How to tell if my PC has been hacked?

[kopja]

Hello all.
I have a XP pro machine, running ZoneAlarm Pro (firewall + antivirus),
all latest Windows and ZoneAlarm updates installed, Comcast Broadband and a basic wireless router for splitting
the connection. The PC is wired on to the router. WEP 128bit security is enabled on the router but I never actually check the logs.
Basically, yesterday while browsing the internet, I go to print something, and I see
besides my usual Printers (Samsung xxx, Adobe PDF, and MS Imaging Writer).
these 3 new printers that were not there before.
Auto pulp-fiction on AGENCY-XXXXXXXXX (some number I can't remember now)
Auto Adobe-PDF on AGENCY-XXXXXXXXX
Auto "some name" on AGENCY-XXXXXXXXX (I can't remember what the name was).

Now AGENCY-XXXXXXXXX is not any computer name on the home network.

Now, I believe the Auto printer gets generated when you have a Terminal connection somewhere.
Does this mean my PC has been hacked?
What else can I check?
Am I simply worried for nothing?

Lavasoft/ZAlarm/SPybot spyware and virus check shows nothing,
Hijack-this! shows nothing suspicious.

I am not too thrilled about deleting everything, as I have a lot of personal documents which I cannot delete.
Now If I put in a new HD with a fresh WINXP install (assuming Microsoft will let me activate as it is a self
build PC and I have already called MS a few times to activate it. BTW it is a copy of XP Pro that I got in a MS presentation show
for VStudio, so it is not OEM nor retail)
what guarantee do I have that my docs have not been infected with this, say trojan (after all the antivirus cannot detect it?)
Also, if it has been infected it would be great to learn how to remove it as opposed to just deleting everything.

Any helps/tips would be greatly appreciated.
Thanks in advance
kopja

 

[ArizonaGeek]

This sounds like you have someone that accessed your wireless network and had printers on their own network shared. Your Windows XP picked them up. WEP is not 100% and there are ways around it if you have the time. And you have no guarantee that your docs arent infected, you have to trust your virus scan.

My suggestion is to change your WEP key ASAP. Personally, I would never run a wireless router on my network. I would get a regular router and a WAP and put the WAP on a DMZ with no access to my network. If they get in and steal my bandwidth big deal, I'll catch them eventually but I dont want someone banging my network, get in and have access to my docs.

Not saying thats what happened in your case, it sounds a bit more like someone just accessed your network. If your Zone Alarm is working it should have blocked any attempt from another machine to access your PC unless you authorized them to see it. You can check your event logs to see if there were any attempts but more than likely your firewall blocked them but it might tell you what day and time the printers were added to your PC.

Cheers
Rob

 

[kopja]

Thanks Rob, that make me feel much better. It probably means that someone just accessed the wireless. I will check the event logs on my PC & firewall and the router log and make sure.

Now for a different question. I am not too familiar with router configurations, but we need the wireless because one of my roommates uses it for his laptop, and he also connects to his work via VPN. I do not want to mess that up with DMZ and all.
Instead, would it be safer if I have a router just for me,
ie BroadbandModem-->Wireless Router-->MyRouter-->My PC?

Also I have file& print sharing disabled on my PC, does that give me anything in terms of security?

Thanks again
kopja

 

[bcastner]

Automaticly detected and added printer entries is not a Terminal Services feature.

Control Panel, Folder Options, View
Uncheck: Automaticly search for network folders and printers

There is no evidence that you have been hacked. And double NATing by adding a router is not going to make your more secure.

Two do things:
. Upgrade all XP Pro workstations with the new Wireless client issued by Microsoft three weeks ago.

Microsoft released an update to enhance Windows XP support for Wi-Fi Protected Access 2 (WPA2) options in Wireless Group Policy (WGP), and to help prevent the Windows wireless client from advertising the wireless networks in its preferred networks list. For more information about this update, read Microsoft Knowledge Base Article 917021:

http://support.microsoft.com/?kbid=917021

. Enable WPA 2 on router and wireless clients.






____________________________
Users Helping Users

 

[CBasicAsslember]

Use the MAC address filtering on the wireless router. This is the simplest, and most effective, way to prevent unauthorized use of your wireless connection.

 

[muthabored]

Can MAC address filtering and WPA be used at the same time?

 

[Auger282]

MAC filtering is NOT an Effective form of security...

WPA however is....
can you do them both at the same time.. I would say yes but it would depend on what hardware you have and firmware/software..

I wouldn't waste my time on mac filtering...

 

[CBasicAsslember]

Can MAC address filtering and WPA be used at the same time?

Both can be used at the same time.

MAC filtering is NOT an Effective form of security...

I didn't say it was "Effective form of security". I said it is a way "to prevent unauthorized use of your wireless connection". It doesn't stop someone from sniffing your packets but it does prevent them from using your connection.

 

[bcastner]

I think the concern was that you can sniff the MAC address and spoof it. You just watch for ARP traffic among other possibiltiies.



____________________________
Users Helping Users

 

[HughLerwill]

If you use WPA there is an advantage in using a long key. You can get one automatically generated from

https://www.grc.com/passwords.htm.

regards Hugh

 

[linney]

How To Disable Automatic Search for Network Printers and Folders in Windows XP

http://support.microsoft.com/?id=320138

 

[CBasicAsslember]

I agree bcastner, MAC address can be easily sniffed, although it will keep the average neighbor out. The key to security, if you don't mind the pun, is using a strong password. The password remains to be the weak link, and will, as long as people insist on using their dogs name for a password.