Someone has two PC’s.
They both have Vista HP, Windows FW, Avira free.
They’re behind a modem/router with WPA2 encryption.
A friend, tech saviour, was given access to the LAN (don’t know details. What I know is that he has complete access to both PC’s from his own).
The friend is not so friendly any longer.
Now, the question is how to prevent him from access the home network and be sure he didn’t install some kind of software that phones home.
As a first obvious step I thought of counseling changing the network’s name and code. Is that enough to be sure he cannot intrude?
What about something already installed? Is there a scan/removal software to deal with this things?
And what about CIS? If it is installed is there a configuration able to manage this bloody situation?
Hey Jose, Just use the usual - Asqaured free (Expect false positives, Sensitive scanner) MBAM and Superantispyware.
Check that your ports are either closed or stealthed according to GRCshields up. (Don’t worry about the ping reply)
If you have CIS installed, Review your firewall and defense+ policy and also the Antivirus exclusion list to check that there isn’t anything there that you don’t know about, remove it if there is.
IF there are no ports forwarded on the router and no DMZ it is very difficult to get past the router without an established outbound connetion to you pc that you can basically ride back in on the return packets.
It is possible if there is some software on the PCs , I don’t mean something like PC anywhere or XP’s Remote Desktop Connection. Instead, I mean some specially designed software that stays in comunnication with the remote PC, similar to a trojan, baisically an outbound connection. The router itself should be able to stop them.
If there is some specially designed software, i.e. trojan, and it does not have a rootkit hiding it, on the PCs, CIS should be able to stop them. You need to make sure that you do not tell CIS the PC is Clean when you install.
I am not sure as to your technical ability with a PC or Network, but maybe some other users can help you set this up.
Kyles suggestions will help remove any malware. Removing rootkits is whole different animal, but I doubt if they were once a friend if they install rootkits on your PCs. If they did I seriously doubt their status as a friend
Prompt and clear answers.
I will, when I can, apply your advices.
For now let me clarify some details: the network belongs to my sister who lives with her 14 year old daughter. Hence no CIS; they couldn’t cope with the po-ups. The friend is my niece’s ex-boyfriend father who happens to be a freelance security software technitian. See the problem?
I’m not worried that he would steal credit card numbers from my sister; I mean that would be easy to prove by the police (I think).
But here is a guy on his fifties with access to a teenager’s PC. Know what I mean?
I like the idea of installing CIS and telling it to trust nothing. I’m a bit of a newbie but I think I could manage.
In last resource I can always do a system restore. That would do the trick.
Two months ago my niece told me:
“I was surfing the Net when my mouse pointer froze and the keyboard didn’t respond. Then a pop-up appeared and said ““don’t worry I’m just checking out if everything is OK””. Some minutes later the PC got back to normal.”
That’s how and when I knew what my silly sister had allowed.
So, now that the guy’s son doesn’t date my niece any longer I’d like to make sure that he doesn’t stay in touch any more. The problem is that I have no idea what he did, but I’m almost sure that some kind of software is installed on my niece’s laptop and phones home.
I’ll have to wait till I go to their home to check things up. I’ll post back.
Check the Router for PortForwards and/or DMZ host.
Put CIS FW on the pc, you don’t need D+ directly to prevent remote access (if it’s initiated from the outside).
Select stealth ports wizard and block all incoming traffic (assuming it’s a stand-alone pc).
Check the pc for “GoToMyPC” kind of software that delivers “remote access” to that pc via the web without the need of incoming ports enabled.
On My Computer, Properties, Find “Allow Remote Control” and disable that.
Run a HijackThis and post or PM me if you have to log to check for “strange” software.
Is he near enough to pickup the wifi signal ? if so then change the key.