How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Claws224 Your Own Question

Claws224
Claws224, IEEE Network Engineer
Category: Networking
Satisfied Customers: 1256
Experience:  IEEE, Microsoft
5195814
Type Your Networking Question Here...
Claws224 is online now
A new question is answered every 9 seconds

I have been looking at my firewall and I see such allowed

Customer Question

I have been looking at my firewall and I see such allowed connection as here are some examples.1) just random #'s under general it says local IP address "any" remote IP address 8000::.1.::/1 direction outbound. Profile "all". Protocol, local port and remote port all say "any", ICMP settings "none". program, service, app package "any" for all of them. Authorized users and computers "any" and interface types "all interface types". I'll tell you I have been hacked to the point where they can see my information right from my screen and I have had to reboot because my start button and most funtions would quit but my screen was still active. Also I have remote login disabled yet 2) Remote event log management (NP-In) properties. Inbound rule for the local event log service to be remotely managed over named pipes. Local Ip address "any" remote ip address "local subnet" profile "public" Protocol "tCP" local port 445 remote port "any" program system service any and app package any. Authorized users and computers "any" expected users and computeres "any". Edge traversal "block edge traversal". There are many more but my email passwords change on me and I also have to continuously be changing my passwords. 3) Remote event log management (RPC-EPMAP) Inbound rue for the RPCSS service to allow RPC/TCP traffic for the local Event log service. local IP "any" remote ip "local subnet" profile "public". protocol "TCP" local port "RPC endpoint mapper" remote port "any" program c:\windows\system32\svchost.exe. service "RPCSS" package "any". authorized users and computers as well as excepted "any". "all interface types". This does not sound normal and there are many more odd configuations for programs I don't even have running. Is there a way for you to "check" my computer since this is windows I am using and I can't run my computer normally until the hacker is discovered? I will give permission for control if you could find a tech to take a look. I need my computer for school and have no time for these games. Thank-you. Trevor
Submitted: 3 months ago.
Category: Networking
Expert:  GeekGal replied 3 months ago.

Hi there Trevor. My name is ***** ***** that you have had to wait a bit for an answer. I'm sorry about that. I'll do my best to help you. I'll need to ask a few questions in order to best assist you. Are you using the built-in Windows Firewall or a 3rd party firewall?

Expert:  GeekGal replied 3 months ago.

It is quite possible that you have something like a trojan, or rootkit, or other type of malware that has been installed on to your computer. This software is often installed unknowingly when you download other files. I think the best place to begin is by preforming a complete and thorough scan of your computer in safe mode. I am uploading detailed instructions in pdf format. You may want to print them out as you will need to reboot the computer into safe mode as part of the process.

If you'd like, I can offer the PREMIUM SERVICE of a SECURE REMOTE CONNECTION. This will allow me to see exactly what is happening on your computer and to work on the problem while you watch. This is completely optional. If you'd prefer to do it on your own, you should be able to using the instructions that I have provided.

After your computer has been thoroughly scanned and cleaned, we will look at your firewall configuration and the other settings that you mentioned. Cleaning the computer may resolve the problem and rest them, but if not, I will walk you through doing that manually.

Expert:  GeekGal replied 3 months ago.

I see that you are offline at this time. I will be only be here for a little while longer tonight myself. Please let me know what would be the best time to continue and what time zone you are in. I am in CST.

Customer: replied 3 months ago.
Hi geekgal,I am eastern time so i believe two hours before you. I will look at the info you sent tomorrow and if i have to call then i will tomorrow afternoon. Im just pretty sure its a hacker with direct usage of my computer so it depends if the computer will even be working. It seems they have view and control of sessions so it depends how upset they get. I know it sounds crazy but for now i will believe its malware. So maybe i will talk tomorrow. Thank you for getting back to me so quickly and it was fast. Have a good night off.
Expert:  GeekGal replied 3 months ago.

Thank you Trevor. They have to have installed something on your computer, either physically (if they had direct access to your computer) or remotely (perhaps attached to a seemingly innocent download). If you're unable to detect the program that they are using for access with the instructions that I provided, you may want to consider a Windows 10 "refresh". This will reset all of your system files to their original state while preserving your documents and photos. You will usually have to reinstall your software, such as printer drivers, and programs. Please keep me posted as to your progress. If you do need to perform a system refresh I will be happy to provided detailed instructions.