Questions

How To Get Rid Of A Hacker??

+
4 Votes
Locked

How To Get Rid Of A Hacker??

Diamondgirl54
I've got a hacker who keeps breaking into my computer through my browser. I use both IE 9.0 and Firefox 4.0. It doesn't matter - he breaks in through either one. It started with him breaking into my Hotmail account; now he is breaking into websites where I shop, especially Amazon. How do I get rid of this guy??!! I've got Norton 360 for security, but that certainly isn't working. What to do??
Clarifications Clarifications
+
2 Votes
Alpha_Dog
Collapse -

Step one: I'm going to assume you are running XP. If you are running Seven or Vista, the process is similar. You will need an active internet connection. Do a google search fo "combofix". Download this product from a site called "bleepingcomputer .org" Run it in safe mode on the administrator account. If you have any issue at this stage, find a buddy who can do this for you.

When Combofix runs in safe mode, handle the warnings as they come up. if it says Norton's is still running, terminate Norton's process. After you are sure it's closed, continue through the warnings.

This part will take a while. As it runs through, it may ask to download something from Microsoft. Allow it to do so. Eventually it will want to reboot. When it does put it back in safe mode administrator account to complete the last part and review the log file.

When this is complete, reboot and go to housecall.trendmicro.com and run the program. When this is complete you should be clean. Now, before he comes back, ditch Norton and use something like Avast! for your antivirus.

Finally, lock down your network with a good hardware firewall, like the ones you find in the Cisco/Linsys line, but make sure you lock it down as best you can. If you need something a little more serious, use a Cisco IOS based firewall or call our sister company, Lobo Savvy Technologies, about their firewall solution.

+
0 Votes
huttd
Collapse -

Remote Assistance and Remote Desktop can be very useful when you need them. But, most of the time you don't, and can leave you open to attack.

1 Right-click on My Computer
2 Select Properties
3 Click on the Remote tab
4 To disable, or turn off, Remote Assistance, simply uncheck the box next to Allow Remote Assistance invitations to be sent from this computer
5 To disable, or turn off, Remote Desktop, simply uncheck the box next to Allow users to connect remotely to this computer.

+
0 Votes
Mike Bird
Collapse -

DG:

The entry I produced above is a handout I have for staff in my own office if they ask questions about Home/Personal PC security.

If you believe your "hacker" is following you based on your IP number then the simple thing is to change your external IP address.

1) Go to www.whatismyipaddress.com
note the IP Address number it gives you in the upper right corner of the page.
its in fairly large blue text so you can't miss it.

2) Power down your computer
3) Power down your ROUTER

4) GO TO WORK.

Now, the way that most ISPs work is that they randomly assign an IP number when a Router connects to the internet and validates itself against their service. If you switch your router off, and leave it for a while, then another PC will likely get the IP number you had, and your router when you switch it back on later will get a new number.

5) Return from work
6) Switch on Router and give it 5 minutes (reasonable time to boot up and connect).
7) Switch on your PC and login, check the same page.

If the IP number is different then see if your "friend" is still following you.
If the IP number is the same then either your ISP has setup a FIXED IP NUMBER on your router configuration - OR - they have a longer timeout factor on the allocation (it takes longer for the number to be moved from your "switched off" router to the "ready to reallocate" table.)

Either try switching it off for a whole 24 hours or speak with your ISP and ask them how the router is assigned IP (DHCP or STATIC) and if DHCP then what the TIMEOUT is on DHCP allocation.

However I don't really consider this to be a plausible diagnosis. More likely you're infected with something that is logging your keyboard activity and its relaying this back to someone else. From the sound of things, they're being pretty aggressive (and stupid) in following you this closely.

I am slighly confused by your description of seeing (1) in the "marquee", and your assertion that this is a second computer accessing the same site with your login details. Perhaps you could screencap an example to me? (follow the entry for my profile and use the "send contact a private mesage").

With due respect to Alpha_Dog, i'd personally stay away from COMBOFIX (and any automated diagnosis/fix tool) unless you are quite competent. It doesn't fix every problem and I am always wary of any tool that plays with the registry.

