OT: Where can I download a Virus or three?

[dogscoff]

As others have noted, it's likely that he's not accessing her computer: He's probably accessing her accounts from his own computer. However, it is possible he has installed a keylogger/ other spyware on her machine.

All the advice given so far is good. To put it all into order (and add a few little tips of my own):

Contact the ISP and ask them to change all passwords. Then back up all data, pull the network plug on the machine, format the HD and re-install Windows (or better yet, install something more secure, like Linux ).

If applicable, change the password on her router while you're at it. If it's wireless, change the SSID and WEP passwords (or enable WEP if it wasn't already), and set it to non-broadcast mode. Enable MAC address filtering if available.

Configure the OS to require a password on bootup. Ideally, you'd also change the BIOS to disable boot-from-other-media and then password-protect the BIOS setup screen. Install all security updates for your OS as quickly as possible. This is especially important for Windows. If possible, do the updates offline (ie, download updates from a different PC and save them to a CD, so that you don't have to connect an unpatched PC to the internet).

Now you can install some anti-virus/ anti-spyware (if using Windows. I'm not sure Linux even *needs* anti-virus..?)
Here is the basic freebie suite to keep your average Windows machine mostly secure:
AVG antivirus
Spybot Search & Destroy
Spywareblaster
Firefox
I'll let someone else recommend a good freebie firewall.

Now that her PC is clean and un-snooped, she can go online and change all remaining passwords (webmail, websites, chat etc), if she hasn't already done so from a safe machine somewhere else. Check that the email accounts on file for these acounts are all kosher- it might be that he's added his own email address to the account, so that new passwords and the like are being forwarded to him.

You're now ready to re-install all her other software. If she used to have loads of crappy third-party IE toolbars, stupid smiley programs and animated pointers and stuff like that all over her machine, question each and every one of them before re-installing it. Does she really need it? Could it be spyware? Could the same functionality be achieved by some other means?

If at all possible, do all of the above in one afternoon. If the ex-boyfriend realises he's being locked out bit by bit he may start changing her passwords or take other measures to try to keep control.

Now for the most important step in the process of securing her PC: Make her a cup of tea, sit her down and explain a few things to her:

1: Make sure that in future she uses non-guessable passwords, (ie, NOT the name of a family member, pet, new boyfriend...) and

2: Tell her NEVER to give her passwords to ANYONE for ANY reason. Not even you. Make a point of averting your eyes if you're nearby when she types in a password.

3: Make sure she never lets this ex-boyfriend of hers in the same building as her computer. Accessing someone else's emails without their consent is really creepy- she should probably stay away from him altogether.

4: Tell her not to put anything into her PC that might have come from him (CDs, flash drives, floppies).

5: Explain to her that apart from her ex, there are lots of other nasty people on the net who will quite happily hack into her PC and do nasty things to it, given the opportunity.

6: tell her not to install anything emailed to her, or anything that pops up unexpectedly on a website. If she ever does want to download and install a program, get her to do a little googling on it first to make sure it's reputable.

7: Be wary of wireless connections. Basic WEP can be broken quite easily these days, and I'm not sure even the latest protocols (WPA2) are 100% safe. Don't access sensitive information (ie online shopping, banking) over a wireless link and if you're feeling uber-paranoid, you should avoid installing anything that was downloaded over wireless. Consider running some network cables through her walls if necessary.

Some of the above may seem a little paranoid, but if this ex-boyfriend is even half-way tech-savvy (which I suspect he is) and sufficiently amoral (which he almost certainly is) then it is NOT overkill. Even without him, this is all good practise: Chances are her PC is in a fairly unsecure state (90% of Windows PCs around the world are, sadly) and you will be doing not only her but the rest of the world a favour by removing her from the global pool of potential spam/ botnet/ virus victims.

Also, I appreciate that, for a lot of people, the above might possibly seem (a) way too technical and/or (b) too much like hard work. It is daunting at first, but it gets much easier very quickly. There's tons of help available on the web, and by the time you've fortified her machine and your own you'll be entirely comfortable with this kind of thing. It can be very rewarding, it is an extremely valuable skill, and a great way to earn favours with people=-)

One last thing: If there's a chance he has compromised her machine with his own spyware, make sure she unplugs her webcam until the machine is cleaned.

