I AM HACKED 1

[noneap]

Dear All,
I don't know if I am allowed to ask that kind of question here but I am really hopeless and not a profession in that field. I have only one computer and not able to get the otherone.
We had a problem internet service. When I was using internet. Suddenly a conversation window popped up.
The person was trying to conversate with me. I couldn't close the window. He knew my name, my profession and some other personal info. As I asked him if he hacked my computer he started threatening me. I was really scared. Then my DVD and CD Drives started opening and closing by themselves and he said he was doing it. At this point I took the computer off the plug.
Pls let me know if you need more detailed info of that day. I also installed Norton Internet Security 2005. It says no virus in computer but I was using ETrust and it is saying that I have Tojan virus
I'd really appreciate if you could help me find that person because I am still scared he might have access to my personal information.
Thanks in advance.

 

[chiph]

1. Buy a hardware firewall device (like a Linksys or Cisco) to go between you and the internet.

2. Reformat and reinstall your operating system for all computers that were on the same network as your computer -- they've been compromised, and now you can't trust them. Make sure you download the OS patches on a trusted machine, burn them on a CD, so you'll have them ready when you reinstall.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[MichealC4]

Ditto what chiph said. But in the interest of post-mortem, I would recommend taking your pc to someone who knows what to look for. No offense to you of course, but as you mentioned that you are unsure, I would recommend taking it to a local repair shop, and tell them what happened. They should have a good idea as to what to look for. It does indeed sound like a trojan. After the local computer repair shop has finished, reformat, and start from scratch, on both pc's, as chiph suggested.

----------------------------
"Security is like an onion" - Unknown

 

[Wazz]

Reformat?
thats a bit 'ott' isnt it?
Sure I agree 110% get a hardware firewall.. noneap, for your info, they are suggesting getting a router. Cisco is good.. but expensive and most of the features you wouldnt use. Speak to your local pc shop as to what stock they have. It should be easy to set up and cheap to buy.

What do you do next?
Well.. Check your pc for trojans and virus, or get a pc shop to do it. I think symantec do a free online check..
Why type of connection do you have? More importantly do you have a static ip address?
Also, address where you got the trojan from and change your surfing habits. Do you download a lot of files, look at lots of email jokes?

Lastly, just incase you do get hacked again, take all sensite and important data off your pc. Put it on cd or something and keep it backed up regularly.

Im sure though this post will get a reaction from the other 2 people who posted. Most hackers who will target you as an individual are just messing around, or using trojans to do it. They wouldnt have enough skill to access your pc anyother way. Remove the trojan, and they wont pick on you.

If you want further help from me I will need to know Details of your system, ie operating system and services pack number, software installed, any peer to peer software, when you say chat window do you mean as in msn for example, connection type.

Anyway, if you have an problems just post a reply or send an email.
By the way... which pc did you use to post on here? The comprimised one?

Wazz

 

[eyec]

Suddenly a conversation window popped up.
The person was trying to conversate with me. I couldn't close the window. He knew my name, my profession and some other personal info. As I asked him if he hacked my computer he started threatening me. I was really scared. Then my DVD and CD Drives started opening and closing by themselves and he said he was doing it.

They wouldnt have enough skill to access your pc anyother way.

oooopppss, i wouldn't count on it. most hackers are far more familiar with OS, tcp/ip, and other IT goodies some of us only wish we knew.

 

[MichealC4]

Wazz: No, reformatting is the only "sure" way after an incident like this. Talk to ISC (Internet Storm Center, I'm sure you have heard of them) or CERT, they will tell you the same thing. Reformat is the only sure way. However, noneap is far more interested in post-mortem, it appears, than saving data.

----------------------------
"Security is like an onion" - Unknown

 

[MattNeeley]

Almost sounds like an old version of subseven or similar that you've been infected with.

 

[MichealC4]

MattNeeley: Or some version of BO, but yeah.

At any rate, noneap, how are you coming along with this?

----------------------------
"Security is like an onion" - Unknown

 

[kmvargo]

Noneap,
You could try an on-line virus scan if you are able.

http:\\antivirus.com offers a free on-line scan. If you can get it cleaned up by that then you might want to run a couple spyware programs (Adaware & Spybot - both are free). Keep scanning fro viruses & spyware until you don't find any. Also try using CWShredder. It will get rid of some problems as well. Then get an anti-virus program and keep it up-to-date. Also get a firewall program (Zone Alarm - also free) or buy a router. If you manage to clean your system, then always check it periodically. If you are not able to then you might as well reformat & reinstall everything. Good luck.

 

[kHz]

If you are going to reformat and start over, you might as well just scrub the disk before reinstalling. And a firewall is not going to protect you if you download something that contains a trojan. Some of the software out there, that may be free, say "CoolScreenSaverBabes," may include something you don't want, but when you install the software you install the trojan, etc.

 

[crow053]

Another way to find the trojan is to install a port monitoring program, like Active ports, to see all the programs that are accessing the internet.
The online virus scan is an excellent idea too.
You may also want to get Hijack this, run it and post the log.

 

[joeb1kenobe]

I have to agree with kHZ. Reformating is not enough. Even though you format the drive, the file still exist on the HD. I would invest in some type of disk scrubbing tool, or if you have accss to a linux live-cd using a command like:

dd if=/dev/zero of=/dev/hda conv=noerror

 

[CSSTeckie]

The Bug/Trojan is called NetBus, it's old but it's still at large. Look for netbus removal tool and you should be able to clean it without any formatting. Use a Hardware Firewall or Software Firewall to monitor your activities

 

[MichealC4]

You may be able to clean Netbus, but you can't be sure what the attacker did, so a reformat is the best option.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt

 

[sab4you]

definately format - once you have been compromised, who knows what they did.

I do not suggest a hardware firewall such as Cisco just because of this. Sure its nice to have one, but you sound like a normal average computer guy using it for his home. Abit overkill in my opinion.

Once you format, install the OS but leave your internet connection unplugged!

Once the OS has been installed:
If your running Windows XP then ensure your built in firewall is running

If your not running Windows XP then find a safe computer and download a software firewall program. You can get ZoneAlarm for free - I think it sucks, but many people seem to like it. But, at least its easy and should be quick for you to understand and setup.

Once you have a firewall installed, then you may plug in your internet connection. First thing you do is visit microsoft windows update and get all the critical updates.

Ensure that you always have windows update turned on and automatically downloading/installing.

Get yourself an antivirus program. These will protect against the usual virus/trojans at all times.

Once you have done this, you are at a normal level of protection that is across the board needed for anybody on the internet these days.

BTW if you had personal info on your computer -you said he knew your name at least, did you have credit card info? Bills? social security numbers? bank account logon? If so I would be very wary of identity theft right about now.