Re: Have I Been Hacked?



On Fri, 29 Aug 2008 01:17:44 -0500, TeeFran wrote:

Hello all.
A couple months ago I was having problems with Vista and software not
operating correctly, so I restored Vista to it’s original factory
settings and things have been fine. I re-activated my purchased
softwares and what-not. About a month ago though, I logged off and the
next day upon hitting the button to turn the PC on it came on like it
does when it boots from sleep or hibernate, and my wireless internet
account was active. I closed the connection and shut the system down.
The day after that I had to re-add my wireless internet connection as I
was not listed with the other names in the connection box. Normally my
wireless connection is the first one at the top of the connection box.
Then a day or so after that my name was at the bottom or further down
than it normally is in the connection box and another name/connection
was at the top where my name normally is. I immediately added a standard
user instead of having just me as the only administrator/authorized
user, and I activated parental control for the standard user and gave
the standard user only limited access to the PC. For the most part I
only get online now with the new standard user, and for the last two
weeks or so I have not noticed any anomalies. But today using my normal
admin account I downloaded a file online and I attempted to convert it
using a software I bought last year to convert files from one format to
another and my System ID has been changed (like it was when I restored
to factory settings). I had already contacted the company and got a new
activation code for my new System ID when I restored a few months back.
Now I need to contact the company once again for another activation code
for this software to go with another System ID.
Questions:
1) Does it sound like my PC was and/or has been hacked?
2) When I was noticing all the strange things before could someone have
changed my System ID then and
I’m just now noticing it?
3) Could someone still have a window into my System?
4) Is there any other way your System ID can be changed besides
restoring to factory settings?
5) I only restored once so how can my System ID be different again
without a second restore?
6) Could just adding a new standard user have changed my whole System
ID?
7) Or could the software itself or another software be screwing with my
PC?
And finally;
8) If I have been compromised, how can I make my regular admin account
more secure, with or without using UAC (which I don’t like using)?
Please help!

Help: I Got Hacked. Now What Do I Do?
http://technet.microsoft.com/en-au/library/cc512587.aspx

Installing and reinstalling Windows.
Reinstalling Windows Vista when you want to restore default Windows
settings or when you are having trouble with Windows and need to reinstall
it by performing a clean installation.
https://windowshelp.microsoft.com/Windows/en-US/Help/e77344fa-e978-464c-953e-eba44f0522671033.mspx

How To Perform a Repair Installation For Vista.
http://www.vistax64.com/tutorials/88236-repair-install-vista.html

For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
User Account Control Step-by-Step Guide.
http://technet.microsoft.com/en-us/library/cc709691.aspx
Understanding and Configuring User Account Control in Windows Vista.
http://technet.microsoft.com/en-us/library/cc709628.aspx

2. Familiarize yourself with "Services Hardening in Windows Vista".
Services Hardening in Windows Vista
http://www.microsoft.com/technet/technetmag/issues/2007/01/SecurityWatch/
Educational reading:
10 Immutable Laws of Security
http://technet.microsoft.com/en-us/library/cc722487.aspx

3. Don't expose services to public networks.
Windows Vista Service Configurations Introduction
http://www.blackviper.com/WinVista/servicecfg.htm

4. Keep your operating (OS) system (and all software on it)
updated/patched. (Got SP1 yet?).
Why Service Packs are Better Than Patches.
http://www.microsoft.com/technet/archive/community/columns/security/essays/srvpatch.mspx?mfr=true

5. Reconsider the usage of IE.
Utilizing another browser application can add to the overall security of
the OS.
Alternative Browsers:
Opera™
http://www.opera.com/download/
Firefox™
http://www.mozilla.com/en-US/
The SeaMonkey® Suite (Internet Browser)
http://www.seamonkey-project.org/
--or--
5a.Secure (Harden) Internet Explorer.
IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
http://www.microsoft.com/downloads/details.aspx?FamilyId=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en
Internet Explorer Enhanced Security Configuration changes the browsing
experience
http://support.microsoft.com/default.aspx?scid=kb;en-us;815141
The Internet Explorer 7 Security Status Bar
http://www.microsoft.com/windows/products/winfamily/ie/ev/security.mspx
Extended Validation SSL Certificates
http://www.microsoft.com/windows/products/winfamily/ie/ev/default.mspx
Note: Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.
You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:
http://update.microsoft.com
http://download.windowsupdate.com
https://*.update.microsoft.com
http://*.update.microsoft.com
http://*.microsoft.com

6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal firewall
application (PFW) - the one which claims:
"It can stop/control malicious outbound traffic".
Remove clutter, dispose of all your 'Anti-Whatever' applications. Keep your
pc lean, install only applications you are really need - try to be a
'minimalist'.
Belarc Advisor can assist
http://www.belarc.com/free_download.html
--As can--
Revo Uninstaller
http://www.revouninstaller.com/

7. Activate the build-in firewall and tack together its advanced
configuration settings.
Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
--Or--
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
--Or--
Vista Firewall Control (Free versions available)
http://sphinx-soft.com/Vista/
Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx

7a.If on high-speed Internet connection use a router.
Implement countermeasures against DNSChanger.
http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

And (just in case) Wired Equivalent Privacy (WEP) has been
superseded by Wi-Fi Protected Access (WPA).

8. Utilize one (1) each 'real-time' anti-virus and anti-spy
application.
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
(The free version won't scan your emails.)
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm

Windows Defender - (build-in in Vista)

9. Employ vital operating system monitoring utilities/applications.
Process Explorer, AutoRuns, TCPView etc.

10. Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Also, ensure you back-up regularly; Develop a Contingency Plan; Be
prepared! Consider "What if..."

Good luck :)


.



Relevant Pages

  • Moving Day for That Vista Machine
    ... Moving Day for That Vista Machine ... And as if PC moving day weren’t hard enough, most people now faced with this task have to migrate from an older version of Windows to the new Windows Vista, which typically stores user files in different folders from previous versions. ... The Windows Easy File Transfer program that comes with Vista can help migrate program settings while Laplink’s PCMover can migrate settings and try to move your software. ... One way to get files to the new machine is to connect the two machines by a wired or wireless local area network and use built-in Windows tools to copy files. ...
    (alt.sys.pc-clone.dell)
  • Moving Day for That Vista Machine
    ... Moving Day for That Vista Machine ... task have to migrate from an older version of Windows to the new Windows ... Vista can help migrate program settings while Laplink's PCMover can migrate ... wired or wireless local area network and use built-in Windows tools to copy ...
    (soc.retirement)
  • Re: (NDC) Just a Quick Piss-and-Moan
    ... Windows Vista,which means that I need to buy a new copy of Microsoft ... many PC manufacturers provide a "restore partition" ... I hope you ordered Windows Vista Home Premium with your new Dell notebook. ...
    (rec.music.gdead)
  • windows update corrupts my kernel
    ... with windows telling me that it updated and had to restart. ... Came back home and tried to fix it with the vista recovery from the ... Used the vista disk to restore from ... Restarted and it still had a corrupt registry. ...
    (microsoft.public.windowsupdate)
  • Major Problem, need help!
    ... Right i have Vista 32bit running on my Acer, Had it about 1 year now. ... So then i restored the system to before a Windows update on the same ... I havent got any back-ups on disk (stupid i know, ... I know i could probably restore the system to factory setting somehow, ...
    (microsoft.public.windows.vista.general)