-
June 20th, 2009, 12:21 PM
#1
Junior Member
Illicit Activity
Hi, I currently use Windows XP. I have a wireless internet and I believe my computer has been hacked by someone. I believe that all my passwords and stuff when I type them in, are being emailed to some other person and they are getting into my accounts. Due to the fact that I do my banking on the internet, this could be a real issue. Does anyone know of how I can stop this type of activity? I use Zone Alarm the Firewall. Also I found a .CS (comma-seperated-something-a-rather) file listing all of my accounts names and passwords in the C:\Windows\System32\catroot directory, that I did not put there. I found this as I downloaded a program to detect malicious activity on the PC called Microsoft Malicous Detection Tool that found this file.
Thankyou for all advice.
-
June 21st, 2009, 11:21 AM
#2
Greetz.
If you are truly paranoid that your system has been Compromised, then backup your important data, format and re-install.
Curious have you ran your AntiVirus scanner in safemode with system restore disabled?
-
June 21st, 2009, 12:50 PM
#3
The first question you should ask is if your computer is physically secure? that is, no possibility of unauthorised access in your absence.
I am afraid that the only reliable course of action is to reformat and reinstall. I personally use DBAN to do a single pass overwrite of the entire HDD.
http://www.dban.org/
If you are curious as to what might have attacked you I would suggest you download, install, update then run in safe mode the following applications (they are free for private use).
http://malwarebytes.org/
http://www.safer-networking.org/index2.html [Spybot S&D]
http://www.emsisoft.com/en/software/free/ [A-Squared]
You might also like to open up ZoneAlarm and have a look at what programs are authorised for internet access?
Please remember to use a trustworthy machine to change all your passwords.
Please also make sure that your OS is fully patched (I am sure that you have) and consider using this application:
http://secunia.com/vulnerability_scanning/personal/
It will tell you if you have any vulnerable applications apart from your OS (yes it is free).
Another one to have a look at:
http://www.winpatrol.com/
And use this to protect your registry:
http://tds.diamondcs.com.au/freeutilities/regprot.php
Good luck!
-
June 21st, 2009, 01:09 PM
#4
Nihil you still use A-Squared.. I mean does it still "work' ?
Oh btw, to the guy with the "someone has hacked into my machine" .. Format and re-install.. Get firewall and AV up first (Please get original version and pay for them and for the OS too) .. PATCH PATCH PATCH ..
Last edited by ByTeWrangler; June 21st, 2009 at 01:14 PM.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
June 21st, 2009, 01:52 PM
#5
Hi there ByTe~,
Yes A-Squared is still around and still works. The latest version is 4.5.0.1 dated 8th. June 2009.
You can also get a firewall and system monitor (a bit like UAC) from Tall Emu, packaged with the standard A-Squared application.
Free for private use, and it works with Win2000, which ZoneAlarm no longer supports.
-
June 21st, 2009, 06:00 PM
#6
Lol.. okay.. I thought A-squared was dead.. I used to use it long back.. Thanks anyway.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
June 21st, 2009, 06:52 PM
#7
People wouldn't have a problem with malware installing drivers to hook into NDIS and anything related to the keyboard and mouse if they'd setup their accounts properly from the get-go. The things Vista implemented wouldn't be needed if newfags would grasp the concept of actually operating a computer.
-
June 22nd, 2009, 01:07 PM
#8
setup their accounts properly from the get-go
Please elaborate.
In God We Trust....Everything else we backup.
-
June 22nd, 2009, 02:43 PM
#9
I would guess that he's referring to user permissions. You can configure Windows so that it mimics the behavior of Linux or Mac OS. Just create an account with minimal permissions that you use for most things. Sign in as admin when you want to install something, or make significant changes to anything, the register etc.. Also configuring one's browser so that is not a sitting duck.
-
June 22nd, 2009, 02:50 PM
#10
This is really odd
C:\Windows\System32\catroot
Holds encryption stuff, update stuff, etc. If the cryptsvc service is running, then there are files there.
sha1 hashes are stored there as *.cat files, I guess you could open them and see account and password info.
I'm not aware of any spyware that utilizes that directory???
OP Can you give more info, like even a hijack this log?
What made you look at that dir?
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
Similar Threads
-
By mrlucifer in forum Microsoft Security Discussions
Replies: 14
Last Post: June 20th, 2009, 04:14 PM
-
By blakdeth77 in forum Web Security
Replies: 2
Last Post: September 26th, 2008, 05:29 AM
-
By sawildcat in forum Newbie Security Questions
Replies: 5
Last Post: June 30th, 2004, 08:11 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By spools.exe in forum AntiVirus Discussions
Replies: 0
Last Post: October 3rd, 2003, 05:32 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|