Solved How Can I Trace a Hacker

May 27, 2014 at 15:46:56
Specs: Windows 7
We've had a hacker basically running our computer for awhile now...and now they're sending emails(from a fake address of course)taunting us that their 'computer is secure' and we won't be able to trace them. I've heard it's difficult,any ideas?

See More: How Can I Trace a Hacker

Report •

#1
May 27, 2014 at 16:24:59
✔ Best Answer
I wouldn't waste my time and energies... But I "would" take steps to clean out the computer thoroughly - using a selection of utilities well recommended here.
Also, once clean, to change all account passwords (logon, software etc - including email accounts).

Simply adding full-stop/period into a password makes it much harder for a hacker to use password cracking...; similarly inserting one (possibly more) into an account /login name does the same...

Ensuring your firewall is properly set up too is a very useful/wise thing to check.

Rather than go through it all (re' cleaners etc. ) I will suggest one or two; and hope JohnW comes across here and really take you through the "whole" process. He is (current) resident cogniscent re' things to do with malware, trojans/key-loggers, hackers etc...

Items to run initially:

malwarebytes - http://filehippo.com/download_malwa...

adwcleaner - http://www.bleepingcomputer.com/dow...

OTL - http://www.bleepingcomputer.com/dow... (Johnw would likely suggest this and request you post details of what it finds...)

ccleaner - http://filehippo.com/download_cclea...

JWT (Junkware Removal Tool) - http://www.bleepingcomputer.com/dow...

XpUser4Real lists the above and a few others too;

http://www.freewebs.com/xpuser4real...

And download/burn to a dvd and run the (freebie) Kaspersky antivirus rescue disk. It's a bootable disk that will update itself and clean out the system of all it finds...

- http://www.kaspersky.com/virus-scanner - is where to find all about it; and download the ISO...

message edited by trvlr


Report •

#2
May 27, 2014 at 16:55:01
trvlr says.
" (Johnw would likely suggest this and request you post details of what it finds...)"

Yes please HakrGon, trvlr is right ( Thanks trvlr ), upload the OTL log please. It is impossible to know what is going on without logs.

Download OTL, save & run from your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized
The logs are large, upload them using this, or upload to site of your choosing. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the links please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.speedyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/


Report •

#3
May 27, 2014 at 17:23:38
Oh yeah I forgot to mention that we do run cleaners plus IOBit, Spybot,and an antivirus...

Report •

Related Solutions

#4
May 27, 2014 at 17:41:31
Running something like Kaspersky rescue disk - which is bootable and loads a Linux based OS into RAM - means that more than likely "most/all" nasties, hiding away when the system boots "normally", will be found and dealt with. More than a few pests can be secretly active when the installed OS is booted up; but not able to hide etc. from an "external" (RAM) installed OS with a current anti-virus utility. Which is why I suggest one runs such items on occasion.

I think with the greater input (experienced based) from JohnW (and possibly input from one or two similarly experienced others here as well...) you will discover more nasties than you might have realised being present - even with your "current" cleaners etc. being regularly applied.


Report •

#5
May 27, 2014 at 17:51:14
"Oh yeah I forgot to mention that we do run cleaners plus IOBit, Spybot,and an antivirus..."
trvlr is correct.

"IOBit, Spybot"
Not specialized enough.

"and an antivirus..."
An AV's job is to warn you not to click, once the user has clicked, it is too late, an AV cannot help you.


Report •

#6
May 27, 2014 at 17:56:37
We have a Dell,which I was told had a lot of 'proprietary' things,including installation disks...can we still install Linux?

Report •

#7
May 27, 2014 at 19:48:21
They are not talking about installing Linux (though you can if you like and have the available hard drive space), they are talking about running one from CD/DVD and your RAM only (outside of Windows) so the drives can be scanned with the OS inactive so nothing can hide.

You have to be a little bit crazy to keep you from going insane.


Report •

#8
May 27, 2014 at 21:23:47
I get spoofed (fake address) emails all the time. It seems like everyone is trying to sell me viagra. (How do they know. . . well, never mind.) Anyway, someone you probably know has your address and some spoofing software and is messing with your head.

You don't mention other specifics that lead you to believe a hacker is 'running your computer'. Maybe his email taunting is all there is to it.

P.S. Your user name should be HakrBeGon

message edited by DAVEINCAPS


Report •

#9
May 28, 2014 at 03:27:05
Just to elaborate a wee bit on Linux - loading into RAM...

Linux can be installed on its own on most PCs, or in a dual/multi- boot environment.

It can also be used as a stand-alone OS (my description) run from its own bootable cd/dvd. In that scenario it installs itself into the available RAM and any hard drives within the physical system are then simply resources available to the booted Linux OS.

That approach allows one to try out Linux at any time without actually installing it "properly" - but it will be little slower than if actually installed. It allows one to use a given computer - one that won't boot ok - to get on-line and access useful resources there; also contents of the faulty computer drives too - which can then be recovered and copied to external storage...; also allows access to on-line email accounts...

There are various "flavours" of Linux; Ubuntu being one and proffered and supported by Dell (if I remember correctly) as an alternative to Windows. Debian, Knoppix are other flavours, and there are many more too "out there (Skully...)".

Support for Linux has grown over time but there are some bits of kit (some printers etc. at least) that may not have Linux drivers; although there are often workarounds there. But that Dell now offer a variant/flavour does give you some idea of its strength and appeal. It's less hackable than Windows (doesn't mean it can't be and perhaps hasn't been already - albeit with some effort...); and less demanding on resources... Mac OS are based on Unix and Linux is similarly constructed; and Mac systems are less easy to penetrate and attack, and likewise Linux...

On a system booted up with a Linux disk, the installed OS on the actual computer itself is not active, and thus can be more fully checked (with a suitable utility) for those pests etc. which hide themselves within the booted on-board OS once that OS has booted. Many (all?) rescue disks are built around a version of Linux, which is why they are more effective at times...

The only "rescue disk" as it were that isn't built around/based on Linux is (I think...) the ERD Commander series. I think (open to correction here) that those disks contain a bootable version of Windows - which is run from a cd/dvd boot up. I have the version built around XP and have found it very useful on occasion. Sadly later versions are only available now from M$ as part of their Technet subscription... Previously it was available to anyone (not cheap) from the original company - Winternals (now absorbed by M$). There is an option when an ERD disk starts up to ignore them and boot to installed Windows; and, also once that ERD has booted up, later to reboot to the installed Windows OS.

So I suggest it's useful to have a rescue disk or two around, also perhaps current (they are updated regularly) Ubuntu, Debian or similar disk too - just in-case...?


Report •

#10
May 29, 2014 at 17:27:16
Whoops,repeat info...see above;

message edited by HakrGon


Report •

#11
May 30, 2014 at 05:57:42
"DAVEINCAPS I get spoofed (fake address) emails all the time. It seems like everyone is trying to sell me viagra. (How do they know. . . well, never mind.) Anyway, someone you probably know has your address and some spoofing software and is messing with your head.
You don't mention other specifics that lead you to believe a hacker is 'running your computer'. Maybe his email taunting is all there is to it.
P.S. Your user name should be HakrBeGon"

This was not a viagra message,it was them basically admitting they are in our system,phones,etc. They've sent messages to people under my name and have also copied and sent private messages of mine to others. Plus someone got into my bank account and purchased some things online.


Report •

#12
May 30, 2014 at 06:16:18
Changing passwords; cleaning the system thoroughly - and JohnW has given you a good run down in that regard; ensuring firewall is working properly;virus definitions regularly updated may well resolve it all for you.

And regularly run the Kaspersky (and/or similar) rescue disk scans; for the reasons already given earlier.

Also encourage your contacts/friends various to ensure "they" have their respective computers properly clean; that "they" also change their passwords etc. too... Anyone of them may have a similar problem, and may even have passed the pest on to you and others...?

Again, where allowed, the inclusion of period in a password seriously hampers hackers/spoofers etc initially. And similarly a period (at least one) in a login name has a similar effect... (And sometimes other symbols may be allowed...)

e.g. joeblow@whatever.com is easier to spoof/hack etc. than joe.blow@whatever.com And similarly - password - is easier to hack etc. than - pass.word - or even (better) - pas.sword - I think you see the idea?


Report •

#13
May 30, 2014 at 07:55:13
Great advice trvlr,so even with a human hacker it's still hard for em?...

Report •

#14
May 30, 2014 at 08:39:27
yup... Unless they are into using a Kray or similar... Likely they'll give up and go elsewhere...

Ensure you are change "all" your logon passwords; and ideally even login names too - which latter means creating new accounts on the affected computer(s) as well.

Presumably you have ben in touch with your bank too about account security? In the UK many use Trusteer Rapport as account security vetting software...


Report •

Ask Question