- Follow via:
- RSS
- Email Alert
Question
4
Votes
How To Get Rid Of A Hacker??
I've got a hacker who keeps breaking into my computer through my browser. I use both IE 9.0 and Firefox 4.0. It doesn't matter - he breaks in through either one. It started with him breaking into my Hotmail account; now he is breaking into websites where I shop, especially Amazon. How do I get rid of this guy??!! I've got Norton 360 for security, but that certainly isn't working. What to do??
Tags:
security
5th Jun 2011
Answers (15)
2
Votes
Are you sure?
Are you sure that this is certainly a hacker? Not just maybe your family members, friends, or people you know that's getting into your accounts? Not unless you were browsing on scam shop sites or have been shopping on phishing sites or on explicit sites, then you will most certainly be targeted for account and identity theft.
If this is really serious hacking where you're losing privacy and your money on online accounts, I suggest you first cancel all of your online accounts to your bank accounts or any other financial online services, inform your services that your accounts are in the risk of getting hacked, and if your area has the proper department to deal with online theft, inform the proper authorities.
If this is really serious hacking where you're losing privacy and your money on online accounts, I suggest you first cancel all of your online accounts to your bank accounts or any other financial online services, inform your services that your accounts are in the risk of getting hacked, and if your area has the proper department to deal with online theft, inform the proper authorities.
5th Jun 2011
Replies
Yes, I am being hacked via browser. 
It's not a family member; most of my relatives are older and not computer savvy. I don't do adult sites, and I try to be careful about phishing and scams....but I may have stumbled on one anyway, or at least some malware or something. I have been having this problem since I downloaded the latest version of Norton 360, so I am not sure what to think. I do not bank online, but I am terrified that this person may get hold of my credit card info if I make a purchase. I am going to contact Norton and take a good hard look at my antivirus software, at Windows, etc. All my Adobe products were already updated, so I will look at all of the other suggestions to try to solve my problem. Thanks so much for all input and suggestions.
It's not a family member; most of my relatives are older and not computer savvy. I don't do adult sites, and I try to be careful about phishing and scams....but I may have stumbled on one anyway, or at least some malware or something. I have been having this problem since I downloaded the latest version of Norton 360, so I am not sure what to think. I do not bank online, but I am terrified that this person may get hold of my credit card info if I make a purchase. I am going to contact Norton and take a good hard look at my antivirus software, at Windows, etc. All my Adobe products were already updated, so I will look at all of the other suggestions to try to solve my problem. Thanks so much for all input and suggestions.
Diamondgirl54
6th Jun 2011
tried to recover June 8....computer died....will have to buy new. thanks anyway for the help.
Diamondgirl54
10th Jun 2011
8
Votes
what makes you think
There are some key things to consider.
1) is your computer fully O/S patched?
- this means running Windows Update (or the equivalent apple O/S update) until all critical and suggeseted updates are deployed.
2) is your AntiVirus/Firewall solution updated and correctly configured?
- While norton is a reasonable product any AV/FW solution is only good if it is kept up to date. This means running (or setting auto) update routines.
- its no use if its misconfigured.
It may be worth finding the "reset" option in the AV/FW software and using it to set everything back to the default configuration (which is usually secure) then working your way throught the configuration and setting the options to a "very secure" configuration.
While this may generate a lot of messages and warnings as you start using the system; which you should be considering carefully; the benefit will be a more secure setup.
3) Other applications & Devices
Ensure that things like Adobe Acrobat, Flash Player and Shockwave Player are kept updated.
If you use another browser (Firefox for instance) then again update that.
If you view MEDIA files (movies / audio) on your computer then ensure you are careful when any file prompts you to download CODECS. One vector for viruses is to put a tempting file on the net then try to convince viewers that they need to download a CODEC to view the particular type of encoding in that file.
Remember also that USB memory sticks and even camera memory cards can contain viruses. If its been connected to your computer and the computer is infected. Plugging an infected stick into your computer may well just undo all your work so ensure you configure your AV software to scan removable media devices.
