Jump to content

Computer Hijacked!


mittheimp

Recommended Posts

When I got a virus (a dialer program) which could not do anything (as it is not dial up) - it started shutting down my PC about 4 minutes after boot. Anything I tried had no time to complete.

Also, it disabled Ctrl-Alt-Del.

After booting in Safe mode, connecting to dozens of free fix sites (some software that looked promissing I even bought) nothing worked.

Finally, reinstalled (repair) Windows, bought McAfee Security Center (full suite of their products for home use) and have not had any problems since.

It's even fun watching how dodgy sites are trying to infiltrate. McAfee would not let them, showing what they are trying to do.

Subscription was 70$ per year, always on, just today it received 3 updates from it's home site.

Not expensive when I consider it took me 20 hours mucking around with free software. And the risk of losing whatever I had on the hard disk.

Link to comment
Share on other sites

On the subject of rootkit scanners, I found a nice utility that works like this:

The utility is called "EzPcFix",(freeware)

http://ezpcfix.net/

You create a BartPE CD with the utility installed, then you boot from the

CD and run the "Rootkit finder" function.

It will then create an md5 listing of all the files present on your system

and save to an logfile.

You then boot into windows and run the utility again.

Finally you use the "compare" feature in the proggie.

If any files have been stealthing themselves from windows, or have been changed, you'll find them and can get rid of them in the BartPE enviroment.

When the stealthy files have been removed, any hidden registry entries should again become visible after the rootkit has been deleted.

Clever little tool this :o

PS. maybe it's better to let the utility run in Windows first, that way you don't need to boot

into the PE enviroment twice.

Edited by friend2
Link to comment
Share on other sites

I came across a couple of nasties last week that weren't detected by Avast, and which are mostly referred to in Google by Thai and Chinese websites. I only found them because my firewall (Zone Alarm) popped up asking permission for some weird sounding programs to access the internet.

One was called AdobeR.exe (or RavMon), which downloads addware/crapware onto your computer. It has the annoying habit of copying hidden files onto removable media like flash cards, including an autorun file to make sure it gets installed next time you stick your card in somewhere else. You need to view hidden files to see it, but on the hard drive it was in c:/windows/adober.exe.

Another even more evil Chinese nasty was called iexp1ore.exe, which replaces your desktop/toolbar shortcuts to internet explorer with a link to its evil trojan self. This one redirects you to dodgy Chinese websites, maybe you have it. It was in the same folder as internet explorer.

Both were easily removed - shutdown the relevant processes in windows task manager, and delete the files. It also sets up entries in the programs/microsoft/windows/run registry area.

That reminds me; Everytime I download an attachment/file I get Chinese kanji on the download in progress toolbar, then it stops, and I cancel and download again, then it stops etc.

Is this a virus or spyware?

I have spybot and AVG and scan every day.

Any suggestions?

Edited by libya 115
Link to comment
Share on other sites

cdnvic has some good suggestions.

1) always have virus scan and malware detection running.

2) create a local user account with no administrative rights and use this logon instead your administrator logon. (this prohibits spyware and virus's from invading your entire system. It can only get into your current user hive and profile that way)

3) schedule regular scans.

4) create restore points for XP.

5) back up critical data.

Removal (back up system and registry first) (turn off system restore for xp)

1) Hijack This for (BHO's)in safe mode. Then run again under the profile you are using. (YOUR registry hive only loads at logon)

2) If you choose adaware and spybot run them both in safemode. They both catch different things. Then rerun under your logged in profile.

3) check your hosts file.

4) check your registry under (safe mode and your profile) hklm\software\microsoft\windows\currentversion\run and runonce and runonceex do the same thing under Hkeycurrentuser. Remove only files that do not belong.

5) check your startup folders under c:\documents and settings\all users\start menu\programs\startup and also under your profiles logon. Remove only items from here you don't want starting at startup.

6) Trends online scanner does a decent job on this and usually within a couple of days new threats are added in.

7) confirm you have no new services running while logged via your profile. right click my computer, manage, services and applications,services and confirm only services you want are starting. You can disable services that do not belong to test.

8) turn back on system restore.

After getting a clean system if you create a user account with minimal rights on your pc system restore will work for restoring your pc if your system gets messed up because the virus/malware will not be able to write to it.

This pretty much covers most of what the malware removers are doing.

Good luck.

Link to comment
Share on other sites

Hi all,

I have Hitman Pro installed.

Hitman Pro is sort of a batchfile that runs different anti spyware (free) progs

whenever you want it. It also has a feature called : Surfright.

With Surfright enabled you will most likely never have problems again with trojans and rootkits

or any other bad stuff again. Surfright prevents anything from installing on your pc while surfing.

When updating Windows just disable Surfright and after you are patched switch on again.

And guess what, it is a totally free program.

www.hitmanpro.com

Link to comment
Share on other sites

I have Hitman Pro installed.

Hitman Pro is sort of a batchfile that runs different anti spyware (free) progs

whenever you want it. It also has a feature called : Surfright.

With Surfright enabled you will most likely never have problems again with trojans and rootkits

or any other bad stuff again. Surfright prevents anything from installing on your pc while surfing.

When updating Windows just disable Surfright and after you are patched switch on again.

And guess what, it is a totally free program.

I thought the farang version of Hitman Pro was 10,000 baht?

Sorry, couldn't resist :o

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...