Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Modas on June 27, 2005, 07:46:13 AM
-
Ok -
Here's the scoop. My girlfriend gets a letter from her ISP stating her email account has been associated with sending out an ENORMOUS amount of spam. BTW, she is on dial-up. Forgot to add she is running XP home SP1 and probably has no updates installed either :mad:
So, I go out, get the usual programs (spybot, spyware blaster, trojan hunter, etc) and run them and there are dataminers, tracking things and all sorts of crap on her computer.
I'm trying to install a firewall and anti-virus, but once installed, I cannot run the programs. On top of that, I cannot bring up task manager to actually see whats running. I do the CTL-ALT-DEL and it pops up for a second and immediately closes down. Which is bascially what happens when I try to run the firewall and antivirus.
I've booted up in safemode, and run all the above programs, and found a couple of more problems but at this point, I think I'm over my head as far as being able to clean this up.
Can anyone help me with next steps? Thanks!
-
Well ... if you have a good (and current ) anti-virus on your computer you would better plug her disk on your computer.
-
Or you can do it over the LAN. Just make sure your computer has all the XP updates and your virus software is up to date.
It sounds like her system has a virus, in which case, if the system cannot be cleaned, then it needs to be completely re-formatted and not save off any files.
-
Deleted
7- Members should remember this board is aimed at a general audience. Posting pornographic or generally offensive text, images, links, etc. will not be tolerated. This includes attempts to bypass the profanity filter.
-
MODAS your girls computer is way to infected...
sounds like your running with hidin processes...
your only chance is to wipe everything and re-install XP, but do get the sp2...
-
Originally posted by SLO
MODAS your girls computer is way to infected...
sounds like your running with hidin processes...
your only chance is to wipe everything and re-install XP, but do get the sp2...
Yeah. I don't even bother to run adaware in most cases nowadays. It's faster & easier just to pop in the XP cd and start over.
-
crap....
I was afraid of that. Is it possible to download just SP2 direct from microsoft without using the updater in Windows? I've got dial-up at home and would prefer to download SP2 separately from work if that is possible.
I wasn't able to find a link to just the SP so I can save it to disk. Can anyone help me out?
Much thanks!
-
Try this:
http://download.microsoft.com/download/1/6/5/165b076b-aaa9-443d-84f0-73cf11fdcdf8/WindowsXP-KB835935-SP2-ENU.exe
-
A field in the country, a box of 7.62 and an afternoon off is the best way to deal with computer issues. ;)
I'll talk with my brother and see what he recommends to do.
-
Check to see if you still have administrator rights. We had a system like this come into the shop, after evaluating the time it would take to clean it vs. the time to wipe it and do fresh installs, the fresh install won.
Here is a link to a free anti-virus program.
http://www.free-av.com/
The ms beta spyware thing works pretty good.
Good luck.
-
Originally posted by Chairboy
Try this:
http://download.microsoft.com/download/1/6/5/165b076b-aaa9-443d-84f0-73cf11fdcdf8/WindowsXP-KB835935-SP2-ENU.exe
Excellent! Thanks Chair!
JB - Yeah, my IT guy here at work told me about the MS beta program as well.
And if worse comes to worse, I'll be taking Tex's advice and capping it with a couple of 12 gauge slugs.....
-
Silat has a post in the tech support section with links to all kinds of FREE anti-malware type programs. Not sure how he finds all that free stuff, but they do work very well! :)
Download and install them, then just make sure they get updated regularly and you should be good to go, after a reformatt that is.
-
Here ya go...Silat posted this in a thread of mine recently:
I recommend you or anyone else who has a problem with hijackers go here http://help.lockergnome.com/ .Register. You will then be able to post. By post I mean post a HIJACKTHIS log. After you register click on "PROBLEM SOLVERS" forums. Then click on "HIJACKTHIS LOGS". Post your problem in the HIJACKTHIS FORUM. An expert will get to you within a few days to guide you to a clean machine
You may submit your HijackThis log files to any of the below Forums for
expert analysis. I personally like http://help.lockergnome.com/ As this is where I learned to read Hijackthis logs.
Note that all Forums require Registration prior to posting
(http://aumha.net/viewforum.php?f=30)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://castlecops.com/forum67.html)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://www.spywarewarrior.com/viewforum.php?f=2)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.wilderssecurity.com/forumdisplay.php?f=24)
(http://boards.cexx.org/viewforum.php?f=1)
(http://www.malwarebytes.biz/forums/...php?showforum=5)
(http://forum.gladiator-antivirus.com/index.php)
(http://www.dslreports.com/forum/security)
http://www.spywareinfo.com/~merijn/downloads.html - Download Hijackthis. Put it in a new folder named "Hijackthis". Put the folder on c drive. This is important for proper logging of info when you get hijacked. Do not use this program unless you completely know what you are doing. FREE
http://www.javacoolsoftware.com/downloads.html - download and install : SpywareBlaster and SpywareGuard FREE
http://customblockinglist.cjb.net/ - Spyware Blaster Custom Blocking List Free!
http://www.safer-networking.org/index.php?page=download - Download and install Spybot - Search & Destroy FREE
http://www.intermute.com/products/cwshredder.html - CWShredder Download the standalone version. FREE
http://www.lavasoftusa.com/support/download/ - Download the free version of Adaware and install. Or pay for the advanced version if you want. FREE
http://www.microsoft.com/athome/sec...re/default.mspx - Windows AntiSpyware (Beta) FREE
ANTI VIRUS PROGRAMS
http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5 - AVG
If you don't have an antivirus program and don't want to pay for one then get AVG . It is free and good. FREE
http://www.avast.com/eng/down_home.html - AVAST
To use the Home Edition, you should register it. After the installation you have 60 days to do the registration. The registration process is very easy and will take you only a couple of minutes.
http://www.free-av.com/ -ANTI-VIR another antivirus FREE
WINDOWS CLEANER
http://www.ccleaner.com/ - Crap Cleaner. Windows system cleaner like Window Washer FREE
HOST FILE INFORMATION
https://netfiles.uiuc.edu/ehowes/www/resource.htm - IE-SPYAD (IE Restricted zone list) Free!
If you dont have an antivirus you can do free scans at
Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/
http://housecall.antivirus.com
McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp
Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/active...n_principal.htm
Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
DialogueScience:
http://www.antivir.ru/english/www_av/
F-Secure:
http://support.f-secure.com/enu/home/ols.shtml
BitDefender
http://www.bitdefender.com/scan/license.php
Freedom Online scanner
http://www.freedom.net/viruscenter/index.html
ClamWin
http://www.clamwin.com/index.php?op...id=21&Itemid=56
All the downloaded programs need updating regularly.
Lew/+Silat
-
Your best bet is to wipe it and start from scratch. Its pretty obvious the system has been comprimised, and anti-spyware never gets a 100% hitrate.
-
Post picture of your girlfriend and i will try to recall some good advise :D
But if its realy fubared i think it takes like 30 mins to install Xp ?
LOL Curval.... thats an interesting aproach... Install so many protection softwares, that your computer will become so slow, that non of virus's or spywares will execute untill 5PM :D
-
This looks like a useful tool as well.
http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
DropMyRights, basically if your running windows in full admin mode (as most of us do) it gives any viruses or malicious code you encounter full rights to install on your computer.
By running DropMyRights on programs you choose for example your web browser and email program they will then run in a restricted mode. This gives you full functionality but removes the ability for any viruses or malicious code to install on your computer.
Seriously reducing your vulnerability level.
-
You dont need no stinking beta program...
first thing i would do is manually check your registry..
you can do this the non techie way by going to to start menu and clicking the run command.
a window will appear and you enter
msconfig
click ok...
Then goto the startup tab and check the entries..
every entry should have a path to whatever its is doing..
(my machine on xp has like 3 additional entires froma base install which is no entries..) (commit charge about 110-114 megs)
then using the find command (also under the start menu you can investigate the the various programs via google or other means once you have the executable and the path name...
this option works best under the safe mode and you should do your cleaning there.. (after research of course when you have a net connection, safe mode may fubar this on a temporary status so be advised until you reboot..)
Now after you do your cleaning if you have problems with legitimate programs having problems you can back track thru msconifg and re-check what is needed for your computing needs..
The above will manually remove 90% of all spyware/trojans on your machine..
now viruses are another problem but most these days are not miscreant and ineffective, most only highlighting proof of concept and some cheerleading props to the author..
hopes this helps..
