Help With Computer Hacker


lilered
 Share

Recommended Posts

And the more I think about it, the more I think prosecuting him for computer crimes isn't a bad idea. You can ask the District Attorney to give him a deferred adjudication (plea bargain with no conviction record) and the weekend of jail time should scare him enough to get his act together. I got into a fight with my little sister when I was about 15 or 16 and my parents had me locked up for assault for a weekend - and I haven't gotten angry since (not counting road rage :D ). So yeah, maybe it'll be good for him.

It won't hurt to try. I still don't think anything will come of it. Assault is something a regular police officer can understand and deal with, that applies to most domestic crime. Computer crime is the exception, which they know nothing about and have no way of proving it without bringing in computer forensics, which I'm not sure they will do.

I have a friend who had problems with an ex boyfriend not so long back, not computer related but he was harassing and threatening her in a similar way to the scenario mentioned. He threatened to call the police about items of his that she had given away to a charity shop after he refused to collect them for several weeks and she didn't have room for them, at which point she called his bluff and went to the police station herself. The police gave him one phone call, warned him to back off and 3/4 of a year down the line and there hasn't been a peep from him (in her own words, "he wouldn't be so stupid", he works in the navy and being in trouble with the police wouldn't go down well). So it may be worth a try, who knows.

Something which hasn't been discussed here is evidence. If your daughter is right and he has installed a trojan on her computer, then what she said is right, removing the trojan will also destroy the evidence. In current circumstances, that doesn't matter, she just needs to get rid of the trojan and hopefully this unhappy episode will die away. However if even after she does remove it, the harassment gets worse, you could need the evidence. If she wants to do this, she could take what is known as an "image" of the computer. It basically takes a copy of everything on her hard drive in its current form and turns it into one file, which can then in turn be extracted back onto a hard drive at some point if necessary. There are a number of programs that will do this, including norton ghost. Fog (FOG :: A Computer Cloning Solution - Home) will also do it, and that is free, albeit a little more complicated.

If she doesn't know how to do this and/or doesn't have the software to do it, and she wants to keep the evidence, it may be worth a trip to the local computer store and explain the situation and ask them to take an image of the machine - there is a limited amount of things we can explain online, it often requires us to actually be there and see what is happening in real time.

Edited by Mahone
Link to comment
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

At this point I have a couple of questions of my own concerning the situation. Just want to build my understanding.

Say I get her another computer. She downloads her programs on it, leaves the other computer sitting in storage for a period of time or at least off line. (IE: 6 mo.). Remembering of course, she does have a website where she also sells dogs. Therefore her email address & phone number may be observed and a source of at least that information.

Questions:

Will that stop this guy from accessing the new computer

Will he still be able in the future to again install a keylogger and/or trojan on the new computer. Or how would she stop him?

What if you all were able to determine from the netstat that indeed someone has installed a trojan and/or keylogger on her machine and therefore, she takes the machine into a professional where she lives, lets him take a mirror of it as well a copy of what you guys determine and has him verify it.

Would that work, then to take it to a lawyer and/or at least file a harrasment complaint? Which would establish something on record.

Link to comment
Share on other sites

At this point I have a couple of questions of my own concerning the situation. Just want to build my understanding.

Say I get her another computer. She downloads her programs on it, leaves the other computer sitting in storage for a period of time or at least off line. (IE: 6 mo.). Remembering of course, she does have a website where she also sells dogs. Therefore her email address & phone number may be observed and a source of at least that information.

Questions:

Will that stop this guy from accessing the new computer

Will he still be able in the future to again install a keylogger and/or trojan on the new computer.

That entirely depends on how he got the trojan on there in the first place. If he had access to the computer by being able to sit in front of it, then obviously that is how it got on there. He could have sent it in an attachment via e-mail which your daughter inadvertently opened at some point. He could have infected one of her USB sticks which will in turn reinfect the machine as soon as it is inserted. He could also have hacked into her computer via the internet. Unlikely, but entirely possible for someone with the right skill set and a computer which hasn't been appropriately secured. If either of the last two, it's possible he could reinfect it.

Or how would she stop him?

Generally, for home computers, a software firewall or hardware firewall, up to date virus scanner and fully up to date operating system is sufficient. I know people would (and have in this thread) disagree with me on what is necessary to protect a computer, and if it was a corporate system I'd agree and obviously implement much more protection, that is because the high profile hackers (the ones who are much more than just script kiddies and actually hack for money) target corporate systems and not home computers. Your daughers ex is nothing more than a script kiddie. That suggests to me, he did not break in via the internet, unless he actually had physical access to the system before hand.

