Posted 12 September 2012 - 08:53 AM
I outsmarted myself this time. I use Comodo internet security on both my wife's WinXP SP3 Lenovo T61 model 6465CTO and my Gateway/Acer NV54 running Win7 fully patched (both).
Whenever I download any software, I scan with Comodo AV, as well as Malwarebytes and Spybot S&D, both of which I run several times a month, as well as a Comodo AV scan.
We have lost two hard drives on the Lenovo in the last five years, and I suspected either environmental issues (CPU overheating) or incipient hard drive problems.
I have been using CoreTemp but can't get it to run right for multiusers on XP nor to make it usable for nonadmins on Win7 but that is not my problem.
I decided to look for a hard drive monitoring tool, and found S.M.A.R.T Assistant by Alexey V.Voronin (sic, no space before lastname). Searched Google, couldn't find any indication of malware (my other check for new freeware.) Downloaded, scanned with my big three mentioned above, all seemed fine.
Tried to use it and then my problems began...I read Bleeping Computer from time to time, and have just joined. But although I know I can get help here, I try to be self-reliant, and since I have worked as a consultant in the field for decades, I try to fix the problems I cause whenever I can.
So after much scanning, registry rollbacks, the use of Comodo Cleaning Essentials, TDSSKiller, SuperAntiSpyware and something with the executable name FSS.exe, whose source eludes me at the moment, and probably a couple of other tools, including File Assassin, which couldn't get the files at first, but could after I tried some other special unlock/delete tool first, on the Win7 box, I got all of it out of my Win7 box, but on the XP side, NO JOY.
Ran a couple of tools that indicated in different ways that on the XP, winsock.sys and some other files, mostly in Windows/system32/drivers, were missing on the XP. This was true even after also running WinSockFix, or something like that, which was recommended by a technician we have used in the past. But since I am semi-retired, I didn't feel like laying out a hundred bucks or so for the two machines, and had at it, to see what was what.
I have three sets of recovery disks from Lenovo, but haven't contacted them yet to see if they will send me the latest, or if I would have to go patch happy for a few hours. Nor do I know the details of if I have an option to refresh the OS without losing my files and/or installed programs, of which there are many, multiplied by three user accounts and a primary and backup admin account (I do do some things right).
Also, much to my chagrin, our external backup/storage device got put on a shelf in the midst of a stack of old paper files, and when they got moved, my lovely 1.5 external WD drive executed a swandive and died immediately thereafter. I plan to replace it, and to back up all the XP data before trying to recover the OS.
But I wonder if there is a place where I could enumerate the handful of missing files and just download and replace them. That is question #1.
Question #2 is any suggestions for additional tools to verify that I have gotten all the crap out, and where to look for vestiges of this particular virus, and/or tools to use. I have been downloading tools onto the Gateway and transferring them to the XP by USB key as needed.
Question #3 can anyone provide me with a bit of background re: the Lenovo WinXP recovery process, so I can check up on their technicians if there reply is just to reformat, reinstall the OS and start rebuilding all over. I did that after the last hard drive failure, and it made fighting viruses and spyware look like a day at the beach.
Question #4 is there any possibility or evidence that the router may have been infected and/or that private data may have been compromised. If so, I am probably looking at changing all bank account passwords, etc., but my wife is a CPA and has our money in several places, so that would be a bear I would rather not fight. So if anyone has any info on whether the software I tripped up on is just out to kill my machine, or if it is botting it and/or stealing personal data, that would be helpful.
As a footnote, I saw evidence the machine was trying to contact something like your-client-servers.de, which Wikipedia, I think, said was really a public ISP in Germany called hetzer.de, and which is probably full of bots. But I had the Spybot hosts file installed, and it and about two dozen other bad sites seem to have gotten sent to local loopback instead so I may be good there.
Also, I forgot to mention that I have recently also installed System Explorer FWIW.
And of less importance, anyone know of a safe freeware tool for monitoring the S.M.A.R.T data/sensors on hard drives?
As noted, I will get a new backup unit, and will check with Lenovo, even though we are out of extended warranty.
But the people on this site are the bomb, if I can still get away with saying that, and I would appreciate feedback. Especially, it would be a pain to reset my router and reconnect to our new DSL provider, but I will go through the drill if necessary. The modem is a Westell 327W, formerly Verizon, with walled garden removed. I use WPA2 with a strong password for wireless, but the book where I wrote down the modem/router password has disappeared as we are packing for an eventual move, so if a reset is required, I could and would reset it to the defaults, which I know. But I only want to do this if there is any evidence that the router is compromised. Any tools to test this? Also, another option would be to get a more modern router and start all over, but I'd rather not if I don't have to right now, as $ is tight, and now we need to buy a backup unit for the second time in year.
Still, if the consensus is that I am being foolish for not attacking the router before it can attack me, I willl bite the bullet. I just don't want to be doing it just for drill if there isn't some reason to do so.
Sorry for the length of this, but I am trying to provide as much relevant info as possible. Also apologies for not getting the exact version numbers and names of some of the tools I have used. I will do so on request, but I have hit a couple of all-nighters in the past week, plus trying to keep up as a husband to a younger wife in nursing school and a son who is a senior in HS, doesn't drive, and needs lots of basketball and weight gym times. So even after a little rest, I feel like a piece of toast, medium well done at best.
And in closing, since this is my first post, and since I have tried to conform to the Guidelines, if anyone has any suggestions on how I could have done this better, they will be received in the proper spirit.
Glad to finally be getting around to joining Bleeping Computer, and hope I can repay any help I receive by helping others in the future.