Helping people with computers... one answer at a time.

The news is grim if someone's broken into your computer, but there are steps to take to prevent it from happening again.

My computers' security has been compromised. How can I rid my computer of a remote intruder. I've had this computer for about 5 or 6 years. ... I found out about the nefarious activities only after the person left my company. Although I can't think of anything of value, this person is extremely clever and smart. If getting rid of my computer and replacing it with a new one is the only way to unequivocally extract this 'spectator' I'll do it in a heartbeat. However - what safeguards must be in place from day 1 with a new computer to prevent the same thing from happening again, plus prevent any and all intrusions imparting absolute confidence in the security of my personal computer?

A tricky problem, to be sure. Someone breaks in, you know they're smart, but you don't what they did. Can you clean up and how do you keep it from happening again?

The news really isn't good.

There's a school of thought that says if your computer has been compromised, you have really only one option: reformat. That's a drastic step, but if your intruder is as adept as you indicate, it may be the best approach. If they're really good, they could leave hooks that you could never find.

In your shoes, I'd do the following:

  • disconnect from the net

  • reformat/rebuild the machine

  • rename the administrator account and give it a strong password

  • get thee behind a firewall, and avoid opening any incoming ports you don't absolutely have to.

  • make sure to get ALL the latest security patches.

  • USE the administrator account as little as possible. Create user level accounts for actual day-to-day usage. Again, strong passwords all around.

  • Turn off all unnecessary services; Remote Desktop being the most obvious.

  • Consider an outgoing firewall (something like ZoneAlarm) to trap and/or monitor outgoing traffic.

  • Lastly: remember physical security. Another old adage is that if it's not physically secure, it's not secure. If someone can walk up to it, insert a floppy and reboot, then all the other security is for naught.

Readers: do you have additional tips for security? Add your comments below.

Article C2199 - October 7, 2004 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

22 Comments
Jim Byrd
October 8, 2004 9:35 AM

One tip you left out, which helps a little with physical security--set a BIOS password. Also, if you are worried about booting from a floppy, some BIOS's have a setting to disallow booting from a floppy or they at least allow you to specify booting from the hard drive first.

http;//www.lsblogs.com
October 8, 2004 4:25 PM

Never mind cleaning up, you have had that computer for 5 or 6 years, its prehistoric!

Do yourself a favour, give the old one to charity, or sell it on ebay, and get a new one. You will thank yourself for doing so. The difference will be huge, it will be soooo much faster you wont believe it.

ken
htpp://www.lsblogs.com
Submit your blogs for free, find great blog sites.

Larry Osterman
October 12, 2004 3:36 PM

If you value the data on the machine, then a reformat is your ONLY option. Otherwise the intruder could have loaded a "rootkit" (look it up on google), which is essentially impossible to find. At this point, you don't own your computer, the bad guys own your machine, and you'll never be able to get rid of them (short of a reformat). They can use your machine to send spam, they can use your machine to attack other people, they can use your machine to host kiddy porn (and then you've got to explain to the police what the kiddy porn was doing on your computer (this is a very real threat, it's happened in the past (see: http://ask-leo.com/d-41012a for details)).

The list of things that a sophisticated hacker can do to make your life unpleasant is quite large.

Btw, Leo's list of "day 1" suggestions is quite good (as always).

[editted link through redirector - ln]

Respect2Glory
October 28, 2004 8:45 AM

Anti-Burn Proceedures for the sake of those at disarray of a smart hacker:

Change your IP Address.

Don't BackUp if you think it's tainted --
Get some reliable help to sort through your current -vs- backups... try to rebuild from BU.
-- Some are familiar with a BU Plan and some aren't -- Depending on security issues; contact several security persons about this issue, then decide how you're going to proceed.
***For those that don't know - Don't trust just a few others - Do your homework.

Your best defense: BackUp often, and in different areas/formats!

Chris
February 24, 2005 8:31 PM

If you donate your PC, make sure that you remove the hard drive if you have personal info on it. Information is not necessarily deleted from a hard drive just because you hit the delete button

jess
June 30, 2005 1:05 PM

can you help me beacuase someone has changed my password and my secret question. i would get a new account but i havnt saved my addys and i have loads what do i do?

Clean computer spyware adware registry
September 8, 2005 5:03 PM

Clean-Computer.org - Free computer clean up of hard drive of spyware, adware and registry. Get firewall anti-virus patches remove Spyware.

clean computer spyware adware registry

phil
November 10, 2005 9:19 PM

best advice is to download: zone alarm, adaware, and spybot search and destroy, and nortan anti virus. Disconnect from the internet take of any programs or folders that u dont need anymore of look a lil sus. Install all those programs and set them up, change your ip address. Download all the latest updates then back ofline and scan your computer clean. Also try and back up those valuable files.If u do want a new computer get 1 then load all that stuff onto it so that they cant access it again. If they continually do it and you cant fix it theres allways the good old baseball bat visit them aproach :P

sara
February 13, 2006 2:42 PM

Is it easy for someone to brake in my email account and change the password? I'm trying to get in my yahoo account when I know that I have the password and id. It does not work....I think someone has changed my password but, how. Would they have to be a computer genious to change it?

Y.Chen
August 24, 2006 12:18 PM

Hi.
Could a computer still have spyware after I scanned it? Could it destroy a computer?

