Re: Have I Been Hacked?

On Fri, 29 Aug 2008 01:17:44 -0500, TeeFran wrote:

Hello all.
A couple months ago I was having problems with Vista and software not
operating correctly, so I restored Vista to it’s original factory
settings and things have been fine. I re-activated my purchased
softwares and what-not. About a month ago though, I logged off and the
next day upon hitting the button to turn the PC on it came on like it
does when it boots from sleep or hibernate, and my wireless internet
account was active. I closed the connection and shut the system down.
The day after that I had to re-add my wireless internet connection as I
was not listed with the other names in the connection box. Normally my
wireless connection is the first one at the top of the connection box.
Then a day or so after that my name was at the bottom or further down
than it normally is in the connection box and another name/connection
was at the top where my name normally is. I immediately added a standard
user instead of having just me as the only administrator/authorized
user, and I activated parental control for the standard user and gave
the standard user only limited access to the PC. For the most part I
only get online now with the new standard user, and for the last two
weeks or so I have not noticed any anomalies. But today using my normal
admin account I downloaded a file online and I attempted to convert it
using a software I bought last year to convert files from one format to
another and my System ID has been changed (like it was when I restored
to factory settings). I had already contacted the company and got a new
activation code for my new System ID when I restored a few months back.
Now I need to contact the company once again for another activation code
for this software to go with another System ID.
1) Does it sound like my PC was and/or has been hacked?
2) When I was noticing all the strange things before could someone have
changed my System ID then and
I’m just now noticing it?
3) Could someone still have a window into my System?
4) Is there any other way your System ID can be changed besides
restoring to factory settings?
5) I only restored once so how can my System ID be different again
without a second restore?
6) Could just adding a new standard user have changed my whole System
7) Or could the software itself or another software be screwing with my
And finally;
8) If I have been compromised, how can I make my regular admin account
more secure, with or without using UAC (which I don’t like using)?
Please help!

Help: I Got Hacked. Now What Do I Do?

Installing and reinstalling Windows.
Reinstalling Windows Vista when you want to restore default Windows
settings or when you are having trouble with Windows and need to reinstall
it by performing a clean installation.

How To Perform a Repair Installation For Vista.

For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
User Account Control Step-by-Step Guide.
Understanding and Configuring User Account Control in Windows Vista.

2. Familiarize yourself with "Services Hardening in Windows Vista".
Services Hardening in Windows Vista
Educational reading:
10 Immutable Laws of Security

3. Don't expose services to public networks.
Windows Vista Service Configurations Introduction

4. Keep your operating (OS) system (and all software on it)
updated/patched. (Got SP1 yet?).
Why Service Packs are Better Than Patches.

5. Reconsider the usage of IE.
Utilizing another browser application can add to the overall security of
the OS.
Alternative Browsers:
The SeaMonkey® Suite (Internet Browser)
5a.Secure (Harden) Internet Explorer.
IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
Internet Explorer Enhanced Security Configuration changes the browsing
The Internet Explorer 7 Security Status Bar
Extended Validation SSL Certificates
Note: Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.
You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:

6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal firewall
application (PFW) - the one which claims:
"It can stop/control malicious outbound traffic".
Remove clutter, dispose of all your 'Anti-Whatever' applications. Keep your
pc lean, install only applications you are really need - try to be a
Belarc Advisor can assist
--As can--
Revo Uninstaller

7. Activate the build-in firewall and tack together its advanced
configuration settings.
Tap into the Vista firewall's advanced configuration features
Configure Vista Firewall to support outbound packet filtering,289483,sid45_gci1247138,00.html
Vista Firewall Control (Free versions available)
Managing the Windows Vista Firewall

7a.If on high-speed Internet connection use a router.
Implement countermeasures against DNSChanger.

And (just in case) Wired Equivalent Privacy (WEP) has been
superseded by Wi-Fi Protected Access (WPA).

8. Utilize one (1) each 'real-time' anti-virus and anti-spy
Avira AntiVir® Personal - FREE Antivirus
(The free version won't scan your emails.)
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
You may wish to consider removing the 'AntiVir Nagscreen'

Windows Defender - (build-in in Vista)

9. Employ vital operating system monitoring utilities/applications.
Process Explorer, AutoRuns, TCPView etc.

10. Routinely practice Safe-Hex.

Also, ensure you back-up regularly; Develop a Contingency Plan; Be
prepared! Consider "What if..."

Good luck :)