# My ISP saying I hacked some1



## casanova (May 15, 2006)

I am currently using TATA Indicom broadband connection. I got  a call from Tata saying that I hacked some1 on Friday at 1.20 pm.
The funny part is I was not using My computer at that time as I had gone to offer prayers.Yup, my comp was on and so was my net connection as my downloading was going on through eMule v0.47a.
I am using NetMeter currently and I noticed something crazy, my download and upload speeds are shown higher than my usage,
eg If only eMule is using net connection and downloading at 3KBPS and uploading at 2KBPS, netmeter shows around 6KBPS for download speed and 5 KBPS for upload speed. I noticed this only after I received call from Tata. 

Now, I am in trouble as they might be filing an FIR against me, so help me out on following points:-
1. Am I infected with some spyware. (I am not using any spyware remover currently, downloading Spybot right now).
2. Is it possible for some1 to connect with my IP address.
3. And how to overcome this problem? (what shud I do prove myself innocent)


----------



## satyamy (May 15, 2006)

ya its is possible that u r PC is infected by some virus or spyware & when U download something their is a lot of possibilities of these types of things
u did'nt specified what u wer downloading & from which site?..............


----------



## champ_rock (May 15, 2006)

tell those tata people EXACTLY what had u done... it is fundamental right to know of the accusation against u .....then u can proceed... also does tata have a lan?


----------



## blackpearl (May 15, 2006)

I guess ur PC is infected with a trojan which is carrying out DDoS attack from ur computer.
My suggestion is to first install a firewall and block access to all programs other than ur browser and other applications that u use for downloading stuff. Then run a through virus scan on ur PC with some trust worthy antivirus s/w like Norton. Also scan with some anti trojan and anti spyware. Make sure u have upto date virus defination files.


----------



## casanova (May 15, 2006)

I stated that I was downloading thru eMule and cant exactly say wat since my download list in eMule is always 2 big.

My Norton antivirus auto protection was enabled and updates were also the latest and I had done my virus check on 10th may, it found 1 virus and it was deleted successfully and Friday was 12th.
I scanned my comp for spywares with Spybot, it showed 5 errors, 4 of them were tracking cookies and 1 was windows security center disable antivirus notify.
The 4 tracking cookies were from Avenue A. Inclusive, DoubleClick, HitsLink and SexTracker. I havent visited any of these sites. Even wen some unwanted sites open, I close them even before it is 10% loaded.
I am using Norton Systemworks 2003 with latest updates.
[Edit]
My OS is Windows XP SP2 with automatic updates on .
@champ rock
What do u mean by Tata having LAN.
They have given me a router with 1:4 connection.


----------



## drvarunmehta (May 15, 2006)

Post a HijackThis! log file. Maybe you should just reinstall XP and get rid of whatever virii, malware or trojan is there on your PC.


----------



## casanova (May 15, 2006)

Ok here is the hijackthis logfile. I am not understanding anything from this logfiles. Further, when at times when a trojan is detected, Norton deletes it and mostly I even then clear my temp folder.


----------



## santu_29 (May 15, 2006)

after looking at your logfile i found 2 bad entries, so please check them out

> O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll
> O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Also get the full details from your isp about the accusition, as said by champ


----------



## it_waaznt_me (May 15, 2006)

The log is clean ... 
{This word limit thingy sucks}


----------



## robin345 (May 15, 2006)

You should aslo have Norton internet Security b`coz you need extra firewall .
Also Try to clear everything with tata as soon as possible .


----------



## Rollercoaster (May 16, 2006)

man keep a record of everything u detect and do with screenshots or something... if u really think they will file FIR...


----------



## Akshay (May 16, 2006)

Just install Zone alarm (latest ver.). I wud suggest a thorough scan with NAV 2006 or just format ur sys (if poss.). Dont worry about the FIR n stuff coz nothing much can happen with it coz there is no "mens rea" (guilty mind) on ur part and u didnt do it purposly. 

When companies like microsoft with latest techniques, technology, etc. are not immune from hackers how can we be?


----------



## abracadabra (May 16, 2006)

as for your ip thing u r assigned the ip dynamically and not a static ip. but ppl remember not to try something nast as u r modem network card has a phsical address like thiz xx-xx-xx-xx-xx-xx can be gat by typing *ipconfig /all* at command prompt. they can find the excat location as to where the problems erupt.


----------



## samrulez (May 16, 2006)

First scan ur pc with Anti spyware.........Then just check if the no 1 has access to ur phone ....or internet connection....Some1 else might be using ur connection and thats the reason u are getting low speeds


----------



## PainKiller (May 16, 2006)

i think its not tata ppl but one of your friend must have played a prank of u. what do u think???????


----------



## samrulez (May 16, 2006)

See TATA indicom is wireless..ok.Any on who has knowledge abt this can tune to a frequency of ur phone..ok..So he will have a phone on ur line.
And he can also connect to the net via ur line..And if he hacks some1 it will be via ur line..and therefore it is  u who is blamed coz it is ur account.


----------



## Netjunkie (May 16, 2006)

abracadabra said:
			
		

> as for your ip thing u r assigned the ip dynamically and not a static ip. but ppl remember not to try something nast as u r modem network card has a phsical address like thiz xx-xx-xx-xx-xx-xx can be gat by typing *ipconfig /all* at command prompt. they can find the excat location as to where the problems erupt.



TATA Indicom Broadband is Router based & provides a Static IP.
So no need of the Mac address for tracking purpose

In this case ask them what exactly do they mean by "hacking someone".
I dont feel they will take this issue very far.


----------



## techiways (May 16, 2006)

He He. Don be scared dude. Its most obvious that your friends have bug a big well for you to fall in! Maybe its an true Bakra!

Come on... if you had really commited a cyber crime, why would tata indicom call you to inform that on first hand. Moreover i don think Indian Isps have time and such advancements to file an fir for some mere DDOS attack.

Unless you had abused someone online or had engaged in data theft, you could face such problems. Since you haven done any of these, its most likely that someone is playing a prank on you.

Also remember, no one can simply file an fir. They need evidence. Even if your computer was hacked and was being controlled by an third party, it could all be revealed through the ISPs log files. so dont worry. Everything is electronically logged and you cannot be held liable at all.


----------



## casanova (May 16, 2006)

Hey, there was some confusion, it wasn't from TATA Indicom but someone very hifi. Wenever I try to call back that no., there is no ringing tone i.e; that is my call is picked up but some kind of different sounds come over there.

I reside in Pune and the no was from Mumbai. Strange thing is it doent look like a Mumbai no. The no is +912267925400
My cousin in Mumbai told me that it is not a MTNL no. Does anybody know this no is from which service provider.

I dont think so that it is a prank played by any of my friends. Reason 4 this is that my friends know me as Naveed Patel and my complete name is Naveed Shaikh Mohammed Patel. And most of the first timers call me Naveed Shaikh (even the TATA people) as Shaikh is a very common surname. Secondly, if it were any1 of my friends atleast I wud have listened a ringingtone. I tried the above mentioned no. many times and tat also from different nos. but same sound comes. 
Yes, I am having a static IP and it is router based connection. Also tis connection is from proper TATA Indicom and not from Tata Indicom VSNL.

Is there any such s/w that can show how much bandwidth is consumed by which program so tat I can know wat is actually using my bandwidth.
Also, can some1 from Mumbai find out the service provider for the no. (+912267925400) and if possible whose no. is this.
Wud be scanning with Zone alarm soon.

[Edit]
Zone alarm is having a variety of packages. Which pacakge shud I use.


----------



## Akshay (May 16, 2006)

Use Zone Alarm Security Suite v 6.1.744.001:

*www.zonelabs.com


----------



## Rollercoaster (May 16, 2006)

dude try to find the owner of the phone no..
try *mumbai.mtnl.net.in/directory/telephone.html


----------



## samrulez (May 16, 2006)

I think  I found it ,its from...............go to the following link    *mumbai.mtnl.net.in/directory/telephone.html  
and then paste the number I.E     2267925400    coz +91 is country code..


----------



## casanova (May 16, 2006)

It is not a MTNL no. Akshay said it is a Tata No. They shifted from 5xxxxxxx to 6xxxxxxx.
Does anybody know the directory site for Tata.
A program edlm2.exe was trying to access the Internet repeatedly. It is residing in c:\windows\system32 (Zone Alarm tracked this). Any information about this program.


----------



## prophet of the pimps (May 16, 2006)

its a trojan alright.
*www.liutilities.com/products/wintaskspro/processlibrary/edlm2/


----------



## hermit (May 17, 2006)

*mac id * saves u if ur innocient ,as u r id differs from hacker , u can walk off at ease .

as them to check the hacker mac id and urs


----------



## Choto Cheeta (May 17, 2006)

> Now, I am in trouble as they might be filing an FIR against me, so help me out on following points:-



they cant... u r a legal user of their system and services... for any reason if u have used any other account still they cant... u have used the account of some on else... so technically TATA doesnt have right to FIR against u... only the person who's account u have used is eligible to any such FIR with the help of the ISP...

in the history of internet... there wasnt any such case as u r saing... what will be the point of FIR?? u stole TATA's bandwidth... ?? lol...

so relax... TATA cant do any FIR against u... yes they can send u a bill for extra usage...  thats all...


----------



## casanova (May 17, 2006)

I am not sure whether the call was from Tata or some1 else but it is a high probabilty tat it was from Tata only. Its more than 5 days since the hacking was done. No action yet other than the phone call on monday. Does any1 hav an idea how much time they take to react in such cases.

Further, there is no chance of stealing bandwidth. I am not even getting my commited bandwidth.


----------



## Choto Cheeta (May 17, 2006)

@casanova

why r u so warried... there is no CASE... some one fooled u man.. TATA as an ISP doesnt have right to file any such FIR.... they have right only to charge u as for the extra DATA of bandwidth u have used or inform u and ask u that whether u r notified about the action or not... thats what TATA as an ISP can do... worst thing is they may warn u and for showing this reason they may DC the line... there is no such thing as fileing any FIR... so relax...


----------



## neo_online (May 18, 2006)

yes he is right man............
no isp has a right to file any complain against u........
n if u still thinklike some one stil using ur system...so download nod32  antivirus n follow aa deep scan....only dat cn help u.nod32 is a very perfect amtivirus n its signature is also very small......
so do it if u want..


----------



## casanova (May 18, 2006)

thx 4 ur +ve responses. I am also thinking now that nothings gonna happen. If ot wud hav been real hacking, there wud definitely been sum action against me. If anything happens further I wud post here.

BTW I am infected with edlm2.exe trojan. Norton Systemworks 2003 wasnt succesful in removin it. Wat shud I do to remove it. Didnt start a new thread 4 this since I think it may be related to the hackin case. And is Zone Alarm Antivirus better than Norton systemworks.

Thx again. I can relax a bit now


----------



## rohandhruva (May 18, 2006)

Welcome to the windows world casanova. This is what you get for using the most insecure and bug ridden os ever. 

What I advise you at this point is .. challenge them at their own games. Tell them to show you the ip, and the server logs. Tell them that you would like them to come to your place and examine the pc by *certified professional*. Just use some hi-fi words, like MCSE and MCSD certified professional and all, and I am sure the stinking ba*tards will not file an FIR. A company which provides service has no right at all to file a complaint against its consumer. In fact, even use the press -- I am sure they will bash TATA and be on your side. Call up TOI and Indian Express with what you have to say -- start a _War by Media_.

Best of luck, and use Linux in the future ..


----------



## GARY~GEEK (May 30, 2006)

K dude seems that u r too scared. With all the posts i read i read there seems to be that some might have hacked your computer and then hacked some one elses thru u'rs. Nd let me tell you dont take this lightly. If u do find that it is a virus or spyware issue. Do a scan from the followingh web site
*housecall.trendmicro.com/

let me know wat is the status...........................


----------



## mehulved (May 30, 2006)

OK I am late here. But, if you're still worried let me tell you either this number isn't from tata at all. Yes tata numbers begin from 6 but then the 8th last digit has to be six and not 6th last.
Consider the number you gave +9122679254 then in terms of mumbai number it would be 679254. The numbers in mumbai are 8 digit and not 6 digit.
If you consider it as a 8 digit number you get 22679254. It will then become a MTNL number and that belong to some trust so no trouble from somewhere.
So, surely it's not a TATA number or a Mumbai number.


----------



## chota_rod_waala (May 30, 2006)

dump norton and get zone AV

and wat u shud do is format your system and shutdown the computer.Get out of your house for some(10) days.

Switch off the phone and no troubles


----------



## Akshay (May 30, 2006)

Plz chk the no. tech... it is +912267925400. U r missing out on last 2 zeros
It is a tata - mumbai no.


----------



## the deconstructionist (May 31, 2006)

[chota_rod_waala chota_rod_waala is offline
Member

Join Date: May 2006
Posts: 30
Rep Power: 0
chota_rod_waala is an unknown quantity at this point
Talking Re: My ISP saying I hacked some1
dump norton and get zone AV

and wat u shud do is format your system and shutdown the computer.Get out of your house for some(10) days.

Switch off the phone and no troubles.]


It is foolish to run away from a problem, be brave and face it . I feel the message is not genuine check again for the authenticity of the claim.