Y.Chen

Christy
September 5, 2006 7:05 PM

Hi
I have a friend who I trusted to help me with my computer, he usually comes and helps when ever I have a problem, recently I find out that he know how to get into someone elses computer and see their bussines camara, now he can see whats going on from his home, I my self have a web cam and I wonder if he could have acces to my computer and know everything I do or write in my comp from his home. He was here last week and did something in the computer.
I dont want to acuse him of something if Im not sure.
I really apreciate if someone can help me

janet
October 10, 2006 8:07 PM

Someone I know has broken into my email and sent trashy emails using my name. Also they are sending emails trying to distroy my business saying items have been recalled. How do I catch them after the fact. Is there a way to get the IP number from the computer they used so I can prove they were the sabatogers.

AMW
February 11, 2008 6:52 AM

A person I trusted a lot has a lot of computer knowledge. He works in a data center. He has opened an email address at my work to make it look like it was done on my computer, under my other user IDs, which were mine. HE wrote himself emails and turned me in to HR for a "hostile work environment". I am really worried because he had both of my laptops for a few days each and now he is mad at me and seeking revenge. Is it possible for him to have gained remote access into my laptops to send futher emails that appear to be me? I also found my firewalls were off and I have an unsecure wireless network I used for a while. I am really scared. I am now being investigated at work and I know his knowledge and anger will get me fired. How do I prove my innocence with someone who had total electronic access and ability to set me up?

Rosemary
May 22, 2008 5:21 PM

Hi, I have a small company. I fired someone the other day, and they used our compnay password to take down a few job ads that we had up on our job board. Do you know the law pertaining to this kind of behavior? I know it's criminal behvior, but is it worth trying to put the person in jail?

Leo
May 25, 2008 9:36 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Is is worth it?" - that's not a question I can answer.
That's something you want to ask an attorney.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIOZV1CMEe9B/8oqERAmReAJ4o6lt/BqLYfNGf/zPjphHvT2YBkQCghBrM
5ifckS2Y/LI+zGHfg3kZYL0=
=/OtS
-----END PGP SIGNATURE-----

Louise
February 12, 2009 8:41 PM

I have also had my aol,gmail email accounts hacked by someone that was very close to me. If she had access to my laptop in my home could she have gotten the passwords that way. I did have a couple of my accounts the the passwords remembered on my old laptop. She has been sending nasty emails from one of my email accounts also how do i find out where these emails were sent from? It was an aol account that she had access to of mine. I have the emails in the sent box im trying to find out where they were sent from the ip information?
Any help would be appreciated.

Maria
March 27, 2009 5:25 PM

I too had my computer access compromised as a remote user on the company's PC in my home. Someone hijacked my e-mail address, both personal and my work Lotus Notes accounts, andn were sending damaging e-mails to others with my address. I have always used either Verizon or Comcast high-speed, but I was pushed to try "remote access," which I believe was constantly trying to be setup on the PC, which would not work. I could not stay connected at all, until I put a router between my cable modem and the PC, but then I was "slammed" every 15 minutes until I took the router off. Because of all this, my work reputation has been ruined, my skill reputation has been ruined, and I am finding it extremely difficult to rebuild my reputation. I have been "black-balled" out of the business that I was in, and now can only find part-time work doing menial tasks in the same field; however, my bosses have perceived me to be unintelligent. I will graduate with a bachelor's degree in a technology field, and actually have an associate degree in a technology field. HELP! HOW DO I REINVENT MYSELF AND REGAIN MY WORK REPUTATION SO THAT I CAN FIND A DECENT JOB? Will I need to completely start over? I have been sent into almost finanacial ruin because of these lies and underhanded tactics at my former employer. The techs at work were constantly "reformatting" the PC, which was work's, but I couldn't even do my job -- it was like there were constantly two people (at least) connected on with me at all times. My cable company administrator told me that he was watching my connection and help me one time when the PC "crashed." We found some kind of ancient NT error -- it took down everything. After I didn't have to connect to that employer anymore, IMMEDIATELY my problems disappeared.

jackie
March 16, 2010 3:35 AM

I work in an office and i have found that a person who has adminstrator access has went into my computer over ridded my codes and taken away a programme that was set up on my system . He did this when i was on my day off. Should he have come and said he wanted to go into my computer , and explained why he was taking this programme away as this programme was part of my job. Our firm is closing down due to retirement , but surely he just cannot go in without saying. He could have waited till i returned the next day and i would have let him in under my codes. Why have personnel coeds if someone can just go in and over ride them, when they want to.

Administrative access is administrative access, and this serves as a good reminder that your work computer does not belong to you.
Leo
17-Mar-2010

Bobby
May 7, 2010 7:57 AM

I have a question. I think someone might be looking at my email files using Outlook web access. I believe they already have teh usernames and passwords.
Is there a way to track who is looking at my messages?

You'd have to check with your email service provider.
Leo
08-May-2010

hated by the ex
September 13, 2011 4:11 PM

This is not a comment, but a question and im on my wits end... So my ex-hubbs and i are divorced for over 3 years, we have to communicate because of the child we have together, however i noticed at first that some emails between me and him dissapeard from my email account.. first i was like damn i must have deleted them in accident, then more and more disapeared... now he seems to know on social sites what i post etc... even though we blocked each other and my profile is on private..and we also do not have any friends in common... i recently had my email account suspended etc because of weird activity.. was able to get it back.. the list of things is long, now my question is, i know my ex is a IT specialist and works for a internet security firm, i am almost certain he hacked into my computer thrue my ip adress, is there a way i can find this out for sure? and if, what can i do to stop it and / or prevent it from happening again...
thanks

Mark J
September 13, 2011 6:11 PM

@Hated
If I suspected that someone was illegally accessing my computer, I would go to the police. They also deal with computer crimes.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.