not sure what im looking for
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: not sure what im looking for

Hybrid View

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    158

    Unhappy not sure what im looking for

    hello
    i've been away from this field of computing for awhile as i've been concentrating on other things, im working on a computer right now that has something in it that is allowing another person to get screen shots every 2 mins ,of the desktop ,the computer i'm working on is a celeron win xp svc pk 2 i set up latest avg paid version on it , had threat fire running along side avg till it crapped out on both mine and hers computers ,i ran scans with avg and threatfire both came up negative , i hope this helps and hope i didn't post in the wrong place ,being as this is the category this problem is most related to i put it here , what i want to ask now that i've given you the background information is does anyone have any idea what this could be and where i can find a solution? ty
    im a Steve Wozniak in a bill gates world

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hmm Threat Fire is a behavioural based... you should've got a notification when the threat tried to launch the first time.

    anyhow.. try downloading and running HijackThis and we'll see what we find.


    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    It sounds very much like you have a keylogger or similar spyware............ that would be typical behaviour. I also believe that some parental control software has this feature.

    Get Spybot Search & Destroy and A-Squared, update them, reboot into safe mode and run them.



    EDIT:

    Is the computer physically secure or could someone else have had access to it?
    Last edited by nihil; May 3rd, 2008 at 01:24 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    158
    Quote Originally Posted by nihil
    Hi,

    It sounds very much like you have a keylogger or similar spyware............ that would be typical behaviour. I also believe that some parental control software has this feature.

    Get Spybot Search & Destroy and A-Squared, update them, reboot into safe mode and run them.



    EDIT:

    Is the computer physically secure or could someone else have had access to it?
    i think her family does but locking everything down tonight been working on it at night remotely thru logmein going to put windows password ,ext ive been thru task manager everything is legit there but i can reboot to safe mode with logmein and do all that tonight,also i installed threatfire and avg after the fact she didnt have anything before ,im including as much info as i can so yall learn in the process and will give these suggestions a try tonight and update you on the results Sunday when im not working
    Last edited by romanticcowboy; May 3rd, 2008 at 06:40 AM.
    im a Steve Wozniak in a bill gates world

  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    just run hijackthis and show me the us the log. we should be able to find something.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmmm,

    just run hijackthis and show me the us the log. we should be able to find something.
    Remember to save the log in a separate folder. Unfortunately, HJT! doesn't find some of the sneakier stuff that is around these days.

    also i installed threatfire and avg after the fact she didnt have anything before
    In which case you must run what I suggested............ God knows what she may have picked up?

    With Spybot S&D activate the "Teatimer" (resident protection) and have SS&D start in "advanced mode". Make sure that you set the scanners to full/deep mode.

    One question that I forgot to ask:

    im working on a computer right now that has something in it that is allowing another person to get screen shots every 2 mins ,of the desktop
    How do you know this? you may actually have some of the answers already?

    As an aside: Threatfire is behavioural as already mentioned by Sonic. Now, the big problem with behavioural defences is you have to install them into a clean environment, or they will most likely accept the malware as legit if it is already there.

    EDIT:

    She must have a firewall, and you don't mention it, or was she running the Windows one?.............. try ZoneAlarm and set the protection to "high"
    Last edited by nihil; May 3rd, 2008 at 09:13 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    158

    working as we speak

    so far asqared got rid of some traces of stuff same with spy bot(removed spybot temprarly as it was boging down computer too much)but ran scan beforehand and just ran hijack this the log is attached if you want me to post it let me know



    ja little more background the person responsible has been sending screen shots to my friend of the desktop of this computer ,and ran his mouth about the program being as i know the person and how he thinks (hes a big mouth script kiddie ) and being as the screen shots were of her desktop i had to take it seriously, thats what started me down this path of inquiry a s far as i can tell everything is clean now but doesn't hurt to have second opinion ,
    as we speak im in her computer and im thinking of setting her up with comodo or zone alarm(she has been using windows firewall that is changing quick) i saw some questionable reg keys related to win firewall when i did the asqared scan,i attached the hijack this log file as an attachment let me know if you want it to be posted i saw onetime where a guy got admonised to posting his in anti online forum so wasn't sure so zipped it and attached itif you want me to post it in here i will,i thank you guys for all your help if i have anything to add after this post i will
    Attached Files Attached Files
    Last edited by romanticcowboy; May 3rd, 2008 at 11:21 AM. Reason: tired its 3 am and keep remembering details as i type
    im a Steve Wozniak in a bill gates world

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    That looks clean to me apart from:

    03-Toolbar BearShare Media Bar (It doesn't do anything so you can get rid of it)

    08-Extra Context Menu Item: &Search (That is a nasty)

    Check out file and printer sharing settings, they should be off.

    Clear out the restore points and create a new one manually.

    Get CCleaner and run that.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Senior Member
    Join Date
    Dec 2003
    Location
    Texas
    Posts
    158
    ok done the computer should be clean im keeping a sqaured and spybot on her computer along with cc cleaner , i also got a password generator and created a windows password for her and ran a program found called security task manager and cleaning everything up,in addition i installed the free zone alarm firewall in fact it disconnected me from her computer after it installed from logmein rescue
    Last edited by romanticcowboy; May 4th, 2008 at 11:41 AM.
    im a Steve Wozniak in a bill gates world

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Good man yourself sir!

    And do not go AWOL for so long again

    In fact, you should get her to join?

    Do PM me with her ID as I will make it a point to watch over her.......... sorry, went into one of those counting grandkids modes........

    God bless
    Last edited by nihil; May 4th, 2008 at 05:49 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides