Help! I'm under attack

Discussion in 'Computers' started by John Wilson, Sep 12, 2008.

  1. John Wilson

    John Wilson Supporting Actor

    Joined:
    Jul 6, 1999
    Messages:
    547
    Likes Received:
    0
    I have one computer on my home network that has some strange files showing up recently. There are small applications (~ 16kb) with names that end in "hacker" like: website Hacker, Microsoft Windows Hacker, AOL Email Hacker, etc.

    I can't figure out where they have come from and why my anti virus S/W (TrendMicro) or my spyware programs (AdAware and Spybot) haven't eliminated them yet. Has anybody seen this behavior on their computers? They have only appeared in shared folders so far on just one computer. I'm running searches on the others to see if these apps run from machine to machine.

    Does anybody know if there is a patch or program that would ferret these out and eliminate them once and for all?

    Thanks for you help. any advice on how to protect myself right now? I'm running behind a hardware firewall built into my Linksys router but have windows xp firewall turned off. is that a mistake?
     
  2. Gerald LaFrance

    Gerald LaFrance Supporting Actor

    Joined:
    May 28, 2002
    Messages:
    510
    Likes Received:
    0
    Location:
    Earth
    Real Name:
    Gerald LaFrance
    Sorry I can Not Help with your Problem just wanted to chime in on a Firewall Basically the Windows Firewall is Crap, If you feel the Need to get a Software Firewall get Kaspersky..
     
  3. John Wilson

    John Wilson Supporting Actor

    Joined:
    Jul 6, 1999
    Messages:
    547
    Likes Received:
    0
    Well,
    I found some additional executables in the My Pictures folder. They are:

    Half-Life 2 Downloader
    IP Nuker
    LOpht 4.0 Windows Password Cracker
    Microsoft Visual C++ Keygen
    Microsoft Visual Studio KeyGen
    NetBIOS Cracker
    Norton Anti-Virus 2005 Enterprise Crack

    All of these were "created" on 9/11/08 between 6:13 pm and 10:29 pm and all are reported as being 15.5 kb in size.

    Also, my TrendMicro antivirus program just found and quarantined a file called

    BKDR_AGENT.AJPR

    which I can't find a specific mention of in my Google search. I did have TM delete this file but I'm wondering if that is enough. Should I delete these apps above?

    [​IMG] [​IMG]
     
  4. Clinton McClure

    Clinton McClure Casual Enthusiast
    Supporter

    Joined:
    Jun 28, 1999
    Messages:
    4,161
    Likes Received:
    302
    Location:
    Central Arkansas
    Real Name:
    Clint
    Sounds like you need to upgrade your antivirus and start cleaning house.

    BKDR_AGENT.AJPR has been reported by Trend Micro as being malware which was going around pretty strong during the olympics.

    Nuker programs are designed to disconnect and isolate a system from a network.

    The rest are self-explanatory, and are designed to exploit system vulnerabilities.

    Are you the only one using the computers, or are there other family members (read: kids) who use the computers?
     
  5. Adam Lenhardt

    Adam Lenhardt Executive Producer

    Joined:
    Feb 16, 2001
    Messages:
    17,066
    Likes Received:
    1,786
    Location:
    Albany, NY
  6. hodedofome

    hodedofome Stunt Coordinator

    Joined:
    Nov 21, 2006
    Messages:
    236
    Likes Received:
    0
    reboot your pc in safe mode (this will turn off all of the spyware programs), then run your anti-virus/anti-spyware programs in safe mode. much better chance at deleting them for good. you'd probably save time by just reformatting your computer, but safe mode has always gotten rid of the pesky ones that wouldn't go away for me. hi-jack this is great for the final cleanup.
     
  7. Eric_L

    Eric_L Screenwriter

    Joined:
    Nov 2, 2002
    Messages:
    1,994
    Likes Received:
    1
  8. John Wilson

    John Wilson Supporting Actor

    Joined:
    Jul 6, 1999
    Messages:
    547
    Likes Received:
    0
    Thanks Eric L.

    That was helpful.[​IMG]
     
  9. Clinton McClure

    Clinton McClure Casual Enthusiast
    Supporter

    Joined:
    Jun 28, 1999
    Messages:
    4,161
    Likes Received:
    302
    Location:
    Central Arkansas
    Real Name:
    Clint
    Still having problems John?
     
  10. Mike Frezon

    Mike Frezon Moderator
    Moderator

    Joined:
    Oct 9, 2001
    Messages:
    38,443
    Likes Received:
    5,723
    Location:
    Rensselaer, NY
    John: I'm curious to know if you had any success, as well.
     
  11. John Wilson

    John Wilson Supporting Actor

    Joined:
    Jul 6, 1999
    Messages:
    547
    Likes Received:
    0
    Actually, I did have success with this issue. I searched the Web for some ideas and came upon a site called geekstogo.com. They had a sticky on their forum page which listed a series of steps to follow and software to download. You can access it here: You Must Read This Before Posting A Hijackthis Log - Geeks to Go!

    It is a Malware Cleaning Guide. Unfortunately, following it didn't clean my system of everything that was causing problems so I posted a new thread with some log results and a member of their staff walked me through a removal process. In my case, this process went on for 2 weeks but I'm happy to say that the "bug" was removed and I was able to avoid a complete reinstall of XP. Its nice to know that there are resources out there that one can go to when things get nasty. And the best part was that it didn't cost me anything other than my time. I am planning to make a donation to the site as I believe that it performs a needed service. There are many other sites that work the same way but this is the one that I had personal experience with.[​IMG]
     
  12. Clinton McClure

    Clinton McClure Casual Enthusiast
    Supporter

    Joined:
    Jun 28, 1999
    Messages:
    4,161
    Likes Received:
    302
    Location:
    Central Arkansas
    Real Name:
    Clint
    Super! Glad to hear everything worked out and you're bug free. [​IMG]
     
  13. Steve_Pannell

    Steve_Pannell Supporting Actor

    Joined:
    Feb 4, 2003
    Messages:
    674
    Likes Received:
    53
    Location:
    New Albany, MS
    Real Name:
    Steve
    And you didn't even have to "buy a Mac". [​IMG]
     
  14. Mike Frezon

    Mike Frezon Moderator
    Moderator

    Joined:
    Oct 9, 2001
    Messages:
    38,443
    Likes Received:
    5,723
    Location:
    Rensselaer, NY
    [​IMG]
     
  15. amidcars

    amidcars Extra

    Joined:
    Mar 26, 2009
    Messages:
    19
    Likes Received:
    0
    Better to switch to another anti virus..as sometime anti virs are not being updated so they aree not aware of new virus..
     
  16. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    The thing about being attacked and taken over, the way your computer appears to have been, is that once that happens you have virtually no way of knowing that you've managed to clean it. Spywaredetectors etc are no help at all against a proper root kit (I suppose, on Windows that should be "admin-kit") where the very most basic part of the operating system gets taken over so that it lies to any detectors out there. Even experts have a real hard time even figuring out if the system has been hacked, to say nothing of successfully cleaning it out.

    What you should have done (and still should) is unplug your machine from the network to make sure nobody can be in it doing stuff with it interactively. Then, burn data files you have to DVD's or something, get it off the computer somehow, then reformat the machine and put in XP from scratch.

    Sure, painful, but if you don't get your machine cleaned the consequences may range from nothing at all to having the FBI knocking your door down after "you" tried hacking the Pentagon... if your machine is wide open for others to connect to and use as they will right under your nose.

    A hardware firewall/router is a great first step, but since virtually all of them are absolutely wide open for connections from the inside out they only protect from the most simplistic direct attacks from the outside in. A small program you may be tricked to run can install a service on your computer that actually calls out and thus allows an attacker to do what they want with your machine anyway.

    Many thousands of machines out there are "owned" in similar fashion today and it is a real problem.
     
  17. vandy

    vandy Auditioning

    Joined:
    Apr 6, 2009
    Messages:
    2
    Likes Received:
    0
    Please download latest updated anti virus to clear your pc.First of all try to fix the problem by using remover tools.And then secure your system with anti virus.I have nod32 anti virus & i am quite happy using it.Blocks all kinds of threats.
     
  18. Cees Alons

    Cees Alons Moderator
    Moderator

    Joined:
    Jul 31, 1997
    Messages:
    19,316
    Likes Received:
    289
    Real Name:
    Cees Alons
    And you managed to find it within a month after Adam Lenhardt posted the link (post #5)! [​IMG]


    Cees
     

Share This Page