what to do if you think you are hacked?

Discussion in 'other security issues & news' started by Tom772, Jul 9, 2005.

Thread Status:
Not open for further replies.
  1. Tom772

    Tom772 Guest

    Hey,

    A while ago a friend of mine got hacked due to a flaw in one of Nortons firewalls, (not saying what version), but anyway he was loaded with spyware, 2keyloggers, sfx hack tools, unknown scripts and remote adminstration files.

    With lots of online research and technical help from a computer graduate we managed to clean as much off as possible, but unfurtantely we still had to reformat.

    The question i was really wanting to ask is there anyway of knowning if someone has unauthourised access to your computer while online and if there are any specific programs that can be used. (The reason my friend found he was hacked is that he recieved a strange pop, while browsing and updating his AV, that he assumed was a Ad that he just (ctrl + w) to get rid of.

    Any ideas,

    Thank you T
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    First add a router. I believe Trend Micro Internet Security 2005 alerts you if you are using a wireless router to unauthorised access and may allow you to block them. But I am not entirely sure. Go to the other antivirus forum and ask Big C as he uses it . Also check out Trend's site for features.
     
  3. tomm772

    tomm772 Guest

    thank you Hammer:)
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    One idea is to use a product like Port Explorer (DiamondCS)which lets you know which programs are accessing which ports and remote addresses, and also allows you to investigate the packets that are being sent out. I also use products such as FileMon (SystemInternals) to investigate which programs are writing to which files on my system.

    Rich
     
  5. Tom772

    Tom772 Guest

    Thanks,R

    I'll give process explorer a go!
     
  6. Tom772

    Tom772 Guest

    Hey Richrf,

    downloaded and run port explorer, shows no stange connections at the moment:)thanx again
     
  7. tom772

    tom772 Guest

    If you have a remote desktop connection, can you easily find and disable it using windows? And if so how?, sorry for all the questions?

    Thank T
     
  8. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Open the control panel and double click administrative tools, then double click services.

    Scroll down and do the following to each of these services (Remote Access Auto Connection Manager, Remote Desktop Help Session Manager and Remote Registry):

    Double click the service, click stop, then select disabled from the startup type window, click OK. Make a note of what their original settings were in case you want to change back.

    Take a look here for more information on what the windows services do: http://www.theeldergeek.com/s.htm (scroll down to get a list of all the services).
     
  9. Tom772

    Tom772 Guest

    Thank you spike, recently i noticed a remote desktop connection icon in my documents and for all users folders, when i was looking at all the hidden files on my computer. Strangle really because i didn't or havnt set up any type of remote connection, but i was infected with a P2p Worm recently. Which could of allowed a hacker to take brief control(1day at the max), scanned my computer with every thing possible and I have found nothing.

    Folded the link, cheers

    Tom
     
Loading...
Thread Status:
Not open for further replies.