Security problem!!!!!!!!!!

[Fletch450]

I need some help; yesterday on one of my computers in my home network someone took control of the desktop. My wife had mentioned to me that she signed on the other day and her documents were opened and she didn?t do it. And then yesterday morning she called me and there was the mouse moving across the screen and someone was typing in the password to log into windows, they did this twice and then stopped.

I run a wireless network that you have to put in a WEP key in order to gain access to the network, but this would have to be a program down loaded on the PC for them to access and take control of the PC right?

What can I do to find how they are getting in? I love to be able to trace them down but I am sure that probably want happen. What software would you guys recommend to secure the PC and or remove them?

 

[MadAmos]

I recommend disconnect from the internet/network now! and with that level of access any passwords you use should be changed as well as if you have ever used any personal information on it like credit cards banking billpaying etc. That you notify all the institutions to put a fraud watch on the accounts including the same with all the credit reporting agency's.
Then save your important data and reformat, when you do follow mechbgon's help tips from the first post on this board.

Amos

 

[Oakenfold]

Originally posted by: Fletch450
I run a wireless network that you have to put in a WEP key

That's your first vulnerability. That alone in a combination of other vulnerabilities can lead to a compromise of your pc.

The bottom line is your PC is no longer trustworthy, if it was my PC I'd do the following:

1. Unplug your router
2. take the antennae off your wireless nic
3. locate your OS disc
4. backup everything on your drive
5. run DBAN on your drive or another utility that writes over data.
6. Re-install your OS, setup a limited user account, we have several forum members that have done excellent work on how to secure your account from within the OS.
7. Do a hard RESET on your router.
8. Enable WPA or higher encryption, change the SSID, USER ID (if possible) and password from the defaults on your router. Use a strong key for your wireless clients (hexadecimal over 10 characters).

You could look at your router logs to see if there is any useful information (IP, Mac, anything).

Another thing to consider is that your other computers may also have been compromised.

If I were you I don't know if I'd use my time trying to track down these people, unless you happen to be a pro at this sort of thing or you want to spend some serious dough. Local law enforcement are more than likely not going to be able to help you.

Please if anyone else has any thoughts chime in, these are just the top ideas that come to mind that I would implement if I found out that I'd been owned.


Madamos is right on, I totally didn't even read his post because I was focused on respondingl. He has made some excellent suggestions, especially contacting the Credit Bureau's and any bank accounts that may have been compromised.

 

[Fletch450]

From what I have been able to tell so far and I haven?t been able to spend allot of time on this yet, but they are able to access the desktop when it?s open. They don?t have the password to sign on to windows, it?s like they can view the desktop and when they think that we are away from the PC they can use it.

I had the system set to shut down after 1 minute and go to the screensaver that requires a password but my wife changed that to 20 minutes, so it?s like they sit and wait to watch it become idle.

I have kept the machine turned off until I have time to look at it, the main PC is running Vista ultimate and I don?t see any activity on it at all while I am away from it, the third PC is my child?s and its basically just able to do very limited functions anyway.

What is a good software to run to see if I can identify what program/virus is allowing the access? The wife downloads all the stuff that myspace has like pointers etc. could this maybe have been the source? Her Myspace was hacked last week with probably came from someone being on her PC, they posted ads to everyone in her friends list. Not sure if the two go hand in hand or not.

 

[mechBgon]

Originally posted by: Fletch450
The wife downloads all the stuff that myspace has like pointers etc. could this maybe have been the source? Her Myspace was hacked last week with probably came from someone being on her PC, they posted ads to everyone in her friends list. Not sure if the two go hand in hand or not.

Aha. User education is required, or else yank her Admin privileges with a non-Administrator account and harden the system in other ways. Personally I would do like Oakenfold said: back up data, burn the Windows installation to the ground, and start from the top, and get it secure this time (which includes educating users against biting on the shiny bait, as well as checking both Microsoft's software and third-party software for vulnerabilities as described in the page I linked above).

Also, in the case of MySpace, make sure she uses a long, complex password, not "sunshine" or some other easy-to-crack password. Maybe "SunSh1ne@dawn"

 

[Lazy8s]

I would DEFINATELY report this. The advice about changing banking or any other passwords is spot on but it can't hurt to have a police report. The thing is this is a CRIME, the same as if someone broke into your house. If you find out in 3 years that someone bought a yacht and ruined your credit saying "Well, I didn't report it to the police because I didn't think they would cach him" will be a completely unacceptable excuse.

The police/FBI/whatever probably will not be able to catch whomever is involved but at least you will have covered all of your bases. Without a police report it's basically your word that this happened and companies may not be under any legal obligation to right any harm that is done.

EDIT: While the reformat and all is an alright idea if you have a boot sector virus or something it is possible this will not uninstall it. Also you said this is a networked computer so all fo your other systems are at risk as well. Seeing as how it's a Vista machine it is possible you are running into a vulnerability that has not been fixed yet.

I would move forward with extreme caution and frankly disconnect all of my systems until I could get an expert to look at them. It may not be a bad idea to report this to your ISP. They may help you look into it.

 

[Medea]

Originally posted by: Lazy8s
I would DEFINATELY report this. The advice about changing banking or any other passwords is spot on but it can't hurt to have a police report. The thing is this is a CRIME, the same as if someone broke into your house. If you find out in 3 years that someone bought a yacht and ruined your credit saying "Well, I didn't report it to the police because I didn't think they would cach him" will be a completely unacceptable excuse.

Excellent advice! You may run into being told that there's really no proof of a crime so they (the police) can't give you a police report. If this happens, ask for an 'Informational Report' or a 'Miscellaneous Report'. Some departments may call it something else. If they can't do this, then they definitely can put the fact that you came in and reported it in their log book - and ask for a copy.