how-to block ads
|
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to goblinxxx
Re: hjt log for joker
Your system may be being used as a relay site for porn. As one or more of the items you need to remove is apparently a backdoor application which can allow attackers to access your computer, that means your system is completely compromised and they can also steal passwords and personal data. I highly recommend that from a clean, uninfected system you immediately change all the passwords on any systems you access from this system. If you do any on-line banking, or store any financial information on this system, you should immediately call your financial institution and advise them of the situation so you can secure your accounts.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:
How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.
If you have a virut infection as suggested by ComboFix, the system is not salvageable. The virus will infect every executable and dll file in the system, and corrupt many of them leaving you with corrupt files that will not run when they are disinfected. You can read more about the infection and what it does, along with why a system infected with it is a lost cause for recovery:
»miekiemoes.blogspot.com/2009/02/···ing.html
I suggest you backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This is because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.
When you install, since you will be installing from scratch, you need to be certain you delete the previous installation rather than do a Repair installation.
If you want to continue further we can see what we can do, but the best recommendation would be to save your data and reinstall Windows.
Another option, since I see you have an Acronis backup program (apparently a version written for Maxtor), if the software had the capability (I'm not familiar with the Maxtor version), would be to boot from a restore disc and restore the system if you have a good backup set available. If your backups are on an attached USB drive, however, there is also the possibility that they could be infected as well, but it would be worth a try.
If you decide to reinstall, I can give you a good set of instructions for that.
Let me know what you decide to do.
--
Proud ASAP member since 2005 | |
goblinxxx
join:2009-06-15
| hello joker
ive decided to reinstall the operating system so could you please send me the instructions to do so thanks, if it looks to complicated i will get the computer shop to do so.
i have a few questions i hope you can help me with
1)what does it mean when you say my system is being used for a relay site for porn? is it possible to trace who is doing this?
2)im pretty sure that i have had this trojan for quiet some time now, and have you any idea why my security mcafee hasnt managed to find it, is there any security out there that can stop things like this?
3)do you have any ideas how this could have got on my system?
4)i have some poker sites on my computer such as pokerstars fulltilt,as i play poker for a living, is it possible that these are infected and if i delete them, then download them again could they be infected after i have restored the operating system?
5)i have something called face on body also, i clicked on the properties of this and it said it was an .exe file could this be infected as i dont want to delete then download it again if theres any chance that this could be infected.
6)is it possible that websites i visit such as youtube, facebook, and my email could be compromised? what should i do about this would it be better for me to just set up new accounts with these?
7)is it possible that some jpeg pictures i have saved to disc are carrying the virut trojan? should i just delete these discs?
8)i have had to reinstall the operating system 2 or 3 times before because of this and each time the virut or the hacker keep coming back what would you recommend is the best course of action to stop this permanantly?
9)i asked before about changing my ip adress i have a router supplied by my isp who is british telecom, i really need to know how and what would be the best way to change my ip address because once a hacker has my ip address can he not keep trying to hack into my computer from this and therefore if it is changed they wont be able to do this anymore?
10)is it possible that with my system being infected i have passed this virus onto someone else through an application such as skype or facebook, i have to ask these questions joker as im a complete novice on a computer.
11) did you notice anything else on my computer that shouldnt have been there when you analysed the log files?
once again joker i thankyou for your assistance | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| quote:
1)what does it mean when you say my system is being used for a relay site for porn?
If someone is uploading porn to your system, it's probably to make it available for others to download. The same thing is sometimes done with Pirated software, where it's uploaded to an unsuspecting infected user, and it's there for others to download using your bandwidth to do it instead of theirs.
quote:
is it possible to trace who is doing this?
Not really.
quote:
2)im pretty sure that i have had this trojan for quiet some time now, and have you any idea why my security mcafee hasnt managed to find it, is there any security out there that can stop things like this?
No security software will progect you from everything, and many security suites are compromises, and often larger than need be because they try to provide every function possible, often simply to compete with another company's feature. I would recommend a good antivirus program, a good software firewall, and a good anti-malware program.
quote:
4)i have some poker sites on my computer such as pokerstars fulltilt,as i play poker for a living, is it possible that these are infected and if i delete them, then download them again could they be infected after i have restored the operating system?
PartyPoker was always listed as a possible threat, although I don't know the specific reason. The best advice I could give would be to refer you to this older post at SWI:
»www.spywareinfoforum.com/index.p···ic=78252
quote:
5)i have something called face on body also, i clicked on the properties of this and it said it was an .exe file could this be infected as i dont want to delete then download it again if theres any chance that this could be infected.
I found these:
I'm not familiar with either, but a quick search didn't find anything that stuck out. Neither one, however, had a privacy statement on their web site that I noticed, and I would be concerned about that.
quote:
6)is it possible that websites i visit such as youtube, facebook, and my email could be compromised? what should i do about this would it be better for me to just set up new accounts with these?
Your accounts there are likely fine, just change your passwords from a clean, uninfected system. Social networking sites, however, are highly targets by criminals that want to infect your system, and they should never be placed in the Trusted Zone. Infected graphics is often a problem at those sites, where a graphic or video won't display, and you get a message that you need to download a new CODEC to view it, and that's often what infects you.
quote:
7)is it possible that some jpeg pictures i have saved to disc are carrying the virut trojan? should i just delete these discs?
You would probably be more likely to find infected video/audio files, but a jpeg can be infected. I would not reinstall any files without scanning the discs throuroughly.
quote:
8)i have had to reinstall the operating system 2 or 3 times before because of this and each time the virut or the hacker keep coming back what would you recommend is the best course of action to stop this permanantly?
Install a good, up-to-date virus scaner and a good firewall, and not reinstall anything without scanning it carefully. Since this has happened before, I would take the time sys sytematically scan all your discs if you can, as you may have something that is infected on them. Include your flash/USB drives. They are a common source of infection, and you should have autoplay/autorun turned off. You can do that with MS PowerTools, and Panda has utilities for that:
»research.pandasecurity.com/archi···ine.aspx
Also, be careful where you surf. If you surf risky sites, you are more likely to get infected. Pirated software sites can infect you without even having downloaded anything. P2P software is a problem, because while the program itself may be clean, the networks themselves are often riddled with malware.
quote:
9)i asked before about changing my ip adress i have a router supplied by my isp who is british telecom, i really need to know how and what would be the best way to change my ip address because once a hacker has my ip address can he not keep trying to hack into my computer from this and therefore if it is changed they wont be able to do this anymore?
A properly configured NAT router itself should reject any communications attempts that did not originate from your system. With that, and a good software firewall and antivirus, that will provide a good deal of protection. I would also recommend a good anti-malware program like Malwarebytes' Anti-Malware. In your case with previous infections, I would recommend the paid version for real-time protection. For an antivirus program, If you were looking for a free program, I'd recommend Avira AntiVir PersonalEdition Classic available at http://www.free-av.com. Kaspersky is also excellent, but it not free. Both are excellent scanners. Two excellent free firewalls are Outpost Firewall Free or Online Armor Free. Either one would be a good choice. There is a tutorial on understanding firewalls at »www.bleepingcomputer.com/forums/···l60.html and a tutorial for Outpost Free at »www.outpostfirewall.com/forum/sh···st179658. I would also recommend SpywareBlaster, and a good HOSTS file like MVPS HOSTS File.
quote:
10)is it possible that with my system being infected i have passed this virus onto someone else through an application such as skype or facebook
I doubt it, but it's not impossible. The thing to watch out for there is social engineering, someone trying to get you to download something, or click a link. Be wary of where you click, and if you weren't expecting something from someone, don't click on it or open it.
Since you have decided to reformat and reinstall, if you have a backup program, you should backup your data before starting the new Windows installation. You don't need to backup program files, just backup your data. The programs can be reinstalled later. I would save your data to CD/DVD or an external device such as an external USB drive, but if you use a USB drive, be sure you have Autoplay and Autorun turned off.
When you install, since you will be installing from scratch, you need to be certain you delete the previous installation rather than do a Repair installation.
There is an excellent set of instructions at the below link complete with screenshots of what to expect at each step.
http://www.michaelstevenstech.com/cleanxpinstall.html#steps
You should print out those instructions before proceeding.
Have the installation discs or a saved install file handy for your antivirus and firewall.
Disconnect from the Internet before proceeding with the installation (pull your connection cable).
When you get to step 10b, choose to delete the partition by pressing "D". You will then be prompted to create a new partition in the empty space. This will remove all data from the deleted space.
After you reinstall Windows:
- Install your Antivirus.
- Install your Firewall.
- Reconnect to the Internet.
- Update your AntiVirus.
- Go to Windows Update and install SP3 and ALL critical updates.
Keep your other software updated. Many updates you find for software such as Adobe Reader, Java, Adobe Flash, are often to address vulnerabilities, and if a site says you need a newer version of a program like Adobe Reader or Flash to view something, don't do it. Go back to the author's site (like adobe.com) and obtain the current version. Some of those update notices on some sites, often from ads, are really attempts to infect you.
That was a lot. Any other questions?
--
Proud ASAP member since 2005 | |
goblinxxx
join:2009-06-15
| just a couple more joker my computer has a number paul f074 etc can this number be changed as the hacker will have this number.
ive copied maleware bytes and spybot to cd and mcafee but what i cant workout is when i load the cd back up how do i put macafee back onto my desktop or system tray so i can just click on it and it will start scanning? i need to do this dont i as you said i shouldnt go back online before these components are reinstalled after the reinstallation of the operating system,if this cant be done i will have to go online wont i to do this? once again many many thanks for your help joker. | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| quote:
my computer has a number paul f074 etc can this number be changed as the hacker will have this number.
I don't understand what you mean this number is. If you have a software firewall installed,
quote:
ive copied maleware bytes and spybot to cd and mcafee but what i cant workout is when i load the cd back up how do i put macafee back onto my desktop or system tray so i can just click on it and it will start scanning?
After you reinstall Windows, simply insert the CD and copy the install file for those two programs (that you wrote to the CD) to the Desktop, and double-click on them to start the installer. After they are installed, it will be safe to go back online and update everything.
--
Proud ASAP member since 2005 | |
-
|
