Results 1 to 13 of 13
  1. #1

    Home PC hacked - need help

    Hi

    My home PC (Desktop P4) has been hacked.
    Its not just the PC problem, I am in a bigger mess right now. (Please Read)

    Is there a way that I can track who the hacker is. He must be using some kind of tool that he was able to get my PayPal password after a few hours. He might have installed something there.

    What I can do to track him (or even the tool) and get to the root of that mess.

    My desktop has Windows XP Pro (SP2) installed.

    Right now, I have disconnected it from Internet and trying to backup my Data from the HD. (using Kaspersky Internet Security to scan everything) The HD is connected as Slave with another system so I do not use any Window application of that infected system.

    I am on my Laptop now.
    Find solution to every problem ---> Google.com

  2. #2
    Join Date
    May 2007
    Posts
    2,745
    Do you use a static IP? Do you have your firewall enabled security software that is up to date etc....

    I guess it comes down to looking at ways to prevent getting your computer hacked no point searching for an hacker lol...
    Automated, Secure & Low Cost cPanel Backups (on the cloud)
    For Users & Web Hosting Providers - User Backups

  3. #3
    Join Date
    Feb 2006
    Location
    San Francisco, California
    Posts
    469
    I doubt you'll be able to realistically track him.

    The best course of action is to back up only the essential data and reinstall windows ASAP. Check out CTUpdate to install updates offline before you connect your computer to the internet.

    Also maybe you should look into using something like Norton to save web passwords. That way they wouldn't easily be compromised by stealing them from Firefox.
    Larry Bly
    Sandbox IT Solutions, LLC.
    www.SandboxITSolutions.com
    Dedicated Servers - Web Hosting - Consulting Services

  4. #4
    Quote Originally Posted by verdictjosh View Post
    Do you use a static IP? Do you have your firewall enabled security software that is up to date etc....

    I guess it comes down to looking at ways to prevent getting your computer hacked no point searching for an hacker lol...
    Well, not exactly. My ISP randomly assign IP's but most of the time, its assigned on static basis. (i.e. its mine as long as my session is established)
    When there is a network issue or when to many people are online, they simply put users under Proxy. (PAT) and then, the IP is shared between users.

    I was using Nod32 Antivirus Business Edition. It was (still is) updated regularly. And its unable to detect anything.

    Quote Originally Posted by larry2148 View Post
    I doubt you'll be able to realistically track him.

    The best course of action is to back up only the essential data and reinstall windows ASAP. Check out CTUpdate to install updates offline before you connect your computer to the internet.

    Also maybe you should look into using something like Norton to save web passwords. That way they wouldn't easily be compromised by stealing them from Firefox.
    Well, I doubt that too. But seeing the kind of hack/attack it was, I want to get to the bottom.

    I have moved all of my data (About 360GB) to another system (that's running Kaspersky). I am thinking to scan C drive with kaspersky as well.

    Well, I guess saving password with FireFox was a big mistake on my part (And I have learned it the hard way). Still, I think things could have been way out of hand than they are right now.

    Thank you so much for your reply.
    Find solution to every problem ---> Google.com

  5. #5
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    From a cursory look, I'd suggest your PC is not compromised, but your passwords were stolen from FF. There was a big discussion some time ago about a vulnerability in FF, but I'm pretty sure it was v2 and fixed relatively quickly.

    There is also a possibility that your brother used your computer for more than the one thing you'd asked of him, or he'd opened something he should not have...or was convinced to divulge info somehow.
    Hard to say, but if you can't find an infection, maybe there isn't one.
    Your one stop shop for decentralization

  6. #6
    Quote Originally Posted by bear View Post
    From a cursory look, I'd suggest your PC is not compromised, but your passwords were stolen from FF. There was a big discussion some time ago about a vulnerability in FF, but I'm pretty sure it was v2 and fixed relatively quickly.

    There is also a possibility that your brother used your computer for more than the one thing you'd asked of him, or he'd opened something he should not have...or was convinced to divulge info somehow.
    Hard to say, but if you can't find an infection, maybe there isn't one.
    Ummmm..... well, I just checked and I am running 3.0.12 on that system. (Don't know why it was not auto upgraded)

    I never saved my PayPal password with FF but still it was hacked yesterday. (And I used it just few hours earlier on that system) And that's the reason I am certain that something is installed on my system that is communicating with the hacker. (Or perhaps I have been a victim of two hacks)

    Well most definitely, my brother used it more than once and for lot of things. (I am so mad it him) I think someone got to him via Yahoo/MSN chat. Still looking into it ....
    Find solution to every problem ---> Google.com

  7. #7
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Was the email associated with the Paypal account an on line service like Gmail, where FF may have had the password? If PP wasn't hacked, you used it then it was, that sounds like a keylogger. Google has some results for detecting those.
    Your one stop shop for decentralization

  8. #8
    Quote Originally Posted by bear View Post
    Was the email associated with the Paypal account an on line service like Gmail, where FF may have had the password? If PP wasn't hacked, you used it then it was, that sounds like a keylogger. Google has some results for detecting those.
    Thank you for the tips.

    I was able to figure out how this was done. And hopefully, I have removed everything and this wouldn't be happening again.

    I did get "hacker's" email but I don't think I be able to catch (or even trace) the guy.

    I have learnt the lesson here:
    "Do not give your Admin password to anyone and especially your younger brother"
    Find solution to every problem ---> Google.com

  9. #9
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Can you share how it was done? I'm curious.
    Your one stop shop for decentralization

  10. #10
    Join Date
    Jun 2007
    Posts
    82
    Quote Originally Posted by bear View Post
    Can you share how it was done? I'm curious.
    From his last post it looks like he gave the password to his brother who then must have messed something up or given it out.

  11. #11
    Quote Originally Posted by bear View Post
    Can you share how it was done? I'm curious.
    Well, in short your previous guess was right.

    My brother tried to take "advantage" of the freedom that he had with the admin password. He downloaded "Counter Strike" from some torrent and played it online. That game also had a keylogger in it (Invisible Keylogger).

    And since he played online, he made it possible (by disabling firewall and security) that the hacker was able to gain remote access (That's only for the short period of time). After afterwords, the hacker was getting all keylogs.

    Also, Node32 failed to detect any thing (or he might have stopped the installation)

    I am shifting to Kaspersky from now on.
    Find solution to every problem ---> Google.com

  12. #12
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Good on you for determining how it happened and clearing it out. I've been happy with NOD32, personally. It's been good at catching things, so maybe as suggested he bypassed it.
    Thanks!
    Your one stop shop for decentralization

  13. #13
    Join Date
    Sep 2009
    Posts
    22
    Even if you knew the email address, ftp, and / or IP address it is HIGHLY unlikely that you will be able to track down the person. My advice would be to get your PC clean and add protection to ensure this attack doesn't happen again. Take away from this one lesson

Similar Threads

  1. Creating FTP user who can access /home/website and /home/something-else
    By Max Renn in forum Hosting Security and Technology
    Replies: 6
    Last Post: 10-09-2008, 07:20 AM
  2. Hacked: How to find javascript added to pages in /home
    By FULLAMHRD in forum Hosting Security and Technology
    Replies: 5
    Last Post: 04-24-2007, 03:29 AM
  3. Replies: 77
    Last Post: 04-03-2007, 09:57 AM
  4. Home Page Hacked.....
    By xxkylexx in forum Hosting Security and Technology
    Replies: 12
    Last Post: 04-23-2006, 01:33 AM
  5. Hacked Home page
    By Jedito in forum Web Hosting Lounge
    Replies: 7
    Last Post: 05-22-2001, 06:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •