Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to check my hacked computer

Posted on 2013-12-02
5
Medium Priority
?
535 Views
Last Modified: 2013-12-26
Dear experts,

My computer has been hacked, someone accessed the computer and deleted my files even controlled the cursor.
 
I don’t want to format the computer, I want to see the cause, program and the event log to find out how that happed so I block future access to other users.

How can I check and where to look
0
Comment
Question by:uknet80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 88

Assisted Solution

by:rindi
rindi earned 668 total points
ID: 39689406
You have probably gotten a keylogger and further malware on your system. The best utility to find malware and remove it is malwarebytes. Download, install and run it, maybe after the malwarebytes definition is updated, remove the LAN cable. Then scan the system and let it remove any malware it finds.

http://malwarebytes.org

In the future to avoid this, make sure your system is always fully updated and patched. Also make sure you have a good antivirus utility installed. I can really recommend Panda Cloud antivirus.

Also make sure that you use your common sense when browsing the web or with your emails. Only visit sizes you know or trust. Don't click on every link you see. Don't open emails you don't know whom they come from. Don't open attachments you aren't sure about. Install the adblock plus and flashblock addons in your firefox or chromium web-browser. Don't browse with insecure browsers like IE. Enable spam filters for your email client.

Also, once installed, some keyloggers are very difficult to find and remove, even for the best utility like malwarebytes, so a fresh installation IS often the best way to ensure your system really is clean.
0
 
LVL 21

Assisted Solution

by:netcmh
netcmh earned 664 total points
ID: 39689685
I'm sorry you had to go through this. This happens quite a lot. The way to secure against any further attacks is to learn from the situation, which is what I'm assuming you're heading towards. In addition to the above, I would recommend reading an essential - http://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

The guide walks you through the various steps one would take to handle this situation with care. Simply running software to try and ascertain the cause is foolish, as the threats these days can remain hidden well after the software claims to have gotten rid of it.

My intention is not to belittle any product, just to become more knowledgeable in not only your own device, but your network, the environment in which you plug yourself into and the ever changing threats.

Good luck.
0
 

Author Comment

by:uknet80
ID: 39689728
so you are suggesting that it not possible to find the file name or the service name,  my concern is that we are a company of 300 laptops and this might have been spread throughout the company, that is why i want to find the source of the file so i can prevented for other laptops.  the question is, can i find the file name source name, or any indication of been hacked?
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 668 total points
ID: 39690328
It absolutely is possible.  I recommend you disconnect the machine from the primary network (OK to remain active on isolated analysis network) and create an image of the infected machine for analysis.  You'll then run the image as an isolated virtual machine.  See VirtualBox, VMware Workstation, etc.

A quick way to do this with VMware® vCenter™ Converter™

Once you've backed up the infected machine, I highly recommend you perform a clean install/image on your coworkers machine, so they're not down the entire time your running the analysis.

Next, read the following documents:

Advanced Malware Cleaning Techniques for the IT Professional

http://www.pisa.org.hk/event/malware-forensic-approach.pdf

https://www.sans.org/reading-room/whitepapers/malicious/malware-analysis-introduction-2103

http://www.blackhat.com/presentations/bh-dc-07/Kendall_McMillan/Presentation/bh-dc-07-Kendall_McMillan.pdf

You'll essentially be performing the following steps:
malware cleaning stepsMicrosoft-Security-Intelligence-.pdf
0
 
LVL 21

Expert Comment

by:netcmh
ID: 39739944
Thanks for the grade and good luck.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question