Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to check my hacked computer

Posted on 2013-12-02
5
Medium Priority
?
544 Views
Last Modified: 2013-12-26
Dear experts,

My computer has been hacked, someone accessed the computer and deleted my files even controlled the cursor.
 
I don’t want to format the computer, I want to see the cause, program and the event log to find out how that happed so I block future access to other users.

How can I check and where to look
0
Comment
Question by:uknet80
5 Comments
 
LVL 88

Assisted Solution

by:rindi
rindi earned 668 total points
ID: 39689406
You have probably gotten a keylogger and further malware on your system. The best utility to find malware and remove it is malwarebytes. Download, install and run it, maybe after the malwarebytes definition is updated, remove the LAN cable. Then scan the system and let it remove any malware it finds.

http://malwarebytes.org

In the future to avoid this, make sure your system is always fully updated and patched. Also make sure you have a good antivirus utility installed. I can really recommend Panda Cloud antivirus.

Also make sure that you use your common sense when browsing the web or with your emails. Only visit sizes you know or trust. Don't click on every link you see. Don't open emails you don't know whom they come from. Don't open attachments you aren't sure about. Install the adblock plus and flashblock addons in your firefox or chromium web-browser. Don't browse with insecure browsers like IE. Enable spam filters for your email client.

Also, once installed, some keyloggers are very difficult to find and remove, even for the best utility like malwarebytes, so a fresh installation IS often the best way to ensure your system really is clean.
0
 
LVL 21

Assisted Solution

by:netcmh
netcmh earned 664 total points
ID: 39689685
I'm sorry you had to go through this. This happens quite a lot. The way to secure against any further attacks is to learn from the situation, which is what I'm assuming you're heading towards. In addition to the above, I would recommend reading an essential - http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

The guide walks you through the various steps one would take to handle this situation with care. Simply running software to try and ascertain the cause is foolish, as the threats these days can remain hidden well after the software claims to have gotten rid of it.

My intention is not to belittle any product, just to become more knowledgeable in not only your own device, but your network, the environment in which you plug yourself into and the ever changing threats.

Good luck.
0
 

Author Comment

by:uknet80
ID: 39689728
so you are suggesting that it not possible to find the file name or the service name,  my concern is that we are a company of 300 laptops and this might have been spread throughout the company, that is why i want to find the source of the file so i can prevented for other laptops.  the question is, can i find the file name source name, or any indication of been hacked?
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 668 total points
ID: 39690328
It absolutely is possible.  I recommend you disconnect the machine from the primary network (OK to remain active on isolated analysis network) and create an image of the infected machine for analysis.  You'll then run the image as an isolated virtual machine.  See VirtualBox, VMware Workstation, etc.

A quick way to do this with VMware® vCenter™ Converter™

Once you've backed up the infected machine, I highly recommend you perform a clean install/image on your coworkers machine, so they're not down the entire time your running the analysis.

Next, read the following documents:

Advanced Malware Cleaning Techniques for the IT Professional

http://www.pisa.org.hk/event/malware-forensic-approach.pdf

https://www.sans.org/reading-room/whitepapers/malicious/malware-analysis-introduction-2103

http://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Presentation/bh-dc-07-Kendall_McMillan.pdf

You'll essentially be performing the following steps:
malware cleaning stepsMicrosoft-Security-Intelligence-.pdf
0
 
LVL 21

Expert Comment

by:netcmh
ID: 39739944
Thanks for the grade and good luck.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question