Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to check my hacked computer

Posted on 2013-12-02
5
Medium Priority
?
548 Views
Last Modified: 2013-12-26
Dear experts,

My computer has been hacked, someone accessed the computer and deleted my files even controlled the cursor.
 
I don’t want to format the computer, I want to see the cause, program and the event log to find out how that happed so I block future access to other users.

How can I check and where to look
0
Comment
Question by:uknet80
5 Comments
 
LVL 88

Assisted Solution

by:rindi
rindi earned 668 total points
ID: 39689406
You have probably gotten a keylogger and further malware on your system. The best utility to find malware and remove it is malwarebytes. Download, install and run it, maybe after the malwarebytes definition is updated, remove the LAN cable. Then scan the system and let it remove any malware it finds.

http://malwarebytes.org

In the future to avoid this, make sure your system is always fully updated and patched. Also make sure you have a good antivirus utility installed. I can really recommend Panda Cloud antivirus.

Also make sure that you use your common sense when browsing the web or with your emails. Only visit sizes you know or trust. Don't click on every link you see. Don't open emails you don't know whom they come from. Don't open attachments you aren't sure about. Install the adblock plus and flashblock addons in your firefox or chromium web-browser. Don't browse with insecure browsers like IE. Enable spam filters for your email client.

Also, once installed, some keyloggers are very difficult to find and remove, even for the best utility like malwarebytes, so a fresh installation IS often the best way to ensure your system really is clean.
0
 
LVL 21

Assisted Solution

by:netcmh
netcmh earned 664 total points
ID: 39689685
I'm sorry you had to go through this. This happens quite a lot. The way to secure against any further attacks is to learn from the situation, which is what I'm assuming you're heading towards. In addition to the above, I would recommend reading an essential - http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

The guide walks you through the various steps one would take to handle this situation with care. Simply running software to try and ascertain the cause is foolish, as the threats these days can remain hidden well after the software claims to have gotten rid of it.

My intention is not to belittle any product, just to become more knowledgeable in not only your own device, but your network, the environment in which you plug yourself into and the ever changing threats.

Good luck.
0
 

Author Comment

by:uknet80
ID: 39689728
so you are suggesting that it not possible to find the file name or the service name,  my concern is that we are a company of 300 laptops and this might have been spread throughout the company, that is why i want to find the source of the file so i can prevented for other laptops.  the question is, can i find the file name source name, or any indication of been hacked?
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 668 total points
ID: 39690328
It absolutely is possible.  I recommend you disconnect the machine from the primary network (OK to remain active on isolated analysis network) and create an image of the infected machine for analysis.  You'll then run the image as an isolated virtual machine.  See VirtualBox, VMware Workstation, etc.

A quick way to do this with VMware® vCenter™ Converter™

Once you've backed up the infected machine, I highly recommend you perform a clean install/image on your coworkers machine, so they're not down the entire time your running the analysis.

Next, read the following documents:

Advanced Malware Cleaning Techniques for the IT Professional

http://www.pisa.org.hk/event/malware-forensic-approach.pdf

https://www.sans.org/reading-room/whitepapers/malicious/malware-analysis-introduction-2103

http://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Presentation/bh-dc-07-Kendall_McMillan.pdf

You'll essentially be performing the following steps:
malware cleaning stepsMicrosoft-Security-Intelligence-.pdf
0
 
LVL 21

Expert Comment

by:netcmh
ID: 39739944
Thanks for the grade and good luck.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question