Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Something That's Using Ip/network


  • Please log in to reply
1 reply to this topic

#1 finewines

finewines

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 20 March 2008 - 08:52 AM

I posted yesterday with a suspicion of being infected. Now i am very sure. WIthin days of geting a new laptop in late January something turned off my event viewer notifications (thoughI found some of my log files-bad,bad) and more recently haven't been able to access other accounts because the events services has been unable to load.
While I was looking at things yesterday in my administrator account I turned off networking and the ability to find me as well as sharing, though that was technically turned off, there was a box check then grey out. Well that is when everything went $*&$ yesterday. Suddenly I can't get back into my standard account and when i log in a temp account is created in my admin account.
There are also owners of folders and files that are 'numbers' or the system that are neither me or any user group that I can do anything to.
I have enough understanding of registries etc. and would have been happy enough to fix the run once file but i can't get to it. Even in safe mode it seems i don't have control. this morning I tried to go into my bios. Yesterday I had made an admin and hard drive password and also turned blue tooth off/ made invisible. Last night I noticed severalt imes that the blue tooth light was still turning on, even when my wifi catcher was off. So today I went in and tried to change my system password (and yes I did unlock it) and it doesn't matter what I input I get the new pasword is unaceptable!.
It will allow me to change my admin and hard drive pasword but that's it. and I also can't make changes/acces user accounts when I'm booted. in
I have Vista Home Premium and it looks like whatever got into my system was loaded within 3 or 4 days it coming according to the one log I found that said I had 2 users connected when it shut down?(sorry i am not booted at the moment and don't have the exact wording) but from then on it looked like whomever was just freely using me at will. And I mistakenly thought I had setup security alerts that had been disabled from the inside out.
I know I came across some kind of key logger but again I have no permission to 'do' anything even as the admin.
I also tried to do Vista repair but that didn't work. I rolled back my system but as it turned out this existed longer than possible to roll back.
I don't want to do a full reinstall though that may be the only option. But the bigger concern I have is the source. I don't want to do this again. I replaced my last laptop because something kiled the harddrive and xp did weird things to it and I don't know if this is another instance of the same thing.)

Help sooner than later would be truly appreciated.

thanks in advance - Iknow everyone is really busy.

Kimberly

(to the moderator - I posted yeterday and that can be removed since this is more up to date.)

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 20 March 2008 - 11:09 AM

This issue will require further investigation. Before that can be done you will need you to create and post a hijackthis log.

Please see the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users