----------



## Darthvader (May 31, 2006)

Open windows in safe mode then delete the trojan or go to msconfig> startup services and uncheck that and then delete it


----------



## casanova (May 31, 2006)

i had mentioned the no as +9167925400. No further calls, I think it was just an alert received from Tata, there are no problems as of now. I was infected with a trojan edlm2.exe. This file file was created by ldr4.dll and it was attched to winlogon.exe. I removed the trojan and everything is fine.


----------



## gary4gar (May 31, 2006)

what is if a person really hacks whats charged will he face??


----------



## khansdream (May 31, 2006)

Well, its completly depend on the nature of hacking and also depend on the complaint (suppose if u hacked a site and nobody complaint officially u r safe).
But if some1 traced & complaint against you, u can be booked for 5 years or more and 1 to 5 lacs of fine u/s of cyber crime.

Additionally if u hacked an e-commerce site and did some fradulant act u can be kept away longer than mentioned above, and will be charged under IPC too like 420, 419 etc.

Scared.....???????????????hehe......But I am serious.


----------



## gary4gar (May 31, 2006)

what if i hack a bsnl user id pass of someone and use it like any way a want??


----------



## khansdream (May 31, 2006)

Then its depend on the person whose bsnl id/pass u hacked, if he/she is so dumb then don't worry. But beware its, of course, a serious crime. You said hacked but the court will say 'Stolen'............!!!!!!!


----------



## gary4gar (May 31, 2006)

but on a good note just pay 900 rs in total & do what u what with no fear


----------



## khansdream (Jun 1, 2006)

Yeah, you are right.

One more thing, the cyber law has been written to safe e-com transactions. BUt there are several other similar crimes are being committed by so-called techies. 

Like cloning of mobile phone, copying of credit & ATM cards etc, these are too serious offence. On the one side we are using the technology for India's economy and on the other hand we, unintentionally, help others to misuse technology.


----------



## overdose_14 (Jun 2, 2006)

Thats a trojan for sure
Cause a trojan was blocked from accesing other computers by my ZoneLabs

I used AVG to remove it
Its trojan as they do these types of things


----------



## abhinavrakesh (Jun 3, 2006)

*Your Answer*

First of All I Wan't to Tell All The Peoples Who Are Posting in This Forum That: -

Whetever Signal Passes Through Any Computer to Server whether it's wire connected or wireless the data is in Encryption Form 128 bit.

Second You Are Not to be held responsible in any cracking case because your computer is virtually in proxy with the isp computer Only Dial-Up is the way to directly connect to a server from your computer. so no need to worry about the all hacking instance played on you.

third if you hacked bsnl user id there is no use of that id unless you have broadband enabled line in your phone line, and if you have enabled broadband line then why someone use other user id to log in, and nobody is so dumb that if you continue downloading with his user name he will not take any type of action against it.

and last but not least i want to tell bsnl user's in delhi and NCR region, i have some doubt that this site is already hacked and, it's not detected till now if someone have little knowledge of security he can tell that something is going with bsnl site for quite some days


----------



## hbk549 (Jun 3, 2006)

I use Dailup and Little happy..


----------



## khansdream (Jun 3, 2006)

*Re: Your Answer*

@ abhinavrakesh

as u said:
Whetever Signal Passes Through Any Computer to Server whether it's wire connected or wireless the data is in Encryption Form 128 bit.

*It doesn't mean u cannot be traced.*


----------



## puja399 (Jun 3, 2006)

*Re: Your Answer*



			
				abhinavrakesh said:
			
		

> .......
> 
> Whetever Signal Passes Through Any Computer to Server whether it's wire connected or wireless the data is in Encryption Form 128 bit.
> .....



....even if there is no SSL tunnelling between the client and the server ??   



			
				abhinavrakesh said:
			
		

> .......
> Second You Are Not to be held responsible in any cracking case because your computer is virtually in *proxy* with the isp computer Only Dial-Up is the way to directly connect to a server from your computer
> .....


Do u mean anonymous proxy??? And even if the computer in question is really in proxy, as u say, then where is the client computer???? I thought the client computer is only behind a NAT router which is the ADSL modem  and the ISP assigns ip address to the router or to the computer, depending on whether it a PPPOE or a  bridged connection.. 


			
				abhinavrakesh said:
			
		

> .......
> third if you hacked bsnl user id there is no use of that id unless you have broadband enabled line in your phone line, and if you have enabled broadband line then why someone use other user id to log in, and nobody is so dumb that if you continue downloading with his user name he will not take any type of action against it
> .....


U mean it is not practicable for someone with TATA broadband to hack into some system which is on dialup or which is connected using dataone broadband???? 

I find ur comments not only funny but reckless and misleading too.


----------

