How to examine if your computer is infected

How to examine if your computer is infected, if your PC is a part of a botnet or some hacker has unauthorized access to your computer through a remote administration tool or your computer is infected by some kind of trojan which is giving out your personal information to the hacker.

If your computer is infected and you are connected to the internet then you wouldn’t even know what information is going out from your computer to the hacker who could sitting in any part of the world. The info might be your login username and password, credit card info or anything else.
Some of the newest viruses and trojans can even go undetected if the Antivirus systems have not yet been updated to detect and remove the infection.
Many cyber thieves, hackers and script kiddies use tools known as Crypters which can make a trojan or other malicious programs undetectable by security products such as Antivirus. Some crypters are fee some are paid versions, some of them are really effective and can completely make malicious programs undetectable by Antivirus software. So just because you have an antivirus installed doesn’t mean your PC can’t get infected, the best practice is to never download any file from an unknown source.

Here are a few things you can do to examine if your computer is infected or not.

Internet connection can serve as a medium between your and the hacker’s computer through which the communication takes place in the background in case your PC is infected, therefore you need to check the network connections, whether your PC is connected to some unknown or suspicious host, IP or domain name.

 

Run Command Prompt in Administrator mode

cmd as administrator

Run the command

netstat -b

cmd netstat -b

Here we see a bunch of connections running, first one is 127.0.0.1 which is local host and then we have firefox.exe and Explorer.exe
You may see more processes / application-name.exe depending on the number of applications you might be running at the time when you use this command. Here you should look for the .exe process which looks unknown or suspicious to you. Then search it on google.

Google shows Explorer.exe is a windows process and completely safe. If you find anything suspicious then search it on google and you would come to know if it is a legitimate process or some malicious program.

 

Next  run the command

netstat -ano

Focus on the connections whose state is “Established” under the state column

Open the Task Manager (short cut Press Ctrl+Alt+Del )
Add PID column to the task manager if you don’t have it.

task manager pida

To do so move your mouse cursor over the name column then right click and then click on PID.

Click on the PID column to arrange the processes according to their PIDs

Now figure out which process is using the connection ? (You should look for the ones whose state is ‘Established’ ).
Match the PID with the PID in the Task Manager and it turns out to be firefox.exe (5312) in this example, which is a safe application.
A malicious program can be named after a genuine process like firefox.exe, explorer.exe to make it seem like an authentic process in that case firefox.exe would have 2 different PID’s and you can spot the fake one by checking its digital signature.

 

Use the command

sfc /scannow

This command checks the integrity of the system files. A malware can embed itself into the system files which may go undetected.

 

Make use of Wireshark.
Wireshark is a famous tool used to analyze packets / network connections.

In the filter box type dns and it will filter out and show all the connections making use of DNS. If you have opened up many web pages in your browser then it will show connection details of every one of them. The idea here is to check for suspicious connections and it can be challenging. There could be a very long list of these DNS rows you might have to go through so I suggest you do to either close your browser or do not open more than one web page while running this test. Additionally if you are running any other application that uses the internet like a game client then close that down too.
If the list of DNS rows are too long for you to go though all of them then use the command to filter out the and display only those connections which have used more than 4 answer requests because usually high amount of answer requests takes place in case of a malicious connection.

dns.count.answers gt 4

Put this command into the filter box and hit enter

Here we need to examine if the computer is connecting to some suspicious domains, hosts or IP. In the above pic see for example in the second row under the info column csync.flickr.com. Flicker.com is a safe domain its a legitimate website so no problem there. Look for anything that raises suspicion.

Lets see adservers-users-2, third one from the end.

Right click on it then go to copy and click on “summary as text”.
Paste it in the notepad or anywhere else and copy the full domain name including the sub-domain which in this case was adservers-users-2-422793280.ap-northeast-1.elb.amazonaws.com
Search the entire name on google as well as search it without the sub-domain on google (amazonaws.com is domain name without the subdomin).
You would come to know that amazonaws is Amazon Web Services which is a part of Amazon and is very safe. So this is how you can examine if your PC is connected to a legitimate host or if there is some malicious program which is establishing a connection with an unknown or suspicious host which has been reported as malicious in nature.
You can also check if the domain has been blacklisted using the following site http://mxtoolbox.com/blacklists.aspx

 

In the protocol column look for unusual protocols such as IRC, TFTP, SSH. If you find one then the traffic associated with it should be seen with suspicion especially when you are not running any application which makes use of those protocols.

 

Under statistics click on protocol hierarchy

Now look for “Data”

protocol hierarchy wireshark

“Data” should not be directly below the Title / Heading as you may see in the example below.

