I’ve been hacked! What should I do?

I’ve been hacked! What should I do?

Overview

Most of your devices are protected with passwords, secret questions and some form of physical security. However, thousands of people are hacked everyday. Chances are you or someone you know has been hacked at one point or another. No matter how diligent you are about security, you may eventually become a target. In this article you will learn how to tell if your device may have been hacked and how to respond. The faster your able to detect the signs and respond accordingly, the better you can minimize the damage.

Signs that you have been hacked

Hackers attempt to gather information from your computer or device without your knowledge. Therefore, it can be hard to determine if you are being hacked without knowing what to look for. Hackers often trigger certain events or leave indicators along the way that can help you detect the hack and take action right away. Use the following list of indicators as a guide:

·      Your browser homepage has been changed to another site

·      Applications on your device are crashing or restarting

·      You have new applications appearing on your device

·      The Anti virus program on your device alerts that it has been disabled

·      Programs or popups start asking for your username/password

·      Your password no longer works when you try to log into your device

·      Friends ask why you are sending them SPAM

·      Your device powers down by itself

How to respond

If you believe the device your using has been compromised or hacked, take action right away. If the device belongs to your employer, notify your management or the IT department. Trying to resolve the issue yourself can sometimes lead to more harm than good. In a business environment it is important to determine what information was compromised and, in some cases, evidence on the device may be gathered for legal action. If for any reason you’re not able to quickly get the assistance that you need, unplug the device from the network but leave the device running. In some cases, hackers will damage operating system files, disabling the device from being able to boot up again.   

If you are working on your own personal device, here are a few steps that you can take:

·      Disable the wireless connection on the device and unplug it from the network

·      Change your passwords right away. If possible, change your passwords from another computer in case the hacker is recording keystrokes on the infected device.

·      Make sure the Anti Virus software on your device is running. If any infected files have been detected, try using the Anti Virus software to clean them.

·      Install a program like Malwarebytes and scan the complete system for malware. You might need to download the program from another computer and install it with a thumb drive or CD.

·      Restore the device from a backup. DATA LOSS! This option will likely result in some data loss.

·      Restore the device with the factory recovery image. DATA LOSS! This option will result in data loss.

Moving forward

After you have regained control of your device it is important to keep an eye on your social media, instant messaging, email, banking accounts, etc. If the hacker was able to extract information from your device, they will likely try to use it relatively fast.

Take this opportunity to look over your backup process or create a process if you were not backing up your information. Backups don’t need to be complicated and can be done with an inexpensive external hard drive, thumb drive, CDs, etc. Microsoft operating system have a backup and restore application built in and Apple computers use a backup and restore system called Time Machine. Apple and Droid phones and tablets can be backed up to the cloud or a workstation/laptop. 

Getting assistance

If you need help recovering your device or protecting it from future issues, please contact us at https://jbtechconsulting.com

Windows Domain Logon Script using VBS and XML

Windows Domain Logon Script

At one point or another every IT professional has battled with mapped drives and logon scripts. Logon scripts typically start out as a small batch file and grow into something totally different. If you’re creating a new login script or considering changing what you have now, the attached login script might fit the bill or at least give you a foundation to build upon.

Overview

The following Windows domain login script requires 3 files to be placed on your domain controller. If replication is working correctly, once the files are copied to your domain controller they will replicate to the other domain controllers in the forest.

Download Logon Script files here.

Login Script Files

Logon.bat is a simple batch file with the sole purpose of calling the vbs login script (logon.vbs). It may be possible to eliminate logon.bat all together but in my experience it’s easier to keep it in place.

  

Logon.vbs is basically the engine for the login script. It reads the values in the XML file and executes commands accordingly.

 Logon.xml holds the information about your environment. This is where you would list your user groups, departments, and global drive mappings.

    

Directions for modifying the login script for your environment.

Download the zip file containing the login script. Unpack the files into a folder on your computer. Right click and Edit the file called Logon.bat. Change the domain name value so it matches your internal domain name. Make sure to leave “\netlogon\Logon.vbs” intact.
     

      

Once you’re done with the edits, save the changes and exit out of Logon.bat. Open Logon.xml with your favorite editor. Logon.xml has multiple sections, each pertaining to a different group type. Please note, it works best to add the name of the Windows Security Group to the XML file in all CAPS.

    

Enterprise Section

The Enterprise section pertains to everyone in the company assigned to the logon script. Mapping a drive letter in the Enterprise section will give everyone assigned to logon.bat the same mapped drive.       

      

Branch Section

The Branch section is intended for different physical locations within your company. For example, offices in New York, Chicago and Miami might need different drive letters mapped to their own local file servers. This section utilizes Active Directory Security Groups and in order for the user to get the drive mappings, their security group must be listed in the logon.xml file. The user must also be a member of the security group in active directory. Please note, it works best to add the name of the Windows Security Group to the XML file in all CAPS.       

      

Machine Group

Machine Groups can be used for departments or other groupings. This section utilizes Active Directory Security Groups so in order for the user to get the drive mappings, their security group must be listed in the logon.xml file and the user must be a member of the security group.
      

Remove Drive Mapping

Sometimes end users may have another program or previous script that mapped a drive letter on their machine. If you would like to ensure the previous mapping are removed before remapping the drive to another location, use the following syntax in the xml document. The remove option will unmap any matching drives on the destination computer.       

<Drive letter="I:" action="remove" />

Adding a Drive Mapping

To add a new drive mapping, simply use the following syntax. You may want to first run the command above to remove any previous mappings for that particular drive letter. Removing previous mapping first will ensure your new mappings apply correctly.

<Drive letter="P:" action="add" unc="\\server\share1" />

Optional syntax: This syntax allows you to add a label to the mapped drive. The label will show up in Windows explorer with the name you enter.

<Drive letter="P:" action="add" unc="\\server\share1" title="Public Folder" />

Option variables: Some variables can be used when mapping drives. This is especially valuable when mapping drives based on a user name or computer name. If the folder exists and the permissions are correct, the script will map the drive.

<Drive letter="P:" action="add" unc="\\server\share1\%username%" title="Personal Folder" />

Deploying the logon scripts

Copy all 3 files (Logon.bat, Logon.vbs and Logon.xml) to your domain controller’s netlogon folder. Log into Active Directory and assign the logon script to a user using Active Directory User and Computer snap in.       

      

If all went well, you should be able to map some drives on your next reboot. Feel free to share this or post comments.  

Getting assistance

If you need help setting up your logon script, please contact us at https://jbtechconsulting.com