Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: bill
How did he do this? I have the windows firewall turned on, avg and yahoo anti spyware intalled. I often scan the computers but found no spyware or virus.
Any recommendation on what to do to stop this guy from hacking my computers will be much appreciated.
There are all sorts of precautions that you could take to prevent this depending on your setup. Make sure none of the PCs are running with Administrator permissions to start with. You might just want to do a clean install of windows on all the machines and set up some security guidelines.
Keyloggers log everything that computer users type and it can even log program names people use and many other things. Then the program can automatically send reports by email or upload to an ftp on a schedule. Abuser can also personally come and get the reports.
Back Door Application (aka Trojan Horse)
Back door software allows abuser to "login" to your computer remotely and monitor all activity. Abuser can see the screen, see the programs running and even control the computer remotely. Sometimes those programs come with built in keyloggers as well.
What You Need
First of all, install a firewall. Block all incoming connections to your network. Block most outgoing ports as well. Watch out though, if your users rely on AIM, then it might block the file transfers. There are ways around it though. Maybe you shouldn't allow file transfer anyways - just to be safe.
Install an antivirus (Dr. Web) and spyware programs (Ad-aware, Spybot) on each computer. Make it so that your users cannot turn the software off. Update it regularly. Or even better - set it to self update every day.
Look into a program called Deep Freeze. You can control what user can and cannot do on your computers. Even things like installing, opening certain applications, changing settings, etc... You can disallow all that. If they only require AIM - you can set DF to only allow running that program and nothing else.
Look into ghost imaging. Ghost imaging will revert all the changes that were made to the OS every time it's restarted. You can create one configuration with the programs, settings, updates and everything you would need on a running computer. Create an image out of it and use that image for the rest of your computers. If something went wrong, all you need is a restart. But I beleive you need one central computer (server) to store the image.
When I was travelling around Europe, I found the country-wide internet cafes would re-image the computer after I logged off. But I imagined all the computers for each cafe were the same, so all they need was one image file.
For a small shop, GoBack would make the most sense. Just make sure you do the entire installation. ;)
I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.
I will definitely try this. Thanks