Question

Locked

Need help diagnosing these malware symptoms (being objective here)

By mr.blacksociety ·
This is in connection with my original post: How to deal with a persistent hacker (http://techrepublic.com.com/5208-1009-0.html?forumID=101&threadID=329469&tag=results;CR54)

Before I totally reformat my computer, I need to make sure I've done enough troubleshooting. Please help me diagnose this.
__________________________________________

PROBLEMS: (Problems 1, 3, 7 are still persistent even after troubleshoot)

1. Everytime I log in to my email account, the settings are already changed (Instead of Yahoo classic, it runs on All New Yahoo; Password invalid on mail but valid on Y!Msgr).

2. When I tried submitting a report to Yahoo, Firefox hangs and forces me to restart session.

3. Everytime I visit legit antivirus/antimalware sites, Firefox hangs.

4. Everytime I turn the computer on, it hangs and I have to reboot it each time.

5. Can't install two-way firewall (see details below).

6. Privacy tool and antikeylogger tool have mysteriously disappeared on my Programs list (see details on Extra Privacy tools below).

7. Aside from the malware symptoms, the most disturbing part of the problem is the harassment I'm getting from the attackers in real life.


I tried the following ANTIMALWARE TOOLS:

1. MalwareBytes Antimalware -- no threats detected

2. SuperAntispyware -- 56 infections -- already removed

3. Spybot Search and Destroy -- 3 or 6 persistent tracking cookies -- removed

4. Advanced SystemCare -- still using, reports a number of infections occasionally, removed each time but doesn't seem to solve the problem(s)

5. IOBitSecurity -- still using, reports a number of infections occasionally, removed each time but doesn't seem to solve the problem(s)

I uninstalled the first three and kept the last two because they were the most convenient to use and if I kept too many malware tools, my computer runs extremely slow.

I have also tried using the ff. INTRUSION DETECTION/PREVENTION SYSTEMS:

1. With SNORT, I couldn't interpret the results displayed.
2. With SAX2, I have to manually find solutions to any detected intrusions, which was kind of tedious and a little confusing since I'm not that savvy in terms of computer security.

Both were uninstalled because of user inconvenience and it interfered with computer speed.

ROOTKIT REMOVAL TOOLS that I used:

1. Blacklight Rootkit Eliminator. Nothing was found.
2. RootkitRevealer. It only revealed suspicious activity on certain files and registry entries but I don't know how to remove the ones I suspect the most (based on the time stamp and the nature of the file).

First one is now uninstalled.

ANTIVIRUS:

Avast! - When I ran it on safe mode, the virus chest only reported a scanning error (fishy?). On normal mode, it says 0 infected files.

FIREWALL: Windows Firewall -- I can't install a new one because everytime I do, the computer won't start properly. I already tried turning the Windows one off and installing the new firewall, computer still doesn't start properly. I only get a black screen. I wait for like, 15 mins, the screen's still blank.

ANTIPHISHING tool: Netcraft toolbar

ANTIKEYLOGGER tool: Snoopfree --This has mysteriously disappeared on my computer. Without a trace.

EXTRA PRIVACY tools:

1. IPshield -- This has mysteriously disappeared on my computer. Without a trace.
2. Tightened settings on firewall and browser

__________________________________________

Thanks for any assistance.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

You really need to keep this with the original post

by mafergus In reply to Need help diagnosing thes ...

Most people will see this as trolling and not respond.

Collapse -

Sorry, my bad

by mr.blacksociety In reply to You really need to keep t ...

It won't happen again.

Collapse -

re: Disappeared, without a trace.

by seanferd In reply to Need help diagnosing thes ...

Consider that some of your malware removal tools will remove some of those other tools as they have signatures similar to threats.

Collapse -

re: Reformat

by seanferd In reply to Need help diagnosing thes ...

Well, if you are going to reload the OS anyway, why bother with further trouble shooting? No point, really.

Also, don't just reformat if you really believe this is a serious problem. Nuke and pave, son. Get a copy of DBAN and wipe the drive thoroughly before reinstalling.

If you connect to the net through a router, set it up with the highest security measures available. Use strong passwords, change them all. Turn off UPnP on the router and in your freshly re-installed Windows. You can have your ports scanned here:
https://www.grc.com/x/ne.dll?bh0bkyd2

Same for Windows: Do not use an account with Administrator privileges for normal use, use strong passwords, use the "classic" logon where you have to type your name and pwd.

Get out there and change all your affected accounts (like Yahoo). Create new accounts with new, strong passwords and a different address and username.

Collapse -

Well I'm sure that in your original question

by OH Smeg In reply to Need help diagnosing thes ...

People advised you to wipe the HDD with something like Boot & Nuke

http://www.dban.org/

Or Kill Disc if you have a SATA HDD

http://www.killdisk.com/downloadfree.htm

Though personally I would be using Boot & Nuke if it works on this HDD without too much messing around it just does a better job.

Also all of the above scans should be run in Safe Mode not under the normal Windows Running Option.

You also should not be using a Administrator Account under Windows for your day to day use but a restricted User Account to prevent things getting installed.

But having saids that I still have a guy track my Net Usage he however is not your usual Cracker type but works in a High Powered Web Security Place and as I gave him that job and then a few years latter walked away he's been dogging me to return and work with him again so it's in no way Cracking as Such.

As he also has access to Play Toys that Normal People will never know exist the way he works is impossible to copy so he's the only person who could do something like that.

So maybe after your current round of issues you'll begin to think that maybe it's time to walk away from Windows as it's way too insecure and way too dangerous to continue using.

Also as stated above the missing tools are quite likely the result of the Scans that you have run and you should check them all for what they are removing. Quite often they give a False Positive and delete programs that you are actually using. You never just let any Application like the ones that you listed do it's thing without checking what it is about to remove as it's quite often something that you are using and you go crazy thinking that you've been hit again because things go missing that you have removed without realizing it.

Try loading Knoppix available to download free from here and see if these issues with the people harassing you persist.

http://www.knoppix.net/get.php

You do not need to add any Security Software at all and just run this from the CD that you make as it's a Live Linux that runs in Memory and it can leave the HDD all alone.

Col

Back to Browser Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums