Ask Leo! by Leo A. Notenboom

How do I clean up after someone's broken into my computer?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » General Computing

Summary: The news is grim if someone's broken into your computer, but there are steps to take to prevent it from happening again.

My computers' security has been compromised. How can I rid my computer of a remote intruder. I've had this computer for about 5 or 6 years. ... I found out about the nefarious activities only after the person left my company. Although I can't think of anything of value, this person is extremely clever and smart. If getting rid of my computer and replacing it with a new one is the only way to unequivocally extract this 'spectator' I'll do it in a heartbeat. However - what safeguards must be in place from day 1 with a new computer to prevent the same thing from happening again, plus prevent any and all intrusions imparting absolute confidence in the security of my personal computer?

A tricky problem, to be sure. Someone breaks in, you know they're smart, but you don't what they did. Can you clean up and how do you keep it from happening again?

The news really isn't good.

There's a school of thought that says if your computer has been compromised, you have really only one option: reformat. That's a drastic step, but if your intruder is as adept as you indicate, it may be the best approach. If they're really good, they could leave hooks that you could never find.

In your shoes, I'd do the following:

  • disconnect from the net

  • reformat/rebuild the machine

  • rename the administrator account and give it a strong password

  • get thee behind a firewall, and avoid opening any incoming ports you don't absolutely have to.

  • make sure to get ALL the latest security patches.

  • USE the administrator account as little as possible. Create user level accounts for actual day-to-day usage. Again, strong passwords all around.

  • Turn off all unnecessary services; Remote Desktop being the most obvious.

  • Consider an outgoing firewall (something like ZoneAlarm) to trap and/or monitor outgoing traffic.

  • Lastly: remember physical security. Another old adage is that if it's not physically secure, it's not secure. If someone can walk up to it, insert a floppy and reboot, then all the other security is for naught.

Readers: do you have additional tips for security? Add your comments below.

Related:

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Article C2199 - October 7, 2004

Was this article helpful? «Yes» «No»

Recent Comments
18 Comments

A person I trusted a lot has a lot of computer knowledge. He works in a data center. He has opened an email address at my work to make it look like it was done on my computer, under my other user IDs, which were mine. HE wrote himself emails and turned me in to HR for a "hostile work environment". I am really worried because he had both of my laptops for a few days each and now he is mad at me and seeking revenge. Is it possible for him to have gained remote access into my laptops to send futher emails that appear to be me? I also found my firewalls were off and I have an unsecure wireless network I used for a while. I am really scared. I am now being investigated at work and I know his knowledge and anger will get me fired. How do I prove my innocence with someone who had total electronic access and ability to set me up?

Posted by: AMW at February 11, 2008 6:52 AM

Hi, I have a small company. I fired someone the other day, and they used our compnay password to take down a few job ads that we had up on our job board. Do you know the law pertaining to this kind of behavior? I know it's criminal behvior, but is it worth trying to put the person in jail?

Posted by: Rosemary at May 22, 2008 5:21 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Is is worth it?" - that's not a question I can answer.
That's something you want to ask an attorney.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIOZV1CMEe9B/8oqERAmReAJ4o6lt/BqLYfNGf/zPjphHvT2YBkQCghBrM
5ifckS2Y/LI+zGHfg3kZYL0=
=/OtS
-----END PGP SIGNATURE-----

Posted by: Leo at May 25, 2008 9:36 AM

I have also had my aol,gmail email accounts hacked by someone that was very close to me. If she had access to my laptop in my home could she have gotten the passwords that way. I did have a couple of my accounts the the passwords remembered on my old laptop. She has been sending nasty emails from one of my email accounts also how do i find out where these emails were sent from? It was an aol account that she had access to of mine. I have the emails in the sent box im trying to find out where they were sent from the ip information?
Any help would be appreciated.

Posted by: Louise at February 12, 2009 8:41 PM

I too had my computer access compromised as a remote user on the company's PC in my home. Someone hijacked my e-mail address, both personal and my work Lotus Notes accounts, andn were sending damaging e-mails to others with my address. I have always used either Verizon or Comcast high-speed, but I was pushed to try "remote access," which I believe was constantly trying to be setup on the PC, which would not work. I could not stay connected at all, until I put a router between my cable modem and the PC, but then I was "slammed" every 15 minutes until I took the router off. Because of all this, my work reputation has been ruined, my skill reputation has been ruined, and I am finding it extremely difficult to rebuild my reputation. I have been "black-balled" out of the business that I was in, and now can only find part-time work doing menial tasks in the same field; however, my bosses have perceived me to be unintelligent. I will graduate with a bachelor's degree in a technology field, and actually have an associate degree in a technology field. HELP! HOW DO I REINVENT MYSELF AND REGAIN MY WORK REPUTATION SO THAT I CAN FIND A DECENT JOB? Will I need to completely start over? I have been sent into almost finanacial ruin because of these lies and underhanded tactics at my former employer. The techs at work were constantly "reformatting" the PC, which was work's, but I couldn't even do my job -- it was like there were constantly two people (at least) connected on with me at all times. My cable company administrator told me that he was watching my connection and help me one time when the PC "crashed." We found some kind of ancient NT error -- it took down everything. After I didn't have to connect to that employer anymore, IMMEDIATELY my problems disappeared.

Posted by: Maria at March 27, 2009 5:25 PM

Post a comment on "How do I clean up after someone's broken into my computer?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!