Testing my pc security

[dpetka2001]

hello there...i would like to find out how i can test if my computer was hacked or not...i have a rapidshare account and yesterday i couldn't login so i talked with them and told me that my account was hacked...i got it back but i would like to test my computer for possible vulnerabilities or trojans...any help would be appreciated...thanks in advance...

[massimo]

You can run rkhunter or chkrootkit to find rootkits. Probably [1] and [2] can help a little.

[1] http://www.securityfocus.com/infocus/1769
[2] http://www.securityfocus.com/infocus/1773
_________________
Hello 911? How are you?

[phajdan.jr]

Note that the most probable cause was weak or sniffed password. I would suspect that before a rootkit, but it doesn't harm to check.

[lesourbe]

[dpetka2001]

well i don't have neither a wi-fi connection nor a shared internet connection...i don't even run ssh...the only ports i have opened in my router are the ones for the p2p programmes so that they can run appropiately...i ran chkrootkit but i think nothing was found...here is the output in case i don't interprete it the right way

[lesourbe]

nothing wrong in here.

about your connexion ? wifi / shared lan ?
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

[dpetka2001]

well as i've already said i don't have any wi-fi enabled(lacking equipment) nor do i share my lan with other people...i only plugin my laptop in the switch to share files between them...i remember having used the laptop to download files from rapidshare aswell...it is windows vista...how could be the password be sniffed if possible? maybe through a trojan in windows that sends over traffic to the internet? is there any other way i can check my gentoo before moving on to the laptop?

[lesourbe]

chkrootkit - rkhunter - checking logs ... won't show anything relevant I bet.

then let's start with the most likely cause in your case : your laptop.
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

[dpetka2001]

thank you for your response...could you advise me for some antispyware or other applications i could use to check my laptop(windows vista) for anything suspicious??

[lesourbe]

sniffing from out of the box could tell you relevant stuff ...

spybot and avast could be of some help ... they paranoid freaks will tell you that if you have a doubt that your box is compromised you have to wipe out every single bit and start over with a fresh install.
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

[dpetka2001]

that would apply also for my gentoo box?

[lesourbe]

that would apply to any box ...
decentralized logs and tool like tripwire could help convincing most of the paranoid freaks though.


NB : I hardly think your gentoo box has been compromised ... were you running hazardous services on it ?
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

[dpetka2001]

[lesourbe]

Paranoid freaks : format everything, both boxes

moderate : format your windows box

less than moderate : run antispy / anti virus on your windows box

less than less : do not care, recreate an account, or change your password.


NB : I'll go for the moderate.
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.

[dpetka2001]

thank you for your reply...i'll go with the moderate option for the time being...

[jomen]

suggestion:
AND change your passwords
_________________
Cheers

[dpetka2001]

already did that!!

[ebasedsecurity]

It could be that your account was hacked from the other side. Maybe someone hacked your account and others at rapidshare.

Since your tests seem to show no infection, I would think that might be a possible scenario.

[lesourbe]

google says there's a bunch of results about "hack rapidshare account"
_________________
Is that a banhammer ?
LeSourbe, Member of EPowerforce.