Ravenquille...

First, I find it odd that you're asking about how much the CEH exam costs, in another thread, while asking about this.  It seems that MAYBE you've been poking around to learn some security (for whatever intention) and gotten yourself infected by trying to use some possibly 'less than ethical' material you've pulled down.

That said, IF you're legit... (I'm sorry, but this really does sound fishy to me... how about any other EH-net-ers reading this???)

All of the various things you've mentioned are helpful in eliminating spyware, viruses, rootkits (in the case of total drive wiping), etc.  If this truly keeps coming back, I'd only have a couple of good suggestions.

To begin with, if this is as serious as you lead us to believe, disconnect from the internet, before doing anything else.  Disconnect your entire home network.

1.) Wipe ALL machines, at the same time, all together, to ensure something isn't returning from one machine to another after cleaning up.

2.) Throw away ALL data you have stored, or at a minimum, have it professionally analyzed, to be sure that you don't have a remnant on USB key, external drives, or other storage media (ie - cdrom / dvd om backups)  This includes ANY installation media, with exception of store purchased CD / DVD install media for retail software, such as MS Windows, etc.  (Although, you COULD check them out to be safe, since you seem to be getting infected again so quickly, to ensure somehow, you didn't get some crazy, virus-laden media that somehow got onto shelves.)

3.) Email... print any you've wanted to keep saved (including those from online mail, such as GMAIL), then wipe all mail from your mailboxes, both on your local machine and the online mailboxes, to make sure something isn't slipping back in.

4.) remove yourself from ALL social media sites for a while (stop logging into facebook, myspace, etc, in the event you're somehow hitting someone's infected graphics posted therein, on a profile, etc.)

5.) Lastly, if you use a static IP, or if you host your own website and use DYNDNS or something to route to your local box with a hostname, change the hostname you use, or ask the ISP to change your static IP.  If EVERYTHING has been wiped, simultaneously, and you've done everything else, I find it hard to believe that someone randomly keeps finding you.

If none of this helps, and you keep getting hit again, then my advice would be to look at your close friends.  If your 'home' network has that much equipment, and you're looking to do security, etc, then I'd be willing to bet you've also had other folks you know, near your machines.

That said, though, I think, based on your two separate posts, that I'm not totally certain you're being totally honest here, so think hard before asking the next questions.............

No worries, Ketchup...  I only knew as they posted on remote-exploit's page when BT4 final was released.

Cheers!

Good luck, and welcome to EH-Net, rframe.  You've found a good place to get you going.

There are other good live-cd lab scenarios you can use.  Hackerdemia, pwnOS, Webgoat and others will give you some other basics to look at and start studying with.  There's also a good book, written by Thomas Wilhelm (recently talked about on the forums here):  "Professional Penetration Testing: Creating and Operating a Formal Hacking Lab"  which I would highly recommend as a good resource for your learning pleasure.  The book is an excellent resource / read, and the DVD contains images for many of the live-cd's I listed above, as well as videos and tutorials from the heorot.net site.  If you're looking to get started, it's a good way to begin.  Also, another good book for building your OWN lab is "Build Your Own Security Lab: A Field Guide for Network Testing"

I think if you're looking for basic starting points, those will do you well!

My only reason for the suggestion for USB was that, many of the newer laptops / netbooks I've come across (or even if you're using something like an oQo,) while they may have cardbus slots, they don't have PCMCIA.  Thus my recommendation to look at USB options, too.  There are simply so many different possibilities. 

Atheros chipsets have worked well for me, as have the Orinoco's.  So it's a matter of finding what'll suit your needs and budget, what you can locate, whether new or on eBay, or wherever, and to validate it's been tested.

Good luck.

Thanks for sharing.  I'll pull down a copy and have a read this weekend! 

The best place to start is...  right where Ketchup said.  No one person can give you a 'this is exactly where you should start,' because everyone's learning style and needs are different.  For some, video learning is key, so you might purchase come CBT's, or dig through free video tutorials.  For others, reading books helps, for some working on labs helps.  There's just too broad a spectrum.

