BleepingComputer.com: User that doesn't belong here

Could you be more specific on resetting my router?

Why am I not having this problem on my other system?

This post has been edited by seether: 29 December 2011 - 05:24 AM

Then it is unlikely that the router is the culprit. I mentioned this only as a (part of a) measure to make absolutely sure nobody can control your computer.

I have explained you three times now what to do to troubleshoot this problem:

Quote

Okay, I have done as requested and my PC is running 100% cpu usage when I attempt to use the internet, run a scan, or anything that it would seem is prohibited by the "other user".
Discovered:
February 11, 1999
Updated:
May 6, 2002 3:37:23 PM
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Backdoor.Trojan is a detection name used by Symantec to identify malicious software programs that share the primary functionality of enabling a remote attacker to have access to or send commands to a compromised computer.

As the name suggests, these threats are used to provide a covert channel through which a remote attacker can access and control a computer. The Trojans vary in sophistication, ranging from those that only allow for limited functions to be performed to those that allow almost any action to be carried out, thus allowing the remote attacker to almost completely take over control of a computer.

A computer with a sophisticated back door program installed may also be referred to as a "zombie" or a "bot". A network of such bots may often be referred to as a "botnet". Botnets have been well publicized in the news over the years, with different instances being given specific names such as Kraken, Mariposa, or Kneber, along with claims of hundreds of thousands of nodes belonging to certain networks.

Typical back door capabilities may allow a remote attacker to:
Collect information (system and personal) from the computer and any storage device attached to it
Terminate tasks and processes
Run tasks and processes
Download additional files
Upload files and other content
Report on status
Open remote command line shells
Perform denial of service attacks on other computers
Change computer settings
Shut down or restart the computer

Backdoor Trojan horse programs have become increasingly popular amongst malware creators over the years because of the shift in motivation from fame and glory to money and profit. In today's black market economy, a computer with a back door can be put to work performing various criminal activities that earn money for their controllers. Schemes such as pay per install, sending spam emails, and harvesting personal information and identities are all ways to generate revenue.

Yes, and the only cure for said backdoor threats is a complete reformat/reinstall.
However, we did an offline mbr dump, which would have clearly shown mebroot/sinowal botnet infection, as well as other advanced rootkits. The MBR was clean, so you can rule this out.
Besides, sinowal/mebroot leaves behind clear signs in, for example, a GMER log even if the computer is cleaned.

Do the clean boot, then post me a new DDS log so I can see what is still running.

Okay, I did the clean boot (per microsoft instructions), and as soon as I initiated the DDS scan my PC went super crazy off the charts on CPU usage; I've never heard it that loud before and wasn't sure it wouldn't blow up before completing the scan.

In that case you may want to clean the inside of your computer, as the accumulation of dust can also cause this kind of problem. See this tutorial: Cleaning the interior of your PC
Especially the loud noise you accuse can be an indication or dusty fans.

Another thing worth trying is disabling keyscrambler, as it also can cause high CPU usage.

I took my pc apart and made sure it was not dirty, checked the fan etc... I have been using key scrambler on my other pc as well as the infected one and neither ever showed any sign of increased cpu usage. So both of these ideas can be ruled out.

I would never rule out software problems just because it ran fine in the past. I have seen more than one case where key scrambler caused CPU spikes, so I would not disregard it, however, that is up to you of course.

There is however no malware that causes your computer to make loud noise, this is always a hardware issue.

I understand what you are saying. I have however encountered more than one virus that did the very same thing (high cpu usage, computer running like mad, instability, and so on). So experience tells me that after trouble shooting the hardware, that this is most likely a very nasty trojan indeed.

There is no trojan on your computer. We checked every possible location, there is none. This is either software corruption or hardware corruption, also confirmed by the fact that your userprofile had become corrupt.


ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

• Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
    
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    
  • an Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  
  
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Elise,
I wanted to sincerely thank you for all of your patience, help, and support in assisting me with this issue. Bleeping Computer and all those who use this service are very fortunate indeed to have someone as qualified and wonderful as you to help them!
2 weeks ago I took my PC to a friend who happens to rebuild computers for a local PC vendor. He wiped my drive for free and used some diagnostic tools to check my PC hardware components. He said everything checked out and that I must have a software issue. Since he's a friend he didn't charge me, but I repaid him with a gift certificate to his favorite store.
Any, I happened to run Symantec Power Eraser today, and it marked 47 assorted files and registry keys for deletion, so I hit run and it did its thing and rebooted my PC. I'm not sure what the exact problem was, but now it is a quiet as a church mouse. I tested it by running multiple browsers, and windows applications (Word, Excel, etc..) simultaneously and it is still quiet. I believe the problem is completely resolved!
If it hadn't been for your support, I probably would have just given up, but your encouragement kept me going! Thank you so very much!!! I will definitely be recommending Bleeping Computer to all my friends!
Again; sincere thanks Elise!!!!!!!!!!!!!

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.