Results 1 to 13 of 13
Thread: Home PC hacked - need help
-
09-13-2009, 12:07 AM #1Web Hosting Guru
- Join Date
- Sep 2006
- Posts
- 286
Home PC hacked - need help
Hi
My home PC (Desktop P4) has been hacked.
Its not just the PC problem, I am in a bigger mess right now. (Please Read)
Is there a way that I can track who the hacker is. He must be using some kind of tool that he was able to get my PayPal password after a few hours. He might have installed something there.
What I can do to track him (or even the tool) and get to the root of that mess.
My desktop has Windows XP Pro (SP2) installed.
Right now, I have disconnected it from Internet and trying to backup my Data from the HD. (using Kaspersky Internet Security to scan everything) The HD is connected as Slave with another system so I do not use any Window application of that infected system.
I am on my Laptop now.Find solution to every problem ---> Google.com
-
09-13-2009, 12:49 PM #2Web Hosting Master
- Join Date
- May 2007
- Posts
- 2,745
Do you use a static IP? Do you have your firewall enabled security software that is up to date etc....
I guess it comes down to looking at ways to prevent getting your computer hacked no point searching for an hacker lol...Automated, Secure & Low Cost cPanel Backups (on the cloud)
For Users & Web Hosting Providers - User Backups
-
09-13-2009, 01:29 PM #3Web Hosting Evangelist
- Join Date
- Feb 2006
- Location
- San Francisco, California
- Posts
- 469
I doubt you'll be able to realistically track him.
The best course of action is to back up only the essential data and reinstall windows ASAP. Check out CTUpdate to install updates offline before you connect your computer to the internet.
Also maybe you should look into using something like Norton to save web passwords. That way they wouldn't easily be compromised by stealing them from Firefox.█ Larry Bly
█ Sandbox IT Solutions, LLC.
█ www.SandboxITSolutions.com
█ Dedicated Servers - Web Hosting - Consulting Services
-
09-13-2009, 04:16 PM #4Web Hosting Guru
- Join Date
- Sep 2006
- Posts
- 286
Well, not exactly. My ISP randomly assign IP's but most of the time, its assigned on static basis. (i.e. its mine as long as my session is established)
When there is a network issue or when to many people are online, they simply put users under Proxy. (PAT) and then, the IP is shared between users.
I was using Nod32 Antivirus Business Edition. It was (still is) updated regularly. And its unable to detect anything.
Well, I doubt that too. But seeing the kind of hack/attack it was, I want to get to the bottom.
I have moved all of my data (About 360GB) to another system (that's running Kaspersky). I am thinking to scan C drive with kaspersky as well.
Well, I guess saving password with FireFox was a big mistake on my part (And I have learned it the hard way). Still, I think things could have been way out of hand than they are right now.
Thank you so much for your reply.Find solution to every problem ---> Google.com
-
09-13-2009, 04:27 PM #5
From a cursory look, I'd suggest your PC is not compromised, but your passwords were stolen from FF. There was a big discussion some time ago about a vulnerability in FF, but I'm pretty sure it was v2 and fixed relatively quickly.
There is also a possibility that your brother used your computer for more than the one thing you'd asked of him, or he'd opened something he should not have...or was convinced to divulge info somehow.
Hard to say, but if you can't find an infection, maybe there isn't one.Your one stop shop for decentralization
-
09-13-2009, 04:46 PM #6Web Hosting Guru
- Join Date
- Sep 2006
- Posts
- 286
Ummmm..... well, I just checked and I am running 3.0.12 on that system. (Don't know why it was not auto upgraded)
I never saved my PayPal password with FF but still it was hacked yesterday. (And I used it just few hours earlier on that system) And that's the reason I am certain that something is installed on my system that is communicating with the hacker. (Or perhaps I have been a victim of two hacks)
Well most definitely, my brother used it more than once and for lot of things. (I am so mad it him) I think someone got to him via Yahoo/MSN chat. Still looking into it ....Find solution to every problem ---> Google.com
-
09-13-2009, 04:50 PM #7
Was the email associated with the Paypal account an on line service like Gmail, where FF may have had the password? If PP wasn't hacked, you used it then it was, that sounds like a keylogger. Google has some results for detecting those.
Your one stop shop for decentralization
-
09-16-2009, 08:53 PM #8Web Hosting Guru
- Join Date
- Sep 2006
- Posts
- 286
Thank you for the tips.
I was able to figure out how this was done. And hopefully, I have removed everything and this wouldn't be happening again.
I did get "hacker's" email but I don't think I be able to catch (or even trace) the guy.
I have learnt the lesson here:
"Do not give your Admin password to anyone and especially your younger brother"Find solution to every problem ---> Google.com
-
09-16-2009, 09:05 PM #9
Can you share how it was done? I'm curious.
Your one stop shop for decentralization
-
09-16-2009, 09:54 PM #10Junior Guru Wannabe
- Join Date
- Jun 2007
- Posts
- 82
-
09-16-2009, 10:29 PM #11Web Hosting Guru
- Join Date
- Sep 2006
- Posts
- 286
Well, in short your previous guess was right.
My brother tried to take "advantage" of the freedom that he had with the admin password. He downloaded "Counter Strike" from some torrent and played it online. That game also had a keylogger in it (Invisible Keylogger).
And since he played online, he made it possible (by disabling firewall and security) that the hacker was able to gain remote access (That's only for the short period of time). After afterwords, the hacker was getting all keylogs.
Also, Node32 failed to detect any thing (or he might have stopped the installation)
I am shifting to Kaspersky from now on.Find solution to every problem ---> Google.com
-
09-16-2009, 10:34 PM #12
Good on you for determining how it happened and clearing it out. I've been happy with NOD32, personally. It's been good at catching things, so maybe as suggested he bypassed it.
Thanks!Your one stop shop for decentralization
-
09-22-2009, 03:16 PM #13Temporarily Suspended
- Join Date
- Sep 2009
- Posts
- 22
Even if you knew the email address, ftp, and / or IP address it is HIGHLY unlikely that you will be able to track down the person. My advice would be to get your PC clean and add protection to ensure this attack doesn't happen again. Take away from this one lesson
Similar Threads
-
Creating FTP user who can access /home/website and /home/something-else
By Max Renn in forum Hosting Security and TechnologyReplies: 6Last Post: 10-09-2008, 07:20 AM -
Hacked: How to find javascript added to pages in /home
By FULLAMHRD in forum Hosting Security and TechnologyReplies: 5Last Post: 04-24-2007, 03:29 AM -
Gmail has been hacked. Therefore Paypal and eBay have been hacked as well. HELP
By trexie in forum Web Hosting LoungeReplies: 77Last Post: 04-03-2007, 09:57 AM -
Home Page Hacked.....
By xxkylexx in forum Hosting Security and TechnologyReplies: 12Last Post: 04-23-2006, 01:33 AM -
Hacked Home page
By Jedito in forum Web Hosting LoungeReplies: 7Last Post: 05-22-2001, 06:43 PM