At this point I just want to suggest she uses linux. Whatever program he may have installed on her computer will not work on a linux machine anyway and there are very few trojans around that claim to be able to infiltrate linux computers. So even if he did infect her usb pen sticks, it won't reinfect her computer. I've had quite a positive response from my friends who I have gotten to use linux. It depends on what she uses her computer for.

What if you all were able to determine from the netstat that indeed someone has installed a trojan and/or keylogger on her machine and therefore, she takes the machine into a professional where she lives, lets him take a mirror of it as well a copy of what you guys determine and has him verify it.

Would that work, then to take it to a lawyer and/or at least file a harrasment complaint? Which would establish something on record.

Yes, that would be a good idea.

Link to comment
Share on other sites

Mahone: Is Linux a different operating system than windows? If so, will windows programs still run on it?

Yes it is and no they won't, but there are alternatives to most windows programs and most of the alternatives are free (open office as opposed to microsoft office for instance). At least windows programs won't work with linux distros out of the box, they can work if you install programs like wine onto the linux operating system (wine is a windows emulator program).

Of course using linux is unnecessary if you can be sure all external media is free of his trojan and follow all steps I stated in the post above this. There are several ways he could have infected any external media, but if you are going to pay a visit to a local expert who will have the considerable advantage over us of being able to physically see everything that is going on, then he can check any external hard drives or USB sticks as well for infection(EDIT: Do you have an IT department at work? IT folk are generally quite friendly and usually willing to help out with things like this, and they will likely be cheaper and more reliable than your local backstreet store). Also, remember that just because anti virus software says it is clean, it doesn't necessarily mean it is - but I'm sure you've discovered that already ;)

Oh, and obviously if he has given her any CDs or DVDs (or anything similar) don't use them again - those could also be a source of infection.

Edited by Mahone
Link to comment
Share on other sites

I chimed in late on this but if my 2 cents can still help.

I only read a few post and ppl are talking about trojans...You do not necesarily have to install a "Trojan to accomplish what this guy is doing. Since initially this guy had access to the computer he could've installed a software that runs in undetected...in stealth mode and it captures every keystroke that is done on that PC, then it emails him a log of everything she has typed...passwords, emails, everything.

Best thing to do is to take this in to somoene that can completely wipe out the hard drive and reinstall the OS. Unless the person that you take the PC knows how to remove the keylogging program. for more infor on that type of software google spectorsoft...the website will tell you everything that the software can do.

If you need any more help let me know.

Link to comment
Share on other sites

I chimed in late on this but if my 2 cents can still help.

I only read a few post and ppl are talking about trojans...You do not necesarily have to install a "Trojan to accomplish what this guy is doing. Since initially this guy had access to the computer he could've installed a software that runs in undetected...in stealth mode and it captures every keystroke that is done on that PC, then it emails him a log of everything she has typed...passwords, emails, everything.

Best thing to do is to take this in to somoene that can completely wipe out the hard drive and reinstall the OS. Unless the person that you take the PC knows how to remove the keylogging program. for more infor on that type of software google spectorsoft...the website will tell you everything that the software can do.

If you need any more help let me know.

In all fairness, keylogging has already been discussed and also keylogging is by definition part of what a trojan can do. The use of the word trojan in place of keylogger is therefore acceptable.

Link to comment
Share on other sites

My daughter called me recently crying, concerning a former computer nerd boyfriend of hers hacking her computer. It seems that about once a week, he hacks into her computer somehow and randomly deletes her emails. She also has a website where she sells dogs and people send her emails requesting information or sales concerning her dogs. When they broke up, he commented that he left a little angel on her computer so she won't be alone.:mad:

So my question is:

Isn't there someway that this person can be caught by software or stopped? She indicated that those she has talked to simply advise her to weekly change her password. Their rational seems to be that if he is a good hacker, hacking software will not stop him.

I am no computer geek, but it seems to me that this is wrong and that there should be a way to catch him doing it and prosecute him? :confused:

Any advise or thoughts?

Tell her to purchase Symantec Endpoint and perhaps software called SpyDoctor for backdoor Trojans. Both will look for trojans on your machine and ensure she has turned off the windows remote.

Link to comment
Share on other sites

Well gang, she finally got back to me. She has been working a lot of hours and hasn't had much time. Here is the netstat from her machine. Looks fine to me, but like I said before, I am no computer expert although I have stayed at a Holiday Inn Express. As further information, I did asked her if that was all the information from the netstat scan. She indicated it was, that she simply left off the last line which was the same as the first. C:\Documents and Settings\Me>netstat.

C:\Documents and Settings\Me>netstat

Active Connections

Proto Local Address Foreign Address State

TCP jami:1045 localhost:5152 FIN_WAIT_

TCP jami:5152 localhost:1045 CLOSE_WAI

TCP jami:1040 cds239.dal.llnw.net:http TIME_W

TCP jami:1041 cds239.dal.llnw.net:http TIME_W

TCP jami:1043 cds239.dal.llnw.net:http TIME_W

TCP jami:1044 cds239.dal.llnw.net:http TIME_W

TCP jami:1047 gw-in-f103.google.com:http ESTA

TCP jami:1050 gw-in-f103.google.com:http ESTA

TCP jami:1051 gw-in-f139.google.com:http ESTA

TCP jami:2869 192.168.1.1:1028 TIME_WAIT

TCP jami:2869 192.168.1.1:1029 TIME_WAIT

Link to comment
Share on other sites

Nothing unusual there. llnw.net appears to be a server farm which is rented out to companies and could be almost anything, like an application updating. 192.168.1.1 would appear to be your router (providing that is the IP address of your router - it usually is), localhost is the computer she is using (it's communicating with itself) and google.com is well... google. But that is just the active connections. The hijack this logs would provide much more useful information.

Edited by Mahone
Link to comment
Share on other sites

Nothing unusual there. llnw.net appears to be a server farm which is rented out to companies and could be almost anything, like an application updating. 192.168.1.1 would appear to be your router (providing that is the IP address of your router - it usually is), localhost is the computer she is using (it's communicating with itself) and google.com is well... google. But that is just the active connections. The hijack this logs would provide much more useful information.

Mahone, I followed everything you said except for the last sentence. What do you mean

"The hijack this logs would provide much more useful information"?

Second thing that comes to my mind: She has a number of times deleted her entire hard drive and reloaded her programs. However, this has not been entirely sucessful towards preventing him from screwing with her emails and computer etc. periodically.

So, does running the netstat scan always devulge whether or not a keylogger or other hacking device has been installed and/or does formatting the hard drive always eliminate the presence of a keylogger program or other devious method?

Thanks for your and others help, thus far.

Link to comment
Share on other sites

This is merely a suggestion not a commandment.

Have ya'll thought about doing this live? As in chatting in gmail, yahoo, or MSN? Or talking on the phone? It just appears to me that a computer guru instructing a computer non-guru goes better when you can talk to someone. At least that works for me when I have to call the help desk at work when my computer is giving me headaches.

Link to comment
Share on other sites

This is merely a suggestion not a commandment.

Have ya'll thought about doing this live? As in chatting in gmail, yahoo, or MSN? Or talking on the phone? It just appears to me that a computer guru instructing a computer non-guru goes better when you can talk to someone. At least that works for me when I have to call the help desk at work when my computer is giving me headaches.

Well by far the easiest method is being able to come to the person and sit in front of their computer so I can see for myself exactly what is happening. It's like asking a car mechanic what is wrong with your car and how to fix it over the internet - it's very difficult. The car mechanic, when actually there, will notice little details that might suggest what is wrong with it that someone else probably wouldn't even notice - the same applies here. You'll notice at work there usually a point where they just say "okay this is as far as we can diagnose over the phone, we'll come and have a look at the computer".

However we can't do that in this situation. So the second best solution would be for lilered's daughter to sign up here so we can converse with her directly as I suggested in a previous post. It's easier than going through someone acting as a proxy (plus puf_the_majic_dragon then gets to flirt with her as he pleases ;) )

The reason I prefer speaking with them in public on a forum is mainly because there are other people on this forum who understand what I'm talking about and therefore my words are subject to their scrutiny. Lilered has no idea who I am, I could get his daughter to completely destroy her computer if I was that type of person. However if I did that on a public forum like this, five or six people will instantly point out what was going on. The same applies for any mistakes I make. If I'm wrong (we all make mistakes), someone will point it out. I know I would prefer it this way if I was lilered.

Edited by Mahone
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share