Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Having A Computer Invasion


  • Please log in to reply
2 replies to this topic

#1 NanZee

NanZee

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 26 November 2007 - 12:00 AM

Hello, This is just a general question, the computer in question (5 years old) is for now out of service, awaiting tech support and has so far only been reformatted and XP Pro minus SP2 loaded on. It had, a hardware firewall (Linksys hardwired), a software firewall (ZoneAlarm) and the NOD32 antivirus running. It has 3 GB of Ram and 2 160GB harddrives and a clock speed of 2.53 Mhtz. I recently lost function of my USBs except for mouse and printer, see entry below under External devices...same dealio.

The sound card is SoundBlaster...the graphics ATI Radeon 850XT ...

I was using external drives during part of the past year. (Until they recently failed on that system.)

Here are the symptoms I noticed:
1. When I would add or delete a file from a folder, the change would not show until I 'refreshed' the folder.
2. When I would download a file, I often had the message: "the file already exists, overwrite"? and it wasn't previously there.
3. I had mouse fights...when the mouse would move in a distinctly different pattern, than the way I was moving it.
4. I quite often would find with taskmanager that there were two sessions of explorer.exe running.
5. I did use different desktops, logged off before switching between them...but often was told on shut down that another user was still on the system and I would cause them to lose data.
6. There were frequent period of complete loss of control over the system, a mini lockup period of perhaps 30 seconds to 1 minute when nothing would respond.
7. I had disabled popups from IE and through the ZoneAlarm, but soon they were reinstated.
8. I began to be warned from ZoneAlarm that "Msn.com was blocked from logging your keystrokes etc."
9. I found ports opened, ICMP outbound in particular.
10. In Administrative tools, services, I found remote access that I had disabled, re-enabled.

When I reported this to my software computer tech, he suspected I was victim of a rootkit and we reformatted and reinstalled the operating system. Within the matter of two weeks, as soon as I had reinstalled my programs...these incidents were beginning again. Then while backing up again to external drive, my USB capability crashed.
Was I being invaded by someone gaining access to control of my system? Or could this all be due to a five year old mobo going bad? I am feeling quite vulnerable and paranoid, please give me your opinions. Nan

BC AdBot (Login to Remove)

 


#2 t3s

t3s

  • Members
  • 628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in MD
  • Local time:07:08 AM

Posted 26 November 2007 - 12:17 AM

Hello NanZee and welcome to BleepingComputer!

It sounds like you are most deffinately infected.

Please follow these Instructions to the fullest. failure to do so will only impair our ability to help you.

If you can download these applications from another computer I would STRONGLY suggest it, and keep it offline as much as possible. The second it connects to the internet, the infection will re-install itself.


“Technology does not drive change -- it enables change.”
-Unknown

 

"I'm a cannibal... I eat Crackers"

 

Hacker != Cracker

 

website is down until further notice. . . . 


#3 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:08 AM

Posted 26 November 2007 - 11:27 AM

When I reported this to my software computer tech, he suspected I was victim of a rootkit and we reformatted and reinstalled the operating system. Within the matter of two weeks, as soon as I had reinstalled my programs...these incidents were beginning again

After reformatting, did you change all passwords? You may have had an "SDBot" infection...it's always a good idea to change passwords every so often.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users