It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

How can you tell if your pc has been hacked into?

page: 1
0

log in

join
share:

posted on Jun, 5 2005 @ 10:32 PM
link   
I'm wondering what ways you might be able to tell if your computer has been hacked into. I've noticed in the past and just a moment ago a strange window popped up without clicking on anything while I was reading an article. The window popped up with an Alert! The document contains no data. What does that mean?

I've also noticed a couple occurrences of pdf files starting to download where I saw something on my screen for a sec and then it's gone. I have a firewall and anti-virus although they are free versions. Anyone have any clues what is going on with my pc?




posted on Jun, 5 2005 @ 11:15 PM
link   

Originally posted by orionthehunter
I have a firewall and anti-virus although they are free versions. Anyone have any clues what is going on with my pc?



Do you keep your anti virus definitions up to date?
I've seen many systems that had anti-virus software that had anti-virus definition files that were more than a year old so they wouldn't be able to identify a virus made within the last year.

You can also run a port scan and general security check on your system at the Gibson Research site (takes a while to load):
www.grc.com...

What you are describing though, sounds more like spyware/adware.

Install Ad-aware and give your system a scan:
www.lavasoftusa.com...


apc

posted on Jun, 5 2005 @ 11:30 PM
link   
Ive noticed the PDF messages too.
Dont really know what to make of them. Ive just assumed they were the result of some banner script being lame.



posted on Jun, 5 2005 @ 11:46 PM
link   
Or the fact you're using Internet Explorer
www.getfirefox.com...



posted on Jun, 6 2005 @ 12:26 AM
link   
I'm actually using the latest version of firefox and update the virus definitions software every other day or every few days. I'm currently scanning my entire hard drive again since I'm not sure if something may have slipped by. I see there is another thread questioning the pdf or adobe pop up window appearing for a second before dissappearing. I occasionally see a different alert window which makes me wonder what is causing that. The alert window does not disappear until I click OK on it. It just says Alert: Document contains no data!

I forgot to mention that I run Spyhunter search and destroy and it has been coming up clean. I actually got that alert message while reading a few posts here at ATS.

[edit on 6-6-2005 by orionthehunter]



posted on Jun, 6 2005 @ 12:31 AM
link   
Perhaps it has something to do with this...

Weird Advertisements on ATS




posted on Jun, 6 2005 @ 12:34 AM
link   
get Ad-aware and Spybot,they are both free and work good on mine and I use Explorer.Microsft have a free anti-spyware program as well and seems to help.I keep all my stuff on otomatic update and my machine( a pentium3)seems to be running good .



posted on Jun, 6 2005 @ 12:47 AM
link   
I might be a bit more paranoid than most about hackers because a few years ago I had one hacker making my screen blink off and back on in a chat forum. It didn't stop until I suggested a hacker was doing it. Probably some kid thought that was funny.

I don't know if a hacker or a government computer would be trying to retrieve data from my pc. I do get curious when I see strange alert messages. I have no viruses at the moment. Scan just completed.



posted on Jun, 6 2005 @ 01:41 AM
link   
I prefer spybot search and destroy over ad aware. But the only program I could find that got this nasty hijacker off my comp was www.webroot.com spysweeper

Had to boot into safemode, disconnect the modem and do a scan to finally get it off... good sh@t



posted on Jun, 6 2005 @ 05:09 AM
link   
If a hacker is good - you may never know you were hacked.
It's the kids and amatures that let their ego's get them and they trash a system or do things to advertise that they were there.

Do You have a firewall?
If not, (Previx is a nice freebie that some of my clients use) some routers have them hardwired in, and they can work well with a software firewall.

Do you spoof your IP nos?

Some versions of Spyware Nuker do contain Spyware/malware
So run more than one Spyware removal program

Concider switching to Linux

The way I figure it is:
Can it be done? Sure

What is the likelyhood that a hacker would pick your computer out of all those available?

Do you keep any Deep Dark secrets on it?

Asside from kids playing in a chat room or something simmilar I doubt that one would bother with your puter. There are servers with crummy security all over the place, and by far more valuable $$ information.

Unless your a bank or a big co. I don't realisticly figure you were hacked.

(BTW, best hack I heard of was coming onto a computer via a power grid and up through the power supply - Victim was in China - Still haven't been able to determine if it was more than an urban legend)

[edit on 6/6/2005 by dancer]



posted on Jun, 6 2005 @ 05:50 AM
link   

Originally posted by dancer


Unless your a bank or a big co. I don't realisticly figure you were hacked.



am i missing something?

i was under the impression that spammers throw out trojans to access
your computer - to add your PC to their stable of computers - which create all those 10s of millions of spam everyday.............it's not a matter of you having sensitive stuff, they just need your computer as a spam generator!



posted on Jun, 6 2005 @ 06:05 AM
link   
You are doom!!! lol
my pc has been mess up by viruses so many times it's not even funny anymore.
i suggest you don't use IE and get netscape!



posted on Jun, 6 2005 @ 06:15 AM
link   
You always need to run several different adware\spyware removal apps to actually get rid of or find all of the adware\spyware apps floating around out there. I use Trendmicro's Housecall on my computer every so often. It, along with MS's Antispyware app and Search and Destroy keeps me cleaned up. Housecall is an activex based, off the internet and free scanner\removal tool. I use the "New" one which is the second one on the page. Give it a shot, It's free.

Trendmicro Housecall



posted on Jun, 6 2005 @ 06:22 AM
link   
You also could try out "UnHackme"
What is UnHackMe?
UnHackMe allows you to detect and remove a new generation of Trojan programs - invisible Trojans. They are called "rootkits".

UnHackMe is not a usual Trojan's scanner like RegRun or HijackThis.

It's used to detect Invisible Trojans (rootkits) only!

A rootkit is a collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer using a user action or by exploiting a known vulnerability or cracking a password. The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes.

Your antivirus could not detect such programs because they use compression and encryption of its files. The sample software is Hacker Defender rootkit.

greatis.com...

Baloria



posted on Jun, 6 2005 @ 03:07 PM
link   
St Udio,

I concider Any program that you did not deliberately install onto your system a virus - no matter where you got it.

Trojans are viruses that come on to your computer through a variety of underhanded means. E-mail attachments, Evil websites, Porn sites, WarZ sites ect. (Most "Mainstream" sites are clean - they wat you to be happy and come back)

Think the Trojan horse - it was presented as a gift - once inside the city walls the troops came out. Think of them more like little time bombs that can mess up your system.

Yes, there are trojans that mail to everyone on your list - but the majority of viruses I have removed from client systems were rather harmless.

Some are "Dialers" they will dial up a phone number in Asia somewhere and charge you for the call (Think 1-900 nos) stuff like that. (try to get that off your phone bill)

Make no mistake when I say that most are harmless It depends on the guy that wrote the Virus - Some are kids having phun while others are really sick individuals that can and do harm systems beyond repair or to any state in between.

Spammers don't need to use your computer to do anything like that, all a spammer needs is a computer and an internet connection. (you may be suprised how much spam you can send out before anyone blinks. It is essentially one letter or flier that has the address field attached to a database. so a mailing of 10 million spam pieces would take up say 50 mb of bandwidth (Depending on address size and the size of the spam itself), now the spam itself could be a single line of Server Sided Language code (SSL, PHP, etc.) So using even 100MB of bandwidth is not going to be noticed - How big is some of the software and Music files that people download - For everyone downloading it over a P2P someone is uploading it.

Some use their own servers (to take advantage of the OC lines), or rent space on a hosting server - that way they spam and split before the hosting co can shut them down. (Yes, there are spam friendly hosting Co's, as well as servers - etc. usually non-us)



posted on Jun, 16 2005 @ 06:20 AM
link   
The problem is that the majority of attacks these days are nothing to do with targeted attacks. Groups run botnets which consist of already compromised computers running zombies scanning popular ip subnets for vulnerable ports, and when these ports are found the zombie exploits it, uploads the trojan then moves onto the next ip range. Your computer becomes part of the botnet and may participate in DOS attacks, scanning etc. This is not a targeted attack, it just happened to you because you were on a popular ISP. I once gave a presentation to demonstrate this with an unpatched Windows XP SP1 machine becoming compromised in under a minute. Bare in mind that I didnt even need to install a file or download anything to be exploited, just leaving my ports open on the internet without any security updates was enough.

