30 Jun 07
3 edits
Originally posted by WoodgieDidn't you mean [WORD TOO LONG]
Here is my suggestion, What Mr. Strangelove et al suggested would be correct.
Also download ZoneAlarm’s free firewall and install, but choose the manual option to allow programmes access.
This will show what has access to the network from your machine, then disable the programmes which you might suspect being the trouble.
(To do this, once installed, doub ...[text shortened]... 1001011101000010000001101001011100110010000001101000011001010111100000101110
Edit: missed a 0
EDIT: Word too long?
EDIT 2: Still too long?
EDIT 3: Hey, look it up.
30 Jun 07
Originally posted by IM4Y2NVNice site. Well ran the free trend micro spyware program and it is taking all night and into this morning to clean up whatever it has found and it did find some nasty shyte for sure but the cpu is so dragged down right now, it looks like 50-50 if it can complete its job.
When I had an issuse Dell tech support had me goto this site.
http://gur.in//download/
I downloaded windows defender, what a joke. It ran for about 5 minutes, it does not have a full clean function, just ''Quick scan" and comes up with "computer is running normally' Rigggght. I'm not hooked up to the net and 300,000 bytes per second have been uploading for 3 days straight and the computer is running normally.
So I used Spysweeper which also found stuff but not THE stuff. No effect on te upload when it did ITS cleaning.
Same with Trojan Hunter. Those are a lot stronger than any of the free stuff like Spybot, adaware and so forth so I seriously doubt that stuff will have an effect. I killed the connection to that computer, I'm on another comp now in the house which is running normally, I keep this one safe from most internet attacks by having it off 99% of the time as it is a heavy hitter for my wife with lots of graphic programs for her business broshures and family photo's so I am able to at least talk to you guys. It looks a lot like the only thing left is to get in safe mode and retry maybe spysweeper with restore turned off and see if that helps. The offending file is well hidden for sure, no signs of it yet in registry. I went to sysinternals, which if anyone knows about that site, it USED to be a good site till microsoft bought it out, lots of utilities like file monitors and port sniffers, stuff that could help make sense of it all, it is still there but now every download you have to hit a microsoft licence agreement to download, not that big a deal but the freestyle nature of the site is gone. I also used Hijack this and killed a bunch of suspicious entries but no help. I am thinking it might be a root kit and have downloaded a rootkit detector from sysinternals but I don't know enough about it to use it properly. Anyone know of a one button root kit killer? It is labor intensive to do with that rootkit detector on sysinternals. So I am actively fighting this insidious scumware but still have only a couple of tricks left like restore and safe mode spy sweep before I conclude the only option left is to kill the HD and reload windows.
30 Jun 07
1 edit
Originally posted by Dr StrangeloveNice, thanks. I WON! YEA! I put the comp in safe mode, but first I had installed a new copy of spy sweeper, fully updated it, then gave it the 45 solution🙂 JS45 that is, gave it a lobotomy, pulled the network cable, that stops the upload flat. Then went to safe mode and ran this fresh spy sweep and it found the same stuff it found in regular mode but I noticed in that sweep for whatever reason, it did not kill anything.
[b]http://www.antirootkit.com/software/Rootkit-Uncover.htm
Still in beta, but I used it months ago with no problem.[/b
Well with the net disconnected the cpu power for spy sweep went back to more or less normal and this time it killed whatever was zapping my comp.
BTW, I did a bit of work on my computers to ensure our main heavy duty machine which my wife uses for her business broshures and posters for the kids, schoolwork, family photo's, etc, stuff we would not want to be contaminated by crapware from the net, I did it like this:
I got a data switch, and hooked up the keyboard, mouse and monitor to it and then use it to swap between two comps, the one we don't want attacked which is off 90 % of the time and therefore 90% safer by definition than the other machine which has nothing super special on it, only email, games and such and if worse came to worse would not lose anything like if I had had to erase the HD, fortunately did not, but if I did, it would be no big loss. So the next thing is the sound cards. It turns out that you can connect the output of both soundcards together, I used 4 10K resistors, one for each channel of the soundcard and hooked them up as a stereo hard wired mixer, so each channel mixes together, that way when I switch computers, the sound is available from either computer with no hassle. I then sent that sound to my logitech amp and subwoofers, so I can switch everything between the two comps in a couple of seconds and the wife can work on her graphics and feel much safer about being attacked. It isn't exactly 100 percent flawless because there are attacks called shovelling that can penetrate any firewall and still get in while the computer is turned on but the risk has to be hundreds of times less that way for the graphics machine. I highly recommnend anyone with serious work on a computer hooked to the net to do it that way. For instance, while my game machine was under a fierce attack, I could just switch to the other computer and at least communicate to my buddies here without hinderance except for the fact the other comp was taking up most of the bandwidth but I still had enough to get through on the other comp to RHP. Its an excellent system, I think everyone should do it, that way they can do serious stuff, like photography, music, graphics, whatever with much less danger.
one thing I noticed BTW, when I did the spy sweep scan in regular mode I was watching the numbers popping up on the registry sweep. It came up at 67,000 entries into the registry, I'm going OMG what a bunch of entries. When I did the exact same sweep in safe mode, however, it came up at 127,000 entries! Not sure why but it is clear why safe mode is more powerful.