Biggest N00b here

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
Collegian
Newbie
Newbie
Posts: 2
Joined: 02 Oct 2005, 16:00
19

Biggest N00b here

Post by Collegian »

Okay, so, hi again everyone. I was told to post some system specs on here so I can get my laptop safe-guarded and what not, so here ya go.


-OS - Windows XP Home
-Anti-virus/firewall - Norton Internet Security 2004 and the Windows firewall
-ISP is RoadRunner, no wireless or anything, just direct connection.

Anyway, my ex, the jerk somehow got a program called PrismXL on my laptop. I have -no- idea how he did it, because I didn't accept any programs or anything. So, he has a hacking history, and I -really- just want to get the proof so I can hand it to my attorney and fry the bastard considering he's been caught before. My knowledge with all of this stuff is about..well, less than zero. =) Any suggestions, and please use English. 8O

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11638
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:

Post by bad_brain »

hey... :wink:
well, seems to be a lot of work to do, so here we go:
I´ve checked the PrismXL-application, it´s some kind of remote control system, I´m pretty sure it´s been installed by physical access to your laptop.
if you need some evidence for a law suit don´t touch the harddisk (but then don´t connect to the net) or at least mirror it to another one, so it can be checked by a forensic expert.

um,you say you use Norton Internet Security AND XP firewall? not good, disable the XP one, because 2 firewalls are not more secure than 1, in opposite because 2 applications are connected to the outside, so it makes your system even more unsecure and it´s also impossible to say how one firewall interact with the other one.
then go to the firewall configuration in Norton and take a look into the "programs"-settings: delete all entries on which you´re not really sure, you´ll find PrismXP there too if it´s still on your system (well,you can block it completely or delete the entry, when you delete it a warning window from Norton will pop up the next time someone tries to connect to your system so the IP will be displayed again... :wink: )

a really nice way to secure your system is the usage of a router, even if you have just one computer. most routers have a built-in firewall (these are stand-alone firewalls, so you can use Norton AND the router one), and by giving your system a LAN adress a router seperates your computer from the internet, which means an attacker can only get the IP- and hardware-adress of the router and would need to exploit the router first before he can theoretically get access to your system.

phew, so much for the IMO most important step, now some extras:
-don´t use the Internet Explorer as your browser, use Firefox (well,some security flaws too in there but still FAR more secure than IE)
-install antispyware-progs, I suggest Ad-Aware AND Spybot
-check which applications startup together with your system by Start>run>msconfig, if you´re not sure which ones to disable just ask, but you can at least disable SSDP and NTP in the services and all programs like messengers, media players in the startup-entries.
-close unneeded ports by the registry
you can close port 445 TCP/UDP by creating a new DWORD-entry in the registry, go Start>Run>regedit, the follow the path to
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NetBT/Parameters
and there you create a new DWORD-entry by a simple right-click:
SMBDeviceEnabled=dword:00000000 (the number is default,so all you have to type is the name of the entry)
-get ProcessExplorer and TCPview (both available here in the useful programs- and/or networking stuff-sections in the downloads), run them and best make a screenshot and either link these to the boards or send them to me as an email attachment, both programs provide good informations about possible malware on your system.



well,that´s all for now from my side, when your done with the steps above or have any further questions just ask... :wink:

Post Reply