General discussion

Locked

HACKed? Client's system

By r.nymeyer ·
Early January, Base line security scan completed with Norton Virus 2005 installed, all tests passed. A week later, loss of ADSL connection and not able to launch Best of Windows Entertainment (BOWEP). ISP said multiple user broadcasts from system detected. ISP also found duplicate MAC address (600 miles away). ADSL fix was not related to users system. There were issues at the switching station and new ADSL line filter regained internet connection. Complete format of system and installation of Windows XP home Media edition was required to gain access to BOWEP.

Shortly after, BOWEP fails to start again, error message - System32/Autoexec.nt not suitable for MSDOS applications.

Used the MS Knowledge base fix to expand the 3 possible system32 files,(autoexect.nt being one)

On reboot, fix fails. No permanent fix found for this as yet.

Today:
system32/autoexec.nt not suitable for MSDOS apps. System not rebooted, so no reason for this file to suddenly change.
Baseline Security launches, but with errorcode in line 74, code 0, "welcome Html..." Message ignored and continued..... Base line Security Scan runs but advises security update needed.
MS05-009 PNG Buffer overrun. The update will not install as system has Media 10, and is supposed to be fully protected, and patch is only for Media 9.

Firewall on reboot is always turned off! Can be enabled, but never stays functional. Also System Security Centre appears to be launching after all other apps. But as I understand SP2, system security is supposed to be launched before network access.

Norton 2005 shows many Adware infections, even after cleaning with Adaware, and AdwareAway. In fact, they show up right after boot, no other activity.
System has full net access.

Question:
What hit this system?
This appears to indicate frequent hacker attacks, your opinion?
How to prevent this from happening again after once again wiping and re-installing system (most likely cure at this point).

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to HACKed? Client's system

that is a great post. wish i could be 'expert' for you. lol.
here is what i think: i agree you have malware that is not getting effectively removed and i think you have xp compatibility problems with bowep and finally, i think you have uncovered bug in baseline security analyzer. here is my 2 cents based on what i think i understand:
first the malware. you said you have norton anti-virus 2005 then you mention it didn't clean malware so you must * really * have Norton Internet Security 2005. we need to know this kind of stuff. anyhow. first off i would be taking a look to see if that looked installed ok and was updating ok. if this is newly purchased, i would call symantec for hand holding to check this out. next, i would run my updated norton securtity center (nsc) malware remover, then anti-virus scan in Safe mode with System Restore turned off *and* whilst i was unplugged from the internet. rinse, repeat until no more malware found. then shields up and back on the internet.
regarding the autoexec.nt file problem. as you know that file is a text file that xp will use when it trys to run old 16 bit programs. you can view and edit it with notepad or wordpad. you may wish to add the correct commands to it. we need somebody else to help us figure out what may be missing in order to run those games. one thing you could try is to right click the bowem executable(s) and select Run in Compatibility mode. that probably gets xp to build a autoexec for you that might work...hih

Collapse -

by r.nymeyer In reply to

Sorry for the late reply. The system is up and running now, and surprizingly, I have found a few more systems in the area with the same symtoms. This comes from living in a rural area that less than 7 years ago had party line phones, and Highspeed internet is only avaiable within 3 km of the town center. Most clients out of that range, (a good 1/3rd) are still on dial up, with a max line speed of 25 to 49 kb due to local providers hardware. Yes that slow. Its an interesting challange. So a lot of what I do is cleint education.

Collapse -

by r.nymeyer In reply to HACKed? Client's system

Thanks for the Reply.
Your correct, it is Norton Security.
The BOWEP does run just fine, it is definatly some form of malware, or other hook into the system that breaks it.(ran for months just fine)

But the Client loves to play net games and ends up with a lot of hidden installed apps. Things like WebDiver witch is supposed to enhance internet game play. But like many of these programs, when uninstalled state they are not cleaning up 'Everything' that was installed at the time...

Collapse -

by r.nymeyer In reply to HACKed? Client's system

missed this in earlier post - Compatibility modes do not provide any help in this issue. One of the first things I looked at when the issue first appeared. Originaly thought it might be a conflict with MS updates.

Collapse -

by darrynmarr1979 In reply to HACKed? Client's system

just a little add one the the answer previously, adware sometimes wont be removed by norton antivirus 2005 if the program is running as norton is scanning, check your temporary internet files, might be a good idea to safe boot, maybe a stupid idea, but ive seen it happen, norton does a fit, cant remove it asks u to ignore and the prob remains

Collapse -

by r.nymeyer In reply to

A good reminder, thanks

Collapse -

by Dennis.Rhine In reply to HACKed? Client's system

All of the advice above is sound. One thing to remember is to always run malware and virus scans in safe mode with command prompt (if needed). Malware normally won't load when Windows is loaded in safe mode and then you can effectively remove it.

Collapse -

by r.nymeyer In reply to

a good reminder, thanks

Collapse -

by r.nymeyer In reply to HACKed? Client's system

This question was closed by the author

Related Discussions

Related Forums