Re: HELP! Terminal Service Trojan??

On Tue, 17 Apr 2007 20:26:52 +0530, eidolen

Unfortunately I am on the cusp of being out of steam to continue
persuing this anymore. As far as which tools I've tried I'd have to
respond..All of them. I have honestly tried every thing I can think of
so far but it's no good. I beleive that all of my Bart disks were
probably infected so I've never really had a clean environment to work
with in the first place.

OK, that's a problem if the Bart is built from an infected PC :-(

I'm really asking, in case you have some tools Bart'd that I haven't,
heh heh. Firth says "you can never have enough lice pictures", but
for me, I can never have enough Bart'ed tools ;-)

Backed up all my data on a 500gb usb drive.
Used Bart's Boot N Nuke with the DoD optioon.
Removed CMOS battery for an hour.
Installed Windows from factory CD.

No good!

At this point, I'd suspect:
- bad installation disk
- bad hardware

In fact, there's not a lot else in the frame... unless by "no good",
you mean you're getting a stable installation that's streaming out
malware traffic before anything else is installed.

In that case, I'd want to ensure you really are dealing only with the
PC, i.e. don't have a router exposed to WiFi, etc.

The list of Antivirus progs I've tried:
Antivir - Avast - Sophos - McCaffee - Comodo - Kaspersky (AOL ver) -
F-Prot - ClamWin - AVG - Trend Micro - DrWeb - Maybe others I forgot.

The list for spyware detection software I ran is just as comprehensive
so I won't list them. I am afraid to try any web based scans as they
all require IE with ActiveX enabled and I believe I would be
compromised further enabling that functionality.

IKWM. The only way I'd use an online scanner is to submit a suspect
file to the server to be scanned there.

Now, the real question remains....
Where is this thing living? I can understand that all of my machines
were compromised before I began, making it near impossible to work from
a clean environment but my attempt involving a new drive should have
worked unless it lives somwhere inside my BIOS or video card memory.

What's your router like? Many routers are in fact miniture Linux
boxen, and hackable accordingly.



------------------------- ---- --- -- - - - -
I'm on a ten-year lunch break
------------------------- ---- --- -- - - - -
.

Relevant Pages

  • Re: XP Unable to Connect to Internet
    ... I assume I can ping from a DOS box ... >> router which is functioning perfectly. ... >> Area Connection icon and it's functioning as expected ... >> No passwords were assigned at installation. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Cant connect to Internet, NIC seems to work fine
    ... Is the IP address assigned to the card correct? ... I have a Linksys router that is NATing two computers in my home. ... Check the Network parameters in the Computer's Device Manager. ... and No Ghost installation. ...
    (microsoft.public.windowsxp.network_web)
  • XP Unable to Connect to Internet
    ... I'm attempting to access the internet via a D-Link DI-704P ... router "sees" the XP computer regardless of the name I ... Area Connection icon and it's functioning as expected ... No passwords were assigned at installation. ...
    (microsoft.public.windowsxp.network_web)
  • FW: FW: [SLE] Urgent! Need help!
    ... >>router and that took care of the problem. ... re-boot and it just hangs with the word GRUB sitting there. ... removed that Windows partition, and moved everything to the top. ... a clean boot out off of the installation CD, I'd be able to then re-write ...
    (SuSE)
  • Re: Buffalo router?
    ... the only problems so far are the initial flash installation ordeal and ... says "hit this button to continue", ... and ignore the flashing lights on the router. ... I installed one such router recently to a customer using the stock ...
    (alt.internet.wireless)