4) Unsolicited files
You've just got an email from a friend suggesting you try out a great program which they've thoughtfully attached. You've got an email from a courier company with an executable attachment that they insist you run to get the package they have on hold from you. You're being invited to open a PDF file to get a chance to win 10,000 USD.
All of the above are likely to be something nasty. If you're in doubt then phone the person up and ask them. Courier companies do not send executable programs via email to schedule deliveries; and lets face it, the majority of advance fraud fee scams on the news should have alerted you to the probablity of these being bogus.
4) Network Security
Remember if you've got a Broadband Router this has likely got a degree of protection build into it. Make sure the router is configured correctly
- ensure your router is not configured to casually permit external connections
- ensure you have not disabled protections against Port Scan
If your router is supplied by your ISP then consider contacting them for advise on checking the configuration. Alternatively if your router is your own purchase then note all settings and then consider a RESET (back to manufacturer's base settings) and then reconfigure it from scratch. Many routers automatically detect broadband configuration directly off the line.
5) WIFI security.
If you don't use WIFI then SWITCH THE FUNCTION OFF ON THE ROUTER.
If you are using it then consider if you need to use it. For instance POWERLINE type devices can provide excellent data connections direct to your router as long as you have a power socket near your desk location.
If you must have WIFI enabled then ensure you setup your router
- To hide the SSID (not broadcast)
- To use a complex password (a mix of Upper/Lower letters, Numbers and at least one ! @ or * or other non-letter character) (ensure you note the password down and store it OFFLINE)
- To use WAP or WAP2 encryption (NOT WEP)
6) ONCE YOU'VE GOT ALL THAT DONE
- Put your computer into SAFE MODE and do a full scan of the computer
- Go and download the freeware versions of tools like Malwarebytes Antimalware and AVG Free and use those to independently check and scan your computer.
From ANOTHER COMPUTER which you have a confidence is clean then change all your passwords. Remember to use complex passwords as per my note on Wifi above.
Now go back to your computer and run those anti virus scan again.
At that point you have a reasonable confidence of having a secure computing environment.
1) is your computer fully O/S patched?
- this means running Windows Update (or the equivalent apple O/S update) until all critical and suggeseted updates are deployed.
2) is your AntiVirus/Firewall solution updated and correctly configured?
- While norton is a reasonable product any AV/FW solution is only good if it is kept up to date. This means running (or setting auto) update routines.
- its no use if its misconfigured.
It may be worth finding the "reset" option in the AV/FW software and using it to set everything back to the default configuration (which is usually secure) then working your way throught the configuration and setting the options to a "very secure" configuration.
While this may generate a lot of messages and warnings as you start using the system; which you should be considering carefully; the benefit will be a more secure setup.
3) Other applications & Devices
Ensure that things like Adobe Acrobat, Flash Player and Shockwave Player are kept updated.
If you use another browser (Firefox for instance) then again update that.
If you view MEDIA files (movies / audio) on your computer then ensure you are careful when any file prompts you to download CODECS. One vector for viruses is to put a tempting file on the net then try to convince viewers that they need to download a CODEC to view the particular type of encoding in that file.
Remember also that USB memory sticks and even camera memory cards can contain viruses. If its been connected to your computer and the computer is infected. Plugging an infected stick into your computer may well just undo all your work so ensure you configure your AV software to scan removable media devices.
4) Unsolicited files
You've just got an email from a friend suggesting you try out a great program which they've thoughtfully attached. You've got an email from a courier company with an executable attachment that they insist you run to get the package they have on hold from you. You're being invited to open a PDF file to get a chance to win 10,000 USD.
All of the above are likely to be something nasty. If you're in doubt then phone the person up and ask them. Courier companies do not send executable programs via email to schedule deliveries; and lets face it, the majority of advance fraud fee scams on the news should have alerted you to the probablity of these being bogus.
