Hacked!

Topic

New Reply

Over the holiday weekend, we started getting automated phone calls from our bank about our accounts being suspended because of suspected fraud. Then Monday morning, DHL delivered a $2000 check made out to a 3rd party from my husband’s business account. Luckily, they had not been able to change the account address. We closed our accounts

The only way this could have happened is if someone had key logging, etc. software on one of our systems. I ran a spyware checker and during the scan on my notebook I saw “PC Detective” folders being scanned. It however did not come up in the spyware results. I tried searching for it, but could not find it. How can I know if it was really installed on my system and is there anyway to track who installed it? It was not installed by anyone here, it had to have been done remotely.

Also, please point me to summarized information about how to secure Windows XP Home. We probably only do the minimum (windows firewall, anti-virus and anti-spyware) and obviously need to do better. One of my problems is that I work real-time online on a remote web server. Otherwise, I would not stay connected all the time.

That raises another question I have had for a long time. If I have a cable modem connection, how can I set it up to connect only when I run the browser or e-mail?

Sorry for the long message…

Reply | Quote

Replies

Microsoft has a security site for XP users: Security Essentials for Windows XP Service Pack 2

Firewall, up-to-date anti-virus, and anti-spyware are most of the package; keeping Windows (including IE) and Office (if you use Outlook) updated are essential. You also could consider the possibility of using third party browsers (such as Opera and Firefox) at least for more general browsing.

Finally, as demonstrated by the recent Sony rootkit situation, files can be hidden from scanners. Thus the Sysinternals rootkit revealer could be a useful diagnostic to run now and then.

Added: Regarding closing your persistent connection when not in use, you could use the “stop everything” feature of your firewall to manually close the connection, but you would have to remember to open it again when you wanted to go online. This could interfere with desired updates, so you might have to then run manual antivirus and Windows update checks after you unblock.

And — sorry to hear about your situation!!

Reply | Quote

JeanieB,

First, get rid of the Windows built in firewall, if that’s the one you have. A good one and a free one is Zone Alarm.

What Anti-Virus program are you using and do you keep it UP TO DATE with the latest virus definitions?

The accepted standard ( it seems ) of malware detectors are AdAware and SpyBot. Run them often.

Get a good Spam filter program and do NOT open unrecognized email, if any slip through.

NEVER give out your account numbers, SSNs or any personal information despite how convincing the person or message may be. Always check for the encrypted symbol ( the padlock ) in the System Tray when ordering anything on line.

The cable modem? Use the ON-OFF power switch on the modem when you are not on line, if you feel it’s necessary.

If you need any links to any of the mentioned sites to get those progrqams, just let us know.

Good Luck with your situation.

Reply | Quote

To all those mentioned above I would add the Windows Defender (beta 2), the successor to Microsoft AntiSpyware Beta 1. Ensure you allow the “real-time spyware protection” to be installed.

John

Reply | Quote

[indent]

---

The accepted standard ( it seems ) of malware detectors are AdAware and SpyBot. Run them often.

---

[/indent]PCWorld.com recently declared Webroot Spy Sweeper top dog in their testing. Personally, I think AdAware is a shadow of its former self.

Reply | Quote

One more suggestion to add to all the others; be extremely careful of phishing attacks. NEVER EVER provide account information in response to an e-mail even if it is supposedly from a bank or other financial institution, and NEVER EVER click any links in e-mails that are supposedly from a bank or other financial institution (even if the e-mail “looks like” an official e-mail) – enter the institution’s address yourself using the address bar or your favourites.

Reply | Quote

You might want to contact the support staff at PCDetective and explain your situation and ask them for removal instructions or, even better, if the installation can be traced back to the party responsible for the installation (if it is emailing it’s logs to a third party, for example).

The website has this to say about the program…
“The PC Detective PRO is a powerful PC spy utility that monitors your PC or multiple PC

Reply | Quote