As for hackers actually targeting your specific machine, this is very unlikely. Like I said above, it is much more likely to become compromised by generic scanning trojans than a specific attack. Switching to Linux won't necessarily help unless you know what you are doing. Linux is just as available for explotation unless you know what youre doing and kill all the vulnerable services there too.

As for how to tell if you have become compromised .. Its tricky unless you know what you are doing, but there are ways. Download autoruns/tcpview/rootkitrevealer from www.sysinternals.com. These programs respectively tell you what runs automatically when your computer starts, what network connections/services are running, and whether or not any processes are hiding from the windows API. HijackThis is also worth a mention (check on google). Scanning for viruses/spyware is always a good start, but its not a solution because the pattern for the virus on your computer just might not be recognised, so a better idea is to know exactly what processes/services should be running on your computer. Procexplorer (again from www.sysinternals.com) reveals all running processes, so if there is something there you don't recognise, kill it.

These days any computer that connects to the internet without a firewall is just committing suicide. Download zonealarm free edition and install it. This program is usefull as a detection tool as well, because it notifies you of all processes trying to make an OUTGOING connection (a vast majority of trojans try to connect out, to an irc server or open a back door to your computer etc), and zone alarm will let you see exactly what is going on. Prevx is a usefull tool, but it is NOT a firewall, and should be used in conjunction-with, not instead-of a firewall. Having said this, prevx is very usefull (and free too), and since I have a friend working there I have to give it cudos


If you really want to get down to the nitty gritty, there is a freeware tool called Ethereal that will log all packets sent in and out of your computer, and you can use this to trace exactly what network activity is occuring.

Anyway, best of luck, feel free to ask any more questions if I didnt make sense


[edit on 16/6/05 by slick]



posted on Jun, 16 2005 @ 04:29 PM
link   
Good to know - made since to me.

Think it may be time to re-evaluate our systems, and get over some apparent misconceptions.

My system - while it has never given me any problems, Feels like a mish-mash of second rate software. (You know the $19.95 and get a free carwash type of stuff).

What are the differences in Firewalls? and what makes one better than another?

How good is Zone Alarm as a firewall?
(figuring it must be half decent or you wouldn't recomend it)
What other Firewalls do you recomend?
(That would work with Prevx. Prefer NOT to run any Norton or Macaffe - don't like having their stuff on our machines)
Not so much concerned with price Performance MUST be "Well Above"
that which "Normal Users" would find acceptable.

Also, What other software do you recomend?
Is there software to plug/control all access ports?
If not, How would one accomplish this?

Here's my current List.
(Would like to know your opinion on it)

Etrust firewall
Prevx
AntiVir

Spyware Removal:

  1. 1 Ad Aware
  2. 2 Spybot
  3. 3 Spyware DR
  4. 4 Spyware Blaster
  5. 5 Xsoftspy
  6. 6 Microsoft

I swear that some of them just look pretty and don't do anything, also feel that there is too much stuff doing the same job).

Basic Maintance:

  1. 1 Registry Mechanic
  2. 2 Acronis (Suite)
  3. 3 System Mechanic Pro



posted on Jun, 17 2005 @ 04:59 AM
link   
Hehe your question has opening a whole can or worms, a lot of this stuff is personal opinion
But I'll offer you some advice anyways.

The thing is that every situation is different. If you are dealing with a large corporate set up, then a hardware firewall is usually prefered. This means no interaction from the normal day to day users, they are protected from a central point and don't need to worry about it. This should be combined with an email filter and a web filter, that will block users from downloading malicious files such as all executables, vbs etc etc. Combined with strong group policy options setting browsing options, regular roll outs of security patches and a virus program that can be deployed throughout the system this type of setup is usually the way companies go, as it relies on the system admin to configure and not the users.

Home computing security software is completely down to the user, and there are many different routes you can take. Zone Alarm is a great firewall, no doubt about it, and this is what I would recommend to basic/average home users. As for a virus scanner, probably bit defender. It has a great record of detecting viruses, but both of these programs have a huge advantage : They are user friendly
You really need to weigh up usability against security. You don't want to install so much security features on a user's computer that they can't do anything on it.

Apart from the two products mentioned, its a good idea to disable all unnecessary services from running (run->services.msc). Windows comes with heaps of services listening by default, and not only is it good practice to disable all the crap, but it makes your machine run a lot faster too. The notebook im using at the minute only has one service listening (epmap) which I don't believe you can disable. Of course you will need to enable more services for more functions like Wireless etc, but it is a good idea to start at the bare bones with nothing enabled and work your way up, enabling critical services as required.

Spyware is another issue to look at. For the average home user, a firewall and virus scanner is confusing enough, but now there are multitudes of spyware scanners out there too. I take the view that spyware really shouldnt get there in the first place. Using firefox is the first step forward, but people think that if they use firefox they wont get spyware. Not true. You must still take certain precautions, but again, you need to weigh up usability vs security. Disable java for a start, keep _javascript enabled if you must, and dig deeper into Firefox's security settings. If you are getting spyware by the bucketload every day/week, you have a problem and cleaning it each day is only getting rid of the symptom, not the cause. There is no need for spyware to be there, period.

Finally, I'll offer my setup for the "advanced" user (my current setting). Right now my firewall is Outpost Pro. Its like Zone Alarm in many ways, but IMO is aimed at more advanced use and is a bit more tricky to master than Zone Alarm, but much more rewarding. It has content filtering options and I have these set up to block almost everything from web sites that I havent specifically added myself. This, combined with hardening Firefox myself, has eliminated the need for any spyware programs (though I still schedule a scan each night with a-squared and adaware just in case). I also find that outpost leaves much less of a footprint when running (i.e. its not as high-load as zone alarm).

My virus scanner is NOD32, which is the only virus scanner to have 100% on the VB100% awards (means it catches a LOT of viruses
), and again, this has a very low footprint but is a little more tricky to set up, which is why I wouldn't deploy it on a normal users machine. Finally I run a program called Process Guard, which stops things such as global hooks (for keyloggers), and asks me whether or not I want each specific program to run. I like the control this program offers, although I find myself turning it off for installs. Prevx is a fantastic piece of software too and if I was being totally anal I would install this as well. However, I just find prevx too chatty sometimes, and it probably overkill combined with process guard, since I know what I am doing and usually what is going on in my computer.

Aside from this, I regulary use process explorer, tcpview and rootkitrevealer (all freeware) just for piece of mind to make sure everything is running as I like it. You mentioned Reg Mechanic before, I actually quite like this program to tidy up my registry, but its the only proggy Ive used like this so I cant really offer an opinion on the others. But imo its pretty good


Anyway, hope this rambling has helped you




[edit on 17/6/05 by slick]



posted on Jun, 18 2005 @ 05:41 AM
link   
What phun is a post that doesn't open a can of worms... ROFLMAO

I think your post was a benefit for everyone regardless of their skill level as Security is probably the most commonly under estimated, and under emphisised aspect of a computer. There are really a lot of users who fail to understand how important security is, or don't have a clue where to start with the questions. Hopefully it has given a few people a place to start improving their security.

I'm going to use a test terminal to try out some of the suggestions you have made, I want to make sure that there are no conflicts with anything else I use. I have a KVM and a PIII testbench to try out things before they are put on the primary system - saves a lot of grief if things don't work out as they should.

(Anyone who is serious about computers should have a similar setup - It really beats messing up a network - home users should have it as well - makes managing your fileserver easier, and lets you play with the old computer you didn't have the heart to toss out)

A few Other things I keep in my tool chest:
Acronis,
Registry healer

There are a few other programs that could cause a lot of problems if they were used by inexperienced hands - so I won't mention them. - X -




top topics



 
0

log in

join