4) Network Security
Remember if you've got a Broadband Router this has likely got a degree of protection build into it. Make sure the router is configured correctly
- ensure your router is not configured to casually permit external connections
- ensure you have not disabled protections against Port Scan
If your router is supplied by your ISP then consider contacting them for advise on checking the configuration. Alternatively if your router is your own purchase then note all settings and then consider a RESET (back to manufacturer's base settings) and then reconfigure it from scratch. Many routers automatically detect broadband configuration directly off the line.
5) WIFI security.
If you don't use WIFI then SWITCH THE FUNCTION OFF ON THE ROUTER.
If you are using it then consider if you need to use it. For instance POWERLINE type devices can provide excellent data connections direct to your router as long as you have a power socket near your desk location.
If you must have WIFI enabled then ensure you setup your router
- To hide the SSID (not broadcast)
- To use a complex password (a mix of Upper/Lower letters, Numbers and at least one ! @ or * or other non-letter character) (ensure you note the password down and store it OFFLINE)
- To use WAP or WAP2 encryption (NOT WEP)
6) ONCE YOU'VE GOT ALL THAT DONE
- Put your computer into SAFE MODE and do a full scan of the computer
- Go and download the freeware versions of tools like Malwarebytes Antimalware and AVG Free and use those to independently check and scan your computer.
From ANOTHER COMPUTER which you have a confidence is clean then change all your passwords. Remember to use complex passwords as per my note on Wifi above.
Now go back to your computer and run those anti virus scan again.
At that point you have a reasonable confidence of having a secure computing environment.
6th Jun 2011
Replies
Mr. Bird, you are one very thorough human being, and I am extremely grateful for your input. Yes, I do think I am being hacked via browser. This is my story: Several weeks ago, while I was logged into my Hotmail account, I noticed the marquee above the URL (the spot where it says "Hotmail" and gives your email address) began to flicker wildly. When it stopped flickering, the marquee said "Hotmail (1)", the (1) giving an indication that a second window for my email account was open somewhere in the world. Whenever I switched folders, the second person would get kicked out - but within seconds, the marquee would begin to flicker wildly again and soon the "Hotmail (1)" would return, showing the account open in 2 places. I did not want to lose the account, as I have several years worth of Internet Marketing info archived in it. So I moved almost all of my current email activity to another account. I thought this had solved my problem, until I began going to other websites, places like Amazon (that does not require a password to enter and browse), and suddenly as soon as I entered the website the marquee would flicker wildly, until the hacker managed to get in, then the flickering would stop, and there would just be a double connect every time I went to a different page. I got mad and began just flipping back and forth very quickly between pages on the Amazon website; the marquee began to flicker wildly each time I quickly changed pages until I stopped and gave up. At that point he broke through again, and my pages began to double connect again as he followed my every move. Eventually he realized I wasn't going to buy anything, and he pulled out, causing my screen to jump. I knew he was gone because the marquee stopped flickering and the double connect problem stopped. He keeps showing up now, but only at websites where I usually buy things. There is always the flickering, and the double connect once he/they break through. The only thing I can think is that he may be following me based on when my IP address shows active, (I am the only person at my house who uses my computer) and then he/they follow me to certain shopping websites to see if I will give any credit card info. Thank you again Mr. Bird; I will look at and try to implement your suggestions to see if I can solve my problem.
Diamondgirl54
6th Jun 2011
Great advice from Mike, but I DISAGREE on one small point:
You should NOT hide SSID on your wireless network.
If SSID is not being broadcast by the router/access point, then your computer must to be configured to try its own list of "hidden SSID" whenever it wants to connect to the network.
Let's say, your hidden SSID at home is "MyHiddenSSID". When you turn your laptop on at the airport, the first thing your wireless card will do is, when it sees any network with hidden SSID, it will try to connect, using the SSID "MyHiddenSSID". So a bad guy could simply program a fake access point to behave as if it has a hidden SSID, and then automatically accept any connection attempt and, obviously, serve lots of nasty things, or at least sniff on all your email passwords etc before you even know it.
In short: Always show your SSID, do use WPA security and do employ really hard to guess Wifi passwords, like "0gqe9G6gerHe4@$..#^$^\\/f?=oig" (OK, don't use this particular one, since it's already taken
You should NOT hide SSID on your wireless network.
