Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Securing--Used Computer New to Me


  • Please log in to reply
7 replies to this topic

#1 AreaMan

AreaMan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 27 February 2011 - 07:09 PM

Hi folks,

Great site! Been real helpful so far.

I just bought a used Lenovo ThinkPad T60 Intel Dual Core 2 ghz, 3gig ram (for $280 USD (Feb 2011), which I hope was a good deal) running Windows XP sp2.

The purchase did not include any OS disks, no reinstall, no restore, no nothing. But, the former owner sold it freshly wiped with XP Home sp2.

I do not currently own any OS disks, Windows XP or otherwise.

MY QUESTION: Can I ever be sure the former owner didn't leave behind some password grabbing, bank-account hacking malware?

These are the steps I have taken so far:

Changed Admin password
Downloaded and ran: Avira anti virus, free home use--all OK
Downloaded and ran: Malwarebytes' anti-malware--all OK
Downloaded and ran: CCleaner--checked the startup programs--all OK, registry cleaned OK
Downloaded and ran: WinPatrol--all OK
Updated Windows: licensed confirmed, fully updated to XP Pro sp3
Went to blackviper.com: tweaked services per his recommendations including turning off all remote access, terminal services, telnet, etc.
Downloaded and ran: TCPView--less certain here, but everything seems OK

I think the computer is now as safe as possible, as safe as randomly clicking on any unknown website.

Can I start using my computer now?

Thanks in advance for any thoughts on this matter.

Edit: Moved topic from Am I hacked? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 AreaMan

AreaMan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 27 February 2011 - 11:50 PM

Ahhh...what forum did you move it to?

#3 AreaMan

AreaMan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 27 February 2011 - 11:59 PM

I found it; it's now under 'Am I infected, What do I do?'

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:14 AM

Posted 28 February 2011 - 12:35 PM

Seems like you were pretty diligent with your approach. To be truly sure, though, you can use a firewall that does outbound program monitoring.

Then if there is something that is sending data, it will trigger the firewall and ask if you want to allow it. By looking at the filename and examining it, you can then determine what you want to do.

#5 AreaMan

AreaMan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 28 February 2011 - 12:46 PM

Thanks Grinler for your comments, and the compliment. It was diligent, wasn't it? Certainly took awhile.

Since I posted I also added SuperAntiSpyware and Comodo Firewall (stand alone).

Everything looks OK, but I had one question. All those outbound 'safe' svchost.exe's, couldn't there be some malicious code hiding in one of those?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:14 AM

Posted 28 February 2011 - 12:54 PM

Anything is possible, but you should check the services running under svchost to be sure by using this guide:

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/

#7 AreaMan

AreaMan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 28 February 2011 - 01:00 PM

Thanks for the link.

That, I believe, is the final piece of the puzzle--Process Explorer. Now, nothing will happen on this machine with out me knowing about it.

I should get a job doing this :mellow:

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:14 AM

Posted 28 February 2011 - 01:11 PM

Good luck!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users