help me - please

[oMrXo]

hi,

recently a so called mate came round my house and as i was out of the room he started doing something on my pc, when i came back i realized it was a switchblade 2.0 and he had stole all my passwords and history on the DUMP, i deleted the dump of his switchblade so he didn't have anything ( or does he because i only deleted the dump) anyway now i have read up on it and certain topics say that a usb switchblade 2.0 opens a back door( what is this) and a ghost admin account which could contain a key logger and could use for later acess (how do i find/stop/delete this).

this all happened a month ago and since then i have been using the internet for private uses and obviously repeating my password and bank/credit card information, could he be spying on me and gaining Information with a key logger or something or is it impossible or very unlikely, is there a way i can find out?

i have norton 360 its not picking up on anything

i downloaded avg free trial and it picked up hklm software

i then used avast anti virus picked up nothing

i then used spyware detector found 18 issues including many cookies a trojan a downloader.belf and 3 password.bift(open office) and a backdoor (open office). is this the usb installed backdoor or not related to the switchblade because i have fixed these with my spy ware detector as it is a paid version, please help the thought of someone watching me or has my info is driving me nuts i cant take it. :(

so to sum up did he go away with any information of mine,

has he been watcging me since with a keylogger or somehing of this sort how to i find and delete it

what is a backdoor and a ghost admin account how to i find and delete

or is there nothing to worry because it is unlikely or because my scans are picking up nothing...

im not that much of a noob i can be farily techincal but i dont know much in hacking and the registry etc...

many thanks

lee

------------------------------

its not a computer but a dell xps m1530 laptop

[Sparda]

It all depends. Reinstalling Windows will remove all doubt.

[digip]

Doesn't sound like much of a friend if he can't tell you what he installed on your machine.

Like Sparda said, best bet is backup, format, reinstall, restore as you may not know what else he did to the machine while you were gone.

Also, learn how to defend against this attack for future reference, so that when you are away from your machine, he can't do it again. About the only thing you can't protect against is full physical access to a machine(like opening the case and bypassing a BIOS password via CMOS battery or removing the HDD to put into another machine), but you can at least turn off the autorun for all drives using group policy (not just CD-Rom drives) and change the service for "Shell Hardware Detection" from Auto or Manual to "disabled" until you need to use it. You should also put a bios password on the machine and set it not to be able to boot from cd and usb devices. I have mine set so you can't even get to the hdd to boot without a password, one for the bios, and one for the HDD. Not all machines will have that option though, but most should have one for the BIOS itself.

Again, physical access would not prevent someone from getting at things if they wanted to, but this is at least a small deterent from being able to boot a Live disc or run anything off USB. If they had time to open the case, they could pull out the battery and bypass the BIOS lock, but if yoru friend is going to go that far, there isn't much of anything you can do to stop him short of never letting him in your house again.

[oMrXo]

ok thanks so say i put all things i need on to a usb device say music, pictures,videos some software like limerwire vegas pro and and my anti virus stuff (basucally all things i need) once i do this i re-boot laptop to factory settings ( forgot how you do this) and then add a password to HDD and bios ( how would i do this) i should be safe? for future saftey ( will this definetly work or is it a 50/50 chance)

thanks

lee

(also why do people make these devices it only causes havoc)

[psydT0ne]

1.MUltiple anti virus scanners on the one machine will cause conflicting issues.

2.Change your passwords and worst case scenario format.

3.Real friends don't hack your shit....(me?...i'd kick his ass until his nose bleeds, but that's just me)

4.These devices are useful in the right hands and not in teh posession of dumbfucks like your "friend"

[SWFu]

Sounds like a crap mate! I'd keep it live and monitor network usage and what methods of authentication he could be using.

[oMrXo]

ok so ive been moitoring processes in ctrl alt delte there nothing supicous and same with msconfig in 'run' he keeps telling me he didnt upload anything like that and the usb device didnt have keylogger software, also im using superantivirus and spyware dector ( cuz apparnetly you can run two spyware programmes togehter) and 1 norton anti virus, where else should i check? also i changed my passwords using on- screen key board and am using that for all passowrds atm

[moonlit]

I imagine keyloggers can probably catch the OSK too, since the OSK just simulates keypresses.

Regardless, you've had foreign media attached to your machine and you know it contained malware, considering you had to ask on a forum what to do I'd advise you format immediately.

[redxine]

I guess you could just unplug it from the internet. Or just unplug it all together. That'll show him! :D

But really, In this case there is nothing to do but re-format. Just be careful if you have to back anything up. I wouldn't go copying any programs or executables. Just documents. It would really suck if you reformatted just to get it again from your backups. Also, you might not want to use a thumb drive or any other kind of media besides maybe DVD. If the malware knew what it was doing and is still running it would probably pounce on your autorun.inf as soon as you plug anything in.

[oMrXo]

so if i were to re-format how do i do this?

i would put all things i need on usb devices i need though, documents, alot of music, videos, sony pro vegas 8 and 9 photoshop,game-combat arms eu and my antivirus stuff also how can i save my favourites on the internet explorer becuase i need them and i easily 50/70+.

once re-formated upload all this stuff back and add password to bios and hdd, where and how do i do this (is this a password for when connecting usb devices, if not how do i do this) then run all scans on system and change passwords and i should be safe, i would be willing to do this to completely fix it, i know my mate said he doesnt have that software but atleast this way i will be less paranoid =] is there any otherway to check if there is stuff on my pc because this does seem like a bit of work.

if you all agree to re-format can you help me do this like how to add passwords to hdd and bios and re-format ...

thanks in advance

lee

[N1LL0]

I agree with moonlit. Format, reinstall, and then change all your passwords to that sensitive info like bank accounts. When you change your online passwords, you might consider not doing it over wireless. Your friend may have a man in the middle. That reminds me, lock down your router and change the admin password for that as well.

