Spyware, Viruses, & Security

Question

Am i being Hacked or monitored by some agency

by roland299 / December 10, 2012 12:03 PM PST

my ip address was changed to one that is in virgina, i had the same ip(wan) for almost two years and now this change with all the extra goings on, and why does my google wait so long before i can type in the search bar, waiting for the cursor to start blinking. here is tracert google.com.

C:\Windows\system32>tracert google.com

Tracing route to google.com [74.125.228.39]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 8 ms 7 ms 8 ms 10.237.192.1
3 25 ms 21 ms 16 ms ies2037008-2.phlany05-rtr001.cny.northeast.rr.
m [24.24.16.86]
4 14 ms 13 ms 14 ms ae35-0.esyrnyaw-rtr001.cny.northeast.rr.com [2
58.149.176]
5 48 ms 30 ms 31 ms bundle-ether4.rochnyei-rtr000.nyroc.rr.com [24
8.149.252]
6 17 ms 18 ms 17 ms ae1-0.glflnyaq-rtr000.nyroc.rr.com [24.24.21.2
]
7 31 ms 31 ms 31 ms bundle-ether9.albynyyf-rtr000.nyroc.rr.com [24
4.21.215]
8 33 ms 32 ms 30 ms ae-5-0.cr0.nyc30.tbone.rr.com [66.109.6.74]
9 41 ms 41 ms 37 ms ae-0-0.cr0.nyc30.tbone.rr.com [66.109.6.26]
10 39 ms 39 ms 40 ms 66.109.9.30
11 35 ms 35 ms 34 ms 107.14.19.135
12 36 ms 39 ms 36 ms 74.125.49.181
13 35 ms 38 ms 42 ms 209.85.252.80
14 36 ms 36 ms 35 ms 72.14.238.175
15 35 ms 35 ms 35 ms iad23s06-in-f7.1e100.net [74.125.228.39]

Trace complete.

# The following results may also be obtained via:# http://whois.arin.net/rest/nets;q=108.183.207.19?showDetails=true&showARIN=false&ext=netref2# NetRange: 108.182.0.0 - 108.183.255.255CIDR: 108.182.0.0/15OriginAS: AS12271, AS11351NetName: RRNYNetHandle: NET-108-182-0-0-1Parent: NET-108-0-0-0-0NetType: Direct AllocationRegDate: 2012-08-30Updated: 2012-08-30Ref: http://whois.arin.net/rest/net/NET-108-182-0-0-1 OrgName: Road Runner HoldCo LLCOrgId: RRNYAddress: 13820 Sunrise Valley DriveCity: HerndonStateProv: VAPostalCode: 20171Country: USRegDate: 2000-09-28Updated: 2011-07-06Comment: Allocations for this OrgID serve Road Runner residential customers out of the New York City, NY and Syracuse, NY RDCs.Ref: http://whois.arin.net/rest/org/RRNY ReferralServer: rwhois://ipmt.rr.com:4321 OrgTechHandle: IPTEC-ARINOrgTechName: IP TechOrgTechPhone: +1-703-345-3416 OrgTechEmail: abuse@rr.comOrgTechRef: http://whois.arin.net/rest/poc/IPTEC-ARIN OrgAbuseHandle: ABUSE10-ARINOrgAbuseName: AbuseOrgAbusePhone: +1-703-345-3416 OrgAbuseEmail: abuse@rr.comOrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE10-ARIN ## ARIN WHOIS data and services are subject to the Terms of Use# available at: https://www.arin.net/whois_tou.html#

whenever i open up my ie browser i cannot use google search for about 5 - 10 seconds, if i try i get script running to long , and if i try to stop script google stops responding. i ran tracert and camup with some very strange results

