Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constantly hacked. Rootkit? Firmware virus? Scanned with many programs.


  • This topic is locked This topic is locked
1 reply to this topic

#1 effingmalware

effingmalware

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 25 August 2013 - 01:19 PM

Hi.  I just posted something and it was instantly deleted. I am being constantly hacked by a persistent hacker it seems, I guess this will be deleted as well but I will try again...

 

anyway, I have been messing around with windows xp again on one of my slower comps having downgraded it from win7.  I have reformatted several times and I believe I need to flash my bios as it seems likely I may have a brutal firmware virus because strange symptoms always return. 

 

woah... as I am writing this I happened to have malwarebytes open (I don't keep it open) and it just said ''successfully blocked connection to 'incoming' suspicious site''.  geez... I guess I am infected?  Maybe I should leave it up permenantly. heh.  Another bizarre thing I noticed was in task manager I had this filename b4523-43532b-512234g-7hbh34-43g.com running.  I looked where it was and it was located in super anti spyware's directory.  I don't think this is a normal SAS file is it?  I closed it and deleted it and SAS still seems to work.  What the heck was that?

 

Anyway, the PRIMARY symptom I notice is that occasionally I get these hard drive sounding shut down/restarts.  Maybe it's a cpu fan shut down/re-activate, I'm not sure.  What happens is the pc fan will entirely stop for several seconds, then I will hear a winding whine type noise and it will reactivate.  During this point the os temporarily freezes (even the touchpad) and It sometimes happens repeatedly over and over and over and then will not happen for hours.  Does this sound like suspicious activity?  I have run many many scanners and anti-rootkit scanners and adware malware scanners.   One thing to note is when I run mbar, it halts at desktop.ini and seems to get stuck there. 

 

JRT found some ie type things which it deleted.  nothing else really reports anything.  Is there a scanner which will scan the chipset/bios/hardware?  I guess this can't exist but I have read that a virus can attach itself to the firmware of even a videocard or hard drive (in addition to bios). 

 

Thanks for help getting me started... wow, mbam just said it successfully blocked access to a potentially suspicious site (AGAIN)... and this is popping up every few minutes now.   I haven't been doing anything else while writing this article and it is the only web page up.  I guess I will leave mbam up permenantly, heh.   it is blocking both 'incoming' and 'outgoing' accessing, and the ip's seem to be different every time. 

 

Sorry for the length of this message but there are alot of strange behaviours as you can see... thanks


Edited by effingmalware, 25 August 2013 - 01:22 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:45 PM

Posted 25 August 2013 - 01:23 PM

It wasn't deleted; it was moved.  Your topic is here: http://www.bleepingcomputer.com/forums/t/505576/xp-malware-possible-rootkit-strange-com-files-and-other-suspicious-activity/

 

This topic is now closed and will be deleted later to avoid confusion.

 

~ OB :cherry:


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users