cancel
Showing results for 
Search instead for 
Did you mean: 

Computer hacked?

N/A

Computer hacked?

Sorry for flooding the forum with an ever-growing teething list.

After I had a download.trojan last week, I wiped everything from the computer and restarted a Windows XP system. I've spent a lot of time trying to protect my computer using Norton Systemswork; ZoneAlarm and Cleancache which I thought was working fine.

Yesterday I found a new account had been created on my computer called ast.net. I changed the password for it and then deleted it. No one else has had access to the computer, so it's clear to me it originated from the internet connection.

My hard drive is next to empty since I haven't installed anything back - I'm wondering if it's worth the effort since nothing I do seems to withstand viruses and attacks.

Any ideas?

Best wishes,

RJ
16 REPLIES
N/A

Browser security locking down required Ivan

Hello RJ,

Sadly, you've probably NOT done the one MOST important thing & that leaves your system still vulnerable, which is to lock down your internet browser.

**also in addition you can go one step beyond that too and lock down your operating system but that requires some more advanced knowledge and you do definately have to know what effect switching off certain OS services might have.

Again,sadly you've done almost everything right I know because we've exchanged alot of posts recently. Look at what happened too you as a very valuable learning experience, you need to realise that the internet is saturated with viruses,malware,spyware,trojens,rogue dailers,etc,etc its a long list. Whilst its not possible to secure a system against ALL of these nasties it is worth while taking steps to prevent the most common nasties. But having effective tools too deal with those that do get through your defences.

**Locking down your browser for things like plug-ins, active X controls, jave scripts or other scripts that might copy & paste themsleves into your system. In IE6, goto Tools, internet options,security tab, click on and open "custom level" button, now see the list shown work your way down this list. here you can disable or enable various items. Bye disabling certain items such as ActiveX controls etc you are able to lock down and prevent further naties gaining a foothold into your machine.

**Locking down your web browser is an essential security process unless your NOT using MS windows & IE.

If you want any further help let me know? Cool

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
The True power of knowledge is when its shared, Your Voice Counts!
N/A

Computer hacked?

Thanks Ivan,

I had tried to lock down the internet browser - that was how I managed to firewall myself and make it impossible to access the internet initially.

Then I switched to Firefox, which, despite its rave reviews, is open source.

Since someone has created a limited account on my computer, I presume I was not foolish enough to navigate the internet with Admin rights. What kind of programs do people like that tend to leave behind in a hacked computer? Apart from using my computer as a spammer and other things, are there any software bits or things I need to think about removing?

Kind regards,

RJ
N/A

On system security

Hi RJ,

Despite alot of bad press actually IE6 is IMO a very good browser (YES! NOT Perfect, YES! has vulnerabilities true) but the devil you know is sometimes better than the devil you dont know. Yes! IE6 has vulnerabilities but most of them can be sorted out or blocked or patched. Yes! Firefox is also a good browser but it too is NOT perfect it too has its own vulnerabilities and so switching browser isnt neccessarily the best answer or the whole solution either.

**The security of your machine and its use on the internet has to be a balanced combination of techniques to prevent your computer being compromised or penetrated by one of the rampent nasties. Yes! some form of a firewall is now vital, Yes! good locking down of your browser, Yes! further locking down of Windows OS or Linux for that matter too (what ever the OS).

Having a good quality anti virus software on your machine & kept updated regularly and scan the machine frequently, Yes! good spyware & Adware detection software which can also be used to safely remove unwanted items that have arrived into the internet cache. Yes! a cache cleaner to rid yourself of the items caute in the internet cache before they might escape into the rest of your system.

**The more you learn & know about these nasties & the way they behave and which are harmless and which can potentially do harm then the better off you will be to take counter measures to defend yourself against them. In this sense using a computer & use of the internet is NOT a simple matter as some people would have us believe.

**Computers are often sold as just another cool must have consumer product but actually computers & PC's are NOT like other home appliences. Computers do have a level of technicality that alot of people dont fully appreciate when first bought,its only after a couple of years of experience dealing with the gliches & problems and leaning along the way that users start to get the best from their machines IMO.

**Your NOT alone in this kind of experience that I can assure you, I've been there done that and got the T shirt too. Comprehending computer security and whats required is very interesting but can also be quite daunting too.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
The True power of knowledge is when its shared, Your Voice Counts!
N/A

Computer hacked?

Hi Ivan,

Having had no problems for 2 years on dial-up, I guess I'm thinking that any hackers out there just don't have the patience to try and hack a computer which is downloading at 54kb.

Norton Systemsworks [Firewall and Virus] + Zonealarm + Cleancache with the internet lock down is more than I have ever used on dial up; perhaps it's anecdotal, but the Broadband connection itself seems to run higher hacking/virus risks.

