Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Been Hacked....need Help.


  • Please log in to reply
2 replies to this topic

#1 Misanthrope

Misanthrope

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 14 June 2006 - 06:34 AM

Had problems for a while and suspected a backdoor trojan.No virus program I tried,spywarecan detects anything.Have formatted 10 times,removing any networking progs. like Messenger,DDE,Remote Access Connection,etc.Scanned with HJT,Nod32,Grisoft,Spybot S&D,Norton,Trojan Hunter,Lavasoft,and others.Deleted Restore file,too. A recurring RECYCLER folder returns after every reboot and is tied in with the SystemVolumeInformation file which only has a MountPoint..(something) and a UserDat file.I can only delete the Sys.Volume folder by taking ownership,but it returns after a reboot,also.Even though the Windows Restore program is deleted. Last nite I found all these drivers...Wan Miniport (ip) , Wan Miniport (ip)-packet scheduler miniport ,Wan Miniport (l2tp) ,Wan miniport (pppoe) ,Wan Miniport pptp. With the security logs it looks like a networking hack program using my Ethernet connection. Any help to rid my system of this?I suppose there's a bot that restores/rebuilds or whatever somewhere that stays even after formatting (?)Also even in Safe Mode some areas-memory,some system files-are denied access with scanning. I've disabled the above drivers and a couple that seem associated with them...non p&p drivers that showed up with problem triangle warning. Sorry for such a long story,but I work on it off line.At work now and downloaded HJT. Any help to search for and destroy this virus? TIA

BC AdBot (Login to Remove)

 


#2 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:03:06 PM

Posted 14 June 2006 - 08:15 AM

Had problems for a while and suspected a backdoor trojan.No virus program I tried,spywarecan detects anything.Have formatted 10 times,removing any networking progs.

Well formatting 10 times was probably unnecessary and so was removing all of those network programs. You should make sure System Restore is enabled and functioning on your computer. With all of the stuff you removed you may need to reinstall windows/go for round 11?? Not sure the extent of what you've done to your system. If it is fully functional for your purposes without all of that stuff and there are no adverse impacts to your daily uses of it then I guess don't worry about it. But you definitely need System Restore...

Last nite I found all these drivers...

Those drivers are OS installed drivers...

Had problems for a while

What problems have you been having? Can you describe them?

Edited by Harry83, 14 June 2006 - 08:16 AM.

--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:06 PM

Posted 14 June 2006 - 08:24 AM

A recurring RECYCLER folder returns after every reboot and is tied in with the System Volume Information file...

This is normal. The Recycler folder is used only on NTFS partitions. The Recycler folder contains a Recycle Bin for each user that logs on to the computer, sorted by their security identifier (SID). By default, it is a hidden folder unless you reconfigured Windows to show it. See
Differences Between the Recycle Bin and the Recycler Folder.

The System Volume Information folder is a part of System Restore - the tool that allows you to set points in time to roll back your computer. The System Volume Information folder is where XP stores these System Restore points and other information such as: Distributed Link Tracking Service databases for repairing your shortcuts and linked documents; Content Indexing Service databases for fast file searches; Information used by the Volume Snapshot Service (also known as "Volume Shadow Copy") so you can back up files on a live system.

By default, it is a hidden folder unless you reconfigured Windows to show it.

You should not be tampering with this folder. Doing so could cause problems with proper system functioning.

What makes you think you are infected with a trojan if your scans are not finding anything?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users