Post infection angst - am i hacked?

BleepingComputer.com: Post infection angst - am i hacked?

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Post infection angst - am i hacked? Post infection angst - am i hacked?

#1 theothersimon

New Member

Group: Members
Posts: 5
Joined: 09-April 11

Posted 09 April 2011 - 12:48 PM

The question
In the aftermath of a Malware attack I am anxious to definitively check that my machine is now clean.

The attack was the Spotify distributed 'Windows Recovery' trojan which did some serious-ish damage to my my machine.

Can anyone give me any suggestions on how to definitely check my system for back doors and any other undesirables?

What I have done so far
I have eliminated the remnants of the actual malware with a combination of tools. And undone most of the permissions changes that it did (at least the ones I know about).

I have done full scans with anti malware bytes, spybotS&D, Avira adaware. Now seems ok.

Comodo is giving me a number of alerts that I don't have the background to analyse.

Some background
My machine - XP SP3 (running on Bootcamp on a mac laptop - windows is my primary machine - the mac is for testing.

I am running Avira which updates daily, and Comodo firewall. I have a host of other anti spyware and related tools that I update and use regularly.

Any help or suggestions really appreciated.

thanks.

Below is the tcpview info:

svchost.exe 1528 UDP 192.168.0.2 123 * *
svchost.exe 1528 UDP 127.0.0.1 123 * *
svchost.exe 1348 TCP 0.0.0.0 135 0.0.0.0 0 LISTENING
System 4 UDP 192.168.0.2 137 * *
System 4 UDP 192.168.0.2 138 * *
System 4 TCP 192.168.0.2 139 0.0.0.0 0 LISTENING
System 4 TCP 0.0.0.0 445 0.0.0.0 0 LISTENING
System 4 UDP 0.0.0.0 445 * *
alg.exe 2228 TCP 127.0.0.1 1028 0.0.0.0 0 LISTENING
firefox.exe 2016 TCP 127.0.0.1 1039 127.0.0.1 1040 ESTABLISHED
firefox.exe 2016 TCP 127.0.0.1 1040 127.0.0.1 1039 ESTABLISHED
firefox.exe 2016 TCP 127.0.0.1 1041 127.0.0.1 1042 ESTABLISHED
firefox.exe 2016 TCP 127.0.0.1 1042 127.0.0.1 1041 ESTABLISHED
svchost.exe 1528 UDP 127.0.0.1 1105 * *
cmdagent.exe 1492 TCP 192.168.0.2 1185 91.199.212.171 80 CLOSE_WAIT
cmdagent.exe 1492 TCP 192.168.0.2 1186 140.99.94.175 80 CLOSE_WAIT
svchost.exe 1912 UDP 192.168.0.2 1900 * *
svchost.exe 1912 UDP 127.0.0.1 1900 * *
svchost.exe 1912 TCP 0.0.0.0 2869 0.0.0.0 0 LISTENING

This post has been edited by theothersimon: 09 April 2011 - 01:39 PM