June 13th, 2003, 08:14 PM
My sincier advice is to install a software know as "hacktracer" which will not only protect u from hackers but also traces him by location and logs the information he attempted to ur pc and u can directly report it.ok plz dont ask me where to find hacktracer just surf in any serach engine...........
June 13th, 2003, 08:34 PM
To be honest, you won't ever find out if you have been hacked through NetBIOS, unless the attacker has been very stupid, or you have been very clever. The only real way to detect this is at the time of the attack itself, unless you have changed your logging policy. By default, event viewer won't show logins, failed logins, or remote connections. You have to specify that you want these types of events to be logged, and going from the question you asked, I don't think you have enabled logging of connection or login attempts, otherwise you would know wether a connection has been established or not. The biggest giveaway though has to be the fact a file was in use by a remote connection. This sounds suspect.
As for the password being ineffective, you are immune to the attack he was boasting about. Pqwaq only works on win9x machines, and was patched at least 2 years ago.
If I thought I'd been hacked through NetBIOS, the first thing I would do is reformat and reinstall, just to be safe. Then again, I'm paranoid about things like this, and better safe than sorry is very true in my opinion. This is probably a bit overkill though. With sonebody elses machine, the first thing I would do is lock down the machine by disabling NetBIOS on the network adapter facing the internet. The second thing I would do is check for virii and trojans.
During my shadier days, I'd have installed a keylogger and a backdoor in the startup folder, so that might be a good place to check for any evidence of tampering. I would've tried to crash your PC to force a restart in order to activate the trojan and keylogger next. I would also have replaced the netstat command with a version that won't show any connections that I've made, and will hide the port the backdoor is listening on. This is easy to detect, if you've got a copy of the original netstat command available to compare against.
If everything checks out OK, I would then look at all my documents to check they've not been altered, and look for unusual folders. If everything is OK and there's nothing out of the ordinary, it's pretty safe to assume nothing's been modified, but I would never trust that computer completely again, until it's been reformatted. At the end of the day, it's all about risk, and if you're prepared to take it. I might be a bit more paranoid than most with security, but I've never been hacked either.