If SSID is not being broadcast by the router/access point, then your computer must to be configured to try its own list of "hidden SSID" whenever it wants to connect to the network.
Let's say, your hidden SSID at home is "MyHiddenSSID". When you turn your laptop on at the airport, the first thing your wireless card will do is, when it sees any network with hidden SSID, it will try to connect, using the SSID "MyHiddenSSID". So a bad guy could simply program a fake access point to behave as if it has a hidden SSID, and then automatically accept any connection attempt and, obviously, serve lots of nasty things, or at least sniff on all your email passwords etc before you even know it.
In short: Always show your SSID, do use WPA security and do employ really hard to guess Wifi passwords, like "0gqe9G6gerHe4@$..#^$^\\/f?=oig" (OK, don't use this particular one, since it's already taken
TobiF
7th Jun 2011
Tried to do recovery June 8 and computer died. will have to start over. Thanks anyway for all of the help and suggestions.
Diamondgirl54
10th Jun 2011
2
Votes
It sounds like you have a virus that is doing keystroke logging
You need to disconnect your PC from the Internet and get it disinfected. Some malware and viruses can be very difficult to remove, so it may be faster/easier to simply backup the data and re-load the OS of the computer.
On a different PC, go and change ALL your online passwords, and be sure that you NEVER reuse the same password for multiple sites.
On a different PC, go and change ALL your online passwords, and be sure that you NEVER reuse the same password for multiple sites.
6th Jun 2011
Replies
I tried to do a recovery June 8 and my computer died. thanks anyway for all the advice.
Diamondgirl54
10th Jun 2011
2
Votes
time to start over
I agree with the other posters, and it may be time for you to reinstall windows if you have some nasty malware. use different passwords at each site, make them complex enough, and use 2 factor authentication on your email (google it. as a matter of fact, google may offer it). consider that it may be a family member and you can install free whole disk encryption such as truecrypt.
6th Jun 2011
2
Votes
Clearing it up step by step
Step one: I'm going to assume you are running XP. If you are running Seven or Vista, the process is similar. You will need an active internet connection. Do a google search fo "combofix". Download this product from a site called "bleepingcomputer .org" Run it in safe mode on the administrator account. If you have any issue at this stage, find a buddy who can do this for you.
When Combofix runs in safe mode, handle the warnings as they come up. if it says Norton's is still running, terminate Norton's process. After you are sure it's closed, continue through the warnings.
This part will take a while. As it runs through, it may ask to download something from Microsoft. Allow it to do so. Eventually it will want to reboot. When it does put it back in safe mode administrator account to complete the last part and review the log file.
When this is complete, reboot and go to housecall.trendmicro.com and run the program. When this is complete you should be clean. Now, before he comes back, ditch Norton and use something like Avast! for your antivirus.
Finally, lock down your network with a good hardware firewall, like the ones you find in the Cisco/Linsys line, but make sure you lock it down as best you can. If you need something a little more serious, use a Cisco IOS based firewall or call our sister company, Lobo Savvy Technologies, about their firewall solution.
When Combofix runs in safe mode, handle the warnings as they come up. if it says Norton's is still running, terminate Norton's process. After you are sure it's closed, continue through the warnings.
This part will take a while. As it runs through, it may ask to download something from Microsoft. Allow it to do so. Eventually it will want to reboot. When it does put it back in safe mode administrator account to complete the last part and review the log file.
When this is complete, reboot and go to housecall.trendmicro.com and run the program. When this is complete you should be clean. Now, before he comes back, ditch Norton and use something like Avast! for your antivirus.
Finally, lock down your network with a good hardware firewall, like the ones you find in the Cisco/Linsys line, but make sure you lock it down as best you can. If you need something a little more serious, use a Cisco IOS based firewall or call our sister company, Lobo Savvy Technologies, about their firewall solution.
Updated - 6th Jun 2011
0
Votes
the hacker
Remote Assistance and Remote Desktop can be very useful when you need them. But, most of the time you don't, and can leave you open to attack.