If the “Data” is directly below one of the headings then it should be a big warning sign. If that is the case then right click on the “Data” and then you can find the traffic associated with that data. Search the IP address to which it is connecting whether it is safe or not. You can check the IP address using https://db-ip.com or http://whatismyipaddress.com/ip-lookup

It is safe if the IP belongs to companies like microsoft, google etc.. but if the IP is from an “internet service provider” for example google fiber or any other ISP then it could belong to anyone. It could be the IP address of the computer which has unauthorized access to your PC.
You can also check whether the suspicious IP address or domain name is blacklisted using this website http://mxtoolbox.com/blacklists.aspx

Wireshark is an advanced and sophisticated tool it has a certification named Wireshark Certified Network Analyst (WCNA) and one cannot learn it in a single day these were just a few tips on how to use it to examine if your PC is infected by some malware.

No Comments

ClixSense PPC How to make money

clixsense payment proof

Is ClixSense a scam ?
No it is not.

Clixsense is one of the best PTC (pay per click) websites out there. It was launched in 2007 and has been running successfully since then. By taking advantage of the ClixSense online advertising program, as a potential online consumer, you can actually get paid for viewing advertisements and completing surveys.

clixsense survey

The reward for completing surveys is obviously much is higher than browsing PTC advertisements.

clixsense tutorialIn the above image you can see ClixSense dashboard.
Apart from viewing ads and completing surveys you can also complete ‘Tasks‘ and ‘Offers‘ for some extra income.

Advertising
If you want you can also Advertise your website or content using ClixSense, its not free, that’s one of the ways how they generate revenue and you get a share of that revenue. ClixSense have a very big user base more than 5 million registered members worldwide.

ClixGrid
Its like a game. You can try your luck to click some ads in Clixgrid,  if you’re lucky  you can get some free money.

Affiliate Program
This is where you can make big money ClixSense has got a very good affiliate program.  Not only you earn commission for referring others you also get commissions whenever your direct referrals click on PTC Ads, purchase advertising, complete simple tasks and offers, and whenever they or their referrals upgrade to Premium through 8 levels! With multiple streams of income your earnings potential is unlimited. Commissions for Premium members are substantially higher than Standard member.
Standard members earn only from their direct referrals. Whenever your direct referrals upgrade, you’re instantly paid $2.00! If you are a Premium member and if your referrals refer others who also upgrade you are instantly paid $1.00 for each upgrade through 8 levels.

Clixsense Referral is down to 8 levels which means that you will earn commission from your referral and the referral of your referrals until 8 level if you upgrade your membership status, then your income will be a lot.

How to know your Affiliate link ?

clixsense affiliate

Move your mouse over your username at the top, click on ‘account summary’, there you will find your affiliate link. You will earn referrals if someone registers using your referral link.

Cashout options
Minimum balance to cashout is $6 for Premium members and $8 for Standard
PayPal
PayToo
Neteller
Tango Card
Payza (available for limited countries)
Check minimum payout $10 only for United States and Canada.

REGISTER NOW
http://www.clixsense.com/?9373591

No Comments

How to secure mybb forums

Hardening up mybb Security and protecting it from hackers.

Change the default address of Admin CP (control panel)
The default address of mybb admin cp is http://example.com/admin

Login into your file manager via your hosting panel or by using apps like filezilla.
Once logged in go into the directory named inc which is in the root directory or the directory where you have installed mybb.

If its a new mybb installation then the name of inc directory may be config.default.php so in that case you need to change its name to config.php

Edit the file named config.php

securing mybb forums

Inside the config.php file search for the line $config[‘admin_dir’] = ‘admin’; Here admin is the name of the default admin directory which determines the link to the admin control panel which by default is http://example.com/admin Now change the name from admin to something less obvious.
For example I change its name to $config[‘admin_dir’] = ‘nature125’;
After this go into the root directory or the directory where you have installed mybb.

secure mybb

Rename this admin directory to the same name that you specified  $config[‘admin_dir’] = ‘nature125’; here instead of the admin, in my case it should be nature125.

mybb security

Now my new admin login link will be http://example.com/nature125

Hide Admin control panel Links
When you login into your forum using your admin account and password from the front end you may see a link to Admin Control Panel it should be hidden from the front end.
Go into the directory named inc which is in the root directory or the directory where you have installed mybb.
Edit the file named config.php

secure mybb forums

If $config[‘hide_admin_links’] = 0  then change it to 1

Deny access to directories

/inc
/admin/inc
/admin/modules
If you have changed the name of admin directory then it should be your custom name instead of that admin.
Create a .htaccess file containing the following code deny from all and upload the file into the three directories mentioned above.

secure forums

Configuring an Admin CP PIN

security mybb forums

Go into the inc directory which is in the root directory or the directory where you have installed mybb. Edit the file named config.php
Find $config[‘secret_pin’]
$config[‘secret_pin’] = ‘your secret pass or pin’;
For example $config[‘secret_pin’] = ‘xsecret18’; then xsecret18 will be my secret pin.

secret pin mybb

After you specify your secret pin in the config.php file then you will see secret pin option when you try to login as admin. This will provide additional security. The secret pin feature was added in mybb version 1.8, the older versions does not have this feature.

