[huma]

1. How to confirm if i doubt that my system is hacked
2. if i confirm then how to restore it?
3. after restoration how to avoide future hacking.


Please reply very sooooooooooooooooooon
thanks.

[Phantom010]

What makes you think your system has been hacked?

[huma]

well no sign at my sys but informaiton form my sys has been moved in form of chat discussions etc and it has been used and currently been used as well - m sure of that . Moreover the leakage of information has caused serious problems.
I haven't accepted any exe. nothing of that type but the guy who is doing this knows how to hack.
can u help please.

[Phantom010]

It's easy for a lot of websites to acquire your system's informations, like your OS, IP address, Web browser, etc... in a legitimate way. It doesn't mean you have been hacked.

Have any personal informations of private files been exposed? If not, I wouldn't call this hacking.

[huma]

definatly my personal files have been exposed they are my chat logs some business documents. & i kind of know the person doing it as well.
please help me stop this.

[bp936]

do you have any Security software installed?
Read the suggestions at the first section of this forum.
Is your firewall turned on?

[huma]

i've Avast anti virus installed & i recently installed Kerio firewall 7 it is turned on. earlier there was only windows default firewall on - i'm using winxp prof.

[andyparker01]

i would like to advice u to install ZoneAlarm PRO Firewall 2010.

[valis]

Quote:

Originally Posted by huma

i've Avast anti virus installed & i recently installed Kerio firewall 7 it is turned on. earlier there was only windows default firewall on - i'm using winxp prof.

1. You only want one firewall running at any time; more than that and they can cancel themselves out.

2. Set up your security logs in your event viewer; it's meager, but you should be able to see who is trying to hit your system. If you are using a router, set it up to log incoming traffic and start reconciling the ip addresses using whois.com.

3. If you are certain you know who did it, and are telling the truth about business documents being leaked, notify the authorities. Last I checked, that's a pretty serious crime.

[huma]

can u please guide abt :

2. Set up your security logs in your event viewer; it's meager, but you should be able to see who is trying to hit your system. If you are using a router, set it up to log incoming traffic and start reconciling the ip addresses using whois.com.

and i'm not using a router - my internet connection is broadband and its direct from the service provider

[valis]

start > run > ncpa.cpl > right click 'local area connection (or whatever the name is for your internet connection) > properties > advanced tab > firewall settings button > advanced tab > tick both boxes and set the size up to something around 30k. You can change the location of where you want it delivered there as well; I've changed mine to c:\valis, where my file structure is.

You can also go to start > control panel > admin tools > local security policy > local policy > audit policy and change those settings as well. Those will show up in your event log under security (start > run > eventvwr.msc). Those will also tell you IP addresses coming in, I believe.

Another option is to just google for network monitor; pretty sure windows either has one built in, or you can download a pile of them for free for live-time watching of your network connections.

thanks,

v

[lunarlander]

Go buy a router now. It prevents your PC from being directly accessed from the internet. Buy it even if you have only 1 PC. Without it, a hacker can tinker directly with your PC.

Hacker tools are not generally detected by antivirus programs. But do some online antivirus scans just to see. Eg Panda Activescan, Bitdefender, and Trendmicro Housecall.

Since you say "Definitely" that your files were exposed, then try to determine if the attacker has obtained administrative rights. If you regularly use an admin account on a daily basis like most XP users, then the attacker might probably have obtained that privilege. Once they obtain admin rights, it is game over - they've won. You can try to remove this piece and that piece, but since they have full control of your PC, they can put new tools back in. It's a game that you can't win. Then the best thing to do is to backup, reformat and reinstall your PC.

But if you are thinking about legal action, then turn over your PC to a forensics expert.