-
I've been taken Over
I think I have been attacked and backdoored. I have ran NAV and S&D and Ad-Aware, but they pick up nothing. Once in a while I'll come back to my compute and files that were not there before were created, or my other AIM names are online and they should not be. I think someone is also reading my mail... What should/can I do?
-
Try These:
http://www.trojanscan.com/
That is an online based trojan scanner, requires small download, but is web hosted and free.
You should also run msconfig, check to see what kind of crap is starting on your PC.
-
Hmm, there's lots of possibilities, but run this program and see if anything else is starting quietly, a lot better than msconfig -
http://www.spywareinfo.com/~merijn/f...tartupList.exe
Are you using a firewall? Any sort of suspicious connections or activity? Get back to us with more information, we'll find out what's going on.
-
Re: Try These:
Quote:
Originally posted here by AxessTerminated
http://www.trojanscan.com/
That is an online based trojan scanner, requires small download, but is web hosted and free.
You should also run msconfig, check to see what kind of crap is starting on your PC.
Hhmmm....never tried that one, I'll have to check it out.
PM8228, Moosoft offers the Cleaner which is probably the best trojan cleaner I have found. It has a 30 day evaluation period to it so you can decide if you wish to purchase it as well. Found Here
Also I would suggest you update you AV and run it in safe mode. (Also your Spybot & AdAware)
Then also run an online AV such as Trend Microsystems: Here
And Hyjackthis from Merlin could tell you what your registry is doing: Here
-
Check your running processes and see if anything that shouldnt be there is there.
And do a netstat - see what connections are active and which port its on. You might want to look a a program called fport-
http://www.foundstone.com/resources/proddesc/fport.htm
-
definitly check into fport. netstat is a fine tool buts its often replaced during an attack with one that keeps the attacker hidden.
-
Install www.mepis.org linux and cut your worries by 9/10ths. (Easier than WinXp to install and auto configures itself with a firewall, other security programs on by default). :)
Were you running any kind of a firewall? Was windows messenger disabled/deleted? Switch from AIM to trillian, gaim or another client.
-
Another thing you could do is if you have a spare box that you can get on the net, run nessus against your infected box. The reason I suggest nessus is that it's a brilliant program to run a security audit against yourself. If you don't have a spare box, get Tenable Newt which is basically a port of nessus to windows.
Cheers,
cgkanchi
-
There are nothing unusual on netstat..
-
I'm just getting over my latest 'attack', if you think there is something there, then there probably is, if so, it has probably worked it's charms ? on your AV. mine (Norton netsec 2004) was corrupted from within, I found new accounts opening ( I was just getting over a previous attack, clean install, so few files to watch, W2K Pro ) and new mail accounts as well. recycler files in the system were being filled with unopenable ? files. I went down the long winded way,
1 - disconnect from web.
2 - as I couldn't delete them, I changed the security access, and denied them.
3 - on start up I was getting a pagefile.sys error, not enough virtual memory, deleted this on each trip round the O/S, as it is a .sys file it rebuilds on bootup, then just set the values the same for high and low, this stops the computer from managing the virtual memory.
4 - Task Manager had 40+ apps running, I didn't recognise half, and so was shutting these down as well.
unfortunately for me, another clean install was required.
This time round ALL AV settings are high security, and I am getting hits 6 or 7 times a minute.
have tracked and recorded the IP addresses that are profiled as hitting ports used by trojans, and so far there appears to be a French and German conspiracy against me ??
I wish I could have accessed the help from this site as I ran out of ideas and hope PDQ.
Still no idea what or how I got hit ?
But at least now I have a fighting chance, courtesy of the above links. My thanks to the suppliers of the links, and I hope that you (PM8228) gets clean soon.
I've just re-read this post , and can only apologise for the slight off thread direction it ended up at