Re: Virus and Potential Hack of Computer

Thanks for your feedback to Annie on this Milo. What would be your best
suggestions for cleaning the machine? Would Windows LiveOneCare be able to
clean it fully or would it take a combination method of this and perhaps
things like Spybot Search and Destoy which I see Annie already run. Annie
also apparently ran Adaware SE (shudder --- too many false positives --
wrecked a computer once when I ran it and applied the fixes without the
proper backups to that computer in place --- I know better now and learned my
lesson well and would never suggest anyone to use it in the future.) Annie,
I am changing your title, to lowercase because uppercase is like shouting in
the discussion newsgroup and the title based on Milo's expertise of the
situation that has come to light. Annie, which antivirus program did you
run. I also like 2 other tools which are cwshredder and HiJack This which
Annie will need to run. Once, we can get your machine cleaned then we can
help to offer the appropriate safeguards via safety and security of your
machine to help prevent such problems in the future.

"Milo" wrote:

Annie the way you describe it alone but am not saying yet that you have one
but you may have a PE infection ( Virus ) and well recently we have a what
we call PE_Sality / PE_Patch infector that are being delivered by
polymorphic malicious files Trojan and Downloaders with combo rootkit since
it bypassed your Firewall.

If it opened up all your program on their own that was stage 1 ( that would
be in injecting itself already )
taking too much time and almost all of the file was modified to the recent
date ( it means injection compeleted file headers already modified )

next time maybe you ought to invest on a better Anti-virus or/and Firewall.


"Annie" <Annie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1497AA21-C261-40C4-BDFF-97C260C45F8B@xxxxxxxxxxxxxxxx
The tech had me come up with a long password for the network key. Is that
the password you're talking about? He does know it and I'm not sure how
to
change it on my own. (I'll figure that out later) If that's not what
you're
talking about, I have no idea if he changed anything else from default.
Guess I'll have to call the BrightHouse tech tomorrow.

I ran my antivirus: no virus
I ran AdAware: about 200 cookies
I ran Spybot: fixed 68

Computer was taking forever to reboot so I manually turned it off (by the
button). I knew right there something was wrong. All files were modified
with today's date, too. ???

Thanks so much for the info.

"Shenan Stanley" wrote:

<snipped>

Shenan Stanley wrote:
Oh - are you on high-speed Internet (Cable Modem, DSL, etc) and if
so - do you have a router between you and the internet? (Do you
connect directly to the Internet and get an actual external IP
address or an internal IP address?)

If you are unsure - do the following..

1) Find out your IP address internally:
- Clcik on the Start button
- Select RUN
- Type in: cmd /k ipconfig
- Note the IP address...

2) Find out your external IP address:
- Open Internet Explorer
- Visit the following web page:
http://whatismyip.com
- Note the IP address...

Are they different? Is your internal IP address 10.x.x.x or
192.168.x.x? If so - you are behind a router. Hopefully this
router has been properly configured and the administrator password
on it changed.

Annie wrote:
I'm using high-speed internet with a router. The tech brought
their own so it's brand new...Netgear. How could the password
change after he configured it? I'm lost.

Annie wrote:
I'm using high-speed internet with a router. The tech brought
their own so it's brand new...Netgear. How could the password
change after he configured it? I'm lost.

No - I said I *hoped* it had been changed fromt he DEFAULT... It comes
from
the factory with a default password set that anyone with the same router
(or
Internet access, or just guessing probably) could know.

If you have a router - you were probably not hacked unless the 'tech' did
it
or that default password was not changed. By having a router - it makes
you
virtually invisible to the outside world (public internet) and without
forwarding ports and services on the router itself - people are not going
to
be likely to get onto your computer. Those routers do not *require* that
you change the password from default to work - nor do they usually
require
any actual configuration - just plug them in and go.

Now - if the default (from the factory) password was not changed on your
Netgear router - it is possible you got infested/infected with something
that could give someone access to your computer despite the router being
there and/or change the router settings to allow more remote control.

If that router has been in place the whole time you were connected to the
Internet and it did have its default password changed to something only
you
know (or your IT tech..) - then it is unlikely that you have been
*hacked* -
however - you may have been infested with a Trojan, a worm or spyware or
adware. If so - that software could have easily sent out your
information
and/or whatever it wanted to whatever address(es) it was programmed to
do.
A software firewall *might* have helped in such a situation if it
monitored
outgoing traffic - but then again - it might not - as it may have been
modified by the installation itself to allow for it to go unnoticed.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html



.