DoctorYo
-
LOL Curval.... thats an interesting aproach... Install so many protection softwares, that your computer will become so slow, that non of virus's or spywares will execute untill 5PM
Dont need all of them Lada. I use 4 just because not one of them will find everything, but between them all I stay pretty clean :)
-
Thanks for all the great help guys! Probably will be tackling it tonight.
:D
-
After new, patched installation of Windows + drivers it could be good idea to take a back-up copy.
If you need to reinstall Windows at some point it's about 15min job from a back-up.
-
Also remember you might have to be in safe mode to delete some stuff.
-
Originally posted by Modas
Ok -
Here's the scoop. My girlfriend gets a letter from her ISP stating her email account has been associated with sending out an ENORMOUS amount of spam. BTW, she is on dial-up. Forgot to add she is running XP home SP1 and probably has no updates installed either :mad:
So, I go out, get the usual programs (spybot, spyware blaster, trojan hunter, etc) and run them and there are dataminers, tracking things and all sorts of crap on her computer.
I'm trying to install a firewall and anti-virus, but once installed, I cannot run the programs. On top of that, I cannot bring up task manager to actually see whats running. I do the CTL-ALT-DEL and it pops up for a second and immediately closes down. Which is bascially what happens when I try to run the firewall and antivirus.
I've booted up in safemode, and run all the above programs, and found a couple of more problems but at this point, I think I'm over my head as far as being able to clean this up.
Can anyone help me with next steps? Thanks!
Dial up connections do not need a Firewall.
Karaya
-
Originally posted by Masherbrum
Dial up connections do not need a Firewall.
(above) (phrase) common misconception - miS-konseptshun
-
Originally posted by Masherbrum
Dial up connections do not need a Firewall.
Karaya
Hope you have good liability insurance ;)
-
Originally posted by Vulcan
Hope you have good liability insurance ;)
used dial-up for 1.5 years. NEVER got a virus or the like.
I now use ZAP 4 for the DSL connection
Karaya
-
No need for a firewall on dial-up is a MAJOR misconception! I've been on DU ever since getting online. Yeah, it can be a pain in the rear at times and it takes an age to download anything. Then again, my connection isn't a 24/7 open line to let some pre-pubescent snotwad have fun with my rig. I've always run ZoneAlarm, always used non-M$ software (NS at first, now Firefox; Eudora for mail) and never have I had a spyware or virus infection. How many threads have I seen on this board regarding M$ crapware getting infected? Countless. How many threads have there been from folks using non-M$ software getting infected? Zilch. Throw ZA into the mix and you're pretty much bulletproof. The list of blocked UDP and TCP packets in ZA after just two hours of being online is utterly horrific.
Considering that some of those source IPs are over-seas, I'd rather have overkill security.
-----------------------
Flakbait [Delta6]
(http://www.wa-net.com/~delta6/sig/geek.gif)
-
Originally posted by Masherbrum
Dial up connections do not need a Firewall.
Karaya
Dang sorry SIR but I have to disagree.
Had someone from Brazil trying to pass through my computer during online gaming.
Connect was good for about 3 months with no firewall. Then started having really bad warps and lag. Kept checking with pingplotter and everything looked great!
Finally, I figured WTH and reinstalled ZoneAlarm. Why not, was getting lag and warps anyway.
Bang! Very 1st time I went online was getting hit from a Brazilian address, over and over and over! Went on for about 3 days after I reported it to all involved. ISP, and game people. Was using the 30 day free advanced version at the time and it showed the address of the ping.
It finally stopped and when it did so did the lag and warps!
This all happened while I was using dialup.
To be sure I finally formatted and reinstalled everything.
P.S. some claim that when you use dialup you get a different address each time. Hmmmmmmm......... depending on your ISP I'm not so sure that's always the case anymore? Or perhaps, if they do find a way in to your machine once, they deposit something like a bot that tells them when you're online and your current address so they can pass through again later?
IMHO EVERYONE needs a firewall and they need it all the time!
There are some pretty resourceful people/hackers out there!
-
Originally posted by lada
LOL Curval.... thats an interesting aproach... Install so many protection softwares, that your computer will become so slow, that non of virus's or spywares will execute untill 5PM :D
hehe
No...I think he did mean for me to pick and choose from a full list of free stuff.
I'm not quite THAT paranoid...but almost. ;)