I definitly got hacked!!

Its never been soo obvious, obtrusive and in my face before like this, but it can't be anything else besides a fully blown hack that merits both starting clean and secure.

To let you in on things, I suddenly saw 2 new admin accounts on my computer... They luckily didn't have passwords and was able to boot up in them to find an open notepad that might hint at how they got in, it had:

" [.shellclassinfo]
Localizedresourcename=@%systemroot%\system32\shell32.dll,-21787 "

Do you recognize what type of hack this alludes to? Is there a rootkit on me?
I will last another week before I have the chance to start fresh, what should I do with this system in the meantime? I leave my sys on and connected? how can this person be stopped from here till when I get a chance to start clean & update everything??




So really, I guess I deserved it, I had an old version of ZA pro that on occasion would crash and hasn't gotten an upgrade in the longest... I also lasted a long while without a viruscanner and also would on occasion surf questionable sites, and let people use my comp, without exercising any policy or control over what they do.

Thankfully I've lasted about 2-3 months plowing through this forum to be prepared for something like this and now is the time to tie it all together...

In other posts I've made today I expect to get responses on best virtualization, partition & backup management processes I should use.

But still need help with the FW, AV & AS aspect of things.

I am behind a d-link hw firewall that has SPI, but that didn't seem to do any good..

After reading all I have, I'm considering the following FW, AV & AS apps for free protection:

1.
Comodo 3 and/or Dynamic Security Agent
I don't want overlap & wonder if Comodo's HIPS is suffiient and/or works well with DSA? I haven't seen any tests for Comodo's hips but DSA has tested well in this site
http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

There are people here that revere over eqsecure but if it doesn't do well on tests I question why should it be used??

The big/final question is if Comodo and/or DSA combination will provide the following type of protection/features:

a. check md5 signitures of executables/processes/dlls {I'd also like to have information, only a click away of each running process or dll without having to individually search for them on the web, for convinience in personal validation}
b. registry
c. arp cache/table poisoning {my laptop needs this}
d. host file
e. import/export fw settings
f. SPI {I think comodo does this}
g. stealth ports {I only read of the concept but am unsure if its to be exercised by the FW or implemented with a separate program}

If not, can anyone suggest something that does for all or any of the those features?? I'm pretty sure people will find great convinience in just having to reference one spot for it all... thanks for that...



2.
avast and/or avira
avast resident for its features & p2p shield and avira on demand since it does great on comparatives. I wonder if the webshield that avast has is sufficient or if linkscanner should be considered also??



3.
Boclean, SAS and/or r^2
I really can't vouch nor comment for any, I haven't seen any reviews nor tests for these packages and sometimes imagine AV, HIPS & FW are enough, would you agree??

I remember reading somewhere that SAS pro checks & removes things at boot-time, and is an essential feature for nasties that can get removed and re-install upon reboot, but my question is, doesn't any of the other packages or even avast do the same thing??


4.
misc soft:
a.
I tried total uninstall and it crashed on an avira uninstall, I wonder if zsoft or ashampoo can be considered as better apps??

b.
I also literally dumped IE forever and now am using Firefox with noscript & keyscrambler. Someone on these forums was particular as to how keyscrambler ff add-in won't protect you from all keyloggers and am awaiting to hear of he does for keylogger protection, but if anyone has a suggestion, I'd like to hear it...

c.
Peerguardian, Filtersets like Grypen and JD5000, customizeGoogle extension, and/or B.I.S.S. {blue internet security software : includes Blocklist Manager, Protowall, Hosts Manager, Blocklist Converter} http://www.bluetack.co.uk/forums/index.php

Here its the same things, is there overlap? I wonder if I need peerguardian if I have BISS?? I am unsure as to whether BISS will be needed if my HIPS does host file protection, I question whether the grypen filtersets replace, complement or aren't needed when you have noscript. {I almost have to always temporarily allow allot of sites to run scripts anyway or else they won't function properly.}


Thats all I can think of for now..


I hope sometime in the future vendors catch up with making securing a pc soo much easier, having to keep track of all the threats and protections are quite exhausting...

 

Correct!

 

1. COMODO protects everything you listed and there is no need to use any other HIPS/Firewall along-side it.

2. Someone else will have to answer this for you. The only antivirus I have used recently is NOD32, which is my favorite.

3. I recommend using BOClean along-side the antivirus of your choice.

4. Check out RollBackRX for a Total Uninstall replacement. Out of all the uninstallers Total Uninstall seems to be the best, so I recommend RollBackRX.

I use Firefox with and recommend the following add-ons:

KeyScrambler Pro (used along-side a HIPS it is just an extra layer of protection)
Customize Google (for usability/privacy)
NoScript (for usability/security)
Locationbar2 (for usability/security)
SafeCache (for security)
SafeHistory (for security)
Extended Cookie Manager (for usability/privacy)

PeerGuardian seems to be the most effecient/lightweight in it's class.

 

Yep, you got that right!