Let us know how you get on, and ask us questions if you need to. We have a very helpful and knowledgable crowd here.

[aegisx]

I would reinstall her system and start clean... only way to be sure.

[Suicide Junkie]

And not just a reinstall; hit the drive with a low-level format and repartition the drive for convenience while you've got nothing on it to lose.

[Azselendor]

Dogscoff covered a lot of good things to do, but I'd like to add a few more to round it out a bit

-Wireless Networks-
You may want to consider changing the default IP address of the router. Linksys for example is 192.168.1.1 Dlink and others use similar ip addresses that are easy to discover. However, i recommend only messing with that if you know what you are doing.

-OS Security-
Dogscoff recommended a password on the BIOS and for bootup. Do this. Yes, several login screens are annoying, but the Internet is a bad neighborhood and you need extra locks on your doors and windows.

I'd also recommend password protecting the windows admin account (reachable via safemode) and disabling the guest account. XP home doesn't really disable it so you'll need to check out this. http://www.petri.co.il/disable_the_g...windows_xp.htm

For firewalls, I recommend zonealarm. They have a free edition that's pretty damned good.

Dogscoff recommended changing the passwords after you secure the computer, I would do it at the same time I secure the OS but i'd do it this way.

1.) Setup a new master email address from a clean computer.
2.) Change the backup email address of all of her other accounts to that new master email, from a safe computer
3.) Now change all the passwords.
4.) Disable all forwarding email addresses and reply-to settings.

-Home Security-
Now, one more point of security. Change the locks on her doors and, if it is a rental or apartment or condo, make it clear to the property management and their staff that he is not to be allowed in AT ALL.

[Fyron]

Quote:

dogscoff said:
If it's wireless, change the SSID and WEP passwords (or enable WEP if it wasn't already), and set it to non-broadcast mode. Enable MAC address filtering if available.

Enabling WEP makes you less secure. It takes only a few minutes to crack by any number of easily available cracking tools. All it does is give you the false impression that you have another layer of security. WPA is still computationally harder to crack, IIRC, so its a better way to go. Still, don't think that your wireless encryption is going to be your strongest layer of defense.

MAC address filtering can be spoofed, once the encryption is broken. If you use filtering, assign static IP addresses to your machines, and disable DHCP, you get another layer of inconvenience. Its not going to outright stop the cracker, but it will slow him down just a bit more.

Obscuring SSID and "non-broadcast" modes don't really matter much if the cracker has appropriate tools, cause they can find the network anyways. It makes it a little harder to find with the basic Windows and NIC driver tools, but even something as innocuous as Net Stumbler can still pick up on the existence of active but non-broadcasting access points.

Doing all of this stuff is still good protection against people that don't really know what they are doing, of course. It will generally slow down a knowledgeable cracker, but there are always ways in.

Quote:

Azselendor said:
You may want to consider changing the default IP address of the router.

If you can get onto the network, or at least view traffic, you know where the router is via the broadcast IP (default gateway).

[Romulus68]

Funny story.....My friend (different girl) who knew little about computers got hacked by a friendly hacker! She had no firewalls or much of anything at the time.....He hacked in and started talking to her on Net messenger (I think). Here is the funny/cool part. He explained security and hacking then proceeded to download Anti-virus programs, spybots, firewalls, etc. He then installed them, ran them and cleaned up her system for her. He lastly told her how to activate the firewall and he would then disappear from her machine. It was most amusing, but VERY much true.

I think she is going to wipe the systems clean and reinstall everything. Most everything she does is web surfing and email. No gaming or working on the PC's, so its no biggee for her with no need to reinstall a bunch of stuff. After that its a matter of installing all the security software and checking her email to make sure nothing is getting forwarded.

Everyone, Thanks for the GREAT suggestions! I'll put some of that to work for myself, especially the wireless router issues.

[Azselendor]

I've heard of that, the hacker was doing as an experiment to demonstrate to people how insecure their systems were.

I suggested changing the Router's IP address as one more means of slowing the person down. A dedicated hacker will break down any defense you put up, but instead of your system falling to the hacker in 10 minutes, we can turn it into a few days.

Of course, the best security for a wireless system is to not use wireless

Edit- Forgot to add, if your router allows it, reduce the transmitter power. My router doesn't have that ability, but I know some do. If your router does you can limit it's broadcast range down to a 20-30 feet or so. A linksys WRT54GS, for example, has an effective range of about 150 feet or so which is far too large for the average home.

