My network has been hacked and i dont know what to do??????

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: omcleanLocation: France PostPosted: Mon Oct 18, 2010 12:37 pm    Post subject: My network has been hacked and i dont know what to do??????
This is my first post ever, i've been reading them for years and they have helped me figure out many problems i've had, but this time i really do need help.

Basically my problem is that my network is being hacked into, i know this because my network meter was showing an abnormally large amount of data being uploaded, so i turned of all my file sharing options that i was using between my computers i applied the changes and then went back to look and they had been turned on again so i did it again and again and it kept turning its self on again so i ran "netstat -a" in command prompt and found two IP addresses that i did not recognize (one was registered from Cyprus and the other from India) so i blocked these in my firewall (kaspersky internet security 2011) this seemed to work as the uploading looked normal again but later on that day i had restarted my computer and when it booted up again i could not connect to my network, eventually it connected and said that the network was unsecured. I deleted the network profile when i set it up again and did not need to put my 26 character WPA TKIP key in, so i did a bit of research and ended up changing my key to a 63 character WPA 2 AES key i assumed this would make the task of hacking my network a lot more difficult and it did seem to work for about 24 hours then it was all happening again, i blocked another new IP (this time from the U.S.A.) and changed my key again to buy myself some time to post this and hopefully find an answer.

Now i have used certain P2P Programs (all uninstalled now) on my computer and am normally pretty careful but a laps in judgment and a bit of curiosity lead me to get an OS buy DARECKIBMW and even more foolish of me to think that because it "looked" right and worked that it was ok, so i connected it to the network and so it all began... I realized what it might be so i scanned the OS with kaspersky and malwarebytes, and they removed quite a lot. but after some digging i found a file called "VISTA DRIVE.exe" (neither of the programs found it) after googling this i still don't know exactly what it does but i know its not good. I reformatted this computer its running ok now but is not connected to any network. However my windows 7 and my mum's Vista computer were both on the network at the time.
So my questions would be, What can i do? Can i change my IP? Is there likely to be some sort of file hiding on one or both of the computers that would help someone get in?(I don't mind reformatting them if i have to but would like to know that this would actually help) or is this something else entirely and is there something better than "netstat" to monitor devices on my network?

I would say that i have a pretty good understanding of windows but am really not so good with the more complex parts of networking and internet security so any help or advice that anyone could offer would be greatly appreciated and thank-you for taking the time to read this.

Additional Details:
My ISP is Orange Fr (i am living in France)
My router is a sagem mini 2 livebox

Author: FugtruckLocation: Oklahoma, USA PostPosted: Thu Oct 28, 2010 9:38 pm    Post subject:
Here are some general recommendations to do whenever you think you have a compromised system:

Run a good thorough malware scan, one that includes anti-virus, anti-spam, and anti-rootkits. Running two or three scans from different vendors is always a good idea as what one vendor misses another may catch. I like bootable anti-virus disks (like from Avast) or online scans from just about any vendor because that way I know that the virus signatures have not been tampered with.

Look for any local user accounts that do not belong and disable them (I would say delete them but disabling keeps you safe in case one is legitimate and you need it back later).

Change all your passwords to new, strong passwords.

Have a firewall in front of your network blocking everything that you don't explicitly want through.

Have a software firewall on each computer in the network doing the same.

Author: abrahamj PostPosted: Thu Dec 02, 2010 7:08 am    Post subject:
You try some NIDS software, eg. Ax3soft Sax2, Snort and so on.

Author: krugger PostPosted: Thu Dec 02, 2010 6:34 pm    Post subject:
Backup your data and just reinstall the computer with a new Windows 7 operating system or a recent Linux or BSD.

Remember that when you do the backup you will probably infect your external hard drive, so don't put it back until you have a working anti virus and a correctly setup Windows 7. A correctly setup computer should not infect itself from removable media. Windows should have software restriction policies.

You seem to be seriously compromised any chance your router has been compromised? What is your operating system?

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group