-
June 20th, 2009, 12:21 PM
#1
Junior Member
Illicit Activity
Hi, I currently use Windows XP. I have a wireless internet and I believe my computer has been hacked by someone. I believe that all my passwords and stuff when I type them in, are being emailed to some other person and they are getting into my accounts. Due to the fact that I do my banking on the internet, this could be a real issue. Does anyone know of how I can stop this type of activity? I use Zone Alarm the Firewall. Also I found a .CS (comma-seperated-something-a-rather) file listing all of my accounts names and passwords in the C:\Windows\System32\catroot directory, that I did not put there. I found this as I downloaded a program to detect malicious activity on the PC called Microsoft Malicous Detection Tool that found this file.
Thankyou for all advice.
-
June 21st, 2009, 11:21 AM
#2
Greetz.
If you are truly paranoid that your system has been Compromised, then backup your important data, format and re-install.
Curious have you ran your AntiVirus scanner in safemode with system restore disabled?
-
June 21st, 2009, 12:50 PM
#3
The first question you should ask is if your computer is physically secure? that is, no possibility of unauthorised access in your absence.
I am afraid that the only reliable course of action is to reformat and reinstall. I personally use DBAN to do a single pass overwrite of the entire HDD.
http://www.dban.org/
If you are curious as to what might have attacked you I would suggest you download, install, update then run in safe mode the following applications (they are free for private use).
http://malwarebytes.org/
http://www.safer-networking.org/index2.html [Spybot S&D]
http://www.emsisoft.com/en/software/free/ [A-Squared]
You might also like to open up ZoneAlarm and have a look at what programs are authorised for internet access?
Please remember to use a trustworthy machine to change all your passwords.
Please also make sure that your OS is fully patched (I am sure that you have) and consider using this application:
http://secunia.com/vulnerability_scanning/personal/
It will tell you if you have any vulnerable applications apart from your OS (yes it is free).
Another one to have a look at:
http://www.winpatrol.com/
And use this to protect your registry:
http://tds.diamondcs.com.au/freeutilities/regprot.php
Good luck!
-
June 21st, 2009, 01:09 PM
#4
Nihil you still use A-Squared.. I mean does it still "work' ?
Oh btw, to the guy with the "someone has hacked into my machine" .. Format and re-install.. Get firewall and AV up first (Please get original version and pay for them and for the OS too) .. PATCH PATCH PATCH ..
Last edited by ByTeWrangler; June 21st, 2009 at 01:14 PM.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
June 21st, 2009, 01:52 PM
#5
Hi there ByTe~,
Yes A-Squared is still around and still works. The latest version is 4.5.0.1 dated 8th. June 2009.
You can also get a firewall and system monitor (a bit like UAC) from Tall Emu, packaged with the standard A-Squared application.
Free for private use, and it works with Win2000, which ZoneAlarm no longer supports.
-
June 21st, 2009, 06:00 PM
#6
Lol.. okay.. I thought A-squared was dead.. I used to use it long back.. Thanks anyway.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
June 21st, 2009, 06:52 PM
#7
People wouldn't have a problem with malware installing drivers to hook into NDIS and anything related to the keyboard and mouse if they'd setup their accounts properly from the get-go. The things Vista implemented wouldn't be needed if newfags would grasp the concept of actually operating a computer.
-
June 22nd, 2009, 01:07 PM
#8
setup their accounts properly from the get-go
Please elaborate.
In God We Trust....Everything else we backup.
-
June 22nd, 2009, 02:50 PM
#9
This is really odd
C:\Windows\System32\catroot
Holds encryption stuff, update stuff, etc. If the cryptsvc service is running, then there are files there.
sha1 hashes are stored there as *.cat files, I guess you could open them and see account and password info.
I'm not aware of any spyware that utilizes that directory???
OP Can you give more info, like even a hijack this log?
What made you look at that dir?
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
June 22nd, 2009, 03:05 PM
#10
I'm not aware of any spyware that utilizes that directory???
Same here............mostly to do with Windows Update AFAIK?
Similar Threads
-
By mrlucifer in forum Microsoft Security Discussions
Replies: 14
Last Post: June 20th, 2009, 04:14 PM
-
By blakdeth77 in forum Web Security
Replies: 2
Last Post: September 26th, 2008, 05:29 AM
-
By sawildcat in forum Newbie Security Questions
Replies: 5
Last Post: June 30th, 2004, 08:11 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By spools.exe in forum AntiVirus Discussions
Replies: 0
Last Post: October 3rd, 2003, 05:32 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|