1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hidden Worms, trojans? in router maybe? plz help. LONG POST srry

Discussion in 'Windows - Virus and spyware problems' started by 2o9, Jul 12, 2007.

  1. 2o9

    2o9 Guest

    OK, let me start by saying I play online games which require a id and pass. One day some guy which I though was a friend sent me a file he said has icons. I open it to find out he was trying to hack me. My anti-virus detects it and gets rid of all it can.

    So, my id and pass gets stolen. I didnt think it would go thru my security. Anyways he terrorizes me by keylogging all my personal info and screen shots my computers activity. I then, totally wiped the drive, reinstalled windows, got a new ip, got better internet security, (norton2007, ad,spy,mal,threat ware removers, firewall, yada yada).

    Even after all that, I seem to get banned from sites due to either spamming with my ip, which is not me, and I change my ip here and there. I get info still stolen, my pc laggs like hell. Im really frustrated, this guy got me good.

    My question is, what should I do? Is it possible the worm is hiding in my router or gateway? I tried everything, and no virus or anything pops up. it seems so clean but how am I still getting hacked? Thanks to all in advance.
     
  2. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,410
    Likes Received:
    4
    Trophy Points:
    68
    Read this site for a little information on the way hijackers work. http://www.pcworld.com/article/id,13354/article.html

    The file that you downloaded may have also left items in your registry or startup that identifies you. You need to do a thorough cleaning of your system in safe mode to make sure that you have no vulnerabilities.

    The first thing is to make sure that you only have 1 anti-virus installed. You said that you have Norton, so stick with that. If you are running XP the firewall is very weak I would suggest that you download another firewall to run with it. It will seem a little annoying at first, but as you tell it to remember settings it will stop giving you pop-ups.

    Zone Alarm Personal Firewall Link

    You may also want to try this guy, I've never used him, but any attempt on your system he should work Snoop Free Privacy Shield Link

    Then download the following cleaners to make sure your system is clean.
    Lavasoft Ad-Aware Link
    Spybot Search & Destroy
    A-Squared Free Link
    CCleaner Link run all categories on it.
    IceSword Link

    Start all of the programs and make sure that you have all of the latest updates for them. On Spybot it will ask you to make a backup, don't worry about it. I will give you a couple of other programs to do that for you later. Now the trick is to boot into safe mode. While restarting the computer press F8 repeatedly until an option menu comes up. Select safe mode and run the full scans on all of the programs. The last program that you will run is IceSword. Make sure to run your Anti-Virus as well. Each program will find different things, that is why you run several.

    After your machine is clean go to this site ERUNT & NTREGOPT Link Read about each one. ERUNT is a fantastic application for backing up your registry. I want you to make sure that your system is clean before you use it. NTREGOPT is a registry optimizer that works fantastic as well. Like I originally stated, be sure to read up on them so that you will know how to use them if you have another problem. Formatting you HDD does not always fix the problems that occur.

    I know this post is long, if you have to copy and paste it in word please do so. Good luck and let me know if your troubles end. Unfortunately for you, the guy already has your information. The key is to not let it happen again.
     
  3. 2o9

    2o9 Guest

    Thank you very much for all this info. You said formatting the HD doesnt get rid of it? wow.. I just imagined that when you did format the drive that everything including system files are erased. I also repartitioned it. Does that still leave those bad files?
     
  4. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,410
    Likes Received:
    4
    Trophy Points:
    68
    If you do a true format of the HDD then it will get rid of all problems. However, most people do a format with their OS system disk. This doesn't always solve the problem. In a true format you will format the entire drive from the DOS prompt. Most people do not know how to do that. When you do a complete format it will remove everything on the drive, but a system format does not.

    There are occasions when a system format is fine, however, I believe as most systems analyst believe, that a format is the last resort. Removing the threats in safe mode is much easier. Safe mode does not allow for startup items to start. That is one reason that I wanted you to run the IceSword last. IceSword is a root-kit sweeper that looks for much more sophisticated items in the registry.

    I generally don't suggest IceSword to individuals, but you told me that you just formatted you HDD so I figured it wouldn't hurt to check the registry in depth. Did you get the system clean?
     
    Last edited: Jul 15, 2007
  5. 2o9

    2o9 Guest

    I did the formatting through Dos, I got used to doing that back in the days, repartioned it, basically had a clean start. As of right now, I cant even download anything because of this situation. It would download a bit fast then slow down to 0kb. I reset the modem, router, changed ips, called my isp and when I do tests it stays close to the max down speed. Im running 6megs.

    Well, like 3 days ago, while opening bitcomet I all of a sudden got a message that says "Half open tcp limitation is too small". I never changed any setting and always left it to detect automatically.

    So as of right now, Im only able to go through forums, and use what I have to clean my pc, I will keep on trying to get those progs.

    Thats why I think it has something to do with the router or modem, maybe a hidden worm? Thanks for helping me, I really appreciate it.
     
  6. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,410
    Likes Received:
    4
    Trophy Points:
    68
    It is difficult to put a virus on a router or modem. The best thing to do is to update your router, change passwords and privileges, forward ports if you have to: http://portforward.com/routers.htm

    For your modem check out this site. I have never used it, but it doesn't hurt to give it a try. http://detecting.qarchive.org/downloads.html

    The other thing that you might consider is that the file is stored in your memory. I know this is a long shot but you can give it a try. Remove the battery from your M'board for at least a day. Then put the battery back in and see if the Trojan is gone.

    You should also consider running a HjT log and posting it for me to look at. If there is a file hidden in your system it should find it. You can download Hijack This from here: http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10379544.html

    If it does not make it's own directory, then you should make one for it. C:\Program Files\HijackThis\HjT.exe (I always rename the exe file to HjT.exe. You can do that after you have it downloaded. You may create a shortcut to it so that it will be on your desktop.

    Open HjT and Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    Copy and paste the log to this topic

    DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. I will look at the post and tell you any necessary steps to getting the system clean.

    Since you just formatted the drive from the DOS prompt I am thinking that the virus is in you memory. Follow the above steps first before you run HjT. Maybe we can get this guy off your back!
     
  7. 2o9

    2o9 Guest

    LOL this is soo weird. So I upgraded the firmware on the router and all of a sudden the lights were blinking red/green like crazy. My internet was down. I went and bought another router and everything is fine for now except the Half open tcp limitation is too small message. I think that since I changed routers, the ip has changed as well? still want me to do a hijack this log? Should I still try the battery removing?

    I got back to another forum but only because of a differnt IP. Im not sure if Im safe or not. It feels fine, except for that message.
     
  8. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,410
    Likes Received:
    4
    Trophy Points:
    68
    Well, I would at least run blacklight Rootkit Eliminator. It will run for free for a short time. http://www.f-secure.com/blacklight/

    There is also another one by Trend Micro called Rootkit Buster. You can download that here. http://www.trendmicro.com/download/rbuster.asp

    You also need to run msconfig and check your startup files. It is possible for maleware that is difficult to be removed because it is located there. If you find suspicious items that need to be removed let me know what they are and I will help you eliminate them.
     
  9. 2o9

    2o9 Guest

    Checked....done... no problems. Did the battery thingy. The only issue I have right now is internet speed, which I contacted my ISP and they sent someone to check it and confirmed it was a bad land line, and will take a while to get to it (>.<). IDK but it seem all the problems happen in the day time, like when its hot or something. Oh, well. Well, for now I seem safe, no more problems thanks to you. I will update this in a couple days. Im gonna change over to cable instead of DSL hopefully soon.


    Thanks so much I appreciate it
     
  10. 2o9

    2o9 Guest

    Oh I went into setup, when I turn on the PC, and changed memory performance from normal to max, is that ok?

    I hope to get another isp(cable) so I can at the same time, get better speed, new gateway(modem) in case this one is messed up.
     
  11. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,410
    Likes Received:
    4
    Trophy Points:
    68
    I wouldn't be able to answer that. The best thing that I can say it try it and see how it goes. Here is a site you can check out for gaining performance out of your machine. http://www.optimizingpc.com/install/windowsxpsettings1.html

    ISP (Internet Service Provider)
    Ethernet (LAN Local Area Network Architecture)
     

Share This Page