Deny access to Global.php
In the main .htaccess file which is in your root directory or where ever you have installed mybb, copy and paste the following code at the end of the .htaccess file.

<files global.php>
Order deny,allow
deny from all
</files>

Password protected directories
Also called Htpasswd is used to password protect directories. In the case of mybb you can protect the admin directory or whatever is the name you have renamed the admin directory to.
If you are able to configure it then it provides an extra layer of security.
The method to enable it may vary across different hosts and control panels. You may ask your hosting provider or check out their tutorial / manual on how to enable it.
For Siteground http://www.siteground.co.uk/tutorials/cpanel/pass_protected_directories.htm
For Dreamhost http://wiki.dreamhost.com/Password-protecting_directories

Delete the install directory
After you successfully install mybb you should delete the install directory.

Keep your forum up to date
Always install updates as soon as they are available because updates include some important security patches.

Disallow HTML in Posts
In the admin panel Forums & Post section there is an option to allow HTML in posts it is disabled by default. You should not enable it.

Hide the version number
Displaying which MyBB version you’re running is essentially the same as yelling “hey, I’m running this specific version, which contains these specific vulnerabilities”. If you’re running on the latest version, it’s probably nothing to worry about, but there is simply no point in displaying it. To hide it go to Admin Control Panel > Configuration > Settings > Site Details > Show Version Numbers > Off.

Minimize Installed Plugins
Don’t install plugins that are very old and minimize the number of plugins. The more plugins you have installed, the more code can hackers exploit. Most plugins are fairly secure, but if one of them has a vulnerability, hackers can take advantage of it to get access to your forum. And for that simple reason it is highly recommended to keep the number of plugins to a minimum and only install those that you really need. It’s also worth considering the popularity and the author of the plugin.

Backup Regularly
Backup your forum regularly, if something goes wrong or in case a hacker gets unauthorized access to your forum and deletes everything then you should have a local copy of the backup so that you can restore the forum.

No Comments

How to insert ad code below the header on mybb forums without plugin

Below the Header

Below the header you can display ads in two places
mybb ad below header

  1. Below the header image and above the top navigation.
  2. Below the top navigation.

Login into your admin dashboard and click on Templates & Style.

mybb tutorial

Then click on Templates in the left hand corner.

display ads my bb

For the template you are using click on options and then Expand Templates.

You will see a long list of Template Set. Search for Header Templates.
Still cant find it then on the keyboard press CTRL and F together and find Header Templates.

mybb display ads

For Header Templates click on Expand then on Options then Full edit next to the header.

The code inside the header may vary across different templates but certain things remain more or less the same.

Now press CTRL and F on your keyboard and type the word logo and click on find.
You will see few instances of the word logo.

mybb ad below header image

Logo here means the header image so you need to insert the ad code after the logo ends and that is after </a> tag.

<div class="ads">
AD CODE HERE
</div>

If you do this then your ad will be displayed below the header image and above the top navigation.

If you want to display the ad below the top navigation:

mybb ad code

In the same header template file press CTRL and F together on your keyboard and type
<div id=”content”> and click on find.
Place the following code above the <div id=”content”>

<div class="ads">
AD CODE HERE
</div>

If you cant find <div id=”content”> then you have to first examine the structure of your theme’s top navigation. For example in the default mybb theme in the top navigation bar there are options like Calander, Help etc.

mybb default

Focus on the last option which in this case is Help.
In the same header template file press CTRL and F together on your keyboard and type the word help or whatever is the last option in the top navigation for your template.
Insert the ad code where the top navigation ends.

<div class="ads">
AD CODE HERE
</div>

It usually ends with </li> </ul> tags accompanied by some </div> tags.

Alignment
The ads will be aligned on the left hand side of the page by default but what if you want to move it to the center of the page.
Enclose the code within <center> </center> tags

<center> <div class="ads">
AD CODE HERE
</div> </center>

You can also center it using CSS margin-left property but I prefer center because center tag centers it for all screen sizes. If you use margin property of CSS the alignment may look different across different screen sizes especially on mobile devices so you would then have to write separate media queries in the CSS file.

Using CSS
Click on Templates & Style and then Edit the theme which you want to make changes to.

mybb edit theme

Next to global.css click on Options and Edit Style.

After that click on Edit Stylesheet: Advanced Mode
Scroll down to the bottom of the page.

mybb theme edit

.ads {
CSS CODE GOES HERE
}

You can use custom css code to move the ad upwards, downwards, left or right by using margin property, you can also add padding or other css styling.

No Comments
alert('dsf'); console.log("dsdsdsd");