Need help! Someone is hacking my computers.

Forum Moderators: open

Message Too Old, No Replies

Need help! Someone is hacking my computers.

thegreatpretender

7:04 am on Feb 28, 2005 (gmt 0)

I have 6 computers on my wife's store for her customers to use. My promblem is someone is hacking the computers. Everytime someone use yahoo messenger on any of the computers, he is intercepting the user's password. I don't know what's this guy's up to, he is changing the passwords, jerking around with our clients. Sometimes, he would send instant messages and tell our client that he knows her password. And when my clients ask what, he would tell the password.

How did he do this? I have the windows firewall turned on, avg and yahoo anti spyware intalled. I often scan the computers but found no spyware or virus.

Any recommendation on what to do to stop this guy from hacking my computers will be much appreciated.

pendanticist

7:26 am on Feb 28, 2005 (gmt 0)

Why do you need IM in the store? If it is not essential to your services, delete it.

thegreatpretender

7:38 am on Feb 28, 2005 (gmt 0)

Thanks pendanticist,
Unfortunately, I can't delete the IM. Actually, they are paying us everytime they use this and they love it.

pendanticist

7:47 am on Feb 28, 2005 (gmt 0)

Well, I know you probably don't want to go into too much detail, so, is the situation one that tracking software may help? In other words, are these infractions occurring within the store, or remotely?

thegreatpretender

8:09 am on Feb 28, 2005 (gmt 0)

Basically, what I want to do is to keep anyone from accessing my computer remotely, like what this crazy man doing in my computers. Beside the securities and settings I mentioned above, what else should I do to prevent this from happening again. I'm not always in the store, my wife is running it, and she's really mad because our custsmers are going somewhere else because of this.

bill

8:32 am on Feb 28, 2005 (gmt 0)

A more powerful firewall like ZoneAlarm might be an easy first step.

There are all sorts of precautions that you could take to prevent this depending on your setup. Make sure none of the PCs are running with Administrator permissions to start with. You might just want to do a clean install of windows on all the machines and set up some security guidelines.

amznVibe

8:34 am on Feb 28, 2005 (gmt 0)

Are you using wireless networking? Some IM passwords and email passwords are sent "in the clear" (meaning plain text that can be seen easily).

incrediBILL

8:43 am on Feb 28, 2005 (gmt 0)

I hate to say it, but it was probably someone that uses your computers messing with you. Came in, hit the browser, clickety click, download and install something nasty. You need to virus scan, check spyware, look in your system for odd things installed in your auto-start, browser start page, etc.

thegreatpretender

10:25 am on Feb 28, 2005 (gmt 0)

I tried norton's internet security but makes the computer so slow. I'll try zone alarm.

amznVibe, I'm not using wireless.

bill, Only me have access with administration.

Thank you all!

cooldoug

11:06 pm on Mar 3, 2005 (gmt 0)

It sounds like a keylogger someone installed. Like incrediBILL said, its probably someone in the store that uses the pcs.

billythekiddo

11:25 pm on Mar 3, 2005 (gmt 0)

Format all computers and install windows again on all computers. Buy a modem / Router with firewall support (Draytek 2600 for example), it is much better then a software firewall. To prevent viruses on your computer use McAfee and not Norton.
Make a mirror drive of every computer. If you do not trust a certain computer just format the drive and get the original configuration back using the mirror you made earlier.

moltar

11:29 pm on Mar 3, 2005 (gmt 0)

Possible problem

Keylogger

Keyloggers log everything that computer users type and it can even log program names people use and many other things. Then the program can automatically send reports by email or upload to an ftp on a schedule. Abuser can also personally come and get the reports.

Back Door Application (aka Trojan Horse)

Back door software allows abuser to "login" to your computer remotely and monitor all activity. Abuser can see the screen, see the programs running and even control the computer remotely. Sometimes those programs come with built in keyloggers as well.

What You Need

Firewall

First of all, install a firewall. Block all incoming connections to your network. Block most outgoing ports as well. Watch out though, if your users rely on AIM, then it might block the file transfers. There are ways around it though. Maybe you shouldn't allow file transfer anyways - just to be safe.

Antivirus Software

Install an antivirus (Dr. Web) and spyware programs (Ad-aware, Spybot) on each computer. Make it so that your users cannot turn the software off. Update it regularly. Or even better - set it to self update every day.

Deep Freeze

Look into a program called Deep Freeze. You can control what user can and cannot do on your computers. Even things like installing, opening certain applications, changing settings, etc... You can disallow all that. If they only require AIM - you can set DF to only allow running that program and nothing else.

Ghost Imaging

Look into ghost imaging. Ghost imaging will revert all the changes that were made to the OS every time it's restarted. You can create one configuration with the programs, settings, updates and everything you would need on a running computer. Create an image out of it and use that image for the rest of your computers. If something went wrong, all you need is a restart. But I beleive you need one central computer (server) to store the image.

thegreatpretender

8:02 am on Mar 5, 2005 (gmt 0)

Thanks to all of you!
I'll review this again when I visit the store next week.

stuwad

5:41 pm on Mar 12, 2005 (gmt 0)

I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.

sun818

5:52 pm on Mar 12, 2005 (gmt 0)

Ahhh, GoBack that's an excellent idea! You can present a consistent experience to everyone that uses the computer. You can also have a mixed computer environment running since GoBack is unique to each machine.

When I was travelling around Europe, I found the country-wide internet cafes would re-image the computer after I logged off. But I imagined all the computers for each cafe were the same, so all they need was one image file.

For a small shop, GoBack would make the most sense. Just make sure you do the entire installation. ;)

thegreatpretender

2:42 am on Mar 14, 2005 (gmt 0)

I run several computers for the public to use (unsupervised) and the best solution I have found is to use Symantec's GoBack, which takes the computer back to how I installed it after every reboot. I have had these computers running for many months without problems this way.

I will definitely try this. Thanks