Unhacking yourself

Discussion in 'other security issues & news' started by Mover, Jan 6, 2007.

Thread Status:
Not open for further replies.
  1. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    There is a lot of information on this site with regards to different types of software protection for your PC and how its used.

    How do you guys periodically, other than a regular virus/spyware scan, check that you haven't already been hacked o_O. What if something has already made its way through your security software and you haven't picked up on it ?

    What steps do you take that will definetly determine 100% (or close to it) that you are hack free ?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    well i check to see if any odd processes are running and check services.
    lodore
     
  3. EASTER.2010

    EASTER.2010 Guest

    RootKit Detectors on the order of RKUnhooker to mention one examines many deep areas where malicious or intruding code/files could hide.
    For simple file changes or attributes i use a series of Hash Sum generators, SHA1, CRC and along those lines. If you're hacked beyond those which is unlikely but NOT impossible, you could use a CD with BartPE for instance or a Linux Distro to make another comparison. These are some of mine.
     
  4. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I would run Autoruns to research and scope auto loading process and services, BHO's etc... and use Process Explorer to research the functioning process in more dept and see their actual resource use and impact... You can find those tools free from www.sysinternals.com.

    I would use Rootkit hook analyzer 2.00 from www.resplendence.com (It's quick and shows most kernel hooks.) You can then go back to process explorer to continue digging.

    Then you want to make a backup of your registry with a tool that can do a registry comparative later and immediately pinpoint hostile modifications as well as restore previous registry entries (If you have backups).
    You can use Advanced Registry Tracer for this from http://www.elcomsoft.com/art.html

    You also want to monitor anything using any kind of network resources from or to your host pc since trojans and rootkits love using the network to bring in more viruses or phone home and open a doorway to the hackers. You can use TCPView for this also from www.Sysinternals.com
    I favour PortExplorer from www.DiamondCS.com since it provides far more powerful tools as well as being able to capture transactions for later analysis. It is also easier to quickly pinpoint suspicious activity with PE.

    Also you should clean the registry of all clutter and empty all temp folders and directories on your PC. (A great many viruses and spyware hide in Temp folders so cleaning them daily greatly reduces problems with many minor infections...)

    Word for the Wise "Defragment Daily!!!"

    This should keep you busy learning for a while!!!
     
    Last edited: Jan 6, 2007
  5. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    on my box I too employ a network of tripwires (checksums on security aps and critical OS files in the assumption that malware will attempt to subvert them) a HIPS (which I consider a tripwire) object auditing and other security logs. As well as maintain updated security benchmarks (rootkit detector logs, patch verification, registry entries) I do keep an eye on unusual traffic when there shouldnt be any, but have yet to settup an actual traffic packet sniffer like Snort
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,

    Already mentioned:

    Scan with Live CD, comparison of system files normal vs. live.
    Full reformat.
    General feel of the system.

    Mrk
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yeah, all thats been said already really.
    Look at your traffic.
    Live CD.
    Free and paid utilities.
    Mark Russinovich and malware detection and removal video (Sysinternals) which has been posted before is a good watch for those wanting learn about detection and removal. Some tools used are Autoruns and ProcessExplorer. Another one of of their tools is the already stated above TCPView. I also use Administrator's Pak from the same authors but from Winternals.
    Antirootkit.
    DeviceTree.
     
Thread Status:
Not open for further replies.