Basic things to do when your PC is hacked

Intro
This is a 'basic' manual. That means it will probably be incomplete and not cover ever circumstance. So bare with me

What to do

• Disconnect your PC from the internet physically (this leave the hacker powerless)
• You might want to *temporarily* delete important things and save them...but that's optional
• Scan your PC for viruses and spywarez
• I manually looked though my system files, that's just me though
• Check your firewall settings, close as many ports as you don't need
• Reconncet your Router
• Make sure your Router pass is extra hard, like long...mine's like 40 chars

The order you do things does matter but I couldn't decide on a good order. This will work with most 'Script Kiddies' but sometimes things are more nasty.

Cheers,

SilverFox

Best way to fix something like this is to reformat, bad thing is you lose your data but it does have more positives over negatives in my opinion.
Positives in this situation would be definately getting rid of the hack tool or virus the hacker used if you do a full format, also it comes with the added bonus of cleaning out your pc and making it faster.
Negatives include the pain of reinstalling everything and restoring backups etc.
If you do decide to reformat remember, never make a full system backup always backup individual files. It is less likely you copy the virus this way.

Some other tips you can include are:
Change passwords to frequently used sites and services (ISP password and paid services, as well as your router as you've suggested)
If you don't want to reformat you can turn off system restore to flush out any copies of the virus.
Scan your computer with multiple antivirus/antispyware and hack tool scanners. Remove everything they find.
Boot your computer in to safe mode and scan again, also you can take note of what is running in windows that isn't in safe mode. (Safe mode only runs the required programs to get your computer running)

Hope it helps anyone in trouble
-HellFire

Funny I happen to run into this right now, since I just got done reformatting my computer. It's always best to take all these precautions, what with the scanning and all, but I found out if you were able to back up your files a fresh formatting works best. I've yet to get a worm/virus/hacked, but I'll make sure to take these precautions later on in the day when I'm done setting things up.

Is it common for random people to get hacked? I mean, I know it happens obviously haha I'm just wondering if you guys have been hacked by people you don't know (say, someone you pissed off). I just know that while I always tell my friends to get anti spyware and run it every week or two, anti virus, take all the above mentioned precautions, etc, I never do. Until a year or two ago I didn't run anti virus, only do a spyware check every couple months, etc and have never had any troubles. I'm just kind of curious if it's just been luck of the draw that I hadn't had any major issues when my computer was an open book basically (now it's secure as hell, but just because I got on a kick a few months back to figure out how to make it secure because a friend wanted to know haha).

All great tips though, and obviously if you know you're being hacked at that exact moment, the unplugging the computer from the network or power step is the most important first step

There should never be any circumstance where anyone but the admin should even have access to the router's configuration. Don't enable remote admin access to your router; that's just stupid. If you have untrusted people on the LAN side, separate off one of the physical ports on the router into a different VLAN and only enable access to the admin stuff from that VLAN. This is pretty basic common-sense stuff...

I don't know why config access to routers is allowed from the wireless adapter in the first place; it's really stupid. Under no circumstance should anyone without a physical ethernet connection to the router be allowed to talk to the unit's internal webserver that hosts the config pages.

This post has been edited by ethergeek: May 14 2007, 04:39 PM

ethergeek... unless I'm mistaken the point of buying a wireless router is to be, you know, wireless

Now to us it seems logical to have a router with a wired connection to a desktop system since it would be pointless to not have it wired if like, 2 feet from the router and it never moves. But picture an apartment with a couple people that are not overly into technology that buy a wireless router for their laptops. Why would they ever want to have to hard wire into the router? The whole point is to be free with their movements heh.

I understand what you're saying, just seems impractical based on the angle that wireless routers are promoted.

Wireless access does indeed provide extreme convenience, however, it should never sacrifice security for convenience. Take for example Linksys' recommendation that you do not upgrade firmware wirelessly. It makes sense, since if you start getting interference, you may brick your router. Why is the same logic not applied to security of the network the router is designed to safeguard? Even in an apartment full of computer-illiterates, is it really that hard to connect a laptop to a port on the back of the router to set it up? Especially given that you need to wire into it to set it up securely anyway once you remove it from the box?

