hacked again 3rd time in six months

i guess this should be in rant,
third time in six months iv been hacked,

some form of root kit i cant seem to expose,
thing goes into stealth mode when ever i try to find it,

and no im not paranoid, none of the scans show anything out of the ordinary,
bandwidth being nibbled,

account log in freeze and internet stalls and then slow loading of pages videos ect

will sniff for external server associations.

can any one relate, another rebuild

noy what i need ATM

my defences are deficient ,
any ideas how i can add protection (outside of DPI)?

xploder

Not an expert on the topic, but any chance someone's leaching your wireless connection?

If so, there's not really any software that can help you with that, but your wireless router probably has some options you can use, like blocking it to accept only your MAC addresses.

Anyway, If I was you, I'd wait for someone more knowledgeable on this topics

G'luck friend.

I VERY STRONGLY recommend combofix! it's never failed to clean my systems.. not once

www.bleepingcomputer.com...

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

I have used it dozens of times to clean co-workers machines, and several times for my own infections.. it has never once failed.... you literally just download it and execute it .. it runs pretty much on it's own .. you might be prompted once to download and install Microsoft's recovery console which is what it works through to get at the infections.

Once you've cleaned your system then microsoft security essentials is actually a very good tool for preventing future infections.. it's actually my favorite because it has such a light footprint and has outperformed all the others in my experience.. I've not had one single infection in two years since I started using it .. and neither have my co-workers since I installed it on their machines.. it's free and very effective

windows.microsoft.com...[

If combofix fails, which would surprise me honestly .. There are also two other tools I've used:

GMER:
www.gmer.net...

TDSSKiller:
support.kaspersky.com...

Both of those are designed specificially for rootkit removal ..

MalwareBytes deserves an honorable mention, it's saved my butt a few times
www.malwarebytes.org...

I'm a systems administrator by the way .. I *AM* the IT department for my company.... so I'm used to fighting infections co-workers have had.. I have literally not had to do battle with a virus all year now... last year and the year before I was doing it almost weekly.. security essentials has done a great job.. also make sure you keep Java up to date.. hackers love to exploit Java... and flash for that matter.

reply to post by miniatus


thanks,
im trying it now

microsoft security esentials?
well i will install it, will it conflict with my other anti maleware/anti virus software?

xploder

Originally posted by XPLodER
account log in freeze and internet stalls and then slow loading of pages videos ect

Happens to me frequently. It's called poor internet connection. This is more noticeable if you're in an apartment community or large neighborhood.

If Super Anti-Spyware and Malwarebytes find nothing, then most likely you really have nothing to worry about other than a poor internet connection.

Originally posted by XPLodER
reply to post by miniatus

 

thanks,
im trying it now

microsoft security esentials?
well i will install it, will it conflict with my other anti maleware/anti virus software?

xploder

You shouldn't really run more than one virus scanner at a time, that can cause issues .. I don't recommend it, but I know people that do .. if you're getting hacked that often it wouldn't hurt removing the other virus scanners and running MSSE instead for a while... it also handles malware/spyware .. not just viruses.. for at least two years now I've only been running MSSE and nothing else.. I've not had any infections.. I run malwarebytes once every couple of weeks just to do a one-off scan but I've never had issues.

One of our employees used to get infected on a weekly basis because her job requires a lot of data mining and research, so she's browsing everywhere.. since I removed her old virus software and switched her over she's not had a single infection... it's realtime protection and will stop it the moment it gets on your disk.. even if it's in a zip file.

Originally posted by _BoneZ_
If Super Anti-Spyware and Malwarebytes find nothing, then most likely you really have nothing to worry about other than a poor internet connection.

I don't tagree.. those are great tools for malware but rootkit detection is something else entirely.. a rootkit can alter the system in such a way that it's invisible to the file system .. and both of those scanners scan the file system.. rootkit detectors go beyond that .. if he has a rootkit infection, those two will almost certainly not find it.

Those two tools, both excellent.. are useful for removing most malware.. viruses, spyware, adware.. things like that.. and it's useful to run them once or twice a week .. the only way to prevent an infection from rootkits are to detect the virus that injects them into the system before it gets a chance to do it's business.. those run-as-needed software packages won't do it ..

Combofix is still my #1 goto tool ..

One last thing ..

Don't store combofix and run it later if you have issues, it's not safe to do that because a rootkit or virus might target that executeable and disable/alter it .. always download a fresh copy ..

Secondly, check out portableapps.com and look through their virus scanner section.. you might want to put some of those tools on a flash drive and keep them handy .. some viruses like to wreck your internet connection.. I have a flash drive specifically for those sorts of things and I have a readonly switch on mine.. I always leave it readonly so that nothing can infect the files when I plug it in ...

Here's the portableapps security section.. ClamAV is pretty decent

portableapps.com...

GOOD LUCK!

Originally posted by miniatus
if he has a rootkit infection, those two will almost certainly not find it.

Keyword: if.

Having slow internet connections and freezes at times shouldn't automatically make one think they're being hacked. Even though the OP said he wasn't being paranoid, I would posit otherwise. At least slightly. I get internet slow-downs and freezes occasionally. Am I going to start getting nervous and think I'm being hacked? Not in the least, because I know my system is clean.

It's good to run all of those programs once in a while just to make sure your system is clean, but you shouldn't start getting nervous about a slow internet connection.

Originally posted by _BoneZ_

Originally posted by miniatus
if he has a rootkit infection, those two will almost certainly not find it.

Keyword: if.

Having slow internet connections and freezes at times shouldn't automatically make one think they're being hacked. Even though the OP said he wasn't being paranoid, I would posit otherwise. At least slightly. I get internet slow-downs and freezes occasionally. Am I going to start getting nervous and think I'm being hacked? Not in the least, because I know my system is clean.

It's good to run all of those programs once in a while just to make sure your system is clean, but you shouldn't start getting nervous about a slow internet connection.

That's true, but even I would probably consider a scan at that point just to rule out my personal computer as an issue .. About the wireless issue PlanetaryStorm mentioned earlier, that did happen to me.. I noticed my iPhone was losing wireless connectivity, or I couldn't get to sites.. but my wired connection was just fine.. turned out to be someone bruteforcing my wireless AP .. so I enabled the option to hide my ssid, enabled the mac-address whitelisting and changed the password...

Never any harm in scanning the system though.. a lot of viruses/rootkits will interfere with your internet connection.. one of them I dealt with would modifiy your proxy settings to push you through a proxy that injected advertisements into the content.. if you turned the proxy off it would just re-enable it ..

Never fun to have a diseased computer ( shameless plug: soundcloud.com... - free so no profit for me )

thanks guys,
rustoc b infection removed.

have downloaded and updated security essentials

thank you thank you thank you



gmer found it and removed it

have put tools on usb and renamed the exeS

yay



xploder

I'm glad the problem was resolved, but I thought I'd put my two cents in anyway.
Some routers have the option to turn off ICMP requests. Basically this just means that if someone pings your IP address they won't get a response. If someone is targeting your specific machine, this can help. Reboot your modem. Normally this will change your IP address unless you have specifically purchased a static one. If, for some reason you get the same IP again you may have to contact your service provider and ask if there is a way they can make sure you get a new one. Most routers have firewalls. These firewalls should restrict all access except through the ports that you specifically open, however, some operating systems can now communicate directly with a router and tell it to open up port for specific programs. While this is certainly convenient it also means the spyware and viruses can open those ports too. This is usually called Universal Plug and Play and most routers that have it, also have a way to turn it off.
Windows OS:
In a windows based machine, sometimes running anti-virus and anti-spyware scans in safe mode can be much more effective. Safe mode usually only starts the services that windows must have to run and will ignore all start-up entries. This way if there is a piece of malicious software running, it's more likely it will get removed. Spybot Search and Destroy. ( www.spybot.com... ) has a scan on next boot option that will run after windows loads only the very basic services (less services than safe mode I think) and before start-up items are processed. Avast Anti-virus also has a "sandbox" so if it finds a program that is suspicious it can run that program in a protected environment.
You can also use Msconfig to look at the items you have set on startup. It's possible that one of those items may actually be causing a slow log-in to the operating system.

