Illicit Activity
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Illicit Activity

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    22

    Illicit Activity

    Hi, I currently use Windows XP. I have a wireless internet and I believe my computer has been hacked by someone. I believe that all my passwords and stuff when I type them in, are being emailed to some other person and they are getting into my accounts. Due to the fact that I do my banking on the internet, this could be a real issue. Does anyone know of how I can stop this type of activity? I use Zone Alarm the Firewall. Also I found a .CS (comma-seperated-something-a-rather) file listing all of my accounts names and passwords in the C:\Windows\System32\catroot directory, that I did not put there. I found this as I downloaded a program to detect malicious activity on the PC called Microsoft Malicous Detection Tool that found this file.

    Thankyou for all advice.

  2. #2
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Greetz.

    If you are truly paranoid that your system has been Compromised, then backup your important data, format and re-install.

    Curious have you ran your AntiVirus scanner in safemode with system restore disabled?

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    The first question you should ask is if your computer is physically secure? that is, no possibility of unauthorised access in your absence.

    I am afraid that the only reliable course of action is to reformat and reinstall. I personally use DBAN to do a single pass overwrite of the entire HDD.

    http://www.dban.org/

    If you are curious as to what might have attacked you I would suggest you download, install, update then run in safe mode the following applications (they are free for private use).

    http://malwarebytes.org/
    http://www.safer-networking.org/index2.html [Spybot S&D]
    http://www.emsisoft.com/en/software/free/ [A-Squared]

    You might also like to open up ZoneAlarm and have a look at what programs are authorised for internet access?

    Please remember to use a trustworthy machine to change all your passwords.

    Please also make sure that your OS is fully patched (I am sure that you have) and consider using this application:

    http://secunia.com/vulnerability_scanning/personal/

    It will tell you if you have any vulnerable applications apart from your OS (yes it is free).

    Another one to have a look at:

    http://www.winpatrol.com/

    And use this to protect your registry:

    http://tds.diamondcs.com.au/freeutilities/regprot.php

    Good luck!
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Nihil you still use A-Squared.. I mean does it still "work' ?

    Oh btw, to the guy with the "someone has hacked into my machine" .. Format and re-install.. Get firewall and AV up first (Please get original version and pay for them and for the OS too) .. PATCH PATCH PATCH ..
    Last edited by ByTeWrangler; June 21st, 2009 at 01:14 PM.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hi there ByTe~,

    Yes A-Squared is still around and still works. The latest version is 4.5.0.1 dated 8th. June 2009.

    You can also get a firewall and system monitor (a bit like UAC) from Tall Emu, packaged with the standard A-Squared application.

    Free for private use, and it works with Win2000, which ZoneAlarm no longer supports.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Lol.. okay.. I thought A-squared was dead.. I used to use it long back.. Thanks anyway.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  7. #7
    Banned
    Join Date
    Jan 2008
    Posts
    605
    People wouldn't have a problem with malware installing drivers to hook into NDIS and anything related to the keyboard and mouse if they'd setup their accounts properly from the get-go. The things Vista implemented wouldn't be needed if newfags would grasp the concept of actually operating a computer.

  8. #8
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    setup their accounts properly from the get-go
    Please elaborate.
    In God We Trust....Everything else we backup.

  9. #9
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    I would guess that he's referring to user permissions. You can configure Windows so that it mimics the behavior of Linux or Mac OS. Just create an account with minimal permissions that you use for most things. Sign in as admin when you want to install something, or make significant changes to anything, the register etc.. Also configuring one's browser so that is not a sitting duck.

  10. #10
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,247
    This is really odd
    C:\Windows\System32\catroot
    Holds encryption stuff, update stuff, etc. If the cryptsvc service is running, then there are files there.

    sha1 hashes are stored there as *.cat files, I guess you could open them and see account and password info.

    I'm not aware of any spyware that utilizes that directory???

    OP Can you give more info, like even a hijack this log?

    What made you look at that dir?
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Similar Threads

  1. is it possible to track email activity....
    By mrlucifer in forum Microsoft Security Discussions
    Replies: 14
    Last Post: June 20th, 2009, 04:14 PM
  2. Unusual site activity...?
    By blakdeth77 in forum Web Security
    Replies: 2
    Last Post: September 26th, 2008, 05:29 AM
  3. Modem Activity
    By sawildcat in forum Newbie Security Questions
    Replies: 5
    Last Post: June 30th, 2004, 08:11 PM
  4. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 07:01 AM
  5. Symantec on alert after Net activity surge
    By spools.exe in forum AntiVirus Discussions
    Replies: 0
    Last Post: October 3rd, 2003, 05:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides