Help remove cracker
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Help remove cracker

  1. #1
    Junior Member
    Join Date
    Jan 2006
    Posts
    2

    Help remove cracker

    My friend has a 5 month old Windows XP Home system and knows basically nothing about computers. It is being actively used at all times (in-use light never stops). It was seriously loaded with crap, and it still is.

    I've removed what I know to do with Norton Security/AV, Spy Sweeper, CC Cleaner, Adaware, The Cleaner, Registry Mechanic, and a few I knew to do on HijackThis. Put secure passwords on everything. There were none!! Cleaned up Services, made setting adjustments in the Network, the browser, changed browser to Firefox, did Windows Update, updated all security programs, removed some crap applications and informed her of the dangerous browsing/downloading habits they have. (Kazaa, P2P, shadey web sites, you name it).

    It's very slow for an Athlon64 3200+, 2.0GHz, 500MB RAM. It's on DSL, only one computer. Can somebody look at the HijackThis report if I post it? What else can I do to remove the cracker? She never made a backup CD of the OS, so making one now to reinstall with would just put the same crap back on. Is it possible to get rid of this guy? Thanks!

  2. #2
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    Download MBSA 2.0

    http://www.microsoft.com/technet/sec...2/default.mspx

    run this it should help you out alot.

    Get a firewall
    S25vd2xlZGdlIGlzIHBvd2VyIQ

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    -Could be spyware/virus
    -Could be norton (its a pig i hate it)
    -Use hijack to kill everything thats not needed on boot like quicktime, realplayer and others that are fine to have on the machine but really aren’t needed on bootup, also if you don’t feel able to use hijack look for autoruns, basically the same thing and its got a built in google lookup, and you can just disable the exe instead of deleting them if you don’t know what your doing.
    -Pull un-needed/use programs from ad/rem progs.
    -You could also wait until is slow and open up taskmgr and see what’s eating up all the cpu or ram. That might give you some incite as to what happening.

    I agree with Ghost_25inf, but I would mention i would skip a software firewall like zonealarm or norton if youve got the cash get a decent router. I'm not one to have firewall apps on my machine to bog them down when you can get a router to shoulder that effort among other things.

    Hope that helps some.
    meh. -ech0.

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Can somebody look at the HijackThis report if I post it?
    Post it and we can look at it for you.

    cheers
    Connection refused, try again later.

  5. #5
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    You might also want to defrag if he is installing/uninstalling a lot... I am assuming you went through msconfig. Update drivers (more of a stability issue, but usually helpful). My 3200 was kind of slow when it had 512MB, upgraded to 1024 and made a pretty noticable difference. That is all that comes to mind right now
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  6. #6
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    767
    Can somebody look at the HijackThis report if I post it?
    Yes.

    What else can I do to remove the cracker?
    Wheres evidence a 'cracker' is on the system?

    Is it possible to get rid of this guy? Thanks!
    ??? Open command prompt and issue net user this will show you all user accounts.

  7. #7
    Junior Member
    Join Date
    Jan 2006
    Posts
    2
    Getting back...I've done some of the suggestions, have a few to go, only have so much time to spend on it.

    Computernerd22 asked about cracker evidence... Well, the activity light in front is on all the time. In fact, it goes like crazy, flashing very bright quite a lot. This goes on 24/7 and when nobody is even near the computer. It's not on a network and none of the security programs are running checks or updating. It's a very active machine. What else would it be??

    A few years ago this exact thing happened to me when I didn't know anything. I had the same flashing light for months. Whoever cracked my system was using it for a server and had loaded a bunch of apps they used to make bootleg software. They wrote notes to each other about their progress, using their names even, that I found in files! It was creepy watching text appear on my screen that I didn't type! My backup OS CDs were worthless because it was OEM and I made them when they were already inside. One app they loaded was described as "A Ruthless Killer of Windows." They had 4 users passworded on my Norton, none of them were me. Eventually my system was under their total control. I was madly copying files onto CD, trying to get proof onto CDs, when they shut down my CD and DVD ROMs. I use Linux now, it's hard, but I hate M$.

    Norton sucks, it's so confusing and it doesn't work too good either. It came preloaded. I'm going to remove it, attach a router, defrag, update drivers and send in the Hijack report soon as I can. MBSA only showed one thing, a .NET update that was an old one. Really weird because I already ran all the Windows Updates. I'll get more RAM on there, too.

    Do you think it's a good idea to install Zone Alarm in addition to the router?

    dmorgan said "assuming you went through msconfig," Not sure what you mean by that.

    I'm still really worried that all this won't get rid of the cracker. He's probably loaded non-malware programs on there that are running even if the Norton is set to block internet activity. Is there a way to find them? That's what my cracker did, anyway. Reinstalling is not an option because there are no CDs, making them now would bring the cracker's stuff right back. Any other ideas? ..... thanks so much!

  8. #8
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    My friend has a 5 month old Windows XP Home system…
    Reinstalling is not an option because there are no CDs…
    Anyway, formatting is a great way to cure the problem, however it appears that your friend doesn’t have the OEM CD’s.

    Not really laughing at the situation, but cleaning all the crap out and getting the deviant out of your knickers, could most likely damage some important files, not counting any changes the deviants have made to the OS. Sometimes it’s not recoverable, thus another need for the OEM CDs. If a restore point was made upon original install or shortly thereafter, at least the core files can be restored. You can check this easily enough. It always assigns a date to the restore point.

    We have several great tutorials and threads on cleaning all that kinds of junk out, so I won’t post what is readily available on AO. Just a note in case you forget while using the info in the tutorials, almost everything will need to be done in safe mode.

    Installing Zone Alarm now (after the gate as been left open and the cows are out in the wild weed) can be helpful in stopping outbound traffic/connections and close the ole gate. But seriously, if the cracker is worth his salt he can “Camouflage Applications” to make it look like something that is normally accepted by the rule sets of the firewalls. Normal Web traffic is an outstanding example of this. Another easy method is to mask deviant code to fool the firewall or even disable it. So at this point, you’re in damage control vice prevention. Unplug it from the wall until you get it sanitized. Then before putting it on the Internet, employ the preventative measures.

    cheers
    Connection refused, try again later.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    I really do not understand why people leave computers on "24/7" without a valid reason.

    Apart from the fire risk, and the cost of electricity, there is the thing sitting as a target. And why leave it connected to the internet?

    If you don't want someone trying to use your machine as a server, don't make it available all the time
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    computer can be slow that deppends on that got some problem in RAM.

    try to log on in failsafe mode and look if computer is still slow. if so you will need to test RAM.

    for that you can try http://www.memtest86.com/
    // too far away outside of limit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides