OT: Where can I download a Virus or three?

[Azselendor]

forgot to mention, have customer support change her passwords remotely or change them on a totally separate computer from the one that is infected.


ps, if you have time and the ability, push dead fish inside the dryer. Not the drum, but open the back and put on something that gets really hot.

[Baron Grazic]

Here are a couple of options, if you think that it is a spyware/keylogger/rootkit - try either :-
eEye Blink Personal
Sophos Anti-Rootkit sarsfx

Otherwise a Sledge Hammer to the guys knee caps should do the trick.

Baron Grazic

[Suicide Junkie]

If you want maximum security, unplug that ethernet cable.

[narf poit chez BOOM]

Narfs' Wisdom on Relationships: The quickest way to determine if someone such as a girlfriend/boyfriend, spouse or family member is a user is to create a disablement/work ratio. Be sure to use their real disablements and note their willingness to do work that does not challenge their disabilities.

For friends, simply determine the ratio at which they can provide toys, compared to the ratio at which they use other peoples' toys.

And be very suspicious of people who claim that anything is always someone elses' fault.

[AstralWanderer]

Romulus68 said:
Friend needs to stop an Ex who is accessing her computer, getting in her emails, etc.

To test whether an antivirus is working or not, use the Eicar test file rather than risk infecting a PC with actual malware. However if the malefactor is technically competent, the most secure course of action would be a Windows reinstall (to ensure the removal of any rootkits) followed by the installation of appropriate security software.

It may not just be the PC that needs securing - if webmail is involved (GMail, Yahoo, Hotmail, etc) then the account passwords should be changed also (and check the settings to see if the account has been configured to send copies to emails to a third party). If a wireless network is being used, that needs to be encrypted (using WPA preferably) to guard against eavesdropping.

[dogscoff]

As others have noted, it's likely that he's not accessing her computer: He's probably accessing her accounts from his own computer. However, it is possible he has installed a keylogger/ other spyware on her machine.

All the advice given so far is good. To put it all into order (and add a few little tips of my own):

Contact the ISP and ask them to change all passwords. Then back up all data, pull the network plug on the machine, format the HD and re-install Windows (or better yet, install something more secure, like Linux ).

If applicable, change the password on her router while you're at it. If it's wireless, change the SSID and WEP passwords (or enable WEP if it wasn't already), and set it to non-broadcast mode. Enable MAC address filtering if available.

Configure the OS to require a password on bootup. Ideally, you'd also change the BIOS to disable boot-from-other-media and then password-protect the BIOS setup screen. Install all security updates for your OS as quickly as possible. This is especially important for Windows. If possible, do the updates offline (ie, download updates from a different PC and save them to a CD, so that you don't have to connect an unpatched PC to the internet).

Now you can install some anti-virus/ anti-spyware (if using Windows. I'm not sure Linux even *needs* anti-virus..?)
Here is the basic freebie suite to keep your average Windows machine mostly secure:
AVG antivirus
Spybot Search & Destroy
Spywareblaster
Firefox
I'll let someone else recommend a good freebie firewall.

Now that her PC is clean and un-snooped, she can go online and change all remaining passwords (webmail, websites, chat etc), if she hasn't already done so from a safe machine somewhere else. Check that the email accounts on file for these acounts are all kosher- it might be that he's added his own email address to the account, so that new passwords and the like are being forwarded to him.

You're now ready to re-install all her other software. If she used to have loads of crappy third-party IE toolbars, stupid smiley programs and animated pointers and stuff like that all over her machine, question each and every one of them before re-installing it. Does she really need it? Could it be spyware? Could the same functionality be achieved by some other means?

If at all possible, do all of the above in one afternoon. If the ex-boyfriend realises he's being locked out bit by bit he may start changing her passwords or take other measures to try to keep control.

Now for the most important step in the process of securing her PC: Make her a cup of tea, sit her down and explain a few things to her:

1: Make sure that in future she uses non-guessable passwords, (ie, NOT the name of a family member, pet, new boyfriend...) and

2: Tell her NEVER to give her passwords to ANYONE for ANY reason. Not even you. Make a point of averting your eyes if you're nearby when she types in a password.

3: Make sure she never lets this ex-boyfriend of hers in the same building as her computer. Accessing someone else's emails without their consent is really creepy- she should probably stay away from him altogether.

4: Tell her not to put anything into her PC that might have come from him (CDs, flash drives, floppies).

5: Explain to her that apart from her ex, there are lots of other nasty people on the net who will quite happily hack into her PC and do nasty things to it, given the opportunity.

6: tell her not to install anything emailed to her, or anything that pops up unexpectedly on a website. If she ever does want to download and install a program, get her to do a little googling on it first to make sure it's reputable.

7: Be wary of wireless connections. Basic WEP can be broken quite easily these days, and I'm not sure even the latest protocols (WPA2) are 100% safe. Don't access sensitive information (ie online shopping, banking) over a wireless link and if you're feeling uber-paranoid, you should avoid installing anything that was downloaded over wireless. Consider running some network cables through her walls if necessary.

Some of the above may seem a little paranoid, but if this ex-boyfriend is even half-way tech-savvy (which I suspect he is) and sufficiently amoral (which he almost certainly is) then it is NOT overkill. Even without him, this is all good practise: Chances are her PC is in a fairly unsecure state (90% of Windows PCs around the world are, sadly) and you will be doing not only her but the rest of the world a favour by removing her from the global pool of potential spam/ botnet/ virus victims.

Also, I appreciate that, for a lot of people, the above might possibly seem (a) way too technical and/or (b) too much like hard work. It is daunting at first, but it gets much easier very quickly. There's tons of help available on the web, and by the time you've fortified her machine and your own you'll be entirely comfortable with this kind of thing. It can be very rewarding, it is an extremely valuable skill, and a great way to earn favours with people=-)

One last thing: If there's a chance he has compromised her machine with his own spyware, make sure she unplugs her webcam until the machine is cleaned.

Let us know how you get on, and ask us questions if you need to. We have a very helpful and knowledgable crowd here.

[aegisx]

I would reinstall her system and start clean... only way to be sure.

[Suicide Junkie]

And not just a reinstall; hit the drive with a low-level format and repartition the drive for convenience while you've got nothing on it to lose.

[Azselendor]

Dogscoff covered a lot of good things to do, but I'd like to add a few more to round it out a bit

-Wireless Networks-
You may want to consider changing the default IP address of the router. Linksys for example is 192.168.1.1 Dlink and others use similar ip addresses that are easy to discover. However, i recommend only messing with that if you know what you are doing.

-OS Security-
Dogscoff recommended a password on the BIOS and for bootup. Do this. Yes, several login screens are annoying, but the Internet is a bad neighborhood and you need extra locks on your doors and windows.

I'd also recommend password protecting the windows admin account (reachable via safemode) and disabling the guest account. XP home doesn't really disable it so you'll need to check out this. http://www.petri.co.il/disable_the_g...windows_xp.htm

For firewalls, I recommend zonealarm. They have a free edition that's pretty damned good.

Dogscoff recommended changing the passwords after you secure the computer, I would do it at the same time I secure the OS but i'd do it this way.

1.) Setup a new master email address from a clean computer.
2.) Change the backup email address of all of her other accounts to that new master email, from a safe computer
3.) Now change all the passwords.
4.) Disable all forwarding email addresses and reply-to settings.

-Home Security-
Now, one more point of security. Change the locks on her doors and, if it is a rental or apartment or condo, make it clear to the property management and their staff that he is not to be allowed in AT ALL.

[Fyron]

Quote:

dogscoff said:
If it's wireless, change the SSID and WEP passwords (or enable WEP if it wasn't already), and set it to non-broadcast mode. Enable MAC address filtering if available.

Enabling WEP makes you less secure. It takes only a few minutes to crack by any number of easily available cracking tools. All it does is give you the false impression that you have another layer of security. WPA is still computationally harder to crack, IIRC, so its a better way to go. Still, don't think that your wireless encryption is going to be your strongest layer of defense.

MAC address filtering can be spoofed, once the encryption is broken. If you use filtering, assign static IP addresses to your machines, and disable DHCP, you get another layer of inconvenience. Its not going to outright stop the cracker, but it will slow him down just a bit more.

Obscuring SSID and "non-broadcast" modes don't really matter much if the cracker has appropriate tools, cause they can find the network anyways. It makes it a little harder to find with the basic Windows and NIC driver tools, but even something as innocuous as Net Stumbler can still pick up on the existence of active but non-broadcasting access points.

Doing all of this stuff is still good protection against people that don't really know what they are doing, of course. It will generally slow down a knowledgeable cracker, but there are always ways in.

Quote:

Azselendor said:
You may want to consider changing the default IP address of the router.

If you can get onto the network, or at least view traffic, you know where the router is via the broadcast IP (default gateway).