However the information on the BLEEPINGCOMPUTER.COM website is of course a valuable resource for all provided you take the time to read and understand the resource.

+
0 Votes
Diamondgirl54
Collapse -

Mr Bird,
I want to thank you again for all of your great ideas and attempt to help. I tried to do a recovery June 8 and my computer actually died on me. Back to the drawing board....-sigh- Thanks anyway for all of the suggestions.

+
1 Votes
Spitfire_Sysop
Collapse -

I'm going to agree that this sounds like a Virus. It's not that someone is directly connected to you computer issuing commands. It's an automated process. It sounds like it is collecting passwords and sending them to a real person somewhere. The sound advice is to completely reinstall windows and then change all of your passwords for everthing ever. You could go to bleepingcomputer and try to learn how to fight viral code by hand but this is time consuming. The reinstall is faster and more safe. Back up crucial data to another hard drive and format the infected one. Be sure to have security software ready to install on the new OS before it goes back on-line. Keep it unplugged. Scan all of your backed up files on the external drive before using them.

+
0 Votes
alexisgarcia72
Collapse -

Stop trying to figure it out if you have a virus, malware, spyware, etc. Go effective with this high end measures:

1- disconnect your computer from the internet.
2- backup your documents to external hard drive
3- format and reinstall your Operating system
4- install antivirus, antimalware, windows updates, service packs, flash updates, IE updates, java updates, etc.
5- change all your passwords (hotmail, gmail, att, facebook, youtube, etc)
6- report this intrusion to authorities
7- do not use administrator accounts in a daily by day basis!

+
0 Votes
snauc
Collapse -

Even that you have Norton 360 this is not going to give you a full protection against mailware and tracking programs and cookies. Suggestion is to download Malwarebytes Anti Mailware do the scan in live mode and that will 99% find the infections. Definitely change the pasword in your hotmail account and also increase your system security by running the program such as IObit security 360 and Ad-Aware combine which will give you real time protection while you are on the net. More advice you can find if you log on at my web site Technology For Sick Computers - http://snauc.webs.com

+
0 Votes
OH Smeg
Collapse -

You don't simply need to reload the OS you need to wipe the HDD as this sounds very much like an infection that you have on your HDD.

Even reloading the system may not be enough to kill the infection as some can survive a Format and then return and reinfect the system.

If you want to be really sure that your HDD is clean you need to use a Wiping Utility like Boot & Nuke available free here

http://www.dban.org/download

Run it with at least 3 wipes and then start to reload the system. Caution If you use a Wiping Utility on the HDD you will destroy any Recovery partitions that you have so you will need a Recovery Set from your System Maker or a Windows and other software Install Disc's for all your software.

If you use a Windows Install Disc from Microsoft you will also need your System Driver Disc/s depending on who made the system. If it's an Off the Shelf System the System Makers Recovery Disc will be enough but if it's a Custom White Box you'll need each and every one of the Hardware Disc's that came with the system as well as the Windows and other installed Software Disc's that you got with the new system.

If you have problems using DBan Boot & Nuke you can use Kill Disc Suite free which is another free utility but it's not as good as Boot & Nuke at cleaning HDD's. However saying that it will kill all but the most well crafted Infection.

http://www.killdisk.com/downloadfree.htm

Then after you have a clean fresh install of Windows on your computer and all your Software is installed change every password you have ever had to something new and use a Password Generator Utility to make these Passwords. Do Not rely on making up your own passwords as these are too easily worked out by people who know you. No Personal Password is every Truly Random and all are easily worked out by people who know you or are stalking you.

Col

+
0 Votes
Diamondgirl54
Collapse -

computer died after recovery - i'm going to have to start new anyway. -sigh-

+
0 Votes
OH Smeg
Collapse -

Well since you have to reload anyway don't forget the Wipe the HDD first.

After all if you go to all of the trouble of reloading you don't want the infection to reoccure do you?

Col