Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My XP box has a trojan, worm, or virus


  • Please log in to reply
2 replies to this topic

#1 drphilosopher

drphilosopher

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 28 June 2010 - 10:19 AM

Hi Folks,

I have a 2002 XP box from Dell that is being flagged by my ISP for distributing malware. (Actually, I've since disconnected it from the network.)

Some symptoms:
1. When I'm logged on to the computer, I don't see anything happening using the task manager.

2. When I come back after an extended period of non-use the computer is using more memory --- about 50-100 Mb (I think). (It doesn't act like a leak --- just a one time increase in memory usage.)

3. When I come back after an extended period of non-use, the screen is sometimes locked. The computer displays the screen that says that only <computer-name>\Darrell or an administrator can unlock this computer. That is significant because fast user switching is enabled and I have not done anything to disable it. Normally, the login screen with all of the user accounts should be displayed. That means that some other process is changing the login process.

4. I scanned the computer using Malwarebytes, found the TrojanDropper virus and removed it, but that did not alter the symptoms.

5. As stated in the intro, my ISP complains about malware coming from my domain when the computer in question is connected to the network.

I have backed up all of my files and am tempted to rebuild the computer. However, if there is less painful way to fix the problem, I'd like to try that first. Also, I don't know if any of the backed up files are infected.

Any and all help is appreciated.

Thanks.

Darrell

EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

Edited by hamluis, 28 June 2010 - 10:28 AM.


BC AdBot (Login to Remove)

 


#2 drphilosopher

drphilosopher
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 03 July 2010 - 01:01 PM

A little more information: My ISP is actually complaining about a "bot".

BTW, the last time I left it on, the memory usage more than doubled, from about 300 Mb to about 600 Mb.

Any help would be appreciated.

Thanks.

Darrell

#3 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:03:01 PM

Posted 03 July 2010 - 02:11 PM

Hey,
It may help us a bit if we could see the log from MBAM. And another question, what is your primary antivirus, and has it been alerting you to any unauthorized access? If so, do you remember the texts of those alerts? if you do, you should report them back here so that we can try to better determine what is happening. But the memory thing that seems to be occurring is quite odd, and honestly, it is something I've never seen before. And another tactic. When your computer locks itself and tells you that only you or an admin can unlock it, what do you usually do then? The reason why I'm asking is because if I'm not mistaken, you have to configure it to automatically lock like that. Or that's my experience anyway. Let us know.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users