Help! I'm under attack (1 Viewer)

[John Wilson]

I have one computer on my home network that has some strange files showing up recently. There are small applications (~ 16kb) with names that end in "hacker" like: website Hacker, Microsoft Windows Hacker, AOL Email Hacker, etc.

I can't figure out where they have come from and why my anti virus S/W (TrendMicro) or my spyware programs (AdAware and Spybot) haven't eliminated them yet. Has anybody seen this behavior on their computers? They have only appeared in shared folders so far on just one computer. I'm running searches on the others to see if these apps run from machine to machine.

Does anybody know if there is a patch or program that would ferret these out and eliminate them once and for all?

Thanks for you help. any advice on how to protect myself right now? I'm running behind a hardware firewall built into my Linksys router but have windows xp firewall turned off. is that a mistake?

 

[Gerald LaFrance]

Sorry I can Not Help with your Problem just wanted to chime in on a Firewall Basically the Windows Firewall is Crap, If you feel the Need to get a Software Firewall get Kaspersky..

 

[John Wilson]

Well,
I found some additional executables in the My Pictures folder. They are:

Half-Life 2 Downloader
IP Nuker
LOpht 4.0 Windows Password Cracker
Microsoft Visual C++ Keygen
Microsoft Visual Studio KeyGen
NetBIOS Cracker
Norton Anti-Virus 2005 Enterprise Crack

All of these were "created" on 9/11/08 between 6:13 pm and 10:29 pm and all are reported as being 15.5 kb in size.

Also, my TrendMicro antivirus program just found and quarantined a file called

BKDR_AGENT.AJPR

which I can't find a specific mention of in my Google search. I did have TM delete this file but I'm wondering if that is enough. Should I delete these apps above?

 

[Clinton McClure]

Sounds like you need to upgrade your antivirus and start cleaning house.

BKDR_AGENT.AJPR has been reported by Trend Micro as being malware which was going around pretty strong during the olympics.

Nuker programs are designed to disconnect and isolate a system from a network.

The rest are self-explanatory, and are designed to exploit system vulnerabilities.

Are you the only one using the computers, or are there other family members (read: kids) who use the computers?

 

[Adam Lenhardt]

Print out the directions at this link:
You Must Read This Before Posting A Hijackthis Log - Geeks to Go!
and try running through them.

It's sort of a brute force method, but it's saved me and people I work for from having to do a total reformat a couple of times.

 

[hodedofome]

reboot your pc in safe mode (this will turn off all of the spyware programs), then run your anti-virus/anti-spyware programs in safe mode. much better chance at deleting them for good. you'd probably save time by just reformatting your computer, but safe mode has always gotten rid of the pesky ones that wouldn't go away for me. hi-jack this is great for the final cleanup.

 

[Eric_L]

buy a Mac

 

[John Wilson]

Thanks Eric L.

That was helpful.

 

[Clinton McClure]

Still having problems John?

 

[Mike Frezon]

John: I'm curious to know if you had any success, as well.

 

[John Wilson]

Actually, I did have success with this issue. I searched the Web for some ideas and came upon a site called geekstogo.com. They had a sticky on their forum page which listed a series of steps to follow and software to download. You can access it here: You Must Read This Before Posting A Hijackthis Log - Geeks to Go!

It is a Malware Cleaning Guide. Unfortunately, following it didn't clean my system of everything that was causing problems so I posted a new thread with some log results and a member of their staff walked me through a removal process. In my case, this process went on for 2 weeks but I'm happy to say that the "bug" was removed and I was able to avoid a complete reinstall of XP. Its nice to know that there are resources out there that one can go to when things get nasty. And the best part was that it didn't cost me anything other than my time. I am planning to make a donation to the site as I believe that it performs a needed service. There are many other sites that work the same way but this is the one that I had personal experience with.

 

[Clinton McClure]

Super! Glad to hear everything worked out and you're bug free.

 

[Steve_Pannell]

And you didn't even have to "buy a Mac".

 

[Mike Frezon]

 

[amidcars]

Better to switch to another anti virus..as sometime anti virs are not being updated so they aree not aware of new virus..

 

[Kimmo Jaskari]

The thing about being attacked and taken over, the way your computer appears to have been, is that once that happens you have virtually no way of knowing that you've managed to clean it. Spywaredetectors etc are no help at all against a proper root kit (I suppose, on Windows that should be "admin-kit") where the very most basic part of the operating system gets taken over so that it lies to any detectors out there. Even experts have a real hard time even figuring out if the system has been hacked, to say nothing of successfully cleaning it out.

What you should have done (and still should) is unplug your machine from the network to make sure nobody can be in it doing stuff with it interactively. Then, burn data files you have to DVD's or something, get it off the computer somehow, then reformat the machine and put in XP from scratch.

Sure, painful, but if you don't get your machine cleaned the consequences may range from nothing at all to having the FBI knocking your door down after "you" tried hacking the Pentagon... if your machine is wide open for others to connect to and use as they will right under your nose.

A hardware firewall/router is a great first step, but since virtually all of them are absolutely wide open for connections from the inside out they only protect from the most simplistic direct attacks from the outside in. A small program you may be tricked to run can install a service on your computer that actually calls out and thus allows an attacker to do what they want with your machine anyway.

Many thousands of machines out there are "owned" in similar fashion today and it is a real problem.

 

[vandy]

Please download latest updated anti virus to clear your pc.First of all try to fix the problem by using remover tools.And then secure your system with anti virus.I have nod32 anti virus & i am quite happy using it.Blocks all kinds of threats.

 

[Cees Alons]

And you managed to find it within a month after Adam Lenhardt posted the link (post #5)!


Cees