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>tracert yahoo.com

Tracing route to yahoo.com [98.138.253.109]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 7 ms 9 ms 18 ms 10.237.192.1 ( *WHAT IS THIS*)
3 17 ms 7 ms 8 ms gig1-2-5.otscny03-rtr001.cny.northeast.rr.com [2
4.24.16.88]
4 13 ms 18 ms 11 ms ae35-0.esyrnyaw-rtr001.cny.northeast.rr.com [24.
58.149.176]
5 28 ms 31 ms 40 ms bundle-ether4.rochnyei-rtr000.nyroc.rr.com [24.5
8.149.252]
6 23 ms 27 ms 39 ms ae1-0.glflnyaq-rtr000.nyroc.rr.com [24.24.21.213
]
7 30 ms 31 ms 31 ms bundle-ether9.albynyyf-rtr000.nyroc.rr.com [24.2
4.21.215]
8 31 ms 31 ms 31 ms ae-5-0.cr0.nyc30.tbone.rr.com [66.109.6.74]
9 34 ms 38 ms 39 ms 107.14.17.172
10 40 ms 47 ms 40 ms ae-4-0.cr0.dca20.tbone.rr.com [66.109.6.28]
11 34 ms 38 ms 33 ms 107.14.19.160
12 50 ms 50 ms 50 ms 66.109.9.167
13 110 ms 70 ms 79 ms as-0.pat2.da3.yahoo.com [216.115.101.155]
14 119 ms 105 ms 149 ms as-2.pat2.dnx.yahoo.com [216.115.100.65]
15 130 ms 114 ms 122 ms xe-5-0-0.msr2.ne1.yahoo.com [216.115.100.3]
16 120 ms 144 ms 122 ms xe-8-0-0.clr1-a-gdc.ne1.yahoo.com [98.138.144.29
]
17 141 ms 139 ms 119 ms et-17-1.fab4-1-gdc.ne1.yahoo.com [98.138.0.83]
18 138 ms 116 ms 136 ms et-18-25.fab6-1-gdc.ne1.yahoo.com [98.138.93.7]

19 98 ms 120 ms 171 ms ir1.fp.vip.ne1.yahoo.com [98.138.253.109]

Trace complete.
i do not understand why my traceis going to the 10.237.192.1, this if i try and identify this i get that it is some kind of special address. and what of the other ip addresses shy am i being sent to all of these instead of just being directed to yahoo, in this example. someone pleasse shed some light on this for me am i just being paranoid??

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Am i being Hacked or monitored by some agency
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Am i being Hacked or monitored by some agency
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
There is a lot of ground to cover here.
by R. Proffitt Forum moderator / December 11, 2012 2:00 AM PST

While you can research DNS HIJACKING your IP address is dynamic and it changing is not a sign of anything but that the system is working fine.

ALL those intermediate addresses is how the internet works. I can't write much about it here but you will encounter folk that think that something is broken the first time they see a route map like you gave.

-> Here's my advice.

1. Research DNS HIJACKING.
2. Take Grif's advice at the next link.
http://forums.cnet.com/7726-6132_102-5098912.html?tag=posts;msg5099421

Bob

Collapse -
TRACKED ???
by roland299 / December 12, 2012 9:27 AM PST

I COMPLETED THE TASKS THAT YOU SUGGESTED WITH RKILL AND THEN MALWAREBYTES AND SUPERANTISPYWARE. these turned up nothing other than some adware on antispyware,. I Run these quite often anyway. However i just ran another search on the 10.237.192.1, and came up with :

IP Tracing and IP Tracking (10.237.192.1)
Sorry. This IP address could not be resolved to its location. Please try another IP address.

Examples: 213.86.83.116 (IP address) or google.com (Website)


Advertising:
Dedicated Servers: 20% Off



IP Tracer? What is the benefit?

Using the IP tracer or IP lookup tool on IP-Adress.com will allow you to trace the origin of an IP address back to the original source.
The IP locator tool helps to identify the IP address in question by searching for it with our online-based IP tracing tool.
Our IP lookup can help trace an IP address anywhere in the world and provide further details for your query.
No matter what you call it, an IP tracer, IP locator, and IP lookup are referencing the same tool like the one we provide here on our website. The tool is easy to use and has a very high accuracy rate for tracing an IP address online, no matter the location you are searching for.
Learn more here



10.237.192.1 looks like a Router IP Address.
Click here to view the default settings for Belkin F7D7302.


and then a search of the Belkin F7D7302, gives me :

Belkin Router F7D7302 Details



A Wireless N+ Router, the Belkin F7D7302 is a state of the art device that features dual-plane antennas and MIMO technology to provide three-dimensional whole-home coverage for consistent signal, even through walls and floors. It also comes with 802.11n technology that can speed up to 300 Mbps*.

yet at a different ip lookup;

10.237.192.1


IP Tracing and IP Tracking (10.237.192.1)
Sorry. This IP address could not be resolved to its location. Please try another IP address.

