Is is possible to hack a web cam? (Not a hacker)

[l_r_c_t]

Hello Everybody:

I would like to know if it's possible to hack a web cam? If so, the hacker can really see through the camera without the hacked-system's user knowing about it?

A few days ago my anti malware software fount a malware named "Backdoor.PoisonIvy", I read that this malware is very bad very dangerous, to the point that the computer should be reformatted also if been removed.

Do the two things have to do?

Any advices on how to be more safe in terms of securing all "doors" of the system?

Thank you.

 

[Guest]

F-Secure.com Description: Backdoor:W32/PoisonIvy

Here is some advise to help you out.

Disconnect your system from the network and use a different
system to download this software using a flash drive.

Download MalwareByte's Anti-Malware.

Also, if you don't already have this on your system, download SpyBot-Search & Destroy.

Download this updated SpyBot-S&D program executable which you can extract to the
SpyBot-S&D program folder. SpybotSD.exe-1.6.3.51.zip

To show that it is legit, here is the page link where you can find the update:
http://forums.spybot.info/downloads.php?id=37

Here's the Newest SpyBot Definition Updates so you won't need to update before scanning.

If you need a good Anti-Virus, I would recommend downloading Avast! Home Edition (FREE)

- Pay attention to the installer dialogs

Once you have the needed software Install MalwareByte's Anti-Malware.
Do a full scan and let it fix anything it finds and Save the log as you will need it later.

Next, Install SpyBot-S&D, but do not select the TeaTimer during the install setup as it is more trouble than it is worth. Then install the definition update and the 1.6.3.51 program update.

Once you have installed SpyBot-S&D and installed the update, start the program. You'll get a small pain in the butt dialog window which you will need to click through until you see the Start using program button. After that, maximize the program then in the file menu select Mode > Advanced Mode. Next, on the bottom left select Settings > Settings Scroll down to Web update and select Display available Beta versions.

Now close SpyBot-S&D so it'll remember the settings that were just set and wait a few seconds.

Open SpyBot-S&D again, then on the left panel select Settings > Ignore Products > (main window) Cookies tab

So your page links on most sites will work correctly without being blocked, be sure to select these items:

BFast
Commission Junction
DoubleClick
LinkSynergy
Qksrv

These are most commonly used for redirects by the majority of websites you visit including Microsoft, Amazon, you name it, they probably use these ones. Block these ones and you will have trouble with a lot of links not working.

Now close the program again to save these settings and wait a few seconds, then reopen again.
In the left panel, select Immunize and as soon as it finishes loading in the main window, click the Immunize button that has the green plus.

Now in the Left panel, select Search & Destroy then select the Check for Problems button and when it finishes, let it fix anything it finds and save the log file.

-

Head on over to the Spywareinfo Forums, Home of the Boot Camp and register there. Then once you have completed registration, select the Malware Removal forum and before you post anything, be sure you read the Pinned threads first as they are very important.

The Pinned Threads to read are as follows:

- 1) "Hijacked Users" - Start here
- 2) ATTENTION NEWBIES! IMPORTANT!
- 3) The various helper groups here
- 4) Removal Tools: "Malwarebytes' Anti-Malware"
- 5) Removal Tools: "Spybot"
- 6) Not getting help with your log?
- 7) So how did I get infected in the first place?

After you have finished reading the information in the pinned threads, Create a New post in the Malware Removal forum asking for help and include any requested information including the MalwareByte's Anti-Malware Log and the SpyBot-S&D Log.

Good Luck

 

[l_r_c_t]

First of all, I want to thank you Renegade_Warrior for your time, and dedication.

I'm sorry for paying attention to your reply only now (a week later), I have been very busy this last week.

The MalwareBytes' Anti-Malware software, I already have, and in fact, it was the one which discovered the "Backdoor.PosionIvy".

The SpyBot-S&D I also have, and when I used it, it didn't find any malware.

The rest of the things you suggested me to do, I will do in the next few days and let you know how it is going.

And now for the questions part (I'm sorry in advanced if some are stupid, but answer it is really important).

1) About the update (SpyBot-S&D) – what difference does it make if I order the program to do an update, or download this update that you gave me?

2) About the "Avast Home Edition", I already had it once, and changed to "AVG Free Edition". Avast is really better then AVG?
Is the backdoor active only when the computer is connected to the internet? (Meaning: the attacker can watch, and do the things the backdoor let him do(.

3) Isn't the root-kit (Assuming that there is one which opened the door) should be seen by memory usage? (Unordinary / over / more than the average memory usage).

4) If the assumption in question 3 isn't right how come a backdoor was opened? (Checked for Root-Kit and didn't find anything – Using Black Light of F-Secure).

5) When publishing a log is there anything I need to hide?

Thank you very much.

 

[Guest]

It's been a while for me, so I wouldn't be able to do this on my end without uninstalling and doing a fresh install of SpyBot, but if you haven't installed the beta update yet, then you can manually check the version of the originally file in the program after running a program update. At least this will tell us if they integrated the beta update into the program.

I do feel that Avast! is better than AVG, but then again, this past week I have uninstalled Avast! to give Microsoft Security Essentials a try because of the recent reviews that it received.

Back doors have a variety of uses. Some just sit idle waiting for commands, after which time who ever is controlling them can do what ever they want (within the limits of the back door in question) Other back doors log information. But they can only connect or transmit when there is an active connection.

As for RootKits, these hook into the kernel which enables them to hide their processes so they should not show up at all except with special detection tools such a BlackLight or other such tools. Although this past year there has been some newer RootKits out there which load themselves Before the operating system[/i]. As such, these RootKits are extremely difficult to detect, especially if you happen to get infected with one of the newer BootKits which install themselve to the MBR, the BIOS and load themselves to memory. This type is extremely difficult to detect and get rid of and if your BIOS chip is soldered on instead of being in a socket, then the motherboard is toast.

But I wouldn't worry about this last type of RootKit as I haven't come across many cases yet.

RootKits are generally used to protect and hide other processes such as Bots, worms, Malware, a spam generator, what ever the controller might have hiding on your system. You won't see any of the memory usage as the processes are hidden from the system.

Gmer is a special tool developed to detect and remove RootKits, especially those installed to the MBR of the drive. This tool was developed by a Russian who fights Malware.

More than anything the talk of RootKits is probably making you crap your pants just thinking about the worst case scenarios. Don't worry about any of this.

Also, don't worry about hidding any in your logs.

Just follow the advise I gave you about reading the pinned topics, post your logs from both programs and if there is any other information they want or program logs, be sure to include it. Someone will be sure to help you make sure your system is clean.

If by any chance they think there is a RootKit, they will let you know as they will diagnose the problem by the information you give them along with your logs. They may ask you to run some other specific programs to remove anything they may see or to help confirm or diagnose anything they may suspect and they will give you detailed instructions for anything they may need you to do.

 

[l_r_c_t]

Again Hello Renegade_Warrior again:

How do I check if the beta update was included in recent / any updates?

I think I'll try AVG a little bit more, and perhaps get back to Avast!.

When you meant to an active connection (In order for the backdoor to work) was an actual connection between the router and the computer via a network cable?

I heard that there are several levels of root-kits, how can I know, if possible, in which level the root-kit is in my computer (if the assumption is correct).

What is the MBR? And what does it mean, that my motherboard it toasted, if the root-kit got to this level? I have to throw away my motherboard?

I installed GMER, and it found as malware 5 things, of which have the values of: "AVG network connection". What does it mean?

Alright, I hope that those are my last questions for this thread (please try to answer them all), and I won't have to bother you any more.

Thank you.

 

[Guest]

MBR = Master Boot Record

The GMER website has a tutorial which shows how to recognize a RootKit infection detected by GMER and how to use the tool correctly.

The AVG items sound like they possibly belong to your AVG anti-virus.

Active connection means just that, a physical connection between your computer and the internet. With Broadband, as long as your computer is turned on, the connection is active unless you physically disconnect it. With Dial-up, you are only connected when you dial out with your modem until such time as you disconnect, that is to say "if you had a dial-up connection"

With RootKits, when asking for Remote Tech Support, these can only be diagnosed/determined through the use of various tools and the logs these tools turn out along with the description of problems the user may have or may be encountering with their system.

The only Type RootKit I know of for which a motherboard would need to be replaced is the type I spoke of which loads itself directly to the BIOS. Cause the only way the motherboard can be saved is if the BIOS chip is in a socket as you can usually order a new BIOS chip directly from the motherboard manufacturer.

I refer users to the Spywareinfo Forums is cause there are many trained users there who help people every day with finding out what form of infects is on their systems and they help with clearing it out.

My main reason for referring users there is cause Remote Tech Support is not my strong point. I'm the type of person who has to work directly on the system to find out what is wrong and fix it myself. I'm not very good at talking others through this sort of stuff.

 

[l_r_c_t]

I checked, and my BIOS are on the motherboard and can be removed, only by using special tools, while putting the motherboard in risk. Hopefully the root-kit (and again, it's existence is only an assumption), didn't get to the MBR level.

Renegade_Warrior I would like to thank you for all of the dedication, and attention you gave to my problem, and helped me out.
I will follow the steps and advices you gave me, hopefully resolving the problem completely.

For any question that you might have, you are welcome to send me a private message or an email.

Lior.

 

[Guest]

Just remember, MBR is one thing, but the newer type which installs to both MBR and BIOS is the one you need to watch out for.

The surest way to find out if you have the type which installs to BIOS and MBR would be to remove your hard drive from the system, then replace it with a blank hard drive and install windows to it.

If it starts showing signs of problems within a few days, then you know the RootKit reinstalled itself from the BIOS to the MBR of the hard drive which also means that it will have downloaded other Malware components such as Bots or what ever other components it might comprise of.

To prevent BIOS infection of a clean system, it's best to Password protect the BIOS with a strong password, one which can't be broken with such as a dictionary attack.

As to a drive which has previously been infected, you can always connect the drive to a clean system as a secondary drive to do what ever cleaning may need to be done including formatting the MBR of the drive from a command prompt.

 

[tanmaysnv]

Yea, the thing is you may end up with some virus or hidden software, spyware that can be used to remote control that probably. These spyware or virus can come along with all kinds of things you wouldn't suspect.

I once download what I thought was video code that ended up being spyware that screwed up all kind of stuff.

I've seen people hack into public security cameras, so I don't see why not personal web cam connected on web.

 

[Guest]

tanmaysnv
I can see from your replay to this thread that you did bother to read the contents of the thread itself as your answer was only to the subject without knowing what the content of the thread was.

Besides that, the thread was an old thread which had already been dealt with.

The Op in question had been asking if it was possible for someone else to control his web cam. Not if he could hack his system or someone else's system.

And yes, his system was badly infected already which was the whole purpose of this thread.

You need to read what is posted before you rush in and post a nonsense answer to a thread, an answer which has nothing to do with the thread in question. Plus you need to pay attention to how old the thread is.

Just because the Op does not elect to select a post as best answer does not mean that none of the posts were of help to the Op. It's just that a lot of users just don't bother to select a post as the best answer.

I'm familiar with malware removal as I have been trained in the Boot Camp for this and I have been dealing with such parasites for years now.

 

[l_r_c_t]

Renegade_Warrior I agree with your last post, saying that someone that adds his input to a thread should read the contents of the other replies, and especially the question itself.

As for your saying about the users that don't bother selecting the best answer for a thread, I don't agree because of the fact that I couldn't really choose one of your answers as the best, because all of your replies were very detailed and gave an exact answer to all of the questions that I came up with during this whole thread.

So, I will pick one of your replies as the best because it doesn't really matter to anyone, once the post is marked as "Answered" and I believe that for you it is important, so it's the least I can do after all of the help I received from you.

And again, thank you very much!

 

[l_r_c_t]

Best answer selected by l_r_c_t.

 

[Guest]

Thank You

I generally try to be as helpful as possible when I can.

So far, I've been lucky (unlucky?) in that I haven't come across anything that I've ever found the need to ask for help on anything computer related. Probably cause of my having too much time on my hands.