Main question is: How do I know if I have been hacked?
additional resources on my blog: http://wp.me/p15Zft-od
and some other links: http://www.computerforensicsworld.com/, http://www.forensics.nl/links
The first step is to scan your computer with a Rootkit detector. Our download section has numerous Rootkit scanners available with some being listed below:
- Malwarebytes Anti-Rootkit
- Panda Anti-Rootkit
- Trend Micro RootkitBuster
- RootRepeal
- TDSSKiller
- GMER
- aswMBR
Toolkit to help you:
- forensic toolkits: http://www.sleuthkit.org/, http://sourceforge.net/projects/autopsy/
- online scanning: http://www.virustotal.com
-Windows event logs
- Windows safe mode ! (autoruns from sysinternals to detect not well known application/services)
- autoruns,procexp,procmon,tcpview,handles,psloggedon (http://www.microsoft.com/sysinternals)
- treesize pro (http://www.jam-software.com/treesize/)
- closethedoor (http://sourceforge.net/projects/closethedoor/)
- Wireshark (https://www.wireshark.org/download.html) or Microsoft Message Analyzer (http://www.microsoft.com/en-us/download/details.aspx?id=40308)
- nmap: http://nmap.org/download.html#windows
- traceroute: http://www.net.princeton.edu/traceroute.html
