i have a friend that has a hacker that is able to view her e-mails,backgrounds,screen saver, AIM instant messages,files and folders, you name it he can read it. what can she do? i haven't been here in so long but when she told me about it i instantly thought of this site for the best help. anyone know what could be done?

From the sounds of it someone is using a trojan such as SubSeven or Netbus to control her computer and snoop on her. First and foremost scan the computer with an antivirus program, and if that doesnt work check out Tauscan from www.grisoft.com and see what it turns up. Also, if she doesnt have a firewall, it would definately help to install one such as Zone Alarm or Outpost

It could possibly be that she has a trojan of some sort in her system.
Try downloading TheCleaner and see what it finds.
get it here: http://www.moosoft.com/thecleaner/

EDIT: I hate posting a reply at the same time as someone else ;)

aah ok, i'll put on a firewall and scan the computer for her, then see if the problem persist. thanks guys. i'll let u know if it continues.

it certainly is a trojan and if u still can't find a trojan installed then disconnect now .

most likely a virii prog, i would connect and lan or wan connections and run a virus scan with the latest updates.

and since your friend seems to be careless towards securiy tell her to get:
a:a software firewall
b:a hardware firewall
c:an anti virus prog

Hello :)

Tell your friend to change ALL her passwords icq, aol aim, pop e-mail,
online banking, yahoo etc to be on the safe side even if the
machine is cleaned with Norton or software like the 'Cleaner'
the Hacker is still in the game he can access all of her accounts
without her Knowledge, imposter her (identity theft) launch
attacks or monitor her steathily.

Strongly suggest looking into SSH to send/recieve pop e-mail or
transmiting any sensitive information encrypted and not into
plain text. For Windows I know of Terra Term but there may
be other clients. ;)

Doc

You might want to advise your friend's isp on the situation. They most likely will have logs that can give details on any traffic to or from your friend's computer, this might give a great lead to tracking down the intruder or provide evidence in a court of law if it comes down to that.


PuRe

Hi!
Maybe u most reinstall the system. The oponent, may be install another backdoor or a root-kit. (i'm really paranoic)
Best wishes!!

groby

I wouldn't want to use an elephant gun to kill a fly, but I think I might second both the notion of changing all passwords and as many usernames as possible- instant messaging, email, banking,- anything with a username and password- as well as rebuilding the system from scratch.

The problem is that you don't know what the intruder could have done. You could use The Cleaner or other similar software and detect and remove a Trojan horse program. But, the intruder could have used a known Trojan horse to get in but planted some original home-grown Trojan / backdoor that the software doesn't know about so it would remain behind.

Setting up a software firewall like Zone Alarm would help- because you would be alerted when the Trojan tried to initiate a connection or access a service on the computer. But, if your friend isn't technically savvy they may unwittingly approve the connection anyway. My experience with novices and Zone Alarm - or other software firewalls- is that they often don't know what the application or service being asked about is supposed to do so they just approve it on the assumption that its probably OK.

So, it may be overkill, but I might do all of the above: rebuild the system and install updated antivirus and firewall software and also change all usernames and passwords and possibly even get new credit card numbers and such (or at least watch my credit card statements for erroneous charges).

definality sounds like sub 7 the cleaner will get it off and i think there iz a thing at tlsecurity.com that removes every thing of it includin the reg lines


edit i hate it when ppl post at same time :(

ok... first of all.. unless this trojan can hide itself u can find out where its connected itself to..
even though many times nowadays the directions and stuff are rerouted through a mailer or server.. go to ms-dos or command prompt and type in netstat -n this will show all the connections on ur computer.. copy and paste these to a txt document...

After u get the proof contact ur isp from an alternate e-mail adress (like urs if ur freind is having the problem)

The worst thing that could happen is she has to format her computer... first backup all savegames, text documents, etc... (highly unlikely that the toojan will be transmitted through backup) then format the computer and reinstall the os and stuff

As stated by other responders, your friend has a trojan. The trojan and any related worms have to be removed from her system.

1. Remove any junkware such as Kazaa and delete all files in the Windows\Temp.

3. Next she will want to download Ad-Ware 6.0 all spyware.

2. Download the lastest version of TDS Professional anti-trojan ware. There is a 30 days trial version available that does a good job of sniffing trojans including mutexs and mutlithreads. The program eats up a lot a resources while it checks, but it is probably the best anti-trojan available. Be sure to get the plug-ins as well. Run a full scan of the system including ports. When the program is finished checking, delete all trojans, reboot and run the scan again verifying all ports.

4. Reboot once again and run scan with TDS. Her system should show clean.

I'm assuming your friend has anit-virus software installed? If not she needs to get some. And she should register her download of TDS set it for autoscan. TDS and most anti-virus software like Norton and Netshield can run concurrently. Ad-Ware doesn't need to be registered but she should check their website regularly for the latest version and updates. I recommend the anti-trojan software because once she has been hacked, she's likely to be hacked again.

Come on guys, whipeing the system is a lot of over kill in this case. Drop the system from the web, get a firewall and antivirus onto it ( the anti vrius will need t obe updated, this can be done with another system on the web and a floppy) This should clean the trojin off. Then put the system back on the net. Nothing needs to be formated or whiped...but it would be a very good idea to reset all the verious passwords that are used as they may have been compramised. Oh, and if the system is used for quicken or any other finacial it may be a good idea to get new credit card numbers.

it wouldn't be a bad idea to use an anonymous proxy in the future, either -

Yup, never know what could be lurking around on a comprimised system, especially if the user of the machine isnt technically savy. I second that motion of changing passwords (over a secure connection if possible ;) ) and starting the box over from scratch.

Later,

Ndog