Solved

How to check my hacked computer

Posted on 2013-12-02
5
476 Views
Last Modified: 2013-12-26
Dear experts,

My computer has been hacked, someone accessed the computer and deleted my files even controlled the cursor.
 
I don’t want to format the computer, I want to see the cause, program and the event log to find out how that happed so I block future access to other users.

How can I check and where to look
0
Comment
Question by:uknet80
5 Comments
 
LVL 87

Assisted Solution

by:rindi
rindi earned 167 total points
ID: 39689406
You have probably gotten a keylogger and further malware on your system. The best utility to find malware and remove it is malwarebytes. Download, install and run it, maybe after the malwarebytes definition is updated, remove the LAN cable. Then scan the system and let it remove any malware it finds.

http://malwarebytes.org

In the future to avoid this, make sure your system is always fully updated and patched. Also make sure you have a good antivirus utility installed. I can really recommend Panda Cloud antivirus.

Also make sure that you use your common sense when browsing the web or with your emails. Only visit sizes you know or trust. Don't click on every link you see. Don't open emails you don't know whom they come from. Don't open attachments you aren't sure about. Install the adblock plus and flashblock addons in your firefox or chromium web-browser. Don't browse with insecure browsers like IE. Enable spam filters for your email client.

Also, once installed, some keyloggers are very difficult to find and remove, even for the best utility like malwarebytes, so a fresh installation IS often the best way to ensure your system really is clean.
0
 
LVL 20

Assisted Solution

by:netcmh
netcmh earned 166 total points
ID: 39689685
I'm sorry you had to go through this. This happens quite a lot. The way to secure against any further attacks is to learn from the situation, which is what I'm assuming you're heading towards. In addition to the above, I would recommend reading an essential - http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

The guide walks you through the various steps one would take to handle this situation with care. Simply running software to try and ascertain the cause is foolish, as the threats these days can remain hidden well after the software claims to have gotten rid of it.

My intention is not to belittle any product, just to become more knowledgeable in not only your own device, but your network, the environment in which you plug yourself into and the ever changing threats.

Good luck.
0
 

Author Comment

by:uknet80
ID: 39689728
so you are suggesting that it not possible to find the file name or the service name,  my concern is that we are a company of 300 laptops and this might have been spread throughout the company, that is why i want to find the source of the file so i can prevented for other laptops.  the question is, can i find the file name source name, or any indication of been hacked?
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 167 total points
ID: 39690328
It absolutely is possible.  I recommend you disconnect the machine from the primary network (OK to remain active on isolated analysis network) and create an image of the infected machine for analysis.  You'll then run the image as an isolated virtual machine.  See VirtualBox, VMware Workstation, etc.

A quick way to do this with VMware® vCenter™ Converter™

Once you've backed up the infected machine, I highly recommend you perform a clean install/image on your coworkers machine, so they're not down the entire time your running the analysis.

Next, read the following documents:

Advanced Malware Cleaning Techniques for the IT Professional

http://www.pisa.org.hk/event/malware-forensic-approach.pdf

https://www.sans.org/reading-room/whitepapers/malicious/malware-analysis-introduction-2103

http://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Presentation/bh-dc-07-Kendall_McMillan.pdf

You'll essentially be performing the following steps:
malware cleaning stepsMicrosoft-Security-Intelligence-.pdf
0
 
LVL 20

Expert Comment

by:netcmh
ID: 39739944
Thanks for the grade and good luck.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
OfficeMate Freezes on login or does not load after login credentials are input.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now