Home > Articles

  • Print
  • + Share This
This chapter is from the book

How to Fix a Hacker Attack

After a computer has been hacked it can never be trusted again. So say the pros, and security expert Steve Gibson, of GRC.com, in particular.

"There is no way to know what might have been altered or changed. Any component could be Trojaned, or TimeBombed, or anything. The only thing to do if you want to ever be able to really trust your machine again is to wipe it and start over," says Gibson.

There, you heard it from the man himself. Gibson is one of America’s pre-eminent computer security experts.

A Trojan, of course, is a nasty piece of malware that looks harmless but has a program inside that can give someone outside your system remote access or it can contain a virus or spyware. And TimeBombed? That’s just malware on a timer, set to go off at some future time.

Steps You Can Take Immediately After Being Hacked

If you think a hacker has been on your system and you want to take some instant security measures, here are steps you can take to reduce the risk of further visits.

Disconnect While You Assess

The first measure you can take that’s instantly effective against a hacker is to disconnect the computer from the Internet. If you have a high-speed Internet connection, locate your modem, usually a box connected to your phone line or cable wire, and turn it off.

Install a Firewall

You have three options when it comes to firewalls:

  • Turn on the Windows Firewall
  • Install a third-party firewall
  • Install a home network router that has built-in firewall capabilities

I detail how to do this at the end of this chapter. On p. 101, you’ll see how to turn on the Windows Firewall or how to install a third-party software firewall. On p. 109, I detail how to install a hardware firewall, which is built into a home network router.

Assess the Damage

Scan your system with your anti-spyware and antivirus programs to see if anything strange has been installed on your computer. Be sure to update your virus and spyware signatures first. You’ll have to turn your Internet connection back on (briefly) to update these.

Also look for any new data that has been added or changed. To search for changes, use the Windows search function, following these steps:

  • Click Start, Search, and choose All Files and Folders on the left. Leave the All or Part of the File Name and A Word or Phrase in the File fields blank. In the Look In: field, choose My Computer.
  • Then click When Was It Modified? and select Specify Dates. From the drop-down box you can choose Modified Date to see files that have been changed. To see files that have been opened and examined, choose Accessed Dates and use Created Date to see new files. Set the From and To dates to the period you are interested in; typically just look at the previous 24 hours.
  • Then click Search. A list of the files you’ve requested begin to show up in the right pane.

This search process might freak you out, especially if you choose Accessed Date, because you’ll see many files listed that have been accessed in a 24-hour period.

Remember that Windows accesses many files by itself, even when your computer is idle. So this is not indicative of hacker activity. However, Created Date and Modified Date settings might be useful in determining what files have be created or changed.

Wipe the System and Start Fresh

Remember that wiping your system and restoring it is the best way to start fresh and give yourself piece of mind. It’s not a simple task, so steel yourself for a bit of hard work.

You need either a Windows installation CD from a store or the installation CD provided by your computer maker. It might have provided a full copy of Windows or a restore disk that wipes your computer and sets it back to the way it was the day you bought it, including all the preloaded software.

I detail the step-by-step procedure for wiping and restoring your system in Chapter 9, starting on p. 249.

If you own a Mac, which uses the Mac OS X operating system, be sure to make a backup of all your personal data to CD or DVD first and then follow these steps:

  1. Insert the Mac OS X Install Disc 1 CD and double-click the Install Mac OS X icon.
  2. Follow the onscreen instructions. In the panel where you select the destination disk, select your current Mac OS X disk (in most cases, it is the only one available).
  3. Click Options. If you want to save your existing files, users, and network settings, select Archive and Install, and then select Preserve Users and Network Settings. If you want to erase everything on your computer—and this is recommended to ensure you are completely starting fresh—select Erase and Install. Note that you can’t recover erased data.

  4. Click Continue. Then click Install to perform a basic installation.
  5. After installation, be sure to re-install any programs you might have wiped out from their original installation CDs.
  6. Update the operating system with any updates provided by Apple.

After scrubbing your Mac, check the Mac OS for any updates since you originally installed it. Here’s how:

  1. Open System Preferences and click Software Update.
  2. Select Check for Updates.
  3. From the pop-up menu, choose Daily, Weekly, or Monthly.
  4. If you want your Mac to download important updates automatically, select Download Important Updates in the Background. When the update finishes downloading, you are notified that it is ready to be installed.
  5. When the installation is finished, Software Update looks for updates one more time. This is because some updates require the presence of previous updates before they can install.
  • + Share This
  • 🔖 Save To Your Account