General Internet:
Cable Modems use shared bandwidth and during peak times you could actually take a hit in the speed that your getting. This is because cable companies use a fiber connection to a Cable Management System (CMS) which is a building with servers. Then the bandwidth is split from there so that everyone connected to the CMS shares the total bandwidth. While Cable companies attempt to make sure there is enough bandwidth for everyone on the system, they still use routers and switches to manage the bandwidth and it won't always be perfect.
DSL.
This is still a modem that uses the old copper telephone lines and the quality of those lines could easily cause the connection to fluctuate. Of all the high-speed internet options, this is the most un-stable.

I hope people found this information useful.

If worse comes to worst, you can always:

1) Turn off your computer
2) take your computer's case off and open it up,
3) take out the CMOS battery
4) turn the computer back on (this will reset your computers BIOS - if this is what is infected then no matter what else you do to your computer it will automatically become reinfected)
5) turn the computer off
6) turn the computer back on
7) Reinstall your operating system.

That was a backdoor to your system btw be sure to change your system password and e-mail passwords and other accounts that you use.

Stupid question, then again i'm stupid when it comes to PC repairs.....

It says this in the review, "Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper."

Is this pretty much a cover thier ass statement in case anything happens? I just don't want to mess up something i can't fix.

Thanks,

CX.

Originally posted by CX
Stupid question, then again i'm stupid when it comes to PC repairs.....

It says this in the review, "Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper."

Is this pretty much a cover thier ass statement in case anything happens? I just don't want to mess up something i can't fix.

Thanks,

CX.

Troubleshooting and repairing viruses handy work can be cumbersome and just a pain to fix. Many fixes entail going into your system registry to fix the problem or some configuration settings that can be outside the scope of a basic end user. Reason being, destructive viruses can do lots of damage to your system. If not removed precisely on next boot up you may find yourself infected again. They aren't saying that to cover themselves they are doing that for your protection. Mucking around in your system files and registries can render your system inoperable and useless. They just feel that you should have outside help from a person with more expertise and knowledge to be safe.

Try restoring the computer by using the system restore point. By searching for 'system restore' under the start button. Then do another scan to see if your system is clean. Anything that made a backdoor or a key logger type virus on your system you want to change passwords to accounts online and system passwords. You want to do this at the earliest convenience on the machine once it is cleaned or on another system that is known to be clean. There are a ton of websites out there that can connect to your system remotely and get things fixed. You have to shop around as prices vary just Google for 'remote virus removal'. A typical problem such as this costs probably around $100. To some this may seem expensive but really this is not that bad for peace of mind. It would be a flat rate and the work done is guaranteed.

Man that gmer program put me into a WORLD OF HURT!

I am sure I had malware of some kind, and got it squared away. But I was running gmer and my entire system just went ~poof~. Windows went unstable and wouldn't load ( in any manner ) just a black screen and a blinking cursor.

Not saying it's bad software. I've since run it again with great results - and have used it to help a friend with their machine.

When I got my system back ( no easy trick ) the only thing that was still evident is that it had deleted all of my web browsers that were Chrome based. So I'm thinking I had an add-on that was problematic ( malware ).

But, wow, was it a tense few hours.

I don't know if this is a unique experience or not, but I thought I'd share it for those thinking about running any of the things listed here. Caution is the keyword. And if you're not savvy enough to save a dead system? Maybe find a tech smart neighbor or relative to help!

~Heff

reply to post by XPLodER


If I was you id do the following:

1. ping your router first, make sure your PC is talking to it at a reasonable speed.
2. then, ping a DNS server, ie usually use IINETS (203.0.178.191) make sure your ROUTER is taking to your internet at a reasonable speed
3. Pick a test website, IE bmw.com (because it has flash) try opening the site and at the same time do a ping test and a tracert
4. Maybe move your PC to your router (assuming your using wireless) plug it in directly and see if its a noticable difference.
5. Download hijack this and do a scan, see if you can pickup anything unusual in your browser.
6. try downloading chrome, and launch the same websites with chrome (ie and firefox can be curropted via malware)

after those steps you should have a good idea where the issue is.

Make regular backups! I always make a regular backup of my whole laptop with an image and make sure it is 100% clean before I do it. If anything is not right I can get my image back and my PC working in about 20 mins or so.
I always make 2 at the same time because many years ago I had a bad virus and went to get my copy of the back up and it was corrupted so had to start from scratch again, but I learned a good lesson and to make 2 plus try them out once they are finished. Never failed me yet...I make them on 2 seperatel external hard drives as well.