|
-
September 23rd, 2003, 04:21 AM
#11
Junior Member
Thank you to everybody who has posted for me. I am going to try everything in order. I might just be paranoid. I really hope I can be as helpful as everyone here soon. It really seems that everyone that has posted is very up to date with their stuff. I can only dream of being this smart. I guess I really need to buckle down and experiment....Thank You to everyone.
-
September 23rd, 2003, 09:28 AM
#12
Originally posted here by thehorse13
Each attacker is unique and therefore each remediation/forensic process is different. This is similar to asking, "Which roads will that car drive on and how can I tell who the driver is?" See what I'm getting at?
You could always try this article from AO: How To Be A Profiler but it's a lot of work.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
September 23rd, 2003, 12:05 PM
#13
Originally posted here by Astroflux13
very cool. i am on a cable modem so i know this is the biggest problem. i just need to keep them out.
If you are trying to keep out the intruder, following the suggestions of the other posts here is a good start, but from your description it sounds like your system has already compromised. Intruders can leave any number of trojans on a system that may, or may not, be recognizable by virus scanners. Trojans can automatically append to services in order to bypass firewalls as expected programs, disable anti-virus and firewalls, or even contain a logic bomb that executes, after a given amount of tiem, if the trojan cannot communicte with its parent.
So unless you are seriously intrested in attempting to gather intelligence on an existing intruder.......I strongly recommend that you consider reformating the system, and then re-building the system as secure as possible from the ground up.
The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!
-
September 23rd, 2003, 01:07 PM
#14
Junior Member
Between nihil and OverdueSpy i dont think i can sleep again
I am running Zone Alarm Spy sweeper Adaware and win patrol . After running all these programs is it possible to have your system comprimised.
-
September 23rd, 2003, 01:12 PM
#15
Originally posted here by MrDoscy
Between nihil and OverdueSpy i dont think i can sleep again
I am running Zone Alarm Spy sweeper Adaware and win patrol . After running all these programs is it possible to have your system comprimised.
Yes.
Something written by the hacker that these programs don't detect can still be there.
A good hacker can mess up Zone Alarm, Spy Sweeper, Adware, netstat and Taskmanager etc. etc. so that they don't even report problems when they do detect them.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
September 24th, 2003, 01:03 AM
#16
Hi,
1. The main problem is that most detect and destroy AV/AT software is reactive. It relies on the threat having been identified and included in what it detects so it is vitally important that you UPDATE regularly. Most have an automatic or easy update feature in them. The good guys are always going to be one step behind the bad guys. I am afraid that is a fact of life.
2. Try to run your detection software in "safe mode" with your internet connection unplugged. This can prevent some malware loading. As Steve has said, some of them will try to kill your defences.
3. Check what is running when you boot up normally. Has your AV and Firewall been switched off, and when you run the AV, does it take a reasonable amout of time or finish almost immediately?
4. Make sure that your AV options are set to maximum security. That is heuristics = ON, scan all files = ON, scan compressed files = ON, and so forth. IMHO partial scanning is worse than useless...it gives you a false sense of security.
5. A lot of malware will try to alter the Registry. Go to http://www.diamondcs.au and get their free Registry protection software. This will warn you of attempts to change the Registry. If you are loading new software/updating, you can expect this. If you have just been reading your e-mails, visiting websites etc and you get a warning say "NO". If something doesnt work after that just try it again and say "yes"  YOU NEED TO INSTALL THIS ON A "CLEAN" MACHINE
6. Go to http://www.spywareinf.com/~merijn/index.html and get his "Hijack This" and "Startup List". THESE DO NOT IDENTIFY MALWARE SO BE CAREFUL. They will show you what is running on your machine and getting started up with it. As Steve said, Task Manager can be compromised as it is an obvious target.
7. Go to http://www.swatit.org and get swatIT v2.1..............another spyware/trojan detector (free)
8. Go to http://www.wilderssecurity.net or http://www.javacoolsoftware.com You want SpywareBlaster and SpywareGuard. Might as well try to stop them getting in? rather than trying to catch them afterwards. Preferably load these onto a clean machine.
Just a few ideas to tighten things up 
Good Luck
-
October 2nd, 2003, 05:42 PM
#17
Banned
just out of curiousity, do you even know for sure that its a hacker yet? you really havent given us that much information. personally, the first thing i would do is start on layer one. unplug yourself from all networks - physically - just to see if you still get the clicking noise and stuff. if you do, then youll know its not anything going on over the net like someone watching you.
one side point, if you thought that someone was watchoing that machine, you really should have used a different one to post about it on the forums. were you try!n9 to intimidate th3m or something?
-
October 2nd, 2003, 06:47 PM
#18
Jedi Master....................once again....................please do not use the funny spelling...you will upset people.
Disconnecting will only stop noises if they are caused by a SUCCESSFUL connection attempt. If it is just what happens on your machine, I am afraid that it will tell you nothing...I will click away, even if it cannot "phone home"
No, our friend was not trying to intimidate anyone.............I always wanted the hackers name, address, social security numer, licence plate number, and a recent photograph.............I collect those sort of things because I am interested in history 
Good luck folks
-
October 2nd, 2003, 10:37 PM
#19
Re: Catching Hackers who are in computer when they are there
Originally posted here by Astroflux13
What is the best way to follow a hacker from inside your computer to where they are to obtain their IP address? I believe someone is doing screen shots of what I am up to. I want them blocked out (along with everyone else). Any good freeware out there for this?
Screenshots? you sure someone is'nt getting in using something like pcanywhere or backorfice? Just asking cause I'm wondering why anyone would break into a computer to take screen shots.
I hate this place, nothing works here, I\'ve been here for 7 years, the medication does\'nt work...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