1 Right-click on My Computer
2 Select Properties
3 Click on the Remote tab
4 To disable, or turn off, Remote Assistance, simply uncheck the box next to Allow Remote Assistance invitations to be sent from this computer
5 To disable, or turn off, Remote Desktop, simply uncheck the box next to Allow users to connect remotely to this computer.
1 Right-click on My Computer
2 Select Properties
3 Click on the Remote tab
4 To disable, or turn off, Remote Assistance, simply uncheck the box next to Allow Remote Assistance invitations to be sent from this computer
5 To disable, or turn off, Remote Desktop, simply uncheck the box next to Allow users to connect remotely to this computer.
Updated - 6th Jun 2011
0
Votes
Follow Up response to DiamondGirl
DG:
The entry I produced above is a handout I have for staff in my own office if they ask questions about Home/Personal PC security.
If you believe your "hacker" is following you based on your IP number then the simple thing is to change your external IP address.
1) Go to www.whatismyipaddress.com
note the IP Address number it gives you in the upper right corner of the page.
its in fairly large blue text so you can't miss it.
2) Power down your computer
3) Power down your ROUTER
4) GO TO WORK.
Now, the way that most ISPs work is that they randomly assign an IP number when a Router connects to the internet and validates itself against their service. If you switch your router off, and leave it for a while, then another PC will likely get the IP number you had, and your router when you switch it back on later will get a new number.
5) Return from work
6) Switch on Router and give it 5 minutes (reasonable time to boot up and connect).
7) Switch on your PC and login, check the same page.
If the IP number is different then see if your "friend" is still following you.
If the IP number is the same then either your ISP has setup a FIXED IP NUMBER on your router configuration - OR - they have a longer timeout factor on the allocation (it takes longer for the number to be moved from your "switched off" router to the "ready to reallocate" table.)
Either try switching it off for a whole 24 hours or speak with your ISP and ask them how the router is assigned IP (DHCP or STATIC) and if DHCP then what the TIMEOUT is on DHCP allocation.
However I don't really consider this to be a plausible diagnosis. More likely you're infected with something that is logging your keyboard activity and its relaying this back to someone else. From the sound of things, they're being pretty aggressive (and stupid) in following you this closely.
I am slighly confused by your description of seeing (1) in the "marquee", and your assertion that this is a second computer accessing the same site with your login details. Perhaps you could screencap an example to me? (follow the entry for my profile and use the "send contact a private mesage").
With due respect to Alpha_Dog, i'd personally stay away from COMBOFIX (and any automated diagnosis/fix tool) unless you are quite competent. It doesn't fix every problem and I am always wary of any tool that plays with the registry.
However the information on the BLEEPINGCOMPUTER.COM website is of course a valuable resource for all provided you take the time to read and understand the resource.
The entry I produced above is a handout I have for staff in my own office if they ask questions about Home/Personal PC security.
If you believe your "hacker" is following you based on your IP number then the simple thing is to change your external IP address.
1) Go to www.whatismyipaddress.com
note the IP Address number it gives you in the upper right corner of the page.
its in fairly large blue text so you can't miss it.
2) Power down your computer
3) Power down your ROUTER
4) GO TO WORK.
Now, the way that most ISPs work is that they randomly assign an IP number when a Router connects to the internet and validates itself against their service. If you switch your router off, and leave it for a while, then another PC will likely get the IP number you had, and your router when you switch it back on later will get a new number.
5) Return from work
6) Switch on Router and give it 5 minutes (reasonable time to boot up and connect).
7) Switch on your PC and login, check the same page.
If the IP number is different then see if your "friend" is still following you.
If the IP number is the same then either your ISP has setup a FIXED IP NUMBER on your router configuration - OR - they have a longer timeout factor on the allocation (it takes longer for the number to be moved from your "switched off" router to the "ready to reallocate" table.)
Either try switching it off for a whole 24 hours or speak with your ISP and ask them how the router is assigned IP (DHCP or STATIC) and if DHCP then what the TIMEOUT is on DHCP allocation.
However I don't really consider this to be a plausible diagnosis. More likely you're infected with something that is logging your keyboard activity and its relaying this back to someone else. From the sound of things, they're being pretty aggressive (and stupid) in following you this closely.
I am slighly confused by your description of seeing (1) in the "marquee", and your assertion that this is a second computer accessing the same site with your login details. Perhaps you could screencap an example to me? (follow the entry for my profile and use the "send contact a private mesage").
With due respect to Alpha_Dog, i'd personally stay away from COMBOFIX (and any automated diagnosis/fix tool) unless you are quite competent. It doesn't fix every problem and I am always wary of any tool that plays with the registry.
However the information on the BLEEPINGCOMPUTER.COM website is of course a valuable resource for all provided you take the time to read and understand the resource.
7th Jun 2011
Replies
Mr Bird,
I want to thank you again for all of your great ideas and attempt to help. I tried to do a recovery June 8 and my computer actually died on me. Back to the drawing board....-sigh- Thanks anyway for all of the suggestions.
I want to thank you again for all of your great ideas and attempt to help. I tried to do a recovery June 8 and my computer actually died on me. Back to the drawing board....-sigh- Thanks anyway for all of the suggestions.
Diamondgirl54
10th Jun 2011
1
Vote
Misuse of term "Hacked"
I'm going to agree that this sounds like a Virus. It's not that someone is directly connected to you computer issuing commands. It's an automated process. It sounds like it is collecting passwords and sending them to a real person somewhere. The sound advice is to completely reinstall windows and then change all of your passwords for everthing ever. You could go to bleepingcomputer and try to learn how to fight viral code by hand but this is time consuming. The reinstall is faster and more safe. Back up crucial data to another hard drive and format the infected one. Be sure to have security software ready to install on the new OS before it goes back on-line. Keep it unplugged. Scan all of your backed up files on the external drive before using them.
7th Jun 2011
0
Votes
stop!
Stop trying to figure it out if you have a virus, malware, spyware, etc. Go effective with this high end measures:
1- disconnect your computer from the internet.
2- backup your documents to external hard drive
3- format and reinstall your Operating system
4- install antivirus, antimalware, windows updates, service packs, flash updates, IE updates, java updates, etc.
5- change all your passwords (hotmail, gmail, att, facebook, youtube, etc)
6- report this intrusion to authorities
7- do not use administrator accounts in a daily by day basis!
1- disconnect your computer from the internet.
2- backup your documents to external hard drive
3- format and reinstall your Operating system
4- install antivirus, antimalware, windows updates, service packs, flash updates, IE updates, java updates, etc.
5- change all your passwords (hotmail, gmail, att, facebook, youtube, etc)
6- report this intrusion to authorities
7- do not use administrator accounts in a daily by day basis!
7th Jun 2011
0
Votes
Download and run Malwarebytes Anti Mailware
Even that you have Norton 360 this is not going to give you a full protection against mailware and tracking programs and cookies. Suggestion is to download Malwarebytes Anti Mailware do the scan in live mode and that will 99% find the infections. Definitely change the pasword in your hotmail account and also increase your system security by running the program such as IObit security 360 and Ad-Aware combine which will give you real time protection while you are on the net. More advice you can find if you log on at my web site Technology For Sick Computers - http://snauc.webs.com
7th Jun 2011
0
Votes
I would go a lot further
You don't simply need to reload the OS you need to wipe the HDD as this sounds very much like an infection that you have on your HDD.
Even reloading the system may not be enough to kill the infection as some can survive a Format and then return and reinfect the system.
If you want to be really sure that your HDD is clean you need to use a Wiping Utility like Boot & Nuke available free here
http://www.dban.org/download
Run it with at least 3 wipes and then start to reload the system. Caution If you use a Wiping Utility on the HDD you will destroy any Recovery partitions that you have so you will need a Recovery Set from your System Maker or a Windows and other software Install Disc's for all your software.
If you use a Windows Install Disc from Microsoft you will also need your System Driver Disc/s depending on who made the system. If it's an Off the Shelf System the System Makers Recovery Disc will be enough but if it's a Custom White Box you'll need each and every one of the Hardware Disc's that came with the system as well as the Windows and other installed Software Disc's that you got with the new system.
If you have problems using DBan Boot & Nuke you can use Kill Disc Suite free which is another free utility but it's not as good as Boot & Nuke at cleaning HDD's. However saying that it will kill all but the most well crafted Infection.
http://www.killdisk.com/downloadfree.htm
Then after you have a clean fresh install of Windows on your computer and all your Software is installed change every password you have ever had to something new and use a Password Generator Utility to make these Passwords. Do Not rely on making up your own passwords as these are too easily worked out by people who know you. No Personal Password is every Truly Random and all are easily worked out by people who know you or are stalking you.
Col
Even reloading the system may not be enough to kill the infection as some can survive a Format and then return and reinfect the system.
If you want to be really sure that your HDD is clean you need to use a Wiping Utility like Boot & Nuke available free here
http://www.dban.org/download
Run it with at least 3 wipes and then start to reload the system. Caution If you use a Wiping Utility on the HDD you will destroy any Recovery partitions that you have so you will need a Recovery Set from your System Maker or a Windows and other software Install Disc's for all your software.
If you use a Windows Install Disc from Microsoft you will also need your System Driver Disc/s depending on who made the system. If it's an Off the Shelf System the System Makers Recovery Disc will be enough but if it's a Custom White Box you'll need each and every one of the Hardware Disc's that came with the system as well as the Windows and other installed Software Disc's that you got with the new system.
If you have problems using DBan Boot & Nuke you can use Kill Disc Suite free which is another free utility but it's not as good as Boot & Nuke at cleaning HDD's. However saying that it will kill all but the most well crafted Infection.
http://www.killdisk.com/downloadfree.htm
Then after you have a clean fresh install of Windows on your computer and all your Software is installed change every password you have ever had to something new and use a Password Generator Utility to make these Passwords. Do Not rely on making up your own passwords as these are too easily worked out by people who know you. No Personal Password is every Truly Random and all are easily worked out by people who know you or are stalking you.
Col
7th Jun 2011
Replies
computer died after recovery - i'm going to have to start new anyway. -sigh-
Diamondgirl54
10th Jun 2011
Well since you have to reload anyway don't forget the Wipe the HDD first.
After all if you go to all of the trouble of reloading you don't want the infection to reoccure do you?
Col
After all if you go to all of the trouble of reloading you don't want the infection to reoccure do you?
Col
OH Smeg
10th Jun 2011
Get behind a router, too. This won't stop determined and knowledgeable hackers, but it's a very good start. You can also use it to close ports you don't use. Most people only use the web. Which means that you really only need a couple of ports open. If you have an external email application, that adds one or two more ports to open. Hackers take advantage of open ports in the higher ranges quite often, so closing these off can often-times defeat them.
Also, installing and using a traffic monitor can tell you what port is being used and where the traffic is originating and ending.
Also, installing and using a traffic monitor can tell you what port is being used and where the traffic is originating and ending.
digital riverrat
10th Jun 2011
0
Votes
Moving on & How to get There
Good Advice combined with thorough methodology will probably enable you to clean up and secure your pc.
At this stage its not important what it is. Just stopping the activities that are making your digital life undoubtedly insecure.
Good suggestions have been offered on this thread, how to apply them & in what order may be the trick you need.
I find using the advise and experience provided by sites such as;
http://www.majorgeeks.com/
http://www.bleepingcomputer.com/
Which both have malware removal forums, guides, tools, and above all knowledge invaluable.
Following their advise, patiently will give you a confirmed result, and personal security understanding.
May I suggest only using tools that you understand or have been advised to apply.
Combofix is a powerful scriptable tool. Your adviser may provide you with specific instructions or a script to apply.
Enabling a specific solution to your problem to be applied.
Particular methodology is required, to defeat these threats, which are after all working in a structured environment provided by us.
