homepage Welcome to WebmasterWorld Guest from 54.163.70.249
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
Forum Library, Charter, Moderators: bill

Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10) Forum

    
Need help! Someone is hacking my computers.
thegreatpretender




msg:1570018
 7:04 am on Feb 28, 2005 (gmt 0)

I have 6 computers on my wife's store for her customers to use. My promblem is someone is hacking the computers. Everytime someone use yahoo messenger on any of the computers, he is intercepting the user's password. I don't know what's this guy's up to, he is changing the passwords, jerking around with our clients. Sometimes, he would send instant messages and tell our client that he knows her password. And when my clients ask what, he would tell the password.

How did he do this? I have the windows firewall turned on, avg and yahoo anti spyware intalled. I often scan the computers but found no spyware or virus.

Any recommendation on what to do to stop this guy from hacking my computers will be much appreciated.

 

pendanticist




msg:1570019
 7:26 am on Feb 28, 2005 (gmt 0)

Why do you need IM in the store? If it is not essential to your services, delete it.

thegreatpretender




msg:1570020
 7:38 am on Feb 28, 2005 (gmt 0)

Thanks pendanticist,
Unfortunately, I can't delete the IM. Actually, they are paying us everytime they use this and they love it.

pendanticist




msg:1570021
 7:47 am on Feb 28, 2005 (gmt 0)

Well, I know you probably don't want to go into too much detail, so, is the situation one that tracking software may help? In other words, are these infractions occurring within the store, or remotely?

thegreatpretender




msg:1570022
 8:09 am on Feb 28, 2005 (gmt 0)

Basically, what I want to do is to keep anyone from accessing my computer remotely, like what this crazy man doing in my computers. Beside the securities and settings I mentioned above, what else should I do to prevent this from happening again. I'm not always in the store, my wife is running it, and she's really mad because our custsmers are going somewhere else because of this.

bill




msg:1570023
 8:32 am on Feb 28, 2005 (gmt 0)

A more powerful firewall like ZoneAlarm might be an easy first step.

There are all sorts of precautions that you could take to prevent this depending on your setup. Make sure none of the PCs are running with Administrator permissions to start with. You might just want to do a clean install of windows on all the machines and set up some security guidelines.

amznVibe




msg:1570024
 8:34 am on Feb 28, 2005 (gmt 0)

Are you using wireless networking? Some IM passwords and email passwords are sent "in the clear" (meaning plain text that can be seen easily).

incrediBILL




msg:1570025
 8:43 am on Feb 28, 2005 (gmt 0)

I hate to say it, but it was probably someone that uses your computers messing with you. Came in, hit the browser, clickety click, download and install something nasty. You need to virus scan, check spyware, look in your system for odd things installed in your auto-start, browser start page, etc.

thegreatpretender




msg:1570026
 10:25 am on Feb 28, 2005 (gmt 0)

I tried norton's internet security but makes the computer so slow. I'll try zone alarm.

amznVibe, I'm not using wireless.

bill, Only me have access with administration.

Thank you all!

cooldoug




msg:1570027
 11:06 pm on Mar 3, 2005 (gmt 0)

It sounds like a keylogger someone installed. Like incrediBILL said, its probably someone in the store that uses the pcs.

billythekiddo




msg:1570028
 11:25 pm on Mar 3, 2005 (gmt 0)

Format all computers and install windows again on all computers. Buy a modem / Router with firewall support (Draytek 2600 for example), it is much better then a software firewall. To prevent viruses on your computer use McAfee and not Norton.
Make a mirror drive of every computer. If you do not trust a certain computer just format the drive and get the original configuration back using the mirror you made earlier.

moltar




msg:1570029
 11:29 pm on Mar 3, 2005 (gmt 0)

Possible problem

Keylogger

Keyloggers log everything that computer users type and it can even log program names people use and many other things. Then the program can automatically send reports by email or upload to an ftp on a schedule. Abuser can also personally come and get the reports.

Back Door Application (aka Trojan Horse)

Back door software allows abuser to "login" to your computer remotely and monitor all activity. Abuser can see the screen, see the programs running and even control the computer remotely. Sometimes those programs come with built in keyloggers as well.

What You Need

Firewall

First of all, install a firewall. Block all incoming connections to your network. Block most outgoing ports as well. Watch out though, if your users rely on AIM, then it might block the file transfers. There are ways around it though. Maybe you shouldn't allow file transfer anyways - just to be safe.

Antivirus Software

Install an antivirus (Dr. Web) and spyware programs (Ad-aware, Spybot) on each computer. Make it so that your users cannot turn the software off. Update it regularly. Or even better - set it to self update every day.

Deep Freeze

Look into a program called Deep Freeze. You can control what user can and cannot do on your computers. Even things like installing, opening certain applications, changing settings, etc... You can disallow all that. If they only require AIM - you can set DF to only allow running that program and nothing else.

Ghost Imaging

Look into ghost imaging. Ghost imaging will revert all the changes that were made to the OS every time it's restarted. You can create one configuration with the programs, settings, updates and everything you would need on a running computer. Create an image out of it and use that image for the rest of your computers. If something went wrong, all you need is a restart. But I beleive you need one central computer (server) to store the image.

thegreatpretender




msg:1570030
 8:02 am on Mar 5, 2005 (gmt 0)

Thanks to all of you!
I'll review this again when I visit the store next week.

stuwad




msg:1570031
 5:41 pm on Mar 12, 2005 (gmt 0)

I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.

sun818




msg:1570032
 5:52 pm on Mar 12, 2005 (gmt 0)

Ahhh, GoBack that's an excellent idea! You can present a consistent experience to everyone that uses the computer. You can also have a mixed computer environment running since GoBack is unique to each machine.

When I was travelling around Europe, I found the country-wide internet cafes would re-image the computer after I logged off. But I imagined all the computers for each cafe were the same, so all they need was one image file.

For a small shop, GoBack would make the most sense. Just make sure you do the entire installation. ;)

thegreatpretender




msg:1570033
 2:42 am on Mar 14, 2005 (gmt 0)

I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.

I will definitely try this. Thanks

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved