Darkforum.com - Dark Stories, Dark Art, Poetry, Photography, Debates and Discussions
Home Register FAQ
Go Back   Darkforum.com - Dark Stories, Dark Art, Poetry, Photography, Debates and Discussions > Discussions > Entertainment
Reload this Page system monitors & trojans
Reply
 
Thread Tools Display Modes
Old 08-06-04   #1
isanon
dont feel to well
 
isanon's Avatar
 
Join Date: Aug 2004
Posts: 566
isanon is on a distinguished road
Credits: 8,892
system monitors & trojans

how do u get ridd of them ??
is Offline   Reply With Quote
Old 08-06-04   #2
Aeternus
-= Grey CyberAngel =-
 
Aeternus's Avatar
 
Join Date: Oct 2001
Location: 41:65:74:65:72:6E:75:73 => 58:65:78:71:82:89:58:00 <=
Posts: 4,828
Aeternus is on a distinguished road
Credits: 112,545
Install a virus scanner. Or update the one you currently have.
__________________

... Time has no bearing...
...when the whiteout begins...

Don't come after me...

is Offline   Reply With Quote
Old 08-06-04   #3
diogenes
Rational Anarchist
 
diogenes's Avatar
 
Join Date: Jun 2004
Location: Planet 10 by way of the 8th dimension
Posts: 499
diogenes is on a distinguished road
Credits: 19,633
also theres a free scanner that devotes itself to trojans called A2 (squared)
__________________
-We cannot acknowledge allegience to any human government... Our country is the world, our countrymen are all mankind..."
-William Lloyd Garrison,
-Piss on you...I'm working for Mell Brooks!
-Slim Pickens
is Offline   Reply With Quote
Old 08-06-04   #4
cola
Broken Condom
 
cola's Avatar
 
Join Date: Dec 2003
Location: somewhere
Posts: 1,015
cola is on a distinguished road
Credits: 53,526
ad-aware will help too
is Offline   Reply With Quote
Old 08-14-04   #5
sixxx(sic)six
satanic teddybear
 
sixxx(sic)six's Avatar
 
Join Date: Jun 2002
Location: Under your bed with a very sharp knife...and nekkid!
Posts: 14,741
sixxx(sic)six is on a distinguished road
Credits: 395,024
no, no, no, no, no, no!

ok, i recently had a trojan virus, and not one goddamn virus scanner worked! ad-aware, did shit, norton's found it, did shit.....panda didn't find it.....xoft found it, but wanted to charge me $40 to delete it.......i tried like 10 fuckin scanners, and not one did a goddamn thing.......so, it goes without saying, if you have a trojan, you're most likely fuckered.....unless you get lucky and itz an old one, which a virus scanner might get rid of, you're gonna have to delete you're whole system and reinstall it again.........i suggest you split your hard-drive, if you haven't already, save what you absolutely want on your D-drive, then reinstall XP or Windows2000, or whatever on your C-drive......it sucks, but itz essentially the only way to get rid of it

unless you're comfortable enough to find it thru the registry and delete it......but thatz a) fuckin harder than shit......b) and not advised, as you might delete sumtin that'll fuck up your comp worse
__________________
I was masturbating
just contemplating
the color of suicide
is Offline   Reply With Quote
Old 08-18-04   #6
Aeternus
-= Grey CyberAngel =-
 
Aeternus's Avatar
 
Join Date: Oct 2001
Location: 41:65:74:65:72:6E:75:73 => 58:65:78:71:82:89:58:00 <=
Posts: 4,828
Aeternus is on a distinguished road
Credits: 112,545
It's fairly easy to still find a good scanner on peer to peer networks.

*mutters something about people who seem to need to relearn their alphabet*
__________________

... Time has no bearing...
...when the whiteout begins...

Don't come after me...

is Offline   Reply With Quote
Old 08-18-04   #7
Kayne
Face in the Mist
 
Kayne's Avatar
 
Join Date: Dec 2002
Location: With the person who captured my heart.
Posts: 15
Kayne
Credits: 4,225
Here are some anti-trojan programs/links for programs. You can find most of these on p2p/irc/newsgroups also. These are like anti-virus, but specifically for trojans.

http://www.avnetwork.de/ants/
http://www.nsclean.com/boclean.html
http://www.safersite.com/
http://www.tinysoftware.com/home/tin...&&pg=trap_home
http://tds.diamondcs.com.au/
http://www.agnitum.com/products/tauscan/
http://www.moosoft.com/
http://www.kryptocrew.de/snakebyte/tfak.html

As for which one is the best; I don't know. They all catch stuff the others don't, and they all have there weaknesses (like everything else in this world.) I find it easiest to manually remove a trojan, but thats just not for everyone. Although I would like to point out, that it isn't quite as hard as it seems to work with the registry in windows, and if you limit yourself to changing only things in HKLM\Software & HKCU\Software, you can do a lot without completely destroying windows. Also, keeping a current back-up of the registry after any major changes can save you from a lot of trouble.

I hope one of these programs helps you remove the trojan.

Kayne - 43:6F:6D:70:75:74:65:72:20:53:65:63:75:72:69:74:79
61:6E:64:20:53:6F:63:69:61:6C:20:45:6E:67:69:6E:65:65:72:69:6E:67
01010011-01101001-01101110-01100011-01100101-00100000-00110001-00111001-00110111-00111001
__________________
can you feel the razor burning down my arm?
can you feel the blood dripping down my arm?
can you feel my tears as they fall on your lips?
is Offline   Reply With Quote
Old 08-21-04   #8
pseudogoth dash
question everything
 
pseudogoth dash's Avatar
 
Join Date: Apr 2003
Location: Australia
Posts: 1,471
pseudogoth dash is on a distinguished road
Credits: 41,972
Help me!

My 'puter has shat itself.
Whenever I dial-up to the 'net and open internet explorer; if I click on anything it takes several minutes to respond and, 99/100 times the site just freezes and I get the 'not responding' thing happening.
Also, if I leave a site too long it redirects to http://www.freemegaplex.com and I get all these loaders and dialers and shit flinging themselves at me.

I've run Vet (latest edition) eleventeen times but it didn't help.
And I can't open any of those sites b/c my puter wont let me.

What do I do?
__________________
(The Satellite Explodes)
is Offline   Reply With Quote
Old 08-21-04   #9
Kayne
Face in the Mist
 
Kayne's Avatar
 
Join Date: Dec 2002
Location: With the person who captured my heart.
Posts: 15
Kayne
Credits: 4,225
This is taken from a FAQ on DSLReports. At the end of the FAQ I will directly post a link to it. I am posting the entire FAQ here though, because I belive it can be of help to anyone who is having similar problems with trojans, viri, adware, and spyware.

Q: I think my computer is infected or hijacked. What should I do? (#8428)

A: A. Going through this checklist step-by-step to the end will actually save you time in restoring the security of your computer. You can proceed through most of the steps without having to wait for guidance from someone in the forum.

You will go throught most of the steps quite quickly, althrough a couple of scans may take a half-hour to run.

You will have to close your web browser windows later, so it is recommended that you printout this checklist and check-off each step as you complete it.

When you need to come back here, to link to something, use this URL:
www.broadbandreports.com/faq/security/8428

If you need time to think and plan, unplug your computer from the Internet.

If you have a question on the steps, or something interesting to pass on, feel free to post in the BBR Security Forum, one topic per infected computer. Please include the virus, symptom or filename as part of the subject line. BBR Security Forum

If you are unable to perform a step, make a note, and move on to the next step.

Don't stop when you find the first piece of malware. It is not uncommon for a computer that has been exploited through a security flaw to have been penetrated more than once. Also, some malware opens backdoors that facilitate the installation of software that enables use of the infected computer by remote control.

This FAQ is organized to guide you through these steps:

1. Update and run the defensive tools already on your computer.
2. Run tools that look for viruses, worms and well known trojans.
3. Run tools that look for well known adware and search hijacks.
4. Run tools that look for less common trojans.
5. Create a report that will allow forum experts to do a manual examination for less common adware and trojans.
6. Submit any malware that appears to be new or modified to the anti-malware vendors.
7. Run tools that allow for examination of some security and system settings that might be changed by a hacker to allow remote control of the system.
8-11. Determine the steps to clean the computer, and clean the computer.
12. Re-scan to verify that the computer was successfully cleaned.
13. Re-secure the computer and any accounts that may be violated. If applicable, report identity theft, cancel credit cards, change passwords.
14. Check that the anti-virus monitor is working again.
15. Take steps to prevent a repeat incident.
16. Post about lessons learned.

Notes:

a) If at all possible, copy (quarantine) suspected malware files to a password protected compressed file (zip file) before deleting them. Do this in addition to any quarantine function that other products have. There is more on this in step 6. Be careful not to click (left-click), open, or run suspect files. (How do I create a password protected zip file?)

Note the location of the file (the full path), because this is an important clue to where the file is from and whether it has been activated yet. If only part of the path to the file is shown by the AV scanner, use the Windows search tool (Start button / Search) to locate the file and write down the full path to the file.

Compressed folders (also called archives, files with file extensions like .zip and .cab) are now decompressed to temporary files by many malware scanners. If the only sign of malware is in one of these temporary decompression folders it is unlikely that the malware has been activated. So be sure to mention the full path and file name when posting about any file found.

b) A file's properties may also give a reminder as to what the file is part of. Right-click on the file in Windows Explorer or Search, and select Properties. Remember properties can be faked by hackers, so consider them reminders not proof.

c) When in doubt about a suspicious file, submit if for analysis. Your iexplorer.exe may not be the same as someone else's iexplorer.exe.

d) When a step indicates running an update, activate the update function of the program. In general, once the update is complete, stop and start the program before running your scan. This will ensure your scan is done using the latest program and malware database versions.

e) Close all web browser (Internet Explorer) windows before having a tool actually fix a problem or remove a file.

f) Often running in Safe Mode will solve probems removing files. Click here for instructions for running in Safe Mode.

g) If you are on a Windows system that has separate administrator accounts (Windows XP, 2000, NT), work using an account with administrator priviliges.

Once complete, if you continue to have problems with a particular user account, repeat the scans in steps 3.1, 3.2 and 5 using that user account. (On Windows XP you will need to use the "Run As" function described here: HOW TO: Use the RUN AS Command to Start a Program as an Administrator in Windows XP.)

1. Update and run any anti-virus (AV), anti-trojan (AT), and anti-spyware (AS) products you already have installed on your computer. Do full scans of your computer.

Record exactly the malware names, and file names and locations, of any malware the scans turn up. Quarantine then cure (repair, rename or delete) any malware found.

If the scanners say you have Sasser, you need to take some extra steps before you carry on to see what else you have: Click here.

If you can't access security web sites, check your "Hosts" file.

2. Run two or three free web based AV scanners. (This scanning is the most time consuming step in this checklist, but it is important.) Go to web based AV scanners

Record exactly the malware names, and file names and locations, of any malware the scans turn up. Quarantine then cure (repair, rename or delete) any malware found.


3. Download, install, update and run all 3 of the following free anti-hijacking and anti-spyware (AS) products. Be sure to both download and install the latest version of the program, and then update each products database.

When running the scan, record exactly the details of any problems turned up. (Tracking cookies are easily cleaned-up by deleting them, so don't bother recording them.) Quarantine then cure the malware.

3.1 CWShredder (free): www.spywareinfo.com/~merijn/files/cwshredder.zip
Alternate download site: www.majorgeeks.com

a) Download and run CWShredder.exe.
b) If CWShredder immediately shuts-down, try running it again.
c) If CWShredder still doesn't run:
(i) Download PepiMK's CoolWWWSearch.Smartsearch killer.
(ii) Run CoolWWWSearch.Smartsearch.
(iii) The return to CWShredder to clean up.
c) In CWShredder, click "check for update".
d) If an update is available, click "Download and open the update".
e) Click "Scan only".
f) If Coolwebsearch keeps returning, or if a scanner says you have cws.searchx, you need to take some extra steps before you carry on to see what else you have: Click here. Post in the BBR Security Forum for specific assistance.

If you need to find the "hidden appinit value" used by certain versions of CoolWebSearch, proceed with each step until you get to step 5.

3.2 Spybot S&D (donationware): www.safer-networking.org/
Alternate download site: www.1usa.com/downloads/spybotsd/index.html

a) Download and install Spybot S&D.
b) Click on "Update" in the left column.
c) Click on "Search for Updates".
d) Select a download location (usually one close to you).
e) Click "Download Updates" and wait of the updating process to finish.
f) Check that all Internet Explorer (web browser) windows are closed.
g) Click "Search and Destroy" in the left column.
h) Click "Check for Problems".
i) Have Spybot remove/fix all the problems it identifies in RED. The items not listed in red should not be touched at this time.

3.3 Ad-aware (donationware): www.lavasoftusa.com/software/adaware/
Alternate download site: majorgeeks.com

If you had a previous version of Ad-aware (without the SE), be sure to uninstall it first.

a) Download and install Ad-Aware SE Personal Edition (or Professional Edition).
b) As the install ends, you will be prompted to update the program and run a scan. De-select all boxes so this doesn't happen yet, and let the install finish.
c) Run Start / All Programs / Lavasoft Ad-Aware SE Personal / Ad-aware SE.
d) Click "Check for updates now" (to the right of "Status").
e) Click "Connect" and then "OK".
f) When the updating process finishes, click "Finish".
g) Click on the gear icon in the upper right (Settings).
h) Ensure these items are selected (green checkmark):
- "Automatically save logfile"
- "Automatically quarantine objects prior to removal"
- "Safe Mode (always request confirmation)"
- "Prompt to update outdated configuration" - reduce to say 7 days
f) Click "Scanning".
g) Ensure these are selected:
- "Scan within archives"
- In "Select Drives & folders" select your hard drives
- Under "Memory & Register" select everything.
h) Click "Advanced".
i) Ensure these are selected:
- "Move deleted objects to recycle bin"
- Everything under "Logfile detail level"
j) Click "Defaults"
k) Type in the full url of what you want as your default homepage and searchpage (»www.google.com , about:blank)
l) Click "Tweak".
m) Click "Scanning Engine".
n) Ensure these are selected:
- "Unload recognized processes and modules during scanning"
- "Obtain command line of scanned processes"
- "Scan registry for all users instead of current user only"
o) Click "Cleaning Engine".
p) Ensure these are selected:
- "Automatically try to unregister objects prior to deletion"
- "During removal, unload Explorer and IE if necessary"
- "Let Windows remove files at next reboot"
q) Click "Proceed".
r) Click "Start".
s) Select "Use custom scanning options".
t) Close all programs except Ad-Aware.
u) Click "Next" and wait for the scanning process to complete.
v) Click "Next".
w) Click "Critical Objects" and select all the items found for removal. ("Removal" actually puts things in quarantine, so you can generally recover them if you need to.)
x) Click "Negligable Objects". "MRU list" refers to history lists of "Most recently used" files for different programs. You can review this now and note anything that appears suspicious to post a question about later.
y) Reboot your computer.
z) Repeat from step (r) through step (w) until no more items are found.



4. If problem seems to be gone, you may skip this step. Otherwise download, install and update an anti-trojan (AT) program. Record exactly the names of any problems it turns up. Then quarantine and cure the malware.

TDS-3 and Port Explorer (30 day free trial): www.diamondcs.com.au

Do a trojan scan:
a) Download and run TDS-3.
b) Click "TDS" and "Update TDS Databases Now".
c) Click "System Testing" and select a "Full System Scan".
d) Record the results.
e) Follow the instructions to quarantine and cure the any unexplained files.
f) Reboot and re-scan.
g) Repeat steps (c) through (j) until nothing new is detected.

Investigate the open ports:
h) Unplug your computer from the Internet.
i) Disable any software firewall you may be running (for example, ZoneAlarm, Sygate, Kerio, NPF).
j) Click "Network" and select "LocalHostScanner".
k) In the targeted ports tab, select "trojan.txt".
l) Make sure the IP/Hostname is 127.0.0.1.
m) On the scanner tab, click start and wait for the scan to complete.
n) Note which ports it says are open (listening) (it is normal to have some ports open, so don't be alarmed).
o) Determine what programs are listening on the open ports using the procedures here: click here
p) Save the information above and include it in your posting in the BBR Security forum.
q) Now you may re-activate your software firewall, and then plug back into the Internet.

TrojanHunter (30 day free trial): www.misec.net/products/

BOClean: http://www.nsclean.com/boclean.html


5. If the problem seems to be gone, skip this step. Otherwise, download and run HijackThis (HJT) (freeware): www.tomcoyote.org/hjt/
Alternate download site: www.majorgeeks.com

a) In Windows Explorer create new a permanent folder just for HijackThis. C:\HJT is a good folder name.
b) Download HijackThis from one of the websites above. Move hijackthis.exe to the folder you created (for example C:\HJT).
(Putting HJT in its own permanent folder ensures that HJT will make backups before it deletes something, and that you can locate the backups later. Do not run HJT from a temporary internet files folder.)
c) Double-click hijackthis.exe click "Scan", and wait for the scan to finish.
d) When the scan is finished, the "Scan" button will change into a "Save Log" button. Click the "Save Log" button.
e) Copy the contents of the log you just saved and get ready to post it in the BBR Security Forum

- The format of your post must be exactly as follows with no deviation or your post will be locked or deleted. This is to ensure you have followed the steps correctly and thoroughly, and to provide our helpful members as much information as possible, so they can help you faster and more effectively.

Start your own thread. Do not interrupt other similar threads with your problem.

i) Start the title of your post with "HJT Log" followed by a short remark regarding your problem.

ii) The first paragraph of your post should explain exactly what the problem is. For example, is it a system slow down? Is it Pop ups or ads? Is your computer trying to call out or send emails? etc...

iii) The second paragraph should tell us in detail, which one of the above steps you followed and what the results were. Which steps you had to skip and why, etc... Please note the phrase "in detail". "I've followed all the steps.", may not be enough information for those who are here to help.

iv) The third paragraph should contain the HijackThis log you copied in step
5.e.

- Most of what HJT lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.

f) Carry on with the steps 6, 7 and 8 while you wait for feedback from HJT specialists in the forum.

Remember that filenames suggest what a program file is, but files can be changed or renamed. It is file contents that determine what a file actually does. So it is important to run the scans in the earlier steps before creating the HJT log.


6. Submit the suspected malware to AV and AT vendors. This will probably be the one thing you can do to "get back at" the virus writer.

All Anti-virus, anti-trojan and anti-spyware (AV, AT and AS) vendors are interested in samples of possible new or re-emerging malware, because viruses are often changed and adapted over time by hackers.

In particular, be sure to submit copies of suspect files that:
- Got onto your system undetected by an up-to-date AV monitor.
- Are not consistently detected by some AV scans.
- Are acting differently from what was described in the AV company's write up.
- The scanner says are generically or heuristically detected (have no specific signature).
- Are heuristically detected, because heuristic methods are prone to false alarms.
- That you have continuing doubts about.
- If you don't submit a malware file, retain it in quarantine for at least 2 weeks, in case later computer behavior indicates that the file may not be what it was initially identified as.

Filenames suggest what is in a file, but files can be renamed. Also, friendly files can have extra functions added. Only an internal analysis of the file can reveal what it really does. Your AV and AT vendors cannot reliably protect you from new malware until they receive a copy of it.



To Submit Suspected Malware:

(a) Copy the suspected malware files to a compressed folder (a .zip file). This will prevent the file accidentally being activated. It will also stop the suspected malware being disinfected by email servers when you submit it for analysis.

In Windows XP right-click the file and select "send to compressed (zipped) folder". Then select the .zip file, and do File / Add a password. Make the password "infected".

In earlier versions of Windows you need some third party software. WinZip is very easy to use and comes with a free trial period. Simply install WinZip and follow the wizard. Be sure to add "infected" as the password. (How do I create a password protected zip file?)

(b) Click here to submit the suspected malware file. (Outlook, Outlook Express and most other email clients)

Some Outlook clients may have a problem with the link above, in that case Click here.

(c) Attach the password protected zip file and send. You're done.


7. Even if the problem seems resolved, run security analysis products to check your settings and installed software. These analysis products are definitely not 100% thorough in the checks they do, they only check for common problems. Also, the messages that are produced are usually cautions to check that something is as you want it to be, and are not definite instructions to change something.

7.1 Install and run Belarc Advisor (free): www.belarc.com

When you run Belarc Advisor, look for:

7.1.1 Users you didn't add. Check whether your computer maker or re-seller added the users for support purposes before you bought the computer. Otherwise they indicate a hacker has accessed your system.

7.1.2 Microsoft Hotfixes with red Xs beside them, indicating they can be verified by the automated process, but failed verification. The earlier the version of Windows, the more likely the fix came off "innocently" when new software was added or upgraded. Click on "details". This will take you to a Microsoft webpage explaining the fix, and allowing you to re-apply it.

7.1.3 Under software versions, software you didn't install. Many software packages include other third party software. So installing one product can make 3 or 4 products show up in Belarc – and this is not a problem. On the other hand, hackers often install legitimate FTP server or email server software, and because the server software is legitimate it will not show up in a virus scan.

7.1.4 Save a copy of the Belarc Advisor results. In a few weeks, compare your saved scan with a new scan, looking for unexpected changes.

7.1.5 Ask in the BBR Security or Software Forums before making changes, other than re-applying hotfixes. BBR Security Forum

7.2 Install and run Microsoft Baseline Security Analyzer (MBSA) (free):
http://www.microsoft.com/technet/sec.../mbsahome.mspx

7.2.1 Review the results to see that they correspond with how you have set your computer up.
- Changes might indicate that someone has altered settings. Or the settings may have been altered when other software was added or updated.
- Security updates with reason "306460" simply cannot be verified by the automated process.
- "File version is greater than expected" just means your software has updates MBSA doesn't know about yet.
- You may notice invalid password attempts in your security log. MBSA causes them when it checks for weak passwords.
- The messages above are not normally problems.

7.2.2 Save a copy of the results. Compare them with the results in a few weeks, looking for unexpected changes.

7.2.3 Ask in the BBR Security or Software Forums before making changes, other than re-applying hotfixes.


8. Different vendors have different names and version identifiers for the same virus, so first look up the virus in the encyclopedia of the scanner's vendor for specific disinfection instructions:
Go to virus encyclopedias

This is also a good time to re-visit the topic your started in the BBR Security Forum, post an update on what you've found, and see what advice has come in: BBR Security Forum


9. To end a process (program) that won't terminate any other way, use Advanced Process Termination (freeware): www.diamondcs.com.au/index.php?page=products


10. Depending on the instructions in the virus encyclopedia for your scanner, it may be necessary to use auxiliary virus removal tools.

10.1 First be sure to submit a copy of any malware that is not consistently detected or that doesn't behave as excepted. Submit suspected malware.

10.2 If an auxiliary tool is required, it is best to first try the tool of the scanner's vendor.

10.3 Read the complete write-up of the virus in the encyclopedia of the tool's vendor to find the disinfection instructions. In addition to running the scanner or removal tool, there may be a few manual steps required.

10.4 Generally each removal tool will only detect and effectively remove the virus variants it says it will.

10.5 For viruses submitted to an AV vendor for the first time, it may be advisable to wait a half-day for the AV maker to update the removal tool.

Removal Tool Links
www.avast.com
www.f-secure.com
www.grisoft.com AVG
www.kaspersky.com
vil.nai.com McAfee
Panda & ActiveScan
securityresponse.symantec.com Norton
www.sophos.com
PC-cillin & Housecall


11. In Windows XP and Me, to prevent important system files being deleted accidentally, System Restore makes backups of them and restores the backups if the original file goes missing.

To prevent malware being restored by the operating system, it is often necessary to clear the backup files from System Restore after the malware is deleted. (This is called "clearing the System Restore points". To do this, turn System Restore off, wait 30 seconds, and then turn System Restore back on.

Waiting until after cleaning to clear the System Restore points means that if there is a problem during cleaning, System Restore can be used to try to correct it.

The instructions on turning System Restore off and on are here:
Microsoft System Restore Instructions (KB 842839) --OR --
Symantec System Restore Instructions


12. If you removed any malware, re-boot and repeat the scans that revealed it earlier. This is to make sure that the malware has not managed to re-install itself.

If the malware did come back, use this sequence of actions:
a) Turn off System Restore.
b) Repeat the cleaning procedure used earlier.
c) Re-boot.
d) Only then turn on System Restore.
e) Re-boot.
f) Re-scan.

If the malware comes back a second time, it is likely that the malware is in multiple files, each of which will replace the others if they go missing. In that case, additional research into your malware is required before cleaning can be successful. Post fully describing your problem here BBR Security Forum.


13. Resecure your computer and accounts. The ideas in the following step-by-step guide are useful for cleaning any version of Windows: CERT Guide to Recovering from System Compromises

13.1 In particular, if private information is kept on or entered into the computer, and if the description of the malware uses the words or phrases: "backdoor", "allows arbitrary code to be run", or "remote access trojan", and if it is likely that a hacker may have used the backdoor, strong consideration should be given to backing-up data to be retained, and then re-formatting and re-installing programs on the computer from trusted sources.
- After what kinds of viruses and trojans should one re-format and re-install?
- Security Program Manager Microsoft Corporation: Help: I Got Hacked. Now What Do I Do?

This is because a backdoor allows a hacker to make other changes that may reduce your security settings, but that are not readily detectable with current tools.

13.2 If a keystroke logger or backdoor was detected then hackers may have access to what was typed into your computer, including passwords, credit card numbers, and account numbers.

13.2.1 Immediately cancel any credit cards used on the computer while the keystroke logger or backdoor may have been active, and ask for replacements with new account numbers.

13.2.2 Using an uninfected computer, change any website and server passwords that were entered on the infected computer.

13.2.3 Depending on what information you have typed into your computer in the past, you may need to report a possible "identity theft".


14. Check that your anti-virus software is working again.


15. Go to How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach for tips on preventing re-infection.

In addition to a firewall and anti-virus scanner, SpywareBlaster, and SpywareGuard will help keep malware off of your computer. Weekly scans by your anti-virus scanner, Spybot S&D, Ad-aware, and Belarc Advisor will help detect malware that gets on your computer.

Remember to keep your operating system, security software, and Internet-capable software up-to-date.

The link is actually posted in the FAQ, but for those that skipped to the end for the link, here it is. www.broadbandreports.com/faq/security/8428
That is the FAQ, with all original links to the programs described. The Reprint I used does not contain any links (unless they were plain text at the time of my copying.) I hope this can help those of you who have been having similar problems, and I suggest perhaps putting this in a sticky here on the computer board, so anyone who needs the info will have it available.

HeX
__________________
can you feel the razor burning down my arm?
can you feel the blood dripping down my arm?
can you feel my tears as they fall on your lips?
is Offline   Reply With Quote
Old 08-28-09   #10
icedemon
New Blood
 
icedemon's Avatar
 
Join Date: Aug 2009
Location: south africa-Durban
Posts: 8
icedemon has disabled reputation
Credits: 991
Quote:
Originally Posted by Aeternus View Post
Install a virus scanner. Or update the one you currently have.
use avast
is Offline   Reply With Quote
Old 08-28-09   #11
Wicked Lady
A Motherfuckin' Chainsaw
AdminGuide
 
Wicked Lady's Avatar
 
Join Date: Oct 2000
Location: Djibouti
Posts: 19,273
Wicked Lady is on a distinguished road
Credits: 653,418
This topic is 5 years old, dink.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
is Offline   Reply With Quote
Old 08-29-09   #12
icedemon
New Blood
 
icedemon's Avatar
 
Join Date: Aug 2009
Location: south africa-Durban
Posts: 8
icedemon has disabled reputation
Credits: 991
l0l i nva realized dat ,jus dnt knw wat to talk abt
is Offline   Reply With Quote
Old 08-29-09   #13
Wicked Lady
A Motherfuckin' Chainsaw
AdminGuide
 
Wicked Lady's Avatar
 
Join Date: Oct 2000
Location: Djibouti
Posts: 19,273
Wicked Lady is on a distinguished road
Credits: 653,418
I think we should talk about the use of vowels and how the recent decline in that use has led to the downfall of modern society.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
is Offline   Reply With Quote
Old 08-29-09   #14
Uncletiggs
DF's Dirty 'ol Man
Admin
 
Uncletiggs's Avatar
 
Join Date: Oct 2000
Location: Hiding in the shadows
Posts: 11,229
Uncletiggs will become famous soon enough
Credits: 218,114
no no.. he has a trojan that won't let him type vowels..
It's that avast he's using..
__________________
Beware the ex's.. They ARE out to get you...

Nice guys finish last
It isn't just a saying.. It's a fact of life!

Those things that produced your ex......you know, the bitchmakers! Metagion

If you have sex with a prostitute against her will, is it considered rape or shoplifting?

You're not who you are, you're only what other people think you are

Your more Delusional than you think I am! {Duck Dodgers}
is Offline   Reply With Quote
Old 08-30-09   #15
fleamailman
Embracer Of The Dark
 
fleamailman's Avatar
 
Join Date: May 2009
Posts: 391
fleamailman is on a distinguished road
Credits: 28,504
"...welcome to the murky paranoiac world of Microsoft usage..." laughed the goblin continuing "...you get the malware because you use an operating system that is hidden from you to start with, one that only the malware makers, Microsoft itself and those protection pushers know about, simply the source code is a secret between them then, while you pay heavily for your dependence upon unknowns here...", by now the free and open system linux was all the goblin needed
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
is Offline   Reply With Quote
Old 09-06-09   #16
Sik Simon
Ate God
Overlord
 
Sik Simon's Avatar
 
Join Date: May 2007
Location: The hood, US
Posts: 17,808
Sik Simon is on a distinguished road
Credits: 26,877
fuck your GOD you vi izipiiiiiiiiiiiiii . Pkrt4145@gmail.com <gjldfluuuul;gggggggg8888888888888;999 flll ficl ypui gpd@
__________________
*Saunters by with a devil-may-care look in my eye.
is Offline   Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Recent Threads
Overflowing asylums
3 Weeks Ago 01:23
Last post by JeNn_DeViLz
7 Hours Ago 19:27
Hey fr0g
2 Days Ago 01:49
Last post by thefr0g
1 Day Ago 15:36
Obama sends a letter.
2 Days Ago 21:42
Last post by Sic Simon
2 Days Ago 21:42
what surprised you today?
04-11-13 17:55
Last post by Sic Simon
2 Days Ago 21:19
Science Disproves...
11-01-10 14:38
by Pahu
Last post by Sic Simon
2 Days Ago 21:16
Whats your job?
11-20-07 14:57
Last post by Sic Simon
4 Days Ago 20:26
what have you eaten...
12-24-03 19:43
Last post by JeNn_DeViLz
5 Days Ago 10:09
Darkforum Youtube!
03-25-13 07:48
Last post by JeNn_DeViLz
5 Days Ago 09:32
vote or die
2 Weeks Ago 01:56
Last post by JeNn_DeViLz
5 Days Ago 09:20
vote or die
2 Weeks Ago 02:02
Last post by Sic Simon
1 Week Ago 21:45
Online Users: 16
3 members and 13 guests
cotiffanyneckla, mc10077moncler, watchestag
Most users ever online was 1928, 06-09-15 at 18:20.
Powered by vBadvanced CMPS v3.0 RC2


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com

© 2006 - 2016 Dark Forum | About Dark Forum | Advertisers | Investors | Legal | A member of the Crowdgather Forum Community