computer has been hacked!

Two weeks ago I was on my mother's computer trying to clean all of the spyware off of it. The night before I had done an online Kaspersky scan. It cound a few trojans. The next day I was running spybot and a dos screen popped up for a few seconds. I got really bad feeling and turned it off right then. Yesterday my mother turns it on and on the user accounts screen there were like two or three more accounts than normal. I have disconnected the router from the computer completely. I haven't been on it since.

What exactly should I do?

 

Hi siriusproblems,
Welcome to Major Geeks!

Hackers usually get into your computer by installing rootkit viruses. If you have banking accounts on your computer, the first thing you will need to do is to notify your bank that your computer's been compromised and ask them how they want you to procede. You'll need to change any passwords you have on your computer. Also, I don't know how you would feel about reporting to the police, since the type of break-in you describe is one that can be documented. Without using the computer, it may be possible for them to gather information about who broke into it. Some police stations are set up for computer forensics. Others are not. If you don't have online banking or use accounts for money exchange, you could get our help in removing the malware.

We can check it for malware, but this will have the purpose of removing any harmful files which have been installed. While we can often get rid of everything we can find and in your case, I would have you run not only the standard malware removal procedures but
also several rootkit scans, the fact is we cannot guarantee that your computer will be completely free of those files which allow someone to get in and out of your computer. The only way to do that is to repartition and reformat your computer and to not reinstall any executable files you have stored on external media like cd's or flash drives.

If you decide the risk is too great and you should repartition and reformat, then I would advise you to at least call the police first and ask them if they have a department that looks at problems like yours before all the information is gone. While it may or may not benefit you directly, it could benefit the police.

abri

 

I'm gonna discuss this with my mother, seeing as how it's her computer. I'll see exactly what she wants to do.

 

For now she wants to clean up the computer and find out who hacked it. We'll probably reformat later.

 

Hi siriusproblems,

If she cleans up the computer, she won't be able to find out who hacked it. It's very important to not even turn it on. Most forms of malware that allow such a break in use temporary files and they don't remain on the computer very long.

Let us know if we can help you.
abri

 

Okay, so the best thing to do is get in contact with the police or someone who could find out who did it?

 

That's what I would do. I would simply call them and ask them if they have computer specialists who could look at your computer, because you've been advised that there is documentable evidence of the computer having been broken into. And that you are interested in having them tell you if the information you have is sufficient to trace whoever broke into the computer. In particular, tell them that you would like a police report on it so that if any legal problems arise as a result of this break-in, that you will have a police report to refer to in your own defense.

They may just tell you that they don't have a department like this or any specialists in this area. It's a new area. Not all communities can afford it yet, but they may have some procedure for being able to give you a report.

Let me know if anything comes of this or if you want further help.
abri