Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intruder has re-wrot emy registry and other files- Can I recover?


  • Please log in to reply
3 replies to this topic

#1 GrahamC

GrahamC

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 26 March 2009 - 11:12 AM

I have a linksys wireless home router that is running Cisco software, and I have norton Internet Security on my system. I noticed in windows, the System.Sav file, and my system doing funny stuff. So I started looking through my computer, and I looked at the Norton logs and it shows someone locally with the SSID GreatOldOne, and it is usually at that point that my computer starts acting funny, however I also dont know if they are not local. I just know that I keep finding my norton internet security setting changed all the time, as well as the log showing that someone has got through the firewalls. I shut down file sharing and all services that have to do with remote desktop, or anything remote as well as unchecking netbios. Then I hear some beeps and I go back and its all changed back.

I worked for Compaq years ago for tech support on networks and advanced problems, and I remember an f-disk companion that erased the actual regsiters on the HDD, I remember that they were like a-b-c-d-e registers, and it fully erased any part of the HDD that a virus could be hidden. I think that my Norton has been re-written so it doesnt detect the virus that this person inserted in my system. WHo ever they are, they are very smart. I have a feeling it may be someone I go to school with, as I did something very stupid. I took software from a classmate (I am finishing my degree in Computer Sciences Info Tech., and starting my masters in it) and it was written to auto insert the key code. So it probably had a program written on it to send out my IP address to the guy and allowed him entry.

Is there anything I can do other than backup family pics and some of the software I know is clean software, and get the cds from HP and do the complete f-disk and format, while erasing the registers from the HDD????

your help would be greatly appreciated,

Graham

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 March 2009 - 12:32 PM

Hi,

Well, there are enough things to try first. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 GrahamC

GrahamC
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 13 April 2009 - 01:20 PM

Sorry it took so long to get back here, was out of the state, taking care of a family member. Thank you for the post. I tried the scan, and I am posting it below, however it didnt seem to find anything. I am running a custom scan on all of the drives, as the HP Pavilion has this ridiculous Extra partitioned part of the C: drive as drive to hold the restore for Vista?!?!?!?! They want me to pay to get the hard copy of windows!!!! Anyway, I will need to look into the Switch and the different DMZ options as well as hardening it, Although it is possible that the individual is getting in computer to computer!??? All I know is that I hear the drive spinning up, everytime I see this guy picked up in my wireless network results.

This scan scanned 72,000 or so files, and the custom is already at 160,000 files, so perhaps it will pick up something. I will repost when it iss done.

here is the quick scan log from Malware SW:

Malwarebytes' Anti-Malware 1.36
Database version: 1976
Windows 6.0.6001 Service Pack 1

4/13/2009 1:06:06 PM
mbam-log-2009-04-13 (13-06-06).txt

Scan type: Quick Scan
Objects scanned: 72843
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again,

grahamc

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 13 April 2009 - 01:25 PM

Hi,

Could you do a new full scan? Post that logfile in your next reply. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users