Bleepingcomputer has a warning not to use combo fix unless asked to.
Mr Birds method is imho good, & may give you the result you need. His methodology is a lesson on how to do this stuff.
However additionally you really need someone with specific operating system & security knowledge to check out your gathered software logs (HiJack this etc). To see if the appearance matches the reality of what is installed on your machine.
Following the instructions and guides on these fora is quite easy and relaxing to do. Guides for newbys & all necessary information are available. The time you spend on the evolutions will be repaid many fold with the results you obtain.
Propriety combined anti virus/malware programs are useful. unfortunately they can be disabled while still appearing to do the job you paid for them to do.
Your efforts will help other community members, & who knows you may have discovered an unusual, badly applied whatever. Which will help the security community and everyone else go about our lives with a little less interference.
Your results will be confirmed, by those who know, & are considered to be some of the best publicly available security minds. Then if all else fails you can quarantine your data to be exercised later. Start again, building a more secure system combining your new knowledge / advise, your acquired software & hardware into a more robust computing system.
Have a good one
Take care
P.S. Other links http://www.grc.com/intro.htm Shields up is a good check plus other security information.
At this stage its not important what it is. Just stopping the activities that are making your digital life undoubtedly insecure.
Good suggestions have been offered on this thread, how to apply them & in what order may be the trick you need.
I find using the advise and experience provided by sites such as;
http://www.majorgeeks.com/
http://www.bleepingcomputer.com/
Which both have malware removal forums, guides, tools, and above all knowledge invaluable.
Following their advise, patiently will give you a confirmed result, and personal security understanding.
May I suggest only using tools that you understand or have been advised to apply.
Combofix is a powerful scriptable tool. Your adviser may provide you with specific instructions or a script to apply.
Enabling a specific solution to your problem to be applied.
Particular methodology is required, to defeat these threats, which are after all working in a structured environment provided by us.
Bleepingcomputer has a warning not to use combo fix unless asked to.
Mr Birds method is imho good, & may give you the result you need. His methodology is a lesson on how to do this stuff.
However additionally you really need someone with specific operating system & security knowledge to check out your gathered software logs (HiJack this etc). To see if the appearance matches the reality of what is installed on your machine.
Following the instructions and guides on these fora is quite easy and relaxing to do. Guides for newbys & all necessary information are available. The time you spend on the evolutions will be repaid many fold with the results you obtain.
Propriety combined anti virus/malware programs are useful. unfortunately they can be disabled while still appearing to do the job you paid for them to do.
Your efforts will help other community members, & who knows you may have discovered an unusual, badly applied whatever. Which will help the security community and everyone else go about our lives with a little less interference.
Your results will be confirmed, by those who know, & are considered to be some of the best publicly available security minds. Then if all else fails you can quarantine your data to be exercised later. Start again, building a more secure system combining your new knowledge / advise, your acquired software & hardware into a more robust computing system.
Have a good one
Take care
P.S. Other links http://www.grc.com/intro.htm Shields up is a good check plus other security information.
Updated - 7th Jun 2011
-1
Votes
Simples
Shoot them (not recommended where local laws dont permit)
8th Jun 2011
Replies
Wouldn't it be easier to just stop using the computer?
OH Smeg
9th Jun 2011
you have no idea how much i would like to!! I tried to do a recovery June 8 and the whole darn computer *died*. Personally, i think whoever infected me should have to do so as well!!
Diamondgirl54
10th Jun 2011
0
Votes
Hacked
How do you know you are being hacked ?
Mitchell
Mitchell
10th Jun 2011
0
Votes
I'd get a new firewall product
I have not liked Norton for quite some time. Their algorithms just haven't kept up with the "bad guys" I prefer Kaspersky Internet Security 2011 and ESET Smart Security, both of which are firewalls, anti-malware and antivirus products. Kasperky even comes with a "mini-sandie box" environment called 'Safe Run', where you can execute code you're not sure about, without worrying about it causing trouble for your system. Unfortunately, as far as I know, ESET doesn't have this capability.
10th Jun 2011
