AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Notices

Reply
 
Thread Tools
Old 2008-04-24, 02:06   Link #21
The Bloodlust Kid
Needs a better screenname
 
 
Join Date: Dec 2005
Age: 26
Send a message via AIM to The Bloodlust Kid
Freezing, yes.

Speaking of which, I found an hldrrr.exe running in the processes. Is it possible that it's involved somehow? Guess I should just nuke the HD then right?
The Bloodlust Kid is offline   Reply With Quote
Old 2008-04-24, 03:16   Link #22
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
According to Bleeping Computer that's a viral program, and it's placed by Troj/BagleDl-BR. I don't know what malware you have but someone seems to have speculated that a rootkit is involved. If that's true, all bets are off - a regular virus scanner can't deal with that. Rootkits are nasty business.

This site has some steps you can follow to remove them. Note that the author seems to have done his edits by booting into Linux and then editing his registry files from there - you can download and run Linux without installing it to your hard drive (use a distribution like Knoppix, you'll need a spare CD-R). I can't guide you with how to operate from Linux, however. If you've been infected with a newer version of the virus it may not work successfully, either.

Someone on that site suggested using ComboFix as a method of removing this malware; two people from that blog seem to say that it worked. The instructions seem rather daunting, but it may be a bit easier than the Linux method. Try it out if you're up for it.

I hate to suggest this except as an absolute last resort, but if it wouldn't be too much effort, back up all of your data files and important program files and settings. Format the drive and reinstall Windows. I hate to suggest that, but given the experiences I've read about this sounds like a rather nasty infection. Rootkits are a really nasty business. I'm sorry that this happened to you; in the future, be extremely vigilant about keeping a tight firewall and updated virus scanner. They won't protect you 100% of the time, of course - you'll need to be careful about what you open and who you allow to use your computer.

Let us know how things go. If you go the Linux route, some of us here can give you guided instructions for how to access Windows from it. Good luck!
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-24, 17:49   Link #23
SkyFuser
HijackThis Junior
 
 
Join Date: Apr 2008
BleepingComputer is my virtual reality home
And ComboFix is VERY VERY VERY -continues for 5 minutes- VERY VERY powerful. I've seen people's computer need reinstallation because ComboFix completely disinfected most of their system (which caused some system files that were too infected to recover or repair) and screwed up BIOS and such. Only use it if you're either really reckless, are under EXPERT supervision, or really really desperate..
HijackThis is also a convenient way to see anything suspicious in your system. I've self-taught myself how to use it from tutorials, trying a few practice ones, and following ones in BC. If you like, I can help you diagnose.
Btw, Dani, the site you gave is pretty outdated. HijackThis wasn't even mentioned to be upgraded to 2.0.2.
I don't recommend you download any malware removers if you're out of hard space. Chances are, if you have a rootkit you won't be able to use it anyways. Try online scans, I always liked a-squared and Kaspersky although Kaspersky won't remove anything whlie a-squared will. Of course, I'm assuming that you can't use the internet.
AND WHY DO YOU HAVE NO FIREWALL?! That's as smart as telling your mom "Mom I didn't eat any cookies so don't check okay?" as a way to hide the fact that you ate cookies.
Oh yah, try Network Diagnostic. Their diagnostic log is annoying but might provide some insight as to the problem.
__________________
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
SkyFuser is offline   Reply With Quote
Old 2008-04-24, 18:46   Link #24
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Screwed up the BIOS? I'm doubtful. You always run the risk of having an unstable/unworkable OS when you're trying to clean a virus that has entrenched itself deep within the system and modified too many crucial files, but for a program to touch the BIOS?
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-24, 18:53   Link #25
SkyFuser
HijackThis Junior
 
 
Join Date: Apr 2008
Yep, the BIOS.
From what the HJT Team member said, the viral infection compromised too much of the system, and ComboFix deleted/modified certain critical things. I forgot which they were, I think they were .ini or .com files.
But those are very rare cases, like 1%....
__________________
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
SkyFuser is offline   Reply With Quote
Old 2008-04-24, 20:47   Link #26
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
ini and com files have nothing to do with the BIOS. The BIOS is completely separate from your OS - it's essentially built into the hardware. It's at the very base level and controls basic hardware parameters; when the system powers on, even before the OS has loaded, the BIOS is there (note that EFI is the next advancement and will likely eventually fully replace BIOS). It's possible to modify the BIOS but that requires flashing it. If the BIOS gets screwed, you've bricked your motherboard - that is, it's completely unusable. What you're referring to is deleting files critical to the operating system; reinstalling the OS or even installing it from scratch will fix that. That's a risk that has to be taken if you're infected and want to clean your system, and I don't advocate getting comfortable with the idea of using a compromised system.
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-25, 17:22   Link #27
SkyFuser
HijackThis Junior
 
 
Join Date: Apr 2008
Well, just repeating from what I heard :\ No guanrantee that it's accurate, sorry. I guess I'll go read up on it later.
So Bloodlust, how's the computer?
__________________
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
SkyFuser is offline   Reply With Quote
Old 2008-04-25, 19:05   Link #28
The Bloodlust Kid
Needs a better screenname
 
 
Join Date: Dec 2005
Age: 26
Send a message via AIM to The Bloodlust Kid
I didn't have a Firewall intact because Ronald Reagan came out of nowehere and said "Tear down this wall!". But seriously it's because I thought it was already on.

I'm not skeptical on whether or not to use ComboFix based on both of your comments.

And most importantly.

I got Spybot installed, problem is it won't load up. Click on the icon, nothing.

Same thing happened to my sister's computer despite the fact that her version worked before.

Last edited by The Bloodlust Kid; 2008-04-25 at 23:42.
The Bloodlust Kid is offline   Reply With Quote
Old 2008-04-25, 19:51   Link #29
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
The Bloodlust Kid, you're infected with something particularly nasty that isn't easy to clean. If anti-spyware and anti-virus programs aren't working, the virus has a lot of control over your system. If your sister's computer is acting up and you have your systems both networked (connected through the same router) it's very possible that her system became infected from yours.

You have two options: back up your personal data and attempt repairs, or back up your personal data and reformat (start from scratch, essentially). In the event that the repairs fail and screw your operating system up, you're not losing anything - reinstalling the operating system was what you would have done in a worst-case scenario regardless.

SkyFuser's comments were correct in stating that using ComboFix (or any other repair method) may render your operating system unusable. When you're trying to clean a virus that has modified a lot of critical system files, that's the risk you run. However his remarks about the BIOS are incorrect; a quick Google on the issue reveals that people who "can't boot their computer" have problems with their operating system, but no trouble with the BIOS. This will not damage your computer's hardware, only potentially the software. That is reversible.

Do not let the virus sit idle on your system. I don't know the behavior of this virus, but there's a good chance that it's seeking out other unprotected systems and attempting to infect them, or that it's sending out spam emails - possibly both. Even though you're not directly doing anything, negligence to take care of the problem is potentially causing problems to other people. We're all users of the internet - we have a responsibility to each other to keep it clean, although a lot of people don't take it seriously. Don't enter sensitive information like credit card numbers or bank account information on your system while it's infected, either, as the virus may be stealing that information.

Spend a day or two going over your important files and backing them up. When you're confident that you have everything that matters to you, attempt repairs. If you want to skip the effort of repairs, boot from your Windows XP CD, format your current install, and then install Windows to it again. Do not simply "reinstall" Windows, as the virus will still be there - you must delete your current Windows installation.

We can also suggest some free security software and measures to prevent this from happening again. Note that if you're going to install Windows from scratch it is highly advisable that you have the security software available. Don't connect a fresh install of Windows to the internet (or even to other computers) without security software running. Researchers have found that a new install without security software can be infected within eight minutes of simply going online. That's faster than the time it'll take you to patch your new install. It sounds daunting, but it's not too hard to safeguard against it.
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-25, 21:48   Link #30
The Bloodlust Kid
Needs a better screenname
 
 
Join Date: Dec 2005
Age: 26
Send a message via AIM to The Bloodlust Kid
Quote:
Originally Posted by Ledgem View Post
The Bloodlust Kid, you're infected with something particularly nasty that isn't easy to clean. If anti-spyware and anti-virus programs aren't working, the virus has a lot of control over your system. If your sister's computer is acting up and you have your systems both networked (connected through the same router) it's very possible that her system became infected from yours.

You have two options: back up your personal data and attempt repairs, or back up your personal data and reformat (start from scratch, essentially). In the event that the repairs fail and screw your operating system up, you're not losing anything - reinstalling the operating system was what you would have done in a worst-case scenario regardless.

SkyFuser's comments were correct in stating that using ComboFix (or any other repair method) may render your operating system unusable. When you're trying to clean a virus that has modified a lot of critical system files, that's the risk you run. However his remarks about the BIOS are incorrect; a quick Google on the issue reveals that people who "can't boot their computer" have problems with their operating system, but no trouble with the BIOS. This will not damage your computer's hardware, only potentially the software. That is reversible.

Do not let the virus sit idle on your system. I don't know the behavior of this virus, but there's a good chance that it's seeking out other unprotected systems and attempting to infect them, or that it's sending out spam emails - possibly both. Even though you're not directly doing anything, negligence to take care of the problem is potentially causing problems to other people. We're all users of the internet - we have a responsibility to each other to keep it clean, although a lot of people don't take it seriously. Don't enter sensitive information like credit card numbers or bank account information on your system while it's infected, either, as the virus may be stealing that information.

Spend a day or two going over your important files and backing them up. When you're confident that you have everything that matters to you, attempt repairs. If you want to skip the effort of repairs, boot from your Windows XP CD, format your current install, and then install Windows to it again. Do not simply "reinstall" Windows, as the virus will still be there - you must delete your current Windows installation.

We can also suggest some free security software and measures to prevent this from happening again. Note that if you're going to install Windows from scratch it is highly advisable that you have the security software available. Don't connect a fresh install of Windows to the internet (or even to other computers) without security software running. Researchers have found that a new install without security software can be infected within eight minutes of simply going online. That's faster than the time it'll take you to patch your new install. It sounds daunting, but it's not too hard to safeguard against it.
Alright then, it's going to take a while and from what you said should I just disconnect both my computers?

I'll take that list of programs if you will.

Also: My sister's comp is in horrible condition. She's getting nothing but popups and one for porn just opened when my mom came by. :facepalm:
The Bloodlust Kid is offline   Reply With Quote
Old 2008-04-26, 00:27   Link #31
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Quote:
Originally Posted by The Bloodlust Kid View Post
Alright then, it's going to take a while and from what you said should I just disconnect both my computers?

I'll take that list of programs if you will.

Also: My sister's comp is in horrible condition. She's getting nothing but popups and one for porn just opened when my mom came by. :facepalm:
An unprotected computer is liable to be infected from the internet. Once it's infected, computers on the same network will probably be some of the first targets for infection. If your computer and your sister's computer are behind the same router, they're on the same network. If either of your systems had some strict protection you wouldn't necessarily be infected, but you'd still be at high risk.

A firewall is the most crucial piece of software for preventing infections that you have no real control over. SkyFuser and I both recommend Comodo Firewall. Download this ahead of time and either burn it to a CD, put it on an external hard drive; basically have the installer ready. If and when you reinstall Windows, this will be one of the first things you install.

If you've never used a firewall like this, be smart about it. It'll inform you that certain programs are trying to access the internet or that something is trying to access your computer. If you've opened a web browser, of course you'd expect it to try and connect to the internet - allow it, and you can tell the firewall to always allow it. However, if there's suddenly some system process that is receiving contact from some weird internet address, deny it. You don't need to know what each process is or corresponds to, but you should be aware of what's going on with your computer. When in doubt, I generally deny the connection. If it's something essential you'll notice programs misbehaving (like a webpage not loading), and then you'll know that the connection is legit and can be allowed safely. Over time program and process names will become more familiar to you; if you see something strange, you'll know that it may be a malicious program. You can also use the firewall to make certain programs more secure. For example, occasionally Microsoft Word wants to access the internet. There's generally no good reason for it to access the internet, so I block its connections. It's made a bit more secure by that action. It may sound complex, and getting used to it can feel like a bit of a pain, but as the firewall learns what's OK and what isn't things get much easier.

