Hacked & Files copied? Check?

Dell / LATITUDE D800
December 28, 2008 at 13:46:45
Specs: WIndows XP, 1600mhz, 768MB RAM
Is there a relatively simple way for me to check if files have been copied/downloaded from my computer without my permission? ie; Password bypassed & hacked into by someone that could delete the obvious items from 'Recent Documents'. Personally owned computer but was connected to a network at time. I haven't opened any documents since. Many thanks in advance.



See More: Hacked & Files copied? Check?

Report •


#1
January 22, 2009 at 07:59:25
From Grinler's tutorial, "Have I Been Hacked?"
http://www.bleepingcomputer.com/tut...

Almost every remote hack involves leaving a program behind that will allow them to get back into your computer regardless of whether or not you fix the security problem that let them into your computer in the first place. The only time a hacker does not leave something behind, is if they are hacking your computer for specific information or an item.
The programs that they leave behind are IRC clients that they can control from a channel on an IRC Server or a Backdoor/Trojan.

Since these clients or Trojans must listen and wait for connections from the hacker, they must listen on a TCP or UDP port. With that in mind, the tools that I list above come into play. Using Fport or TCPView will allow you to see what TCP/UDP ports are open and listening on your computer and what program is using those ports.

To see what programs are running and are listening on TCP/UDP ports you would use Fport or TCPView.

The utilities that can help detect if you're being hacked:
FPort -- This is a console utility that is run from the command line. When you run it, it will list all listening TCP/UDP ports on your system and the program that is using those ports.
http://www.foundstone.com/index.htm...

TCPView: Similar to FPort but it shows in graphical interface. This program not only shows listening ports, but also established and pending connect and closing connections.
http://www.sysinternals.com/ntw2k/s...

Process explorer:
http://www.sysinternals.com/ntw2k/f...


Report •

#2
January 22, 2009 at 10:18:20
I wouldn't worry about things being removed from 'Recent Documents'. I believe the Operating System does that, during it's cleanup.

If you need something to worry about, you could be more concerned with things added to the 'Startup' list in msconfig.

FWIW to XP users: When you click on the 'Command Prompt' you are just causing the 'Command prompt' to be displayed. This prompt gives you access to NTVDM.EXE, the 'NT Virtual DOS Manager'.


Report •

Related Solutions


Ask Question