Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Could i be Infected ?

  1. #1
    Join Date
    Sep 2012
    Beans
    90

    Could i be Infected ?

    Hello everyone , not sure if its a right forum for this , but since people in here is so helpful and friendly so imma ask here , thanks someone wanted to make a link for me on 5gbfree.com and he said he couldnt do it on his own computer and that he needed to do it on mine so i let him use teamviewer and he sent me 3 files from his computer and then uploaded them on that website through my computer , 2 of those files were .jpg and .png and the other one was.php . he asked me to delete those files from my computer after he uploaded them thou i didnt , anyways then my teamviewer crashed so i rebooted my laptop and after i got back online he said he got all my passwords im so worried , i want to know if thats possible? or am i keylogged ?i changed most of my passwords btw but still worried , i still have the files he sent me and uploaded them , although he asked me to get rid of them ,if someone would please check that php file for me and figure it out maybe? Btw i'm on backtrack 5 i Need your help please and thanks...........

  2. #2
    Join Date
    Mar 2009
    Beans
    Hidden!

    Re: Could i be Infected ?

    The only thing I can say: if you are worried about being keylogged, install a clean Ubuntu version from fresh (for example, the 12.10 beta 2), and only then, change every one of your current passwords.

  3. #3
    Join Date
    Jul 2007
    Location
    Magic City of the Plains
    Beans
    Hidden!
    Distro
    Xubuntu 14.10 Utopic Unicorn

  4. #4
    Join Date
    Sep 2010
    Location
    Central Calif
    Beans
    1,208
    Distro
    Xubuntu 12.10 Quantal Quetzal

    Re: Could i be Infected ?

    If you had any type of financial passwords, bookmarks, go to those sites and change them at once. Alert the companies of the issue. Install a new os and go from there. New passwords again, even another set of bank, pay pal, etc passwords because if you changed it an hour ago, the new one may have been passed on. If you don't have to store financial passwords--don't.
    Remember When Double-Dog dare ya's and water balloons were the ultimate weapon?

  5. #5
    Join Date
    Apr 2010
    Location
    PNW on E-side Cascades
    Beans
    363
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Could i be Infected ?

    It sounds like someone was being a smartass because your were using Backtrack5, took advantage of you, may have installed malware and/or obtained your passwords via at least one of the files you mentioned, and may now have you and your machine being tracked. This is a worst-case scenario, so don't get too alarmed until speaking with your ISP to explain your concern. If on-campus at a university or college, contact the IT Admin and blow the whistle <snip>

    If not a hoax yourself and want more advice, answer and tell us if a concern still exists on your part.
    Last edited by nothingspecial; October 9th, 2012 at 09:40 AM. Reason: language
    Nonsense is an assertion of man's spiritual freedom in spite of all the oppressions of circumstance-- Aldous Huxley
    The real power of Linux lies in the command line

  6. #6
    Join Date
    Sep 2010
    Location
    Central Calif
    Beans
    1,208
    Distro
    Xubuntu 12.10 Quantal Quetzal

    Re: Could i be Infected ?

    umm, I didn't know what Backtrack was, but I guess this will give you a great opportunity to test it. Maybe this one will work as promised and there was no harm done.
    Remember When Double-Dog dare ya's and water balloons were the ultimate weapon?

  7. #7
    Join Date
    Sep 2012
    Beans
    90

    Re: Could i be Infected ?

    thank everyone i have backtrack 5 dual booted with win7 , it happend when i was on backtrack. do i need to get rid of my windows 7 too?????? im going to install ubuntu 12.4.1 and get rid of backtrack , iv been told that its not made for installing but i didnt listen , i guess ubuntu is more safe than backtrack thanks

  8. #8
    Join Date
    Apr 2010
    Location
    PNW on E-side Cascades
    Beans
    363
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Could i be Infected ?

    Rules say I cannot tell you the way i would do it using the dd command, but find a way to wipe the partitions on which Backtrack was installed with zeros, then use same partitions (take note of them) to install your chosen distro onto.
    Nonsense is an assertion of man's spiritual freedom in spite of all the oppressions of circumstance-- Aldous Huxley
    The real power of Linux lies in the command line

  9. #9
    Join Date
    Mar 2010
    Location
    India
    Beans
    8,175
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Could i be Infected ?

    DISCLAIMER : I am NOT a Security Expert, nor a PHP Expert !

    Quote Originally Posted by sidzen View Post
    find a way to wipe the partitions on which Backtrack was installed with zeros,
    Sorry, but that would be absolutely unnecessary plus extremely time-taking (for no worthy reason).

    Zero-filling is done only for :

    1. Attempting a repair on a dying HDD to make it re-usable for a few more days,
    2. To make sure no one can resurrect the data that existed on the drive, using data-recovery tools and advance techniques - both of which require full and physical access to the drive.

    Assuming that the attacker really did what he claimed (although I don't believe that), all that needs to be done is doing a fresh install of 'Any' OS (be it Ubuntu, Windows, BackTrack itself, or whatever trusted one), THEN change all the local and remote passwords from the fresh installation. Nothing more is required. Even if a malicious code is written on the disk (and even if it is on MBR) and has become active in an existing OS, it is absolutely neutralized once the suspected partition is 'Simply' formatted and a fresh OS is installed and allowed to overwrite the MBR.


    In worst case scenario, an attacker may also inject some malicious code in the other existing operating systems (windows in this case) and/or partitions using some really smart code, which may become active (and may spread itself again like a virus) once that OS is booted or the infected partition is accessed. In that case, you need to reformat both the operating systems (in fact all the partitions if you suspect they may have been 'infected'), and do a fresh installation of them.

    That said, I don't think one can get access to someone's passwords just by uploading some files via teamviewer. But of-course if the php file was specially designed for that purpose, AND was RUN on the target computer before (pretending to) uploading, then it is quite possible. But that is something any normal php coder can figure out by analyzing that file. If that file is clean, then I don't think someone can break into a strong OS like backtrack using a simple service like teamviewer (assuming the OP has told us EVERY ACTIVITY that apparently happened on her computer in that duration).




    But, CCgirl6690, if you really want to implement 'paranoid' level security, just transfer all your 'trusted' data to an external drive, wipe out the partitions (simply delete them using gparted), recreate them and do a fresh installation of the OSes of your choice. Of course this is too much, but still much-much quicker than a zero-filling. Then always remember - "NEVER give access to your computer to someone you can't trust !!".
    Varun
    Help others by marking threads as [SOLVED], if they are. (See how)
    Wireless Script | Use Code Tags
    Am I not replying you? Perhaps this is why.

  10. #10
    Join Date
    Sep 2012
    Beans
    90

    Re: Could i be Infected ?

    Thank you so much , i dont know anythign about zero formating ,so i think i will do what varunendra said , and wipe the partitions , is it possible that when i want to back up my date the virus gets transferred along with them then when i want to copy them back to my new Installed OS the virus gets back too? thank you

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •