Sign In
Register
Help
This topic is locked
I haven't noticed anything lately, and am hoping to make sure that there is no further evidence of any backdoors so that I can begin accessing e-mail and online banking from this computer again. Do these latest log files look clean?
Suspect my computer may be hijacked
MultiQuote
#17
TheJoker 
- Forum Deity
-
- Group: Global Moderator
- Posts: 11,864
- Joined: 21-February 05
Posted 29 September 2009 - 05:09 PM
There is nothing else in the logs that I see. Please realize though that after you have been infected by malware with a backdoor functionality, and you had that and a rootkit, that while the infection can be detected and killed, it may not be possible to determine what other changes may have been made to your system. We can only clean what scanners detect and clean, and what we see in logs that we have you run, and it's always possible that something may not have been detected. While your logs now appear clean, the only way to absulutely guarantee that is to reformat and reinstall from scratch.
Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You need to go to Windows Update and install Windows XP Service Pack 3 and all security updates that have been released since then to take advantage of security fixes that have been released, or your system is needlessly vulnerable.
I would recommend that you install and run an anti-spyware/anti-malware utility like Windows Defender (which is free), or even the paid version of MBAM which provides real-time protection (or better yet, both).
I would also recommend that you browse with Firefox with the NoScript add-on to prevent scripting attacks, and an add-blocking add-on such as Adblock Plus for the best security, and only allow scripting on sites that you trust. And remember, any legitimate site can be compromised with a cross-scripting attack, so it you don't need scripting on a web site, it's best to not allow it, and ads, even those on legitimate sites can often be infected, particularly if they outsource the ads. Look at the recent news coverage recently from infections caused by an infected ad on the New York Times as an example.
Create a Restore Point
Run Disk Cleanup
There are several free utilities you can use to help keep malware off your system:
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?
Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You need to go to Windows Update and install Windows XP Service Pack 3 and all security updates that have been released since then to take advantage of security fixes that have been released, or your system is needlessly vulnerable.
I would recommend that you install and run an anti-spyware/anti-malware utility like Windows Defender (which is free), or even the paid version of MBAM which provides real-time protection (or better yet, both).
I would also recommend that you browse with Firefox with the NoScript add-on to prevent scripting attacks, and an add-blocking add-on such as Adblock Plus for the best security, and only allow scripting on sites that you trust. And remember, any legitimate site can be compromised with a cross-scripting attack, so it you don't need scripting on a web site, it's best to not allow it, and ads, even those on legitimate sites can often be infected, particularly if they outsource the ads. Look at the recent news coverage recently from infections caused by an infected ad on the New York Times as an example.
Create a Restore Point
- Go to Start > Programs > Accessories > System Tools > System Restore
- Select Create a Restore Point and then Next.
- In the box for "Restore point description", enter a descriptive name and press Create
- When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
- Go to Start > Run and type the below line:
cleanmgr - Click OK
- If you have more than one drive, select the drive Windows is installed on
- Click OK
- If you have more than one drive, select the drive Windows is installed on
- When Disk Cleanup opens, select the More Options tab
- In the System Restore section (bottom of window), click Cleanup
- In the confirmation window that opens, click Yes
- Now click on the Disk Cleanup tab and select the following items:
- Downloaded Program Files
- Temporary Internet Files
- Recycle Bin
- Temporary Files
- Downloaded Program Files
- Click OK
- in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005
Posted 30 September 2009 - 09:14 AM
#19
TheJoker
- Forum Deity
-
- Group: Global Moderator
- Posts: 11,864
- Joined: 21-February 05
Posted 30 September 2009 - 05:18 PM
Quote
Thanks a lot...I really appreciate the help!
I'm very glad we were able to assist you.
Quote
I will definitely be donating to this forum!
And we sincerely thank you for helping us to continue the fight against malware.
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005
#20
TheJoker
- Forum Deity
-
- Group: Global Moderator
- Posts: 11,864
- Joined: 21-February 05
Posted 16 October 2009 - 05:52 PM
Since the issue appears to be resolved this Topic is closed.
If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.
MS MVP 2009-20010 and ASAP Member since 2005