Well Jeigh I haven't been randomly hacked/virused in like...7 years but on slavehack someone who didn't like me decided to hack me.

Lots of good suggestions/advice posted here, thanks

Also system restore has helped me when I have been virused from like downloading a bad torrent or something.

Well, as for connecting to the wireless router, my router is personally not connected to any computer. It's on the first floor, where no computer is, so that the computers in the basement and on the second floor all have clear reception. I do have a laptop, but if someone did only have desktops, none of which were connected to the router, it would be very inconvenient to need a wired connection.

My question is: how to know when you are hacked??

WARNING! I don't necessary agree with the following concepts. Read with caution -->

First I will share to you an ancient hacker philosophy.
"You are not talking about to be infected by a trojan or worm. Hacking is about open ports and capturing of services. A hacker don't want to delete your files or kill your HD, that is another kind of attack. The original purpose of a hacker is "to hack your system". Find security holes and then break the security, but nobody must know. Only after the "attack".
People commonly think about hackers like criminals that want to kick Buss ass and get access to the White House cameras and avoid terrorist be detected when they put an antrax bomb. Criminals are criminals, hackers are people that help in security. Now, if some hacker 'makes sin' then must be named a sucker..."

This kind of philosophy is named "subtility", Christians think that a subtility is an strategy used by the evil. A mix of true and lie, then, an absolute lie. Make some kind of invasion to private content, system or service is not a good action, this means "sin" and then "die". Christians know what kind of die.

<-- WARNING END

SECURITY ON YOUR DESKTOP

A Desktop Computer is the most vulnerable kind of system, . The principal virus, is normally the user. Is like the Earth. Our planet is destroyed by humans. The security of a system depends of the user. In Windows Systems, You ONLY need a good antivirus(avast!, antivir, etc...), also a firewall, an anti-spyware, install Windows Security Updates.... You know the history. Internet does not mean: download & install me. Is like the real world, be careful, something bad will happen if you visit warez sites, or open files containing attachments with the extension: .src, .com, .pif. You must also use this logic: "You read the manual for your TV, for your Cellphone, then use your computer's manual". Drive with care in the signals.


SECURITY ON SERVERS

Securing a server means be in control of everything, have an up to date system and take fast actions in the crisis. By example, for a common LAMP server, you have to configure the firewall, allow connections only via HTTP, HTTPS, FTP, SMTP, POP3 and SSH. Everyone of these services have a common port. If a hacker knows your Apache and OS version, then he will look at bug reports to find some hole and then take control of your Web server. To avoid vulnerability you have to keep an update kernel and apache server. The same for the other services, by example: Postfix, tftp, OpenSSH. You have to be in control of your system, what users, what services, what hostnames/IPs, what ports, what schedules, what kind of rights for every service.... and more in low level: what size of TCP/IP packages, what amount of packages, what amount of lost packages and their frequency.

Some kind of variation, something that makes you think: "this looks strange", must be enough to start your security test routine.


TURN OFF YOUR COMPUTER IS NOT ENOUGH

Hackers are intelligent people, they know: "He will turn-off the computer, just what I need!! I will put my trojan in the boot tasks". Please!!! Just pray, unplug your Internet connection, copy your important files, pray again, turn of your computer and call 911, the police office and FBI. Maybe your hacker is a terrorist spy using your as bridge to hack the Federal Bank. In the real life, a normal user will never know that was hacked, and how many times. Are you waiting for Fire games on your computer, and a Windows Message: "WARNING Your computer is being hacked!!!".


ARE YOU FILLING INSECURE?

Please, I don't want to start the red alert in your mind. Only be sure to have your system up to date. Let the security experts think in their servers and don't do thinks that your mother will not.

Blessings!

This post has been edited by develCuy: May 16 2007, 02:24 AM