Someone hacked my system

[parad0x]

Someone has hacked my system and deleted about 15 GB of my stuff.I am using windows 7 Home basic. I have tested for open ports of my system and found that they were closed and my firewall was also disabled. I downloaded snort but I don't know how to use it. Well I 'll learn how to use that but my AV is running with all the services up and didn't detected anything.

[Snayler]

Someone has hacked my system and deleted about 15 GB of my stuff.I am using windows 7 Home basic. I have tested for open ports of my system and found that they were closed and my firewall was also disabled. I downloaded snort but I don't know how to use it. Well I 'll learn how to use that but my AV is running with all the services up and didn't detected anything.

Snort is a IDS (Intrusion Detection System), meaning that it will work WHEN you get attacked, not after. Why would you have your firewall disabled? I'm curious, which AV are you using?

[vezzy]

Try running something like ComboFix or rkill, back up everything and (after having diagnosed everything) do a fresh install.

We need more details here, though. How did you detect that it's an intrusion?

[Axon]

Download some anti malware softwares, then boot your system in safe mode. Do a full scan and see what you will get. In addition, search the registry for suspicious keys.

[NovaCygni]

I agree with vezzy how do you know it was a intrusion? There are a few ways that you could easily loose 15GB of data, have you run a full scandisk to make sure the informations is not indexed wrong or is on a damaged cluster on the harddrive? If your using a SSD drive have you got WriteBehind Caching Disabled?


Windows Firewall is disabled by default in any decent Firewall software as it interferes with there ability to defend your system, Comodo Firewall is pretty effective though I stand by Avast myself. Have you disabled "Anonymous Logon" in your registry tree to stop people on a local network being able to hack you (* Anonymous logon from a local IP will bypass Win7's firewall *), have you disabled Netbios?


If you believe it was a targeted attack try running some Honeypot software on a old laptop or notebook connected to your network all the time (* I have one doing it right now *) name it something like "Win98SE" so it looks extra vulnerable, and that way once your main pc is hidden on the network yourll be able to use the honeypot as a easy way of watching any  targeted  attacks. Another idea is to setup the Honeypot to add fake Hops to the packets aswell as adding ms to the timestamp so that you can spoof how far away you are to the attacker, though obviously this is tricky to setup for a novice.

[parad0x]

@Snayler: I am using AVG  2013 antivirus with realtime scanning on.


@vezzy:I found My FIFA game deleted and my other files. Due to this, my harddisk space was increased by 15GB.My pc is accessed by me and my younger brother only and none of us deleted the game so it was the intrusion.

[vezzy]

>inb4 younger bro deleted FIFA

Nova's advice is solid. Try that if you really suspect an intrusion.

That or beat the shit out of your brother and extort as much information as possible.

[Axon]

You didn't tell us your younger brother has access to the computer. He could've deleted the files by mistake. Start an interrogation with your brother to exclude his involvement.

[NovaCygni]

I personally would remove AVG, its shit and wont detect fuck all, Go download yourself Malwarebytes AntiMalware, Install it and run a full scan in safemode, that WILL detect and remove everything nasty on your machine, if you have AVG you have NO security.


Again I suggest also running a scandisk/chkdsk FULL scan, If the FIFA folder was being Cached when the system didnt shutdown properly itll have damaged the Indexing of the harddrives clusters and the information could simply be a "Error", a scandisk will detect this and re-add the FIFA folder's Index'd cluster address and your information will have been returned.


Yourll find unless you have ALOT to hide, theres almost a 99.9% chance you have NOT been hacked (* Even Blackhats and Greyhats like myself want to remain undetected on a hacked pc, deleting stuff is a give away you were not hacked, if you had been hacked you would likely never know it as you PC belongs to the hackers botnet for only as long as you dont know yourve been hacked *)


My moneys on 1) Harddrive Caching Error requiring a full scandisk (* yes that means checking for damaged clusters aswell! *) 2) Your lil-bro deserving a backhanded bitch slap!

[edu19]

Sorry for late reply but when you think your system is hacked you must monitor it using tools like process explorer, process monitor and a sniffer like "WireShark" which in my opinion is a very good one. it will show you traffick in real time for all ports and protocols.
 
by the way, a tip...use Kaspersky AV if you wish to use one, by far the best one.
 
 

[Xires]

[pretentious_elitism]
And Windows claims another victim...
[/pretentious_elitism]

[proxx]

[pretentious_elitism]
And Windows claims another victim...
[/pretentious_elitism]

Lol yes

Besides who said anything about hacking, disk failure......