security concern/someone accessing my pc

I had a "friend" over recently. He has in the past helped me with tech/computer issues, sometimes changing things w/out my consent...but I could undo them....he'd change my homepage to something he "knew" was better - sh*t like that.
But recentlyI have become aware of some shakey stuff he's been involved in.

Here's the thing. The last time [and it IS the last time] he was over [prior to me driving him to the airport for a new life for him], he ******* around with my system and I was getting no email. I could send, but not receive.
After talking to my ISP people once - no resolution. 2nd ISP person found that this person had my incoming email diverted to an account of his,which I am sure he set up while he was here using my computer before leaving town. Thus getting my email. Now I'm of 2 minds as to his intent, but it doesnt effect the outcome - no more "friend" for me, thank you very much!Yeah, I know - too trusting/dumb! No more!

The ISP person undid this [via remote] and email is fine, yay!
But now I'm concerned that my "friend" either planted something that would allow him to access/watch my business [esp. my financial stuff....brokerage, bank accounts,etc.] or may have accessed my info and unencrypted the Roboform accounts that I have.
I've been watching my accounts and have changed the passwords on the important ones. But i would love to know what his capabilities/possibilities might be.
I recently ran "firewall leakage tester" and it said that it had penetrated my Zone Alarm firewall - which does NOT make me happy!
Any ideas are cheerfully accepted!

 

Hi, shriv. Welcome to Windows BBS!

I suggest you start by downloading several/all of the applications listed below, immediately updating them (if possible), and then scan your computer with each (one at a time).

I suggest you keep close track of things that are found/fixed. Many of the applications produce logs that can be saved after a scan for later review. In case you seek further assistance with removing any malware (or its remnants), your details will be helpful for the malware-removal experts.


Anti-Spyware:
=============
Webroot's Spy Sweeper
Spybot Search & Destroy
Ad-Aware Free 2007
AVG Anti-Spyware
SUPERAntiSpyware
X-Cleaner

It's good to have a few different reputable anti-spyware (AS) applications handy because probably none of them are 100% effective. One AS scanner might find malware that another AS scanner misses.

NOTE: Keep in mind only one AS application should be running "memory-resident" as a background "real-time protection" process. Use the other anti-spyware applications as on-demand-only scanners to periodically scan your drive(s).

Any additional anti-spyware programs you use should be installed and configured to turn off memory-resident real-time protection (sometimes called "guards ") so they don't "fight" each other for control.


Anti-Rootkit:
=============
F-Secure Blacklight Beta


Anti-Virus:
=============
It's good to have a few different reputable anti-virus (AV) applications handy because probably none of them are 100% effective. One AV scanner might find a virus that another AV scanner misses.

NOTE: Keep in mind only one AV application should be running "memory-resident" as a background "real-time protection" process. Use the other anti-virus applications as on-demand-only scanners to periodically scan your drive(s).

Any additional anti-virus programs you use should be installed and configured to turn off memory-resident real-time protection (sometimes called "guards ") so they don't "fight" each other for control.


If you want to use online anti-virus scanners, here are a couple links.

From this thread link:

 

Many thanks

Sure appreciate your prompt response...what a great resource this site is!

I already have ad-aware and have run it recently....will do so again now.

I will check out the links you sent and run them to scan my system.

Any thoughts as to why when I ran a firewall leakage tester it said that Zone Alarm was penetrated?

Yes - it's on and set at maximum security. And yet the site from whence the tester came said that ZoneAlarm was a good program.

Many thanks!
Steve

 

I'm glad you find this site useful. LOTS of good information and helpful people around here.

I don't know what firewall leakage tester you used. One that I have used was written by Steve Gibson (which I guess might be the application you used).

• GRC | LeakTest
• How to Use LeakTest

Another firewall tester you may want to use is Steve Gibson's "ShieldsUP! ". I would use at least the ShieldsUP! test to be certain your firewall is blocking incoming traffic efficiently anyway.

Some of Steve Gibson's statements on those pages might be outdated as they were written several years ago.

I'm not sure what to make of your firewall leak tester results at present though. I'd be curious to know whether any of the scanners I linked above detect anything significant or not. If they do find some significant malware (other than tracking cookies), then I would probably quarantine anything found (just in case you want/need to restore anything that is quarantined) and concentrate on making sure all malware is removed before troubleshooting the firewall.

I use ZoneAlarm Pro instead of the free version so I might not be able to help with troubleshooting your firewall configuration as well as I would like.

If you want to seek assistance from other people familiar with ZoneAlarm, there are forums dedicated to ZoneAlarm.

• ZoneAlarm User Forum

You might find your issue already addressed in one or more of their forum threads.

 

BTW, you should be running only one software firewall. If you are running ZoneAlarm, then your built-in Windows XP Firewall (and any other software firewall) should be off/disabled.

Perhaps this is the reason your leak test failed. I do not know whether ZoneAlarm (free?) automatically disables your Windows XP Firewall or not when ZoneAlarm is active.

You might also notice Spybot Search & Destroy gives you an alert that your Windows XP firewall protection is off. A new version of Spybot Search & Destroy (version 1.5) was just recently released and I am not yet familiar with how the new version works.

 

Hi shriv,

mailman has given you some great advice and good applications to work with. I just felt like adding 2 cents.

If it were my computer, I wouldn't hesitate to whip out the operating system disk and wipe it clean. Then, with a fresh clean installation, I'd change every password I'd used online, and every PIN number I could as well. Only then would I feel safe that I hadn't overlooked something.

 

To expand on Noahdfear's excellent advice:
A program that captures data for a third party is called a "keylogger ". Keyloggers can be software or hardware, so take a good look at your computer's logs plus inspect the physical devices. A common hardware keylogger is available as a "keyboard adapter" (it looks legitimate on purpose ) or as a USB connection. A look at your firewall log should tell you if a piece of software is trying to "phone home" with stolen information. Also check your "add remove programs" in the Control Panel, and your running services and processes in the Task Manager. If you would like some assistance interpereting what you find, attach a HijackThis log to your post, and we'll take a look at it for anything suspicious. In the meantime, refrain from accessing any sensitive data on your machine until your suspicions are put to rest, and shut it off when not in use.
Johanna