Question

Locked

hijack

By computab ·
Hi I have a stand-alone PC with a broadband connection that has been hijacked by a trojan. It is now getting messages returned from strange email addresses that I have not sent to. The PC is now a zombie spam server. How do I get rid of this. I updated and scanned with Panda Antivirus, Ad-Aware and PC Doctor, and the messages have been reduced in number from about 50 per day to about 5 per day. help, how do I get rid of this, please?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Some sollutions

by jlouras In reply to hijack

Hi,

1 - You can try to find a command line AV and use it in Win secure mode (not guaranteed that it will work, though more effective).
2 - Find another AV and scan, but first UNINSTALL any other AV. Never use more than one AV at a the same time.
3 - This is the most drastic but the most effective: format the PC and put a fresh copy of Win on it. With this you'll be able to reset all the garbage that you may have and solve the problem defenitely.

If you take step 1 and 2, first go online and update the AVs and then disconnect from the internet physically and search for those damn microbes!

If you take step 3, (which although is the most radical, it is also the most effective and that will make you happier with your PC because it will get faster and more performant) dont forget to Install the AV BEFORE you pass any of the backed up files and configs you made before the formating.

If you dont take care of the problem, your e-mail address will end up in a blacklist and you will have to change it.

I hope It helped you.

Joao

Collapse -

No guarantee

by Dr Dij In reply to Some sollutions

you actually have been hijacked.
Do you have zone alarm to watch outgoing packets?
do you have a cable router?
have you changed the password on the email account to something longer?

since the email from address can be faked VERY EASILY you MAY simply be victim of someone who is using your address to spam. They don't need a valid return email address, and of course they can't use their own. People respond by clicking in the spam or phishing web page links in the email.

I have this happening to me since I have a domain registered to me. I don't send out ANY email from the domain, yet, to my catch-all for the domain, I get lots of 'undeliverable' bounces. I consider this spam since I didn't send them the email in 1st place, but there's nothing I can do against stupid email administrators.

Still, you should carefully check your machine. goto sysinterals.com and get their rootkit scanner. wont find all but will find most. scan with trendmicro online scanner.
goto safety.online.com (microsoft site) and run their scanner only portion. download webroot's free trial. spywareblaster, ad-aware..

after these, if you're clean, someone is faking email from you possibly.
there is actually spam disguised as bounces so be careful clicking on bounces, but you can check the email bounce: real ones often include the email server it was sent to them from. If it's not your ISP's email server, it is a faked one and you can ignore it.

Can't hurt to use google anyway or yahoo's email. google has good spam filters. and you don't need to worry about changing it. be sure you use a good password and don't let hacker's get it with a keylogger or they might send spam out.

Collapse -

format

by computab In reply to Some sollutions

Thanks but formatting is no solution since they will just come back next week. I shall try other AV

Collapse -

temperarily disable your

by Jesus_C In reply to hijack

broadband connection,they feed off this.Boot in safe mode and scan and delete.Then boot in normal with no broadband connection and install service pack two as this will eliminate alot of the rubish on your system.Then get a good up to date anti-virus.I know it costs money but its worth it.

Collapse -

Disable the units internet first

by mjd420nova In reply to hijack

If reformating the drive doesn't clear out the problem, then you have a nasty called "rootkit" and you'll have to clear the BIOS to get rid of it. Be sure you know what the BIOS settings are and remove the battery from the CMOS for thirty minutes. Some machines will allow you to short the battery terminals, this would only take a couple minutes instead. What some trojans do is "flash" the BIOS or reload their own version into the machine. That's why a restore, reformat etc won't solve it. The info is in the BIOS and gets reloaded every time you boot.

Collapse -

Format

by computab In reply to Disable the units interne ...

That's why I have not tried reformat, someone else suggested it, I will try what you suggested, thanks

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums