Ask Experts Questions for FREE Help !
Ask
    JohnSculpture's Avatar
    JohnSculpture Posts: 2, Reputation: 1
    New Member
     
    #1

    Feb 23, 2005, 02:22 PM
    Very difficult hacking/virus problem
    Question - Very difficult hacking/virus problem.

    My computer is suffering a lot of crashes etc, especially when on the internet.

    This is what happened... I received an e-mail said to be from paypal saying that I had been registered etc. As that wasn't true I opened it to read it. That's all I did, I didn't open any attachment. I didn't click on any logo or any part of the message. It wasn't a normal phishing attack since there was no request for information or redirection to another site. The message contained only four words and nothing else. It said "This is junk mail". I clicked to close and then tried repeatedly to delete it, using the hotmail junk mail button, but found that I couldn't. Nor could I report it to MSN as junk mail... it kept coming back. For 2 days it kept on reappearing. During that time strange things began to happen... the red light on my telephone began repeatedly flashing... I suspected a hacking-virus attack? Eventually I deleted it, but my computer was by then seriously infected.

    The symptoms are...
    I have Agnitum Outpost free edition firewall installed... all the logs were wiped out, all the prohibited and permitted sites programs etc were wiped out. So one couldn't know where the attack had come from or what it was etc.

    I have AVG free edition anti virus programme installed... I ran the programme and it reported no virus present. But since then when I run it, it cuts out after only a few files have been checked... so the virus scan is never completed. The settings have been changed? Eventually I set it to default and now it works and scans OK. But it still reports no viruses present. The possible virus may be a new one and not in the AVG virus data base? I actually updated it only a week before the attack... perhaps not up to date enough?

    I have repeatedly tried to download the new AVG updates.. but fail... after between 20 and 80% the connection is closed before the update download is completed. What is doing that?

    I have Lavasoft Ad-aware and Spybot anti spyware programmes installed and they report no infections. I have tried to download the updates but something interferes with the downloads and they fail to complete the update. Are they being "timed-out" or blocked by the virus?

    I have been to the sarc.com, the Symantic site, to get a free virus check and it reported no virus present. But I believe some type of virus is actually infecting my computer.

    When I tried recently to send a friend a file via Hotmail, their Trend anti-virus scan refused the file saying it was infected by a virus... so that's good suggestive evidence that something is amiss, definitely a virus, I think? Pity Hotmail/Trend doesn't tell you what virus it is?

    Another symptom... I have tried to install McAfee Quick Clean and I get to the stage when installation is almost complete and then a message saying "Rolling Back" appears and the whole installation goes backwards and fails to install.

    All programs and updates that I try to install, either from CD disk or from the internet, are similarly blocked or timed out before they complete. This makes it seemingly impossible to install any program or update that will detect and eliminate the virus? The virus seems to be very sophisticated at protecting itself?

    At midnight every night the computer suddenly bursts into activity and the floppy drive starts writing even if no disc is installed, probably other writing activity on the hard drive is also occurring? When I put a floppy disc in to see what was being written it reported zero bytes etc. Yet something substantial was there I am sure, and the message "access denied" appeared. Suddenly the floppy disc started to read and the computer seemed to be infected all over again. Crunching noises were heard inside the tower and since then I often get "out of memory" messages when I can't possibly be out of memory. Has some memory been damaged or taken out of use? At boot-up the Windows 98 memory test reports memory OK at 64Mb. But other snap shots of the memory state using Lavasoft suggest that it is less than a tenth of what it should be. Can I simply take out the old memory and slot in some new? Or is the problem in the Motherboard or elsewhere? What were those crunching noises heard?

    At dial-up connection to the internet the message " verifying user name and password" occurs twice. I thought it only occurred once before the hacking/virus attack. Is that sinister or meaningful?

    In C:-Windows-Temp there are two temp files that are access denied and impossible to delete. Why should any temp file be access denied? Is this sinister or meaningful or normal?

