Hacking: Diagnosis and Prevention


Download and install a freeware version of (a) squared from http://www.emsisoft.com/en/software/free/ then click the Scan button to check your computer for nasties. Of the anti-Trojan apps mentioned, Trojan Hunter and (a) squared are probably the easiest to use, while TDS-3 probably has the largest anti-Trojan database available to any program. It's interface and complexity will be intimidating to new users, but I can highly recommend it for experts who want complete control over Trojans and malware.
If you require more info on other net nasties and how to prevent them, you can read my guide "Removing Browser Hijacks, virus's and spyware with an 'Hijack this' inclusion".
Well I hope this has given you a little more knowledge, if anything. First and foremost this guide was created to make you - the user aware, and not end up a victim.

«Prev 1 2 3 4 5 6 Next»

Most Recent Comments

07-07-2005, 08:33:36

G'day Guys

In this day and age virus's are the least of your worries: hackers and spyware are by far the most virulent and cunning of all online security threats. Let me show you how to declare war on the enemy, by first diagnosing you and your PC's threat, taking the correct course of action and then implementing preventative measures to minimise the risk of it happening again. Online threats are no longer restricted to just bringing down your PC; cybercriminals are now capable of tracking your every move and targeting web sites, such as those of banks, where you log personal data. Understanding the basics of how hackers work , is the first step in arming yourself against your system being compromised.

No PC - and no PC user - is safe from assault. Faster, always on internet connections, make it quick and easy to send or receive information, but the downside of broadband is that it increases the potential for net crime. Larger companies with a healthy bank balance are an obvious target for high-tech criminals, but such denials of service involves banks of computers sending out bogus requests simultaneously. To do this, the hackers need control of multiple PC's and are therefore constantly on the lookout for suitable hosts.

As well as exploiting your PC'sweb connection for destructive acts, hackers may also find the data stored on your PC invaluable. Malware in the form of keystroke-logging software hides itself within your PC and reports everything you type to the person that planted it there. If a hacker takes over your computer, they can have a rummage around for themselves, investigating any unencrypted files or folders, uncovering financial details and any personal data.

Most recently, there have been numerous scams to get you to reveal bank or credit card details (commonly known as 'phishing'). Data searches to find unencrypted passwords are very common too. In the wrong hands, such personal details can be used to 'impersonate' you, take out loans using your good credit rating and so on. There is, however, a number of ways you can protect your computer from virus's, scams and hackers. Lets look at the tools to help you clean up and protect your PC from trojans and other attacks designed to compromise your system.

How to diagnose if you've been hacked

If the icon for modem or network connections shows constant activity even when you are not actively using the internet, you are not necessarily being hacked: automatic updates for Windows and other programs often occur whenever you go online. However, updates that occur constantly are unlikely and, in such cases, your PC may be part of a DDoS. There are sveral ways to tell if you have been hacked.

1. Keep abreast of when you're online: to display modem/network connection details go to My Network Places and right click on the icons for Dial-up or LAN settings under View Network Connections. Select Properties and tick the box beside "Show icon in the notification area when connected".


2. High CPU activity or services: a sluggish computer could be a sign that background applications or services are running, some of which may be malware. To check performance, hit Ctrl-Alt-Del and click the Performance tab in Task Manager. When applications are running, the graph for CPU usage will peak quite regularly (mine is at 100%, due to my F@H programs running in the background). Leave the performance monitor on when nothings running. If CPU usage remains high, check under the Processes tab to see which services are running in the background. www.theeldergeek.com/services_guide.htm lists those that should be on your PC.


3. Performance logging and alerts: use Windows XP's more advanced tools to monitor your system. Go to Start-Settings-Control Panel, double click Administrative Tools and select Performance to load the appropriate Management Console. Click Performance Logs and Alert-Alerts, then right click in the empty pane and select New Alert Settings. Give your alert a name and, under the General tab, click Add to include a counter. In the dialogue box that is displayed, select RAS (Remote Access Services) Total and Bytes Transmitted and then, under General, set an alert when the value exceeds the amount you specify. Alerts will now be logged and you can see them by going to the Performance Management Console to view suspicious activity.


Closing the Gaps

Large companies should implement an IDS (Intrusion Detection System) - a line of defence that detects hostile activity on a network. While such systems are expensive, and sometimes hard to use, you can create an ad hoc IDS by combining a firewall, anti-virus software and vulnerability assessment utilities. It's possible to scan for potential security gaps using two processes that are commonly employed by hackers themselves. Port scanning checks against the some 65,000-plus ports a PC can use to communicate across networks. Packet sniffing software analyses data as it travels across networks and is used legitimately by network administrators to monitor network traffic and identify bottlenecks. Unfortunately, unencrypted usernames and passwords are also often transmitted across networks; hackers can use packet sniffing software to detect such important data.

1. Microsoft's scanner:

Most security scanner software is aimed at large companies with price tags to match, but there are a few free applications including the Microsoft Baseline Security Analyser 1.2.1, although it is quite difficult to use.




2. No holes with NeWT 2.1:

Of the free tools available, this is by far the simplest to use


Languard Network Security Scanner www.gfi.com/lannetscan is another good free package. After installing NeWT, go to Start-Programs-Tenable Network Security-Tenable NeWT-NeWT Security Scanner. This will check through more than 4000 common security vulnerabilities. To do this, click New Scan Task.

The free version can only check a local network and, for standalone users, you will see the name Localhost listed on the drop-down menu. Select this and click Next, then choose "Enable all but dangerous plugins" before starting your scan. Note that the report generated by NeWT will only be useful if you have advanced knowledge of ports and network connections.


3. Symantec Security Check:

Symantec offers a free online service to check the levels of protection on your PC. Log onto http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym and select the links that appear on the SSC (Symantec Security Check) page to see if your PC has been compromised by hackers or viruses. After you click each link you will be expected to install the Security Check applet (choose Yes when prompted), then a page will appear with your IP address. Click the scan button at the bottom of the page to start the check. If your PC is insecure, the SSC will tell you how and why. Unsurprisingly, the solution is to buy Symantec's Security software lol


4. Open door policy:

A good firewall will protect you from inbound attacks, while also monitoring the applications running on your PC when they make outbound connections to remote systems. (Trojan horse programs, spyware and other malware that sneaks onto your PC often employ your internet link to connect clandestinely to remote servers.) Windows XP's firewall only monitors inbound connections, offering no protection from malware already on your PC. The latest versions of Sygate Personal Firewall or Zonealarm are effective. If you have a broadband internet connection, you may also wish to use a hardware based firewall in conjunction with a software version. Many cable and DSL modems and routers-wireless routers included-have a firewall that you can configure from your PC. Because these hardware firewalls are external to your system, they can't monitor which apps are opening outbound connections, so in reality they can't replace a software firewall running on your PC.

If you would like to see how well your firewall stands up against the nasties on the www, you can go and get yourself tested at some of the links below. Ultimately you need to have all ports blocked, stealthed or non-responsive to the tests:

Shields Up

Sygate security check

PC flank

You need to patch to protect

Most PC's become infected when files and apps sneak in via your web connection. To avoid future breaches, first ensure your browser abd email client are as secure as possible. Common techniques for compromising computers include spoofing a web address (passing off a dangerous site as one that is more respectable) or exploiting loopholes in Internet Explorer's security to pass protected information to sites that are not secure.

1. Detecting Trojans:

Install the latest Windows patches and fixes - that means SP2 if you're running XP. And remember, SP2 does not protect you from all future security flaws so you will still have to update your PC regularly with patches and security fixes. After you have installed SP2, go to Start-Windows Update to access the site: you will be prompted to download a new interface that, among other things, simplifies the process of installing critical security fixes.


2. Safer surfing:

Many loopholes in IE stem from the ActiveX applets the browser allows to run on your machine and, potentially, access your data. To make your surfing more secure, go to Tools-Internet Options and click on the Security tab. Next slide the security level up to High or click the Custom Level tab and disable the options next to various ActiveX controls. If you use Outlook Express, go to Tools-Options and, under the Security tab, check the options that do not allow OE to open possibly infected files via the preview pane or (with SP2) display images in HTML messages.


3. Firefox

IE's popularity along with it's security flaws means it's an obvious attack target, so I recommend you use FireFox instead. FF is fast, responsive and compatable with most pages that IE will display. Common plug-ins such as Flash and Quicktime are not part of the standard installation, however. Some pages need ActiveX controls to display properly - but I've already recommended disabling those applets to surf safely. You can get the latest version of FF here: SysXtreme downloads

along with the Thunderbird email client. If you require anything else for FF, for example plug-ins, they can be found at the browsers home page here FireFox home page

Beware of Trojans

Hackers usually try to take control of your PC by installing Trojans - files that load themselves as part of another innocent-looking program or Web page. Many powerful Trojans, such as SubSeven, are backdoor Trojans and their purpose is to allow a remote party to gain unauthorised access to a PC.

1. Detecting Trojans

Not all anti-virus software looks for Trojans. If such hacks are of concern, use a dedicated scanner such as TDS-3 , Trojan Hunter or (a)squared

Alternatively, scan your PC for Trojans with the online scanner at websecurity trojan scan. Simply go to the site and click "Scan my computer for Trojans".

2. Search and Destroy


Download and install a freeware version of (a) squared from www.emisoft.com/en/software/free then click the Scan button to check your computer for nasties. Of the anti-Trojan apps mentioned, Trojan Hunter and (a) squared are probably the easiest to use, while TDS-3 probably has the largest anti-Trojan database available to any program. It's interface and complexity will be intimidating to new users, but I can highly recommend it for experts who want complete control over Trojans and malware.

If you require more info on other net nasties and how to prevent them, you can read my guide How to remove Browser Hijacks, viruses and spyware with an 'Hijack this' inclusion.

Well I hope this has given you a little more knowledge, if anything, I have tried to keep it as simple as possible. Finally, if there is anything else you want included, pls don't hesitate to ask.

PV Quote

07-07-2005, 08:58:20

The master og guides does it again!!

Nice PV Quote

07-07-2005, 09:29:21

yeah great guide PV i used what is there and im paitently waiting for the remainder of it tomorow great guide should be stickiedQuote

07-07-2005, 09:47:02

Thanks guys, I appreciate it. I'll have the rest done tomorrow, as I'm off to bed now. Quote

07-07-2005, 09:55:56

Originally Posted by name='PV5150'
Thanks guys, I appreciate it. I'll have the rest done tomorrow, as I'm off to bed now.
no problem mate, yeah ill be needing the rest of it tomorow enjoy your sleep cya tomorowQuote

07-07-2005, 09:59:18

good guide pvQuote

07-07-2005, 10:38:08

Noice job, m8! Quote

07-07-2005, 12:43:05

What a top guide PV...i love it Quote

08-07-2005, 02:53:05

tis great pv!

^^ that's all i have to sayQuote

08-07-2005, 06:38:38

Thank you guys, it's finished....I think lolQuote

28-11-2005, 16:45:46

an excellent guide there well done and in language you can understand Quote

28-11-2005, 16:47:06

Jesus PV! I didn't even see this guide, nice work matey! Mod repz yo. Quote

29-11-2005, 01:32:28

Major mod repz, I never saw it either!Quote

29-11-2005, 02:18:06

Thank you, I'm glad you've found it beneficial and informative Quote

17-04-2006, 01:45:23

This guide has been updated to the frontpage Links to web pages and some of the content/ pics have received a facelift.

It can be found Here



17-04-2006, 09:51:34

Well done PV. Next you need to add 'How to track down and kill hackers and virus writters' Quote

17-04-2006, 09:52:44

LOL thanks Ham...Agreed!!! I shall make an inclusion at the bottom Quote

17-04-2006, 10:07:02

Originally Posted by name='PV5150'
LOL thanks Ham...Agreed!!! I shall make an inclusion at the bottom
Good work on the conversion Peevs - excellent guide that one Quote

17-04-2006, 23:25:37

Thanks kemp I appreciate itQuote

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.