Comments on: I’ve been hacked — I think….

By: johnxxjohn

johnxxjohn — Sun, 02 Aug 2009 08:32:13 +0000

fist messangers are things that if you dont use them you should get rid of them cuz hackers will use them to send viruses and other worms to get into the computer they do it by craming packets into open ports and any messanger allow and has to have a port open for it you should close the port and delete the messanger and then do virus and spyware scans while disconnected from the internet cuz if your connected to the internet he might be watching you do it and make sure it doesnt work right

By: bobkberg

bobkberg — Thu, 14 Apr 2005 15:40:12 +0000

Good replies all – although the suggestion above about “anything not from CA” is a little wide-open…

To take another tack though, go to foundstone.com (or whoever owns them this week), and look for their free tools.

Get one called Vision – this is a GUI app that will not only show you the open ports like netstat does, it will show you what program opened them. This is often helpful in doing forensics. As long as you’re there, download the entire toolkit – lots of usefull things there.

Bob

By: tedrizzi

tedrizzi — Tue, 12 Apr 2005 07:47:41 +0000

First off, update the patches.
second install anti spyware, antivirus and a firewall.
I would recommend PestPatrol, and CA’s EZarmor.
Those steps should clean and lock down the system.
You may need to do a repair install in IE, or even remove it and re-install it. there is no telling what damage has been already done.

By: jpagel

jpagel — Mon, 11 Apr 2005 12:33:32 +0000

As far as AV, CA is my personall suggestion I use them at work and home and have found viruses on machines that had Norton and McAfee wouldn’t find, there are Pros to them after far as Virus detection and cons, in the aspect of there Phone Tech support blows chunks because they charge, but I have emailed them before with an issue w/ their EZArmor and they replied that day with a fix that worked free of charge, also they have to quarentine folder…They have some low reviews as far as Tech Support and quarentine, but their virus detection in my eyes in wonderfull and has been reveiwed to be very good, the only other suggestion that i could see as being used would be Trend Micro, I personally would not suggest Norton & McAfee, they are wayyy over rated, Panda is an excellent product, but quite expensive…

By: marcjacquard

marcjacquard — Mon, 11 Apr 2005 11:33:45 +0000

First of all, until you know what the issue is, do not allow this machine to plug into the corporate network. You have no idea what is running and what the damage could be. Second, you need to decide if you are going to spend the time necessary to debug and fix the machine or just rebuild it and start over. Once you have fixed the machine, install A/V, anti-spyware, and a good desktop firewall. Anything not from Computer Associates is a good choice. Reviews on security products indicate they score the lowest on almost all points.

Also, AOL messenger has the potential for bringing things into the network. You should rethink the use of this product on company owned equipment.

By: jpagel

jpagel — Mon, 11 Apr 2005 11:02:15 +0000

My personnal suggestion would for you to go get the Microsoft AntiSpyware from http://www.microsoft.com in another 100 or so days they will have a full blown version that Microsoft is giving out for free to all their customers. I would also go download from http://www.downloads.com, Ad-Aware, Spybot Search & Destroy, & SpywareBlaster. Make sure you update all of them before running. If there is an Antivirus on the machine, I would make sure it is up to date, and run a full system scan on it in safe mode with system restore turned off (alone with all your other anti-spyware scans) because Viruses and Spyware have a tendancy to keep themselves in the System Volume Information & system restore thus allowing them to come back easily due to the fact that a lot of scans do not scan there by default because system restore basically “locks” the folder. If you do not have an AntiVirus i would suggest Computer Associates EZArmor, it is their AV/Firewall Combo, it is a very “lite” program as far as not using much memory and space (compared to using Norton or McAfee), there is updates out for the AV everyday, and if there is a new version out you have full access to download and install it (for the first year), Also the firewall is very easy configurable and the whole suite is very easy to us. Make sure that your Windows Operating system is up-to-date, if the machine is XP make sure SP2 is installed. All this can be access from http://www.windowsupdate.com I doubt you have been hacked, make sure you check your ‘hosts’ files on your machine, but most likely the dropping off of the network is due to spyware/virus… Thank you, please post back results and further questions and information

By: drillo

drillo — Mon, 11 Apr 2005 10:37:21 +0000

Good morning….

The best you can do is install anti-spyware as suggested and start your cleanup there. There are many other places to go, but that would be a start. The largest part of all of this is prevention. The standard setup for machines attaching to the network should be a good anti virus solution and a good anti spyware solution. Yes, I know that you cannot beat everything, but you must excercise caution. It is also important to manage and maintain updates. If this is a personal machine, then you should insist that these things are taken care of if they want to plug in to your network. If it is a corporate or company owned machine, then you must be sure that the machine is surrendered regularly for maintenance.

Good luck
Paul