I'm have reservations about Firefox - there's so little I enjoy from WIndows at the moment. When I get Linux is up and running, I guess it's goodbye to surfing on Windows.

Ivan! I know computers are not consumer products but have you seen the flashing blue lights on the latest serial ATA compatible Gigabyte motherboards? I've seen ones with disco lights as well ;P

It's daunting learning new computer hygiene skills. I'm spending more time trying to maintain a computer system than actually getting on with life. What's disturbing is I'm not sure if I really don't enjoy it...
N/A

Secure Computing Ivan

Hi RJ,

OK just in the way of reply to your last posting, YEP!! spot on dialup was far to slow for most serious attempts at hacking, but virus infection was the most wide spread problem I seem to remember. YES! of course now that broadband has exploded across the world and fast connections are becoming the norm, so too we have seen an explosion on viruses,worms,trojens, various other nasties,port scanning, and general attempts at probing & attacking any machine connected to the web. Yes! the implications of having broadband are that you have to take far more precautions now than ever before.

**On a personal level,all that I have done is install a firewall (zone alarms freeware version) I use Norton 2002 which is very good and I run x4 scans a day as a windows scheduled task, I have locked down my OS & IE6, I have Ad Aware which I run occationally ( maybe once a week or once every 2 weeks). The program I use most though is CleanCache which is setup to clean my internet cache every time IE6 closes.

**This configuration allows me to enjoy the benefits of using the web with minimal maintinence. x1 weekly update for Norton & x1 weekly update for AdAware thats all.

**But I agree you shouldnt have to spend a large amount of time keeping your system secure, you should be able to enjoy the benefits of secure computing instead.

**YES! well you can call me an old duffer if you like but I think all that disco lights stuff is for people who feel insecure about their willies frankly :lol: :lol: Yes! you can keep it, I'm more interested in using my machine than what it looks like TBH.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
The True power of knowledge is when its shared, Your Voice Counts!

Ivan
N/A

Computer hacked?

Hi Ivan,

looks like I've got far more serious problems than just being hacked. My name can be used even if there is no account, with whatever administrator password I have to access the computer. Looks like a complete format job again.........

You're spot on about those disco lights - boy I can't wait to have mine running at strobe rates! Wink

Best regards,
RJ
N/A

Replying Ivan

Hi RJ,

With regards to the Administrator's account, before you go so far and take the drastic step of a complete re-formatting & whole system rebuild. I think you should be fully aware that from the very first version of Windows NT 3.1 many years back (bear in mind that both Windows 2000 & XP are still considered versions of NT, well XP is NT version 5.0 to be precise) the administrators account could be accessed with a completely blank password. If one hadnt been setup (could be left bank) I cannot remember quite why this was the case but I think you will definately find that to still be the case today on current windows versions.

**One way I deal with this vulnerability myself is to create a number of new accounts (say x2) on my machine and add them to the admins user group and give them full local machine admins rights & permissions. rename these accounts something like a real person (no! dont make this name obvious like john admins!! make it ordinary like "tim dale" or "sarah johnston" give these accounts normal usernames & passwords.

Once you've done that you effectively have x2 admins accounts then I give the real administrators account a very very long complex password which I write down and store away from my machine (in other words I never use the real builtin admins account but nor do I go as far as to completely disabling it either, dont advise disabling the real admins account) But once you've created the x2 new admins accounts I only use them when I need full system wide rights & permissions. Only use these accounst when you need to do something special that requires full blown permissions. such as installing a new driver or package.

**I then create a normal power user account on the machine and use that for every day use for my own needs.
**Create any other normal ordinary user accounts for anyone else you might share your machine with after this. This just helps to keep things more secure and reduces that specific vulnerability.

**Hope that helps, you might NOT need to go as far as a reformat and rebuild but only do that as a last resort.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
The True power of knowledge is when its shared, Your Voice Counts!
N/A

Computer hacked?

Hi Ivan,

Another complete recovery later, I'm exhausted at finding yet another created limited user called "Asp.net Machine A".

Is this a virus? Back door? Or a complete hackers job? I've changed the Admin passwords before I set up the firewalls and virus checkers and microsoft updates.

This is boggling. Surely Microsoft don't create accounts like this in user's computers?

Looks like the whole reformat is going to be the only option....
N/A

"Asp.net Machine A". Ivan

Hi RJ,

Hang on, Hang on!! this is getting VERY silly now!!, what you described as a limited user account? "Asp.net Machine A". Yes! windows NT creates a number of system and machine related accounts that are NOT created by the person who installs windows. These are accounts that are required by NT inorder to run various machine or system related processes and they are perfectly legitimate. Windows wouldnt work without them.

QUESTION:-
When you say limited user account? "Asp.net Machine A". Where is this account to be found/located on your machine? are we talking login dialogue box when you login to windows after boot up? or are we talking C:\Documents and Settings\ username (where username is the a users profile within windows)? or are we talking about a username appearing within Computer Manager within Users & groups?? where and what are we talking about here.

**It could be that what you describe as "Asp.net Machine A" could be software related as something that IS required by Active Server Page processes on your machine (its required by programming related matters at code level) Active Server Pages is a commonly used programming language for pages that have dynamic content and are found on servers across the web.

**ASP.NET could be hardware related possibly too, it doesnt nesseccarily mean theres anything wrong with your machine or windows or even how you installed windows. This could be completely legitimate and requied by your system however your right to question what it is if your unfamilair with this.

**Can I suggest that YOU DONT go as far as yet another reformatting & re-install of windows etc. Go and do a goggle search on "Asp.net Machine A".or just ASP.NET? and see what you come up with this might help throw some more light on whats going on.

**You might well find that you DO have some software on your machine that requires Asp.net Machine A. account to work or you might have downloaded an update that creates or requires this? are you entirely sure its actully an account and not just a folder or temp folderHuh May not mean that you machine has been hacked or compromised at all.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
The True power of knowledge is when its shared, Your Voice Counts!
N/A

Computer hacked?

Oops......

you've got a point. I just don't know enough about modern software.

Just who do Microsoft think they are, planting limited accounts on my computer without telling me? I didn't agree to any of that when I downloaded updates.

I guess I really don't know. It all happened after the download.trojan tried to come into my computer. I'll have to give his a break. Windows updates are much more confusing than Linux.

Say - what do you think of the AppleImac G5? Sure it's slow, outdated G5 proessor and fairly expensive.....it looks like a reasonable computer to do internet work with...

Have a good bank holiday.

Best regards,

RJ
N/A

Computer hacked?

Quote
Say - what do you think of the AppleImac G5?


I think it's they're fantastic machines.

Quote
Sure it's slow,


No they're not, not at all. 2 64 bit G5's humming away, lovely.

Quote
outdated G5 proessor


Not that outdated, Although the speed ramp has been dissapointing the G5 has a fantastic architechture. In slightly different form it's been chosen to power all the next gen consoles.

Quote
and fairly expensive...


Yes, yes they are but given the spec and the bundled software they're not bad value at all. The 20" iMac is a fantastic machine, lovely screen, everything you could want built in take the RAM up to a gig and add three years warrenty and support for £1500.

Quote
..it looks like a reasonable computer to do internet work with...


and the rest. There really isn't much you can't do with them unless you're a hadcore gamer.
N/A

Nothinh wrong with Macs Mate Ivan

Hi RJ,

As Matley said AppleMac's are very good machines although TBH I'm abit out of touch with Mac spec's these days I used to support G4's & G5's prior to OS X coming out. Yes! Mac's are whole ball game different from MS Windows but frankly I liked them alot, despite feeling abit weird and differnt from what I was used too. Mac OS is very different from MS.

Mac's do make a nice change though & I get the destinct impression that since OS X Macs have got a whole lot better than they used to be. But YES! price does seem better than they used to be too, Yes! used to be very expensive but seem to have come down in price & perhaps now much more competitive with windows.

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
The True power of knowledge is when its shared.
N/A

Computer hacked?

Many thanks for your thoughts on the macs.

Are there any software problems? How do people change or upgrade their macs?
I'm really only in need of a Mac + some specialist graphics software which will do everything my Windows is doing without Microsoft creating user accounts on my computer without informing me.........until I've set about complete recovery x2....

Microsoft is just exhausting to work with so I'll start migrating...

Thanks.
N/A

Computer hacked?

Quote
Many thanks for your thoughts on the macs.

Are there any software problems?


Depends on what you consider a problem. :? Most well written stuff runs fine, just like most Windows stuff. Power users of software generally have more issues on all platforms so you need to look at the software you need that might be problematic.

Quote
How do people change or upgrade their macs?



They change them by buying a new one, they upgrade by buying a new one. That's mac users for you, They do command reasonable prices in the SH market but off to aunt mabel for email is where I see a fair few going nowadays.


Quote
I'm really only in need of a Mac + some specialist graphics software which will do everything my Windows is doing


When you say 'specialist' you may have an issue. There may a mac version of what you use, or maybe even something better, but the may not and running virtual PC is really defeating the whole object.

Quote
without Microsoft creating user accounts on my computer without informing me


Apple uses a three tier user model, with root login disabled by default, any new services should have new accounts, so if you need .net giving it it's own account is only right.

Quote
Microsoft is just exhausting to work with so I'll start migrating...

Thanks.


Good for you, If you want to go that way and have deep enough pockets, you probably won't be dissapointed. If you want some help speccing up a machine then post what you need it to do, especially any 'specialist' stuff, then post back Cheesy