Hello...Cracking my accounts

[CarefulEugene]

Hello everyone..
First I want to thank everyone involved with this site. It's fantastic. I can't believe how much I'm learning here. I'm completely clueless (non-computer professional) and have been camped out here since I found this site three days ago. Absolutely had no idea there was a community like this.
Secondly, as a completely raw newbie I'd like to apologize in advance for any mistakes, ignorance, or other missteps I will unwittingly make. I've got a lot of learning to do and I'm trying to catch up as fast as I can.
Here's the thing...I've been cracked (5-6 days ago) and I'm pretty sure the guy is still after me. I logged into my Hotmail account and my Inbox contents disappeared before my eyes. Then, as I was reviewing a message, the cracker was entering some unsavory, and threatening text into the message. I immediately shut down my system. The guy calls himself MedanHacker.
I implemented some solutions based on suggestions I found on this site while looking around. ZoneAlarm Pro installed (and working, I might add), plus I did a sweep and clean with PestPatrol.
Is there anything else I should do ? Should I try to find out how to trace this guy and then forward that onto authorities or should I just leave him alone and hope he just moves onto somebody easier ?

Thanks again !!

[Qualm]

If you've been cracked to the point where someone is actively typing text into messages while you are creating them, it's time to reformat, reinstall from scratch, patch everything to the latest patches, and otherwise harden your security. You did much of step 4 (zone alarm and pest patrol) but frankly I wouldn't trust a system that's been cracked as badly as you indicate. I'd do a total rebuild.

Oh, and AFTER you've done that, change every single password on every single online site you use to something very hard to crack (i.e. a password with numbers and symbols in it).

- Qualm

[cross]

I agree with Qualm, time to reformat. You may want to run a virus scan first though, mabey its a simple trojan... That would save you some work.

[Noia]

Qualm: WTF?!! it's only a trojan...prolly Sub7 or something..it's not some elite hacker...you can't do that **** without a trojan!! wot you need is a good AV...but if you'r only looking to get rid of the trojan the you need The cleaner from www.moosoft.com (I may be wrong, so be prepared to google a bit).

if you want a powerfull password...the best way to go is:

Take a moto or line...like: Don't use cannons to kill mosquitos

then Make it one word: Don'tusecannonstokillmosquitos

Then replace what ever you feel with a number: Don'tusecannon2killmosquitos
you could also do it like "D0n'yusecann0n2ki11mosquit0" but I find that too confusing

The put a capital on the start of every "word": Don'tUseCannon2KillMosquito

and Hey presto, you have a password that is virtualy impossible to crack, easy to remember and well.....acctualy simple, but yet so hard

and no...don't bother...that ain't my password :P

- Noia

[ts.flatline]

Yeah, it's probably just some trojan. Run The Cleaner as Noia said even though i believe it hasn't been updated in a long time, or other stuff such as AVG http://www.grisoft.com or NAV http://www.symantec.com if you're looking to spend money and protect against viruses too.

[Noia]

you can get free online scanners..they do a pretty good job of it....I'm going to bed no...goggle if u must...but I'll be a euro it's a trojan...and it's been set to log all your passwords...
as long as you have a firewall, the trojan is useless any how...coz it can't get on the net, and no one can connect to it...but it's good practice to remove such nasty things.

- Noia

[|The|Specialist]

Originally posted here by ts.flatline
Yeah, it's probably just some trojan.

Unless you've got some program like PC anywhere installed then yes a trojan is definetly to blame... It doesn't take much programing skill to do things with the keyboard either...

Also if all your mail just appeared to instantly deleted itself then that means this guy probably has screen dump & mouse control... either that or he used a keyloger, loged into hotmail, then deleted and as you refreshed the page you noticed they were gone.

MedanHacker, What kind of name is that? Most self respecting kiddies would come up with a cooler handle and would rather use their time on opening FTP or collecting dDoS zombies rather than crapy pranks. I've found most pranks and things that involve hotmail to come from peaple who might know you (IE) someone who you chat/download with but its still a good idea to tell the peaple in your guestbook whats going on and you might want to tell them to aviod attachments in letters sent by you so this guy can't spread his trojans to other peaple useing your account.

[Qualm]

Non-moron trojan users keylog you, rather than just wait for you to be online so they can mess with your head. Messing with your head is actually the last thing any non-moron trojan user does to your system. After they've keylogged as many password inputs as they think they will get, and snooped and downloaded anything that looks interesting.

Smart trojan users will install redundant trojans, keyloggers, etc. Then they'll keylog your passwords and steal your files, and then they'll mess with your head.

Now, are you all seriously willing to assume CarefulEugene is being messed with by a moron trojan user? I'm not.

It really depends on your comfort level. I'm not at all comfortable with NOT rebuilding a hacked system, and I have a pretty good grasp of what's available to detect and remove and protect and harden your system short of that step.

- Qualm

[DigitalReligion]

Run a netstat and try to get his IP....

[CarefulEugene]

Jeez,
I wish I'd have known about you guys before all this. I really appreciate all the great advice ! I'll try your suggestions and let you know what I find (if in fact I can figure it out). Oddly enough, my firewall alarm has been going off like crazy the last three hours or so. I've been selecting the "whois" option but ain't smart enough yet to really understand everything it's telling me. I write down the IPA's just for reference.
Just for clarification on the e-mail thing...
This guy only seems to be able to access my working messages when I use Hotmail. If I use my regular e-mail account he appears to be blocked out (or maybe he just hasn't found that yet).
Also, I've never been in chat forums, and I don't do any file sharing whatsoever. I probably have opened some suspect e-mails which may have provided an entry point. Actually, I'm usually spending most of my box time just cruising various sites. I have used EBay & Paypal, which from what I hear from some of you, sound like a magnet for undesirables just dying for fresh fish like me.