If you truly want to do this, you should follow Ketchup's advice, start digging through the forums here, see what experiences others have, and what pointers and lessons they've taken away from the forums and discussions, and proceed from there. 

One other thing you'll find.  We're all here to help, but we're not here to simply handhold, as you won't learn effectively that way.  You need to begin your search, and if you have questions or want to discuss something you've read (if it's from another source outside of ethicalhacker.net, then post on it here, and we'll open a discussion,) then open the discussion.  But to simpy say, ' I would like it better if I could get some suggestions about my exact situation' tells us nothing of your 'exact situation' as everyone's differs, and you aren't asking us anything in particular, so we cannot answer you in particulars.

As Ketchup says, welcome to EH-Net, and you can learn a lot by being here.  Heck, I learned a ton just searching the forums before I even joined and started interacting with others here!

Good luck, and we look forward to future discussions with you.

Backtrack is no longer hosted at that page...  It's now at:

http://www.backtrack-linux.org/

 

Maybe it's just me today... I'm getting an http 403 error on that link... I'll have to see if someone else has that same document posted elsewhere.  I always like to add documents to my library, for helping out other folks, and I know a few who could probably use something handy like it (once I see what it is........ darned 403)  Thankfully, I'm doing alright in the hex department, myself.  But thanks for a useful link (if I can hit it)

I don't personally have a cardbus recommendation, but the Linksys WUSB54GC (USB) works well, if you need an alternative to cardbus and have USB ports.  With BT3, it just required me to pull an updated driver for it, and I haven't tested against BT4 yet, so can't say for sure.  But it does the job, and does it well.

http://lmgtfy.com/?q=learn+hexadecimal

As awesec implied as well, there really weren't any hexadecimal-specific questions that I hit on my CEH exam, and really, without more 'specific' questions for us, all we can really do is tell you to Google it.  You'll find PLENTY of sites to explain / teach hexadecimal and conversions to read through.  As a pentester, you'll do a lot of self-research on such topics.

We're happy to help, if you find something specific to ask about, so if you have a specific question for us, ask away!

Wow... really wish I could afford... drooooooooooling!!!!  Maybe in the future, though!

<hoping unsupported has more of the tin foil hats to pass around>   

I go both ways on this, chrisj.

I like scripts and open source tools, as I tend to have a bit more say in exactly what they do, and I LIKE to be able to do some custom scripting, etc.  However...

The closed source (for pay) tools often have advantages in that they keep a closer track on the latest vulerabilities, etc, whereas the free tools often have a short (or long) delay in release of the latest ones.  Additionally, the right paid tools will save you a lot of time on some tests, where they have so many tools integrated into one utility and can run them all simultaneously, or in order of need, saving the pentester time and energy that he can then focus on other things.  (Such as finding what data, etc, is available to him / her after a successful exploit has been run.)  They also tend to have built in, pre-canned reporting of all of their findings, helping to 'clean up' and polish the end reports to customers.

So there are obvious advantages and disadvantages of both types, and I personally use either / both for any given test scenario, just depending on time available, needs / wants, and depth of reporting / testing required versus time alotted.

HTH, and makes sense.  (clear as mud?)  

Yeah I got my copy, and am enjoying it, as well.  Haven't finished... (darn work time gets in the way...    ) But Thomas wrote a good one, from what I've read so far!

Yeah, they're cracking down...  publicly anyway...  Meanwhile, their cyber / cracking schools and training programs are so widely recognized and talked about.  But hey, why not at least TRY to make the rest of the civilized world believe you're shutting these activities down.

It's easy to make themselves 'look' like good guys, when they're actively cracking down on 'individuals' committing cyber crimes, while they continue to develop the same thinking and minds behind the scenes, for more advantageous and critical activity.

don, I'd agree with the nerviousness.  That said, however, I'd like to hope, at least, here in the US, with the emphasis on combating cyber crime, and with activities like the US Cyber Security Challenge going on, that well-meaning activities and sites, such as EH-NET, have less to be concerned about, from the standpoint of being shutdown.