[Suicide Junkie]

Quote:

Azselendor said:
I've heard of that, the hacker was doing as an experiment to demonstrate to people how insecure their systems were.

I have a story about this one guy who called the help line, complaining that his internet was slow.
He had gobs of ports active, and must have been swamped with spyware, viruses and junk...
But his techie "friend" had secured the system, so there was no way he could be infected with stuff...

It got escalated, of course, and half an hour later the boss came downstairs to relate the story.
Even after printing a test page remotely, he dosen't believe he's got any problems...
Sorry, you're beyond help until you get out of the denial stage.

[Baron Munchausen]

Quote:

dogscoff said:
Contact the ISP and ask them to change all passwords. Then back up all data, pull the network plug on the machine, format the HD and re-install Windows (or better yet, install something more secure, like Linux ).

Just be aware that Ubuntu isn't the only Linux. Many people are boosting it because it's relatively easy to install, but it doesn't necessarily have everything you would want/need. Some other major versions are:
Debian (One of the oldest and most respected versions.)
Fedora (formerly Redhat)
SUSE (the 'free' version of Novell's enterprise Linux)

These are a little bit harder to setup, but you get much more stuff right on the disks and not everyone finds 'Gnome' desktop to be the best way to use Linux.

Quote:

dogscoff said:
If applicable, change the password on her router while you're at it. If it's wireless, change the SSID and WEP passwords (or enable WEP if it wasn't already), and set it to non-broadcast mode. Enable MAC address filtering if available.

If at all possible, just don't use wireless. What does it save you to have a box five feet away from your computer not need a cable? Internet cafes might find it useful to let people connect with their own laptops and not have to manage plugs or cables. Ordinary home users are usually paying for their own exclusive connection. Even with encryption, wireless networks are not secure. It's just a little extra effort to crack the encryption, as has been demonstrated by quite a few hackers. In other words, encryption works like the locks on our house or car doors, it keeps honest people honest. It doesn't stop real criminals. Given that this guy seems pretty motivated, the smart thing to do is use a shielded cable and disable the wireless.

Quote:

dogscoff said:
Configure the OS to require a password on bootup. Ideally, you'd also change the BIOS to disable boot-from-other-media and then password-protect the BIOS setup screen. Install all security updates for your OS as quickly as possible. This is especially important for Windows. If possible, do the updates offline (ie, download updates from a different PC and save them to a CD, so that you don't have to connect an unpatched PC to the internet).

Windows can be 'caught up' very quickly and easily by downloading the appropriate Autopatcher and burning it to CD before reformatting.

Quote:

dogscoff said:
Now you can install some anti-virus/ anti-spyware (if using Windows. I'm not sure Linux even *needs* anti-virus..?)
Here is the basic freebie suite to keep your average Windows machine mostly secure:
AVG antivirus
Spybot Search & Destroy
Spywareblaster
Firefox
I'll let someone else recommend a good freebie firewall.

Microsoft's own Windows Defender is probably the best anti-spyware now. It comes from the authors of the OS, after all.

Firewalls for Windows XP? The average unsophisticated user is probably better off to just use the integrated firewall. If she's willing to learn a bit, or someone else is willing to help her configure it (this will require repeat visits for several days or weeks as her usage patterns are figured out), Ghostwall is a good supplement to the built-in firewall.

[Fyron]

Noone says you have to use Gnome with Ubuntu. There are a bunch of sub-distros with different default DEs (Kubuntu, Xubuntu, etc.). You can also just not install the Gnome package and install something else from apt when you do a custom install. The core of the OS is exactly identical between Ubuntu, Kubuntu and the rest. The only difference is putting in a different default DE package on the installer. They all use the same apt repository, and you can choose the DE of another from any of the base installers.

Pretty much every major distro (including Fedora, Debian, and Suse) has their default DE, with options to install others.

Personally I'd recommend staying far away from any distro without a robust apt repository (I'm looking at you, Fedora). RPM type systems are a real pain to work with, compared to the trivial ease of apt and its GUI offspring (aptitude, synaptic, etc.).

There really isn't much software available on one distro but not the others, beyond tools made specifically by the distro authors for that distro. Ubuntu has pretty much everything in its apt repository that Debian does.