MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT'S BEEN COMPROMISED

From: Jene Keller (f2byline_at_yahoo.com)
Date: 11/03/03 

Date: 2 Nov 2003 20:17:53 -0800

Copyright 2003 by Debbie X. All rights Reserved. No part of this
publication may be reproduced in any form or by any means, or stored
in a data base or retrieval system, without prior written permission
of the publisher. You may pass along this information, but give
credit where credit is due.

MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT'S BEEN COMPROMISED:

I highly recommend keeping the hacked hard drive and purchasing a new
one. Of course you could mirror the drive, but you still need a
replacement drive to perform this task. You can't produce the same
results by replicating files versus viewing the actual hard drive
itself. If your system was used to attack and crash a Network, or
System, you have proof for the FBI or any Law Enforcement Agency.
This would show you were not involved in any illegal activities until
you discovered your system was hacked.

The proper method is to re-format your hard drive, and install from
original CD-ROM. To safe guard against software manufacturer employee
malicious activity always virus check your CD-ROM. Not too long ago,
I decided to install X Software Application on a computer, media form
was a CD-ROM. Immediately, Norton Anti-virus told me a suspicious
file named "install.exe" was trying to load into my hard drive boot
sector. We all know an application doesn't need to load in a boot
sector of a drive. After telling the computer not to install this
application, it still made it's way and changed the name of my hard
drive. The computer access slowed down, while viewing directories the
screen started to move back and forth.

Virus check all floppy disks because hackers DO install a Backdoor,
Trojan Horse, or Virus on disks. They enjoy doing this especially
when you're online using your computer, with a floppy in the drive.
My preference is to obtain a replacement CD-ROM if your software
applications are on a floppy. What concerned me most is a Backdoor
was planted in a .zip file and unopened. Norton's Anti-virus
application couldn't detect it. Let's one day you come along and for
no reason, you decide to open this .zip file, voila, the Backdoor is
unleashed.

There will always be evil code applications (to knock your system into
becoming a victim) out in this world which anti-virus applications
won't be able to catch. Either the Trojan Horse already installed on
your system will eat the floppies alive, or hacker's will. Hackers
will bind or disguise their applications and install them on your
floppy disks. Many Trojan Horses "hide" all traces of their
applications they run on your system. On your computer perform a
search for a file named "backdoor.zip". I will warn you now, if you
unleash this baby after a complete application install and go online,
you will unleash many of the secrets to the "underground" hackers
world.

A number of Internet Service Providers allow free dial-up access with
DSL and Cable connections. Note: Hackers are taking advantage of
your canceled accounts even when they were closed. Until certain
Internet Services Providers and Telecommunication Companies correct
their major error; telecon your ISP and ask them to change your
password since malicious hackers are abusing your canceled account,
holding you liable.

Disabling all unnecessary Window Services will assist in making your
computer system secure. How to accomplish this task is presented
under "Windows Services you might want to disable". If running any
type of Server, update the latest application patches.

Once you are able to view all Hidden Files and Folders, it would be
smart to make a backup copy of your registry. To perform this, do the
following:

A. Select Start, Run, type in Regedit, and press enter.
B. Then Select Registry, Export Registry File
C. In the box, type a name like "3-21-02.txt"
D. Select Save.

You can open this file in any text editor. What you want to do first
is check the bottom of the file. Hardware/Application/Device Driver
information can be setup by hackers at the bottom of the file. What I
did was "incorporate" one registry entry at a time. You could see a
major difference. Each time you save the registry file it will create
a file called RB000.CAB and so forth, depending on how many copies
that you have saved. If you perform the backup when the hackers are
abusing your system, you might only see 30 lines of text, the next
time 100, and so on. This is a clear sign that your computer is
compromised.

Tracker
I know how important it is for me not to define myself by how others
perceive me.

Quantcast