    My computer is Pentium II 64MB Ram using Windows 98. Should I write it off, and buy a new more up to date tower? That's the easy solution but it gives in to the virus creator... and I would like to win the battle and get rid of it, if possible?

    The moral of this story is... never even open and just simply read any e-mail that you were not expecting. Viruses-hackers no longer have to use e-mail attachments to penetrate your computer... a simple e-mail alone seems now to be sufficient.

    Hoping someone can help me determine exactly what is going on... virus or hacking or both? How can a virus be removed that protects itself by preventing updates and program downloads?

    Thanks... John
    traka's Avatar
    traka Posts: 50, Reputation: 1
    Junior Member
     
    #2

    Feb 23, 2005, 07:03 PM
    Your symptom sound very familiar to what once I had, and it was Win98.
    You have a tojan and at times the manipulator of the trojan may control your updates so it will not be detected. That's what happened to me.
    Quick way out if you insist on Win98, Format C: and re-install.
    This means back-up all the files and if you do, then again some may be infected so this defeats the purpose.
    I am not expert, but I know what it is like to be hacked I had to learn as I went.

    OK, Format C: and re-install is the quick way, can be done in a mater of hours.

    The time consuming way, is to start at registry.
    Klik Start/Run <Type> Regedit
    Look for : Software/Microsoft/Windows/CurrentVersion/Run
    Klim on Run and in there you will see what "Runs" when you PC starts up.
    Delete the key you are not familiar with. Do not delete anything else.
    But write down what you delete, all relevant program looking names, and then do a search. If those programs look familiar, then delete.
    Make sure your are off-line, so if it is a hacker then you are not hindered
    Keep looking in your PC for file names you are not familiar with.
    Later I will do a search where I read this ( long time ago), but it came from a site called Lockdown2000. In that site somewhere are more precise instructions but I have not been there for ages.
    Hope this helps
    psi42's Avatar
    psi42 Posts: 599, Reputation: 13
    Senior Member
     
    #3

    Feb 23, 2005, 07:58 PM
    It does appear your system has been compromised. I can't tell you whether you've just been hit by an automated virus or whether another human is actively using your computer for other purposes. (But I see little reason for an automated virus to wipe firewall logs, that would only draw attention to its existence). You say there is excessive activity at midnight; is the computer online when this happens?

    I would say at this point you should just reinstall windows . You don't need to buy any new hardware, just reinstall the OS, being sure to wipe your filesystem out and recreate it. If you've been compromised, you can never trust any binaries on the system. Using a "rootkit," running processes can be hidden, and the system can be made to appear completely normal. Obviously whatever hit your system was either very stupid, has serious computing power needs, or believes secrecy is really superfluous in this case. I'd opt for "stupid."

    Try scanning with:
    http://www.sysinternals.com/ntw2k/fr...itreveal.shtml

    Seriously, reinstall. If you want, clone the disk using a block-by-block copier after you have booted from a known clean CDROM, and then you can examine it later if you really want to know what your system was up to. There's a lot you can do to try and figure out what is going on -- a bit of very amateur computer forensics, but that doesn't seem to interest many people. :)


    Unless you want to take legal action againt any possible human invaders, or you want to figure out what's been going on, I'd say your best option is just to wipe the disk and reinstall windows (from behind a hardware firewall)...

    Good luck,
    ~psi42
    traka's Avatar
    traka Posts: 50, Reputation: 1
    Junior Member
     
    #4

    Feb 24, 2005, 04:29 AM
    More info
    Essential reading and testing.

    http://hacker-eliminator.com/hackertricks.html
    fredg's Avatar
    fredg Posts: 4,928, Reputation: 674
    Ultra Member
     
    #5

    Feb 24, 2005, 07:01 AM
    Big security problems
    Hi,
    Before you re-install your complete operating system, depending on how much time you have for all this, you might want to try the following suggestions:
    First, get rid of AVG.
    Then, download/install AVAST, if you want a good, free, Antivirus Program from:

    http://www.download.com/Avast-Home-E...ml?tag=lst-0-3

    Then, run the scan in Safe Mode, a couple of times.

    After that, follow these steps:

    If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

    http://www.security-related.com/download2.htm
    Download: SpyBot Search & Destroy; 1.3

    AdAware at:
    http://www.lavasoftusa.com
    Download: AdAware_SE

    CWShredder at:
    http://www.intermute.com/products/cwshredder.html
    (CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder".

    All 3 of the above programs run better and much faster when run in SafeMode.

    To get into SafeMode:
    Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
    When the options show on the screen, use the up and down arrow keys on the keyboard to select
    "Safe Mode".
    Press Enter

    It's best to run the AdAware scan first; 3 times; then re-boot.
    Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
    Re- Boot.
    Reason for running so many times:
    Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
    Running multiple times deletes most of it the first
    Time.

    If you wish to have a great program, after you clean out Spyware/Advertising Ware:
    SpyWare Blaster 3.2
    Great, free, program that STOPS spyware, trojans, home page hijacks, etc, BEFORE they get into your computer. Check it out at CNET at link:

    http://www.download.com/SpywareBlast...ml?tag=lst-0-2

    The above might save you from having to re-install the operating system, but am not sure.
    Best of luck,
    fredg
    JohnSculpture's Avatar
    JohnSculpture Posts: 2, Reputation: 1
    New Member
     
    #6

    Dec 6, 2005, 04:24 PM
    Feedback
    Sorry to be so long in giving feedback to the experts who gave their good advice.
    I have now solved the problem. It was an auto trojan hacker, called Alexa.

    To Traka I didnít have to reformat the C drive.
    I did investigate registry as you suggested but found nothing there.
    I read hacker-eliminator hacker tricks and it was interesting but not
    Able to solve the problem. Thanks.

    To psi42 I did try to download the sysinternals kitreveal as you suggested but
    Was not able to do so. You need Windows Millennium or higher to do so, and
    They had nothing for Windows 98, so I couldnít follow your suggestion any further.
    Yes you were right I didnít want to sue the hacker, why?. only
    The lawyers seem to benefit from legal action. Thanks.

    To Fredg You were brilliant, you solved it. I did exactly as you said, downloaded the Avast antivirus programme and the latest version of Lavasoft Ad-aware etc,
    Ran it all in safe mode 3 times, etc... and it found Alexa and eliminated it.
    Thanks a million.

    To Mallardmaniac no thanks. An eye for an eye is simply not ethical.
    Do unto others as you would them do unto you?

    John Sculpture

Not your question? Ask your question View similar questions

 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

Difficult Question? [ 4 Answers ]

I`ve put some serious information together in that I find science, Mathematics Religion and spirituality have been manipulated. This has far reaching effects on what governments are trying to sell us as "New Technology". The basis of which is non-lethal weapon systems and mind control. Despite...

Virus/trojan problem [ 10 Answers ]

Hi , Got a problem getting rid of Elitum.EliteBar I've got the removal tool ran it in safe turned of system restore Ran ccleaner and window washer but it keeps regenarating itself Spybot s&d found it I saw the manual removal instructions but they aren't very clear Any ideas how to purge...

Anti virus disable, is is a virus? [ 1 Answers ]

I was running AVG atni-virus, and it just stopped working... it would start to scan then completely close out, so I deleted it off my computer and re installed it I had the same problem so I got norton and I had the same problem. †so I'm guessing I have something on my computer that's turning them...

Difficult shopping for shorts [ 1 Answers ]

Hi. I'm a 16-year-old girl who has to go buy shorts this summer due to the location of a summer camp. I don't usually wear shorts, though; I have short legs with large, muscly calfs and big thighs I'm not proud of showing off. (I'm 5'3" and about 130 lbs.) But when I am coerced to buy shorts,...

Difficult surfing [ 6 Answers ]

I want to know what would cause this problem: I log on to the internet, and surf around for about 15min to 1/2 hour, everything is very, though a little slow. Then I start getting "page not found errors" and other similar errors for sites that I know exist, though I know I am still logged on. ...


View more questions Search