Examples: 213.86.83.116 (IP address) or google.com (Website
all of this was originally brought about by the long delay between opening up google search, and my ability to type into the search bar, (apx. 10 seconds), which happened to coincide with the change of my ip address to
108.183.207.19. When I lookup this address it does not indicate my location of syracuse.

it almost appears as if everthing i stream in and out of my router goes through the 10.237.192.1, for no apparent reason. is there any way to investigate this further???

Collapse -
That 10. address
by R. Proffitt Forum moderator / December 12, 2012 9:52 AM PST
In reply to: TRACKED ???

Could be the ISP's acceleration server. Keep in mind they don't usually document it since to document it publicly means hackers have less to figure out.

You'll have to ask your ISP why it's that address. Seems normal to me.
Bob

Collapse -
something amiss
by roland299 / December 14, 2012 2:31 AM PST
In reply to: That 10. address

heres the latest,
rather than use ie, i installed gogle chrome, i used it for two days without incident and no delay's between opening and being able to type into the search bar. after two days i am no longer able to access google chrome. instead i get a message that says something like "were sorry we cannot complete the request, in order to keep from harming our customer's computer's , your computer appears to be sending out some type of automatic quieries." i tried to track it down using some of there suggestions. no avail. one of the suggestions was using hijack this when i attempted this and went throough the list, i found numerous issues ,
however after checking and removing some of the issues i had to run a repair and then a system re store in order to get the computer to boot. i then uninstalled chrome, and just recently reinstalled chrome, and as of yet have not had a problem with chrome. so it appears at some point either eminating from my computer, or attached by one of the stops on the way to getting to chrome there is or was some code that chrome felt was hrmful or otherwise. i believe that the ip address, 10.237.192.1 ( *WHAT IS THIS*), is the culprit. i guess more of a gut feeling than anything else, can u give me any heads up to the hijack this app?

Collapse -
changes in tracert
by roland299 / December 14, 2012 9:09 AM PST
In reply to: something amiss

I reinstalled google chrome, at this time I am able to use chrome and am not being denied access to the browser. I then ran another tracert and although there is an attempt to hop to the specified address,10.237.192.1, (looks like a Router IP Address), at this time access is being denied:

C:\Windows\system32>tracert google.com

Tracing route to google.com [74.125.228.99]
over a maximum of 30 hops:

1 <1 ms 1 ms <1 ms 192.168.1.1
2 * * * Request timed out.
3 13 ms 9 ms 8 ms ies2037008-2.phlany05-rtr001.cny.northeast.rr.co
m [24.24.16.86]
4 13 ms 12 ms 12 ms ae35-0.esyrnyaw-rtr001.cny.northeast.rr.com [24.
58.149.176]
5 33 ms 30 ms 31 ms bundle-ether4.rochnyei-rtr000.nyroc.rr.com [24.5
8.149.252]
6 20 ms 19 ms 44 ms ae0-0.vstlny11-rtr000.nyroc.rr.com [24.24.21.210
]
7 28 ms 29 ms 31 ms bundle-ether1.albynyyf-rtr000.nyroc.rr.com [24.2
4.21.208]
8 33 ms 32 ms 31 ms ae-5-0.cr0.nyc30.tbone.rr.com [66.109.6.74]
9 39 ms 38 ms 37 ms ae-0-0.cr0.nyc30.tbone.rr.com [66.109.6.26]
10 42 ms 41 ms 37 ms ae-4-0.cr0.dca20.tbone.rr.com [66.109.6.28]
11 33 ms 33 ms 33 ms 107.14.19.135
12 87 ms 87 ms 83 ms 74.125.49.181
13 34 ms 33 ms 33 ms 209.85.252.80
14 34 ms 33 ms 33 ms 72.14.238.253
15 47 ms 33 ms 35 ms iad23s08-in-f3.1e100.net [74.125.228.99]

Trace complete.

I am lacking knowledge in this area, Is my computer or router sending out the headers seeking to go to this address, or is it routed to there by an different source???
is there someway i can look at the packets sent from my computer and/or router that will show me to what location i am directing my packets. I understand that i am directing it towards google.com and usually the hopws inbetween are just part of the necessary processes to get there.

Collapse -
Let's do the simplest test I know.
by R. Proffitt Forum moderator / December 14, 2012 10:02 AM PST
In reply to: changes in tracert
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Know how to save a wet phone?

It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.