After you reinstall make a disk image so that you can easily format and reinstall again if necessary.

[Deveant]

To reformat your going to need the disks that came with your laptop, as stated above dont backup executables because they may be infected.

Sony pro vegas 8 and 9 photoshop,game-combat arms

These contain exe's, they shouldn't be backed up, and you should have the original manufactured disk for these anyway. Just back up your game saves and project files.

Once all this is backed up, to removable media, pop the disk in that came with the laptop, and restore it to factory.

Some info -

Backdoor: http://en.wikipedia.org/wiki/Backdoor_(computing)

Ghost Account: is an admin account created on the machine to be accessed remotely.

[h3%5kr3w]

First and foremost I would go into imminent lock-down mode (cxcl all credit cards and bank cards used on pc, change or remove all paypal, online banking, and email account passwords/or accounts, yank the nic cord (or disconnect from wifi immediately upon doing that, backup your data, reformat, then reload, and for god sakes, when he is around, SHUT DOWN the computer and take the damn power cord with you...

oh yeah, and put a bios password in place.

[VaKo]

I would have kept the flash drive, broken his finger and reinstalled.

[psydT0ne]

I agree with VaKo, it's not so much violence more like retribution personified.

[oMrXo]

lol i am so ashamed of myself that i didnt punch him there and then mainly because i didnt know what was happening, so i am going to reformat i will save everthing i need as for the game its a free game you downlod from the internet, so i wont keep that i wil just save my login information, can i save limewire and my antivirus software or would i leave this?

how to i put a bios password?

is there programme where it sets a password for usb ports before opening the flash drive?

[darkZircon]

For limewire and antivirus, you don't need to save them. Just keep the installers for them handy (or you'll have to re-download them after) and any downloaded files from limewire.

For BIOS password, just go into your computer's bios configuration page. This is usually done by pushing either <del> or <f2> during the computer's boot process. If you bios uses a different key, it should say which at the bottom of the first thing you see when turning on the computer. If you have ever booted from a cd or usb instead of your harddrive, you should know this page. You'll be able to set it under a security tab somewhere.

I am not aware of any software or configurations that will require a password to open usb drives...

[oMrXo]

thanks i need to keep both antivirus programmes and i download them off the internet ( paid versions) so i cant just re-install with the cds as for limewire i can easily re-download ,but i am keeping all files (800 music files) but i would like to put into limewire libary after ( anyone know how to do this)

also its not a computer but a dell xps m1530 laptop if that makes a diffrence?

if i save all needed files to a usb and then after re-formating putting everything back is it safe all is there a better method than a usb? maybe online backup wich came with my norton 360 i could delete the backup and surely then put my needed files into this backup after fe-formating acess my online backup and re-install? or am i talking jiberish/or wont this work?

do i change the bios and hdd password before or after re-formatting

also is there a way to save all my internet favourites because they are very important and i have a lot of them

to be honest though i am extrememly pissed that this prick would do this in the first place

[N1LL0]

do i change the bios and hdd password before or after re-formatting

after

also is there a way to save all my internet favourites because they are very important and i have a lot of them

Backup your favorites folder in c:\documents and settings\"your user id"

[beakmyn]

Truecrypt whole disk encryption. BIOS passwords can be bypassed but if the entire drive is encrypted even booting with an alternative method will get you nowhere. Also set a screensaver password and turn off file sharing. Just like in Linux, don't log on as root (administrator). Enable the guest account and use that for your daily activities. Most of the tools used by the switchblade/hacksaw require administrator access to run so if you're not logged on as admin, then problem solved.

Not all processes can be viewed by Microsoft's process viewer pick up a freebie one from Systinternals (now Microsoft sysinternals). Run a full nMap scan of your machine to check for backdoor processes, especially VNCs.

You can Microsoft's file settings and transfer wizard to save all your files. Read up on it.

[oMrXo]

thanks,

i am downloading microsoft sysinternals as we speak and will check for 'foreign' processes, anyone know anything i should be checking/looking for? if i dont find any strange activity does it mean i am safe?

also i am thinking of saving everything using the wizard and move it to a new account (non-administrator) and delete this administrator account i am on, i will then change bios and hdd password, will this work or do you still highly advise me to re-format even if i dont find anything on sysinternals, ifso i will be re-formatting either tomorrow or the day after.

many thanks

lee

[oMrXo]

while runnig many scans and starting rootkit releaver i noticed a pop up saying backdoor.PCclient blocked but it has not shown on any scans or logs or processes so could this be the backdoor installed by the usb switchblade and where could it be found, if not found when re-formatting my pc will it be there on the autorun or will it be termniated like other sypware such as keyloggers ... i am going to reformat later on today and will saving only documents no .exe files i will then add after the re-format a hdd and bios password and changes all passwords in general ,then re-install wanted documents and vidos and pics.. will then this mean i am completely safe from the backdoor and 'possible' keylogger contained on my pc

many thanks

lee

[Deveant]

yep reformar, and only place clean files back on your computer, then your fine.

[N1LL0]

once you have a clean install, make sure to create a disk image so that it will be super easy to rebuild the install in the future.

[h3%5kr3w]

btw, for future use, if you know he is coming over:

(may be different depending on what ver of windows your using.)

***Make SURE you dont have a USB keyboard or mouse before attempting this***

as this will make your keyboard and mouse unusable (even after a restart)

You can also just turn off the front usb ports this way you just have to figure out which ones are which