As for a virus scanner, people seem to be recommending Avast (also free). Let that be the second thing you install. Once the firewall and virus scanner are installed, you're ready to connect to the internet. The first thing you should do is patch your system. Go to Windows Update in Internet Explorer to force updates quickly. Now you're pretty secure; make sure that you don't use Internet Explorer as your default browser, and be careful about what you download and execute. Keep your system updated, and you should be fine.

It sounds like your sister's computer is infected with spyware if there are popups all over the place. I wouldn't be surprised if her system is infected with a virus, either. Once you've secured your own system you may want to see if she'll let you secure hers. Spyware isn't as malicious as viruses, but it can screw up your system pretty nicely on its own (and cause a loss of performance). To deal with spyware I recommend using Spybot S&D and Ad-Aware. Both are free. I rank anti-spyware software as the third most important security software type, with the firewall being first and the virus scanner being second. Run scans every now and then, but pay more attention to keeping your firewall and virus scanner updated and in good shape.

If you need any other guidance or advice, we're here for you.
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-26, 02:41   Link #32
SkyFuser
HijackThis Junior
 
 
Join Date: Apr 2008
Quote:
Originally Posted by The Bloodlust Kid View Post
I didn't have a Firewall intact because Ronald Reagan came out of nowehere and said "Tear down this wall!". But seriously it's because I thought it was already on.

I'm not skeptical on whether or not to use ComboFix based on both of your comments.

And most importantly.

I got Spybot installed, problem is it won't load up. Click on the icon, nothing.

Same thing happened to my sister's computer despite the fact that her version worked before.
I don't get why Ronald Reagan, but uhhh ok
Version...1.5.1 I think had horrible loading time. 1.5.2 is way faster and it even has an anti-rootkit plugin.

Quote:
Originally Posted by Ledgem View Post
The Bloodlust Kid, you're infected with something particularly nasty that isn't easy to clean. If anti-spyware and anti-virus programs aren't working, the virus has a lot of control over your system. If your sister's computer is acting up and you have your systems both networked (connected through the same router) it's very possible that her system became infected from yours.

You have two options: back up your personal data and attempt repairs, or back up your personal data and reformat (start from scratch, essentially). In the event that the repairs fail and screw your operating system up, you're not losing anything - reinstalling the operating system was what you would have done in a worst-case scenario regardless.

SkyFuser's comments were correct in stating that using ComboFix (or any other repair method) may render your operating system unusable. When you're trying to clean a virus that has modified a lot of critical system files, that's the risk you run. However his remarks about the BIOS are incorrect; a quick Google on the issue reveals that people who "can't boot their computer" have problems with their operating system, but no trouble with the BIOS. This will not damage your computer's hardware, only potentially the software. That is reversible.

Do not let the virus sit idle on your system. I don't know the behavior of this virus, but there's a good chance that it's seeking out other unprotected systems and attempting to infect them, or that it's sending out spam emails - possibly both. Even though you're not directly doing anything, negligence to take care of the problem is potentially causing problems to other people. We're all users of the internet - we have a responsibility to each other to keep it clean, although a lot of people don't take it seriously. Don't enter sensitive information like credit card numbers or bank account information on your system while it's infected, either, as the virus may be stealing that information.

Spend a day or two going over your important files and backing them up. When you're confident that you have everything that matters to you, attempt repairs. If you want to skip the effort of repairs, boot from your Windows XP CD, format your current install, and then install Windows to it again. Do not simply "reinstall" Windows, as the virus will still be there - you must delete your current Windows installation.

We can also suggest some free security software and measures to prevent this from happening again. Note that if you're going to install Windows from scratch it is highly advisable that you have the security software available. Don't connect a fresh install of Windows to the internet (or even to other computers) without security software running. Researchers have found that a new install without security software can be infected within eight minutes of simply going online. That's faster than the time it'll take you to patch your new install. It sounds daunting, but it's not too hard to safeguard against it.
I was always under the impression that a complete hard disc reformat wipred out EVERYTHING - including the infections.
AdAware and Spybot are long outdated, although Spybot is still really good. The problem is that they're not efficient at plushing out infections on a reliable basis.
I also second Ledgem's recommendation of Avast, although there seems to be a glitch where the Explorer's taskbar and scrollboxes go wonky. <-- It did on mine and ~30% of other computers. It's a great choice if the glitch doesn't get on your computer. Avira Antivirus has probably the highest detection rate, although there's too many nag screens.
As for rootkits, I'm pretty sure Comodo's D+ has some ability against it.
If all else fails post a HijackThis log. It'll at least bring to light exactly what the problem is.
__________________
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
SkyFuser is offline   Reply With Quote
Old 2008-04-26, 02:48   Link #33
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Quote:
Originally Posted by SkyFuser View Post
I was always under the impression that a complete hard disc reformat wipred out EVERYTHING - including the infections.
Yes. The format will simply erase all of the data on that partition - it doesn't distinguish between personal data, programs, OS, viruses, anything.

Quote:
AdAware and Spybot are long outdated, although Spybot is still really good. The problem is that they're not efficient at plushing out infections on a reliable basis.
I used them without any problem for quite a while, but I'll admit that I haven't been keeping up with newer anti-spyware programs. I also don't go around downloading and installing a lot of random programs, so my overall spyware risk is low. It's OK to have multiple spyware programs because they generally don't run in the background, and thus they won't conflict with each other. However, be very careful - there are a lot of spyware programs that go around calling themselves spyware scanners. It's a scam of sorts, where the psuedo-scanner will let you scan for threats, it will find some, and then it'll ask you to pay for the full version to clean them. In some cases, the threats are spyware placed by the program itself. The internet has become a dangerous place for Windows users, and I'd imagine that we Mac OS X users are next.
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-26, 02:54   Link #34
SkyFuser
HijackThis Junior
 
 
Join Date: Apr 2008
IMO, AdAware is just plain bad. I have used it before and it detected NOTHING. That's... pretty bad considering I had 2 trojans and 3 spyware, all which were very common infections...
Spybot checks for the installed program using "fingerprinting." While it's effective for finding specifix rogue programs, on a long-term basis the method is too specific to offer adequate enough protection.
__________________
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
SkyFuser is offline   Reply With Quote
Old 2008-04-30, 01:36   Link #35
The Bloodlust Kid
Needs a better screenname
 
 
Join Date: Dec 2005
Age: 26
Send a message via AIM to The Bloodlust Kid
Just managed to get Spybot running and I found all this:

-AdRevolver
-Bookmark Express
-BurstMedia
-CasaleMedia
-DoubleClick
-FastClick
-Hitbox
-Mediaplex
-Microsoft.WindowsSecurityCenter_disabled
-Statcounter
-WebTrends live
-Win32.Agent.bgy
-Win32.Bagle.hi
-Zedo

Goddamn.

EDIT: I think I found the true culprit:
http://www.geekstogo.com/forum/Cant-...ct-t88749.html
The Bloodlust Kid is offline   Reply With Quote
Old 2008-04-30, 01:40   Link #36
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
The majority of those don't matter, because they're probably just cookies. Those aren't a threat to your system, but they're a minor threat to your privacy compared to what else is out there.

Quote:
Originally Posted by The Bloodlust Kid View Post
-AdRevolver
-Bookmark Express
-BurstMedia
-CasaleMedia
-DoubleClick
-FastClick
-Hitbox
-Mediaplex
-Microsoft.WindowsSecurityCenter_disabled
-Statcounter
-WebTrends live
-Win32.Agent.bgy
-Win32.Bagle.hi

-Zedo
Those are particularly worrying. Normal spyware generally won't intentionally try to mess up your system or fight to keep itself there, but those two in red are viruses and will do that. It seems that you have a lot of junk on your system aside from those two as well, though.
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-30, 01:44   Link #37
The Bloodlust Kid
Needs a better screenname
 
 
Join Date: Dec 2005
Age: 26
Send a message via AIM to The Bloodlust Kid
I see, I was a bit late with my edit but can you tell me more about slirsredirect?
The Bloodlust Kid is offline   Reply With Quote
Old 2008-04-30, 02:28   Link #38
Ledgem
Love Yourself
 
 
Join Date: Mar 2003
Location: Northeast USA
Age: 28
Quote:
Originally Posted by The Bloodlust Kid View Post
I see, I was a bit late with my edit but can you tell me more about slirsredirect?
slirsredirect doesn't seem to be anything bad in itself. If you've been seeing it in your browsers without typing it in, or if it comes up when you typed a different web address, it's likely that your hosts file has been "poisoned." The hosts file deals with routing in terms of how web addresses are translated (we use letters and numbers, but they all translate back to an IP address that represents the server - that's the idea behind a Domain Name System, or DNS). It seems that many viruses poison a host system's hosts file these days. It gives the attackers the ability to control what sites you go to (and can trick you into thinking you're at a legit site, when in fact it's a fake site that they put up - you'd have no way of knowing).

There is occasionally a monetary benefit to altering the hosts file. For example, suppose I have a website and I make money from advertising; the more visitors I have, the more money I make. If I infect 10,000 computers and infect them so that they come to my site, even unwillingly... if it were that simple people would be caught, but that's a basic premise and it gets more complex from there.

You have two viruses on your system, at least. Clean them ASAP. If it's too much effort, back up your data and reformat. Every moment your computer is connected to the internet with those viruses is a moment that someone could be controlling your system and using it to infect others.
__________________
Ledgem is offline   Reply With Quote
Old 2008-04-30, 08:07   Link #39
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Having skimmed this discussion, I'd like to make a couple of comments:

1) If your and your sister's computers are both behind a router (Linksys, Netgear, etc.), then they're already being protected by the firewall in the router. If, however, you have ever connected either computer directly to the Internet for any amount of time without a firewall, it's almost a sure bet that they're infected with something. Most testing shows a new installation of Windows XP gets infected in about twenty minutes or less if exposed directly to the Internet.

2) Both these machines are too borked to fix. Reinstalling Windows, while painful, is really the only way to go (unless you're ready to ditch Windows and turn to Linux; if so read the "Ubuntu Linux" thread here).

3) A lot of infections occur because people don't practice safe computing (a necessity for Windows users since the OS won't protect you). Don't open those files that say you can see "Br*tnEy Nood" and never download anything until you know what kind of file it is. I still see email spam that sends people off to download .exe files; the fact that people still willingly download and run untrusted executables alarms me.

4) If you've been using Internet Explorer, don't. And don't let your sister use it, either. Switch to Firefox or Opera which provide a much safer browsing experience. A lot of malware spreads through "drive-by" infections where visiting a website downloads an "ActiveX" control in the background which then infects your system. Firefox and Opera will ignore those items or alert you to them; some versions of Internet Explorer will run them silently.

5) Never run as an Administrator in Windows. After you've reinstalled, set up a separate account for yourself with no administrative privileges and use that exclusively (Control Panel > Users). If you need to install a new piece of software, log into the Administrator account to do the installation, then log out. Make sure your sister isn't an Admin on her machine, too.

6) As Ledgem says, if your computer has been rooted, take it off the Internet now. It's quite possible it's under the command of nefarious forces and being used to send spams or attack other computers and websites. Take your sister's computer off the Net, too.

Good luck!
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-04-30, 23:05   Link #40
SkyFuser
HijackThis Junior
 
 
Join Date: Apr 2008
I can only echo what they said. However, I can help you clean up the computer, although at this point, seeing how much junk you have, along with the the Bagle (which, I might add, is a virus you download from emails) and the Agent (Trojan spy) for who knows how long, your best bet is to reformat.

If you don't want to however, drop me a line.

By the way, I hope you did fix all the entries that Spybot S&D found. And they have a new plugin the RootAlyzer. Detects rootkits. I suggest you update and rescan.
__________________
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
SkyFuser is offline   Reply With Quote
Reply

Tags
computer security, malware

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.