hello everybody, i have a nasty virus the i can't seem to get rid of. hopefully somebody here will have some ideas. here is the history. Last week i grabbed an iso of latest ubuntu through bittorrent, and i assume something nasty entered my system. here is what happens (in no particular order or timing....very random): 1) system beeps 2) explorer (or whatever browser is default) will start opening over and over again. in some of the google searches, i see "p..," 3) printer will sometimes print the google page 4) if i'm in a program it will automatically start 'entering' whatever i have on the screen. thus making installing, uninstalling, etc. VERY difficult. I have Mcafee, super antispyware, spybot, and windows defender running. NONE have detected or stopped anything....even when the attack is happening. I also did a full system reinstall of my operating system partition, and a day or so later it came back..... here is the attached 'hijackthis' report: any help would be much appreciated...i'm at a loss. -Michael
if you say that you did a full OS re-install and the virus came back a couple days later then i dont think its a virus attack...i think its a hacker attack. once a hacker can go undetected into your system, they will come and go as they please (hence your random computer activities..) ...Im not completely sure though...ive looked over your log and i dont see anything out of the ordinary... There a couple of things that caught my eye though... 1)D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE - why outlook.exe is the only one all capitalized compared to the others? Or has it always been like that?... 2)O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ? is this a broken/missing link? Sometimes virus/spy/malware desguise themselves as links...
that makes some sense, yeah. I also found a NolE4StubProcessing Entry in the registry. the item was deleted. could this have been part of it? anyways, if this is a hacker, how can i block his activity on my machine? -Michael
starting to agree with you.....if this is a hacker.....any idea how to block this? i run mcafee and have my netgear router pretty tight. any suggestions on anti-hacker software? -Michael
there are several ways to do this... 1)you could setup a firewall and monitor/block any suspicios incoming/outgoing connections...a good one is comodo firewall pro (freeware) 2) If your NETBIOS ports are open then you must close them,the hacker is probably accessing your pc thru these ports.. (NETBIOS ports allow you to remotely access a machine and pretty much do whatever you want to it. These ports are sometimes opened by Microsoft for their updates) For more info on NETBIOS go here. 3)Turn off any file sharing and disable Remote Desktop Connection if you have it enabled... 4)you could manually monitor your connections. To do this hit start,then run. On new window type CMD hit ok. In the ComandPrompt type the following: netstat -a or netstat -n netstat -a lists the names of the connections you have netstat -n lists the ip addresses of the connections you have 5) set an admin password. Usually when trying to access a remote computer it will ask you a name and pass.
@bandit008 If you are not learned in analyzing HijackThis logs, please don't. It will not do for anyone to fix any random "suspicious looking" entries in HijackThis, because frankly, to any non-tech-savvy person, an entire HijackThis log looks suspicious. Hi speedamp It seems that you may or may not be infected. The symptons I see on your computer may be related to hardware problems, especially your keyboard, as it seems that the Enter, Ctrl, and P keys are stuck. I will recommend a hardware check at your local computer store. If the hardware check comes back clean, then perhaps you are indeed in a security-compromised situation. I will need further analyzing of your system which can be done by a second tool: Deckard's System Scanner. Download Deckard's System Scanner, run it, and follow the prompts. When the scan is done, please post the results (located at main.txt) here. Best Regards
