wildly, until the hacker managed to get in, then the flickering would stop, and there would just be a double connect every time I went to a different page. I got mad and began just flipping back and forth very quickly between pages on the Amazon website; the marquee began to flicker wildly each time I quickly changed pages until I stopped and gave up. At that point he broke through again, and my pages began to double connect again as he followed my every move. Eventually he realized I wasn't going to buy anything, and he pulled out, causing my screen to jump. I knew he was gone because the marquee stopped flickering and the double connect problem stopped. He keeps showing up now, but only at websites where I usually buy things. There is always the flickering, and the double connect once he/they break through. The only thing I can think is that he may be following me based on when my IP address shows active, (I am the only person at my house who uses my computer) and then he/they follow me to certain shopping websites to see if I will give any credit card info. Thank you again Mr. Bird; I will look at and try to implement your suggestions to see if I can solve my problem.

    +
    0 Votes
    TobiF

    Great advice from Mike, but I DISAGREE on one small point:
    You should NOT hide SSID on your wireless network.

    If SSID is not being broadcast by the router/access point, then your computer must to be configured to try its own list of "hidden SSID" whenever it wants to connect to the network.
    Let's say, your hidden SSID at home is "MyHiddenSSID". When you turn your laptop on at the airport, the first thing your wireless card will do is, when it sees any network with hidden SSID, it will try to connect, using the SSID "MyHiddenSSID". So a bad guy could simply program a fake access point to behave as if it has a hidden SSID, and then <strong>automatically accept any connection attempt</strong> and, obviously, serve lots of nasty things, or at least sniff on all your email passwords etc before you even know it.
    In short: Always show your SSID, do use WPA security and do employ really hard to guess Wifi passwords, like "0gqe9G6gerHe4@$..#^$^\\/f?=oig" (OK, don't use this particular one, since it's already taken :)

    +
    0 Votes
    Diamondgirl54

    Tried to do recovery June 8 and computer died. will have to start over. Thanks anyway for all of the help and suggestions.

    +
    2 Votes
    robo_dev

    You need to disconnect your PC from the Internet and get it disinfected. Some malware and viruses can be very difficult to remove, so it may be faster/easier to simply backup the data and re-load the OS of the computer.

    On a different PC, go and change ALL your online passwords, and be sure that you NEVER reuse the same password for multiple sites.

    +
    0 Votes
    Diamondgirl54

    I tried to do a recovery June 8 and my computer died. thanks anyway for all the advice.

    +
    2 Votes
    ohiomike12

    I agree with the other posters, and it may be time for you to reinstall windows if you have some nasty malware. use different passwords at each site, make them complex enough, and use 2 factor authentication on your email (google it. as a matter of fact, google may offer it). consider that it may be a family member and you can install free whole disk encryption such as truecrypt.

    +
    2 Votes
    Alpha_Dog

    Step one: I'm going to assume you are running XP. If you are running Seven or Vista, the process is similar. You will need an active internet connection. Do a google search fo "combofix". Download this product from a site called "bleepingcomputer .org" Run it in safe mode on the administrator account. If you have any issue at this stage, find a buddy who can do this for you.

    When Combofix runs in safe mode, handle the warnings as they come up. if it says Norton's is still running, terminate Norton's process. After you are sure it's closed, continue through the warnings.

    This part will take a while. As it runs through, it may ask to download something from Microsoft. Allow it to do so. Eventually it will want to reboot. When it does put it back in safe mode administrator account to complete the last part and review the log file.

    When this is complete, reboot and go to housecall.trendmicro.com and run the program. When this is complete you should be clean. Now, before he comes back, ditch Norton and use something like Avast! for your antivirus.

    Finally, lock down your network with a good hardware firewall, like the ones you find in the Cisco/Linsys line, but make sure you lock it down as best you can. If you need something a little more serious, use a Cisco IOS based firewall or call our sister company, Lobo Savvy Technologies, about their firewall solution.

    +
    0 Votes
    huttd

    Remote Assistance and Remote Desktop can be very useful when you need them. But, most of the time you don't, and can leave you open to attack.

    1 Right-click on My Computer
    2 Select Properties
    3 Click on the Remote tab
    4 To disable, or turn off, Remote Assistance, simply uncheck the box next to Allow Remote Assistance invitations to be sent from this computer
    5 To disable, or turn off, Remote Desktop, simply uncheck the box next to Allow users to connect remotely to this computer.

    +
    0 Votes
    Mike Bird

    DG:

    The entry I produced above is a handout I have for staff in my own office if they ask questions about Home/Personal PC security.

    If you believe your "hacker" is following you based on your IP number then the simple thing is to change your external IP address.

    1) Go to www.whatismyipaddress.com
    note the IP Address number it gives you in the upper right corner of the page.
    its in fairly large blue text so you can't miss it.

    2) Power down your computer
    3) Power down your ROUTER

    4) GO TO WORK.

    Now, the way that most ISPs work is that they randomly assign an IP number when a Router connects to the internet and validates itself against their service. If you switch your router off, and leave it for a while, then another PC will likely get the IP number you had, and your router when you switch it back on later will get a new number.

    5) Return from work
    6) Switch on Router and give it 5 minutes (reasonable time to boot up and connect).
    7) Switch on your PC and login, check the same page.

    If the IP number is different then see if your "friend" is still following you.
    If the IP number is the same then either your ISP has setup a FIXED IP NUMBER on your router configuration - OR - they have a longer timeout factor on the allocation (it takes longer for the number to be moved from your "switched off" router to the "ready to reallocate" table.)

    Either try switching it off for a whole 24 hours or speak with your ISP and ask them how the router is assigned IP (DHCP or STATIC) and if DHCP then what the TIMEOUT is on DHCP allocation.

    However I don't really consider this to be a plausible diagnosis. More likely you're infected with something that is logging your keyboard activity and its relaying this back to someone else. From the sound of things, they're being pretty aggressive (and stupid) in following you this closely.

    I am slighly confused by your description of seeing (1) in the "marquee", and your assertion that this is a second computer accessing the same site with your login details. Perhaps you could screencap an example to me? (follow the entry for my profile and use the "send contact a private mesage").

    With due respect to Alpha_Dog, i'd personally stay away from COMBOFIX (and any automated diagnosis/fix tool) unless you are quite competent. It doesn't fix every problem and I am always wary of any tool that plays with the registry.

    However the information on the BLEEPINGCOMPUTER.COM website is of course a valuable resource for all provided you take the time to read and understand the resource.

    +
    0 Votes
    Diamondgirl54

    Mr Bird,
    I want to thank you again for all of your great ideas and attempt to help. I tried to do a recovery June 8 and my computer actually died on me. Back to the drawing board....-sigh- Thanks anyway for all of the suggestions.

    +
    1 Votes
    Spitfire_Sysop

    I'm going to agree that this sounds like a Virus. It's not that someone is directly connected to you computer issuing commands. It's an automated process. It sounds like it is collecting passwords and sending them to a real person somewhere. The sound advice is to completely reinstall windows and then change all of your passwords for everthing ever. You could go to bleepingcomputer and try to learn how to fight viral code by hand but this is time consuming. The reinstall is faster and more safe. Back up crucial data to another hard drive and format the infected one. Be sure to have security software ready to install on the new OS before it goes back on-line. Keep it unplugged. Scan all of your backed up files on the external drive before using them.

    +
    0 Votes
    alexisgarcia72

    Stop trying to figure it out if you have a virus, malware, spyware, etc. Go effective with this high end measures:

    1- disconnect your computer from the internet.
    2- backup your documents to external hard drive
    3- format and reinstall your Operating system
    4- install antivirus, antimalware, windows updates, service packs, flash updates, IE updates, java updates, etc.
    5- change all your passwords (hotmail, gmail, att, facebook, youtube, etc)
    6- report this intrusion to authorities
    7- do not use administrator accounts in a daily by day basis!

    +
    0 Votes
    snauc

    Even that you have Norton 360 this is not going to give you a full protection against mailware and tracking programs and cookies. Suggestion is to download Malwarebytes Anti Mailware do the scan in live mode and that will 99% find the infections. Definitely change the pasword in your hotmail account and also increase your system security by running the program such as IObit security 360 and Ad-Aware combine which will give you real time protection while you are on the net. More advice you can find if you log on at my web site Technology For Sick Computers - http://snauc.webs.com