Jump to content

He took a little piece of me with him


Guest Joe Noob
 Share

Recommended Posts

Guest Joe Noob

Ok Im pretty sure Ive been cracked . The simptoms were the machine running really slow all of a sudden and i noticed the light on the cpu blinking and clicking for no reason when I check ls -la I found that there were 3 DCOP servers running when i checked a few months ago i only had one

and my curser seemed to take off alot.So i checked netstat but I dont really know how to read it and I also downloaded chkrootkit but i did this late one night and didnt feel like running it then, ssso the next day I got on to check mail and after about 15- 20 min the lights and click go off (Im not doing anything at this time just reading) and then the screen goes black and reboots.

Now the problem : When it came back up one of the screens says :

Mounting local filesystem [Failed] (in red letters)

Something else

Something else I forget

Mounting other filesystem [Failed] (in red)

 

Its never done that before either so Im thinking that when he was erasing his tracks on the way out he took something that I needed PUNK arss.

Now the puter runs alot faster ,apps, internet, downloads etc. and the box seems to run ok(just as quircky as before)

And since this is actually my wifes computer, I will be wiping the linux partition when I finally get my, I think I'll try to fix the file system for now to save on formating which I heard was a little ruff on the hard drive.. So if you have any ideas on what I should look at to repair the local and other filesystems that would be great since I dont have a clue.

 

Thanx

Link to comment
Share on other sites

Formatting is good for a hard drive. Used to be a product that would wipe your hard drive over and over and over. Was suppose to be good for the magnetics as it reinforced them.

 

I would clean slate if you think you been cracked. However, he might crack you again. What are your security settings? Or you might want to buy a firewall and set it up..

Link to comment
Share on other sites

Guest Joe Noob

Uhh security settings Pshh weel I know msec is set to 3 and Bastille I did interactively and I think I set everything that I thought would be good to have but still make the system usible ie. not too much of a pain to use, but I think I was fumbling through files and saw a listing something like:

iptables=0 or false or something that made me believe they werent activated so maybe I didnt configure Bastille correctly, or bastille s not that good or maybe even the cracker turnd them off who knows what I do know is theyre making penalties for computer crime stiffer and if I ever get a chance to nail one of those little %@* I will, and I hope he picks up the soap

But I digress , actually its not that big of a deal write now cause like I said Im getting a new computer and i'll put 9.0 on it, then it'll be a big deal.

And thats good info about formatting now I can do it with a clear conscience. :wink: [/img]

Link to comment
Share on other sites

If you are running 9.0, chkrootkit is on your install disks. You can install it and run it to see if you have been compromised. If you are not running 9.0, you can find it using Google. If it shows or if you are sure you've been compromised, then go to the manufacturer's site for your hard drive and look for a utility that will reformat your hard drive. I have Maxtor drives and the name of the utility is Maxblast. IBM has several different ones and I am sure Western Digital and Seagate are similar. Do not run a generic formatter such Gibson's Spinwrite as it hasnot been updated for larger hard drives and falls into the category of what i would call obsolete.

 

You also should consider the possibility of component failure somewhere in your system if formatting does not do the job for you.

 

Counterspy.

Link to comment
Share on other sites

Guest Joe Noob

Ooo ya more good info , I love this board, actually I have been looking into the reformayying thing. The computer Im on came with a reformatting CD which is great, when i pick out the new puter having a " System Restoration" CD is Going to be a big consideration. But Ive also been looking into third party wipers but I'll take you advice and check with the Hd manufacturer I didnt even know that was an option.

Since were on the subject if I dont use a system restoration cd which I believe puts the drivers or whatever information required, after the wipe, to make it ready for an Operating System instalation. What would the hard drive need put back on it before you can install an OS.

I was looking into wiping and reinstalling windows 95 on my moms system, believe me installing linux is NOT an option in this case.

But say I wiped using Fdisk or something what then?

Link to comment
Share on other sites

fdisk does not like partitions set up by Linux. It has trouble IDing size and even what is there.

This is hoke, but it works. Take the Mandrake install disk. Start an install in expert and reformat your partions, using fat32. After it is done, instaed of loading the OS, just shut down! fdisk will ID all.

Link to comment
Share on other sites

You do face a major decision about that Install CD. There is, as you probably already know, a hidden partiton for restoring Windows. As you have rightly concluded, reformatting the drive will erase that partition. I'm not sure whether this will work, but if you can get a hold of Partition Magic (or Rescue disks), preferably version 8.0, you may be able to make that partition visible and use Norton Ghost to archive it somewhere, including floppies and CD's. The biggest problem is with any proprietary drivers as well as the particular version of Windows. You may have either floppies or CD Roms soming out the wazoo so making friends with your local computer store people may also give you a way out.

 

Counterspy.

Link to comment
Share on other sites

Guest Joe Noob

Thanx guys all went well, I used mandrake CD1 to wipe and format like ixthusdan suggested and I can tell her systems alot cleaner except I have to find drivers for my moms modem. I had reformatted it before but I dont think it deleted the hidden windows sector. Now I need to hunt for modem info.

Thanks again

Joe

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...