Vista - Has my Vista been Hacked!?

Hello,

this is my first post, to what seams to be a great forum, so let me start by saying: hats off to the members that keep this such an active medium in replying to threads and helping us that are less knowledgeable.. very nice community here indeed

Now Here´s my dilemma, I work for a design company, I have fragile information on my external HD that I only plug in when loading and saving work files, this is valuable info linked to our design. My worries are that my PC has been hacked into and info has been leaked.

The motive for my worries is based on the fact that there is another company with a huge budget that has the exact same mission statement..., this company popped up two months after we presented our ideology.

The reason why I think My PC has been hacked is based on how my PC behaved two nights in a row, and strangely work files that I had never deleted popped up in the recycle bin.. ??

I did cut and copy a folder with allot of these files on the external HD so one of my questions is could this be some format of ghost files that where placed to the recycle bin due to the fact that I cut their original path?


Now the scenario leading to why I think my system was hacked is:

First night my computer stayed online after I logged off and I lost control over the system, I could not copy files or even create new folders, I was unable to open up the network menu to see what network I was connected to, I tried shutting down and the only thing that happen was that my screen went completely black... so now my PC was online and I had no control!... I thought this could have been just a bug, or something similar, so I didn't think much of it

...but

The 2nd night, when I connected I plugged my external HD did some work etc and went online to upload some files, I was online for 15minuts or so.. when I went off line I realized that my previously empty recycle bin was full of work files that I had only stored on the external HD and 95% of these files where files I had never deleted!! ... the fact that these where all files linked to the design and not just random files make me very paranoid to that my system was/has been hacked..

Also there where two files in the recycle bin that where not related to my work and where on my local HD C: and had not been edited or modified at the same time or date as these work files and only about 25 files out of 100 from that cut/copied folder appeared in the previously empty recycle bin, ... so my the idea of these being some kind of ghost path files from my cut/copied action is based on a daft case..

I quickly remove my battery (thinking my system is being hacked tight now), and power on my pc in an non network area, a little later .. my recycle bin was now empty and no signs of these files, no option to restore either !?

Another Q is: if my system was hacked: why recycle bin? to cover up tracks?, or is it possibly being used as a gateway to copy files from my system?

if it was hacked they did it through a 3rd party modem which my Wi-Fi picks up..

I´ve already prepared a police report but I´m deeply hoping some of you experts can talk some sense to me and shine a light on the possibilities concerning my situation.

All the Best from Iceland!
Regards
Ari

I'm certainly no expert in this area, so I can't be of any real help, but you might want to take a look at some of this IDS software: Intrusion Detection Software - Free IDS System or, better yet, if you can get the boss to pay for it, since you are talking about materials related to work, then Cisco would be my first choice: Cisco Intrusion Prevention System - Products & Services - Cisco Systems

Thank you so much for your reply Fumz,

so the fact that these files are popping up in my recycle bin is un-natural?

there is no way Vista would do this automatically under any situation?

and this softwhare will tell me if other computers have accessed my pc? even if it was done by a pro hacker?...

again thanks for the links..

I can't really answer your questions definitively. Is it possible that Vista dumped a file in the recycle bin on its own? Sure, anythings possible. Is it likely? I can't say. What I can say is that in this situation, it's probably better to be safe than sorry?

If your work related product is being tampered with and you're sure you didn't put the files in the recycle, then whether or not it's some corporate hacker looking to steal secrets, some upstairs neighbor just hijacking your Wi-Fi or a virus, it really doesn't matter; the activity needs to be stopped. If it were me, and I had the same suspicions you do, which certainly seem like valid concerns, I'd be doing anything I could to secure the machine.

First I'd get some IDS software and run it. I can't recommend one over another, so if you have an IT guy at work, ask him. He's a much better resource than me. I'd also get some good anti-virus software, like EST NOD32 and run it. A really good firewall would also be high on my to-get list, Outpost Firewall Pro 2009 is the highest rated: Results and comments - matousec.com

Other things you could do would be to enable WPA instead of WEP on your wireless, start using passwords at least 16 characters long wherever passwords can be used, get the IDS software, don't use airport free Wi-Fi and maintain a running dialog with your IT guy until this is under control.

If I thought I was hacked I'd zero out the drive to assure myself the hacker left no traces of himself behind, but you may not be able to do that if you don't have the Vista installation DVD?

Does your router have NAT and SPI? If it does, then enable them.

OK, here is something you need to talk to your company IT folks about.

You stated that when you went online you saw all these deleted files, and yet when you rebooted later in a non network area, there was nothing in your recycle bin.

If you have a network drive that is associated with your login account, and you log into your network, that network drive is ***not on your machine*** - and if anyone else went through and started deleting files ***from that network drive*** they would show in the recycle bin - and next time you connected you'll see them in the recycle bin.

Furthermore, if you moved a bunch of files from the network drive to your external drive, this might have caused the same behavior.

Finally, if you think you have been hacked you should *already8 have been talking to your company IT folks, not *us*. I understand that we can be helpful at times, but if the data is of a sensitive nature, you should not be waiting for however many days it has been - you should be talking to them *immediately* - for they are the ones that can stop any intrusion like that, and better than you - IT is what they do, not what *you* do.

Hey Johngalt, thanks for the reply ... indeed I think your right about the drives.. sorry if I came to the wrong place for this, but you and fumz have been most helpfull, and I work for a small/ new comp that does not have an any IT folks, I´m not a expert in anyway.. so this forum seamed to be a place to clear up my senario..

again thanks for the help!!

... and I must add you guys have the coolest profile images around ...

just a bit off topic but Fumz did you animate the little samuari animation yourself.. its kicking kool ass.. to put it in the right words..

Did figuring out if this was an issue of a missing network drive or not? If your firm has no IT guy, then you really need to tell your firm to hire one... seriously, like today. If your work product is, and we don't know anything yet, perhaps being compromised, it isn't the guys at this, or any forum who will be missing meals... it's you and your firm. How good are you with the boss?

lol, and no, I didn't animate this myself... if I made my sig it would be a few slashes with mspaint.