There WAS a wolf in the woods. Help with Virus/Hack

Discussion in 'Computers' started by Mary M S, Apr 22, 2004.

  1. Mary M S

    Mary M S Screenwriter

    Joined:
    Mar 12, 2002
    Messages:
    1,544
    Likes Received:
    0
    Trophy Points:
    0
    Alrighty. I LEARNED my lesson. Now I need to learn.

    Been in my DT fixing a broke internet connection.
    Norton Virus Had not been updated for approx 2 years.

    In the process of 'fixing' the lost DSL connection I decided to clean up years of old files/games etc.

    Found what looked like suspicious activity. Cleaned out the old Norton (2001) loaded Nortons system works 2004 and have had nothing but hell breaking loose since.

    Nortons found 8 virus's first scan, could not delete 3, due to "Windows" using them. When I went back to Windows to run Nortons utilites and further clean up this or that, The Disc Doctor etc was missing a dll. Meantime I noticed some supcious activity logged type "Diable Hack Data" logging files of various sorts on a daily basis, even while unconnected to the LAN line. I can delete these files except for a couple of big ones on a daily basis labeled "INDEX" with a write protected or no access warning.

    Although I know its messy I decided to tidy up what virus I could myself, pulled out a Dos book (never been into my DOS command prompt before) and hand deleted 2 virus's while windows was not using them.
    That appeared to go well with all systems working afterwards. Sometime during this I even got back my lost PPPop device which started the whole mess in the first place. Deleted Nortons several times using add/remove + the %temp% to try and get a clean install with all utilites working after I hand deleted each virus. Noticed a file my husband thought was connected to our DSL server. VSHOST? was listed as infected not removed on Nortons first scan, but Nortons did not flag it on later scans. I got the internet connection working again at some point during this several day proces, - But the last time I tried to load Nortons yesterday it hung in install and rebooted showing in a Dos screen that it had detected and Deleted virus in VSHOST. Now PPPop is gone again (prob connected)to that last delete but Norton hangs in install will not uninstall etc. I manually deleted all files I could find, but in anothe reinstall still hangs up.

    At this point the DT is funtioning all areas I check, missing PPPop device, will not accept a clean Norton SystemW install and has some Diablo Hack Data files logging every day even though unconnected to the internet.

    I think its gotten all beyond me. I believe certain (bad) things might be too embeded to remove completely other than the choice of replacing a new clean harddrive in the DT, even though I could prob retreive the PPPop device load (again) and be back in business surfing and working - I appear to have a very compromised system which I despair of cleaning up.

    In the meantime What do I do to keep this laptop from being compromised when in the next weeks I have time to retrive information off the DT running MS98 before I wipe it. I understand floppys (I use tons of these in my work) can carry virus back and forth now.

    I've set my Nortons 2004 firewall to high, on the LT running XP and am getting vauge popups every few seconds. One listed
    Protocol UDP (inbound)
    Remote address 0.0.0.0 bootpc(68)almost every min.

    the other for TCP address's with numbers?

    Where is the damm book (for 'dummies') which explains all these acron. which nortons user manual does not. So I can learn to understand what UDP, TCP's etc really are, and which are legiment and which are not, and what is what?

    Did I mention I hate computers
     
  2. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    Wow, you have been busy. [​IMG]

    A willingness to tackle the problem is commendable but deleting files, especially in the "Program Files" or "Windows" folders, means a huge risk that you leave your computer in an unusable state unless you know exactly what you are doing. Windows is a huge interlacing "web" of programs and in the worst case scenario, just removing one wrong file can give you big problems.

    The problem here is that with all that stuff you've done, deleted files etc, it becomes impossible to offer much constructive advice on how to proceed. There really is just one option that makes any sort of sense at this point.

    In short - reformat the hard drive and start from scratch. You should have some sort of operating system or restore CD's from which you can restore your computer to its factory default setting - this DOES DELETE everything on the hard drive, including any documents you have there, so you either need to accept that or find a way to copy them off the computer beforehand.

    Floppy discs were the original virus targets and must be treated with care. You should never use them on a machine that doesn't have a virus checker active. Also, any files you transfer off the machine can be virus infected, so you need to make sure you scan them with a virus checker before putting them back on the computer after you've reinstalled it.

    Now, once you get the system restore done, you have a clean but not updated system. The very first thing you do, and I mean immediately when you hook the computer up to the Internet, is visit http://windowsupdate.microsoft.com and download all the patches they offer. You do that (download patches, reboot, download patches, reboot) until you no longer find any new patches there. That will give you a clean system that has all security patches available installed on it, making it very difficult to break into over the network.

    After that, you still need to secure the machine from viruses and add further insurance against attacks over the network. With Systemworks 2004, you get Norton Antivirus 2004 and that is a very good antivirus solution. It is most effective if you get it installed as a watchdog before the computer is infected, however. You should also enable automatic updates over the Internet for that program to make sure it keeps itself up to date.

    Finally, you should install a firewall application to keep control over what comes in and what goes out over your internet hookup. I personally like Sygate Personal Firewall, others think highly of ZoneAlarm... there are others, but either of those should work well for you. The Norton one isn't bad either, I guess, I just haven't looked at it for quite some time and don't remember how user friendly it is.

    What traffic to allow and what to block is an entire article in itself. Here is a Google search on the topic that might be helpful.

    Once you get to this point you'll have a virus free machine, with antivirus protection and a firewall to keep it clean from directed attacks over the Internet.

    The final step is to be very careful of any mail file attachments (ideally, never open any, in spite of having virus protection), consider installing a web browser that isn't Internet Explorer (IE is the numero uno target for Spyware and other stuff that you really don't want on your machine either) and in general be sure you virus scan anything you download off the Internet before running it.
     
  3. Todd H

    Todd H Go Dawgs!

    Joined:
    May 27, 1999
    Messages:
    2,186
    Likes Received:
    92
    Trophy Points:
    1,610
    Location:
    Georgia
    Real Name:
    Todd
    A friend at work gave me his computer today so that I can take a look at it (for a fee of course [​IMG] ). I have a feeling he's probably infected with a ton of virus'/spyware. I'm sure he's probably never ran Windows Update or updated his virus definitions.
     
  4. Mary M S

    Mary M S Screenwriter

    Joined:
    Mar 12, 2002
    Messages:
    1,544
    Likes Received:
    0
    Trophy Points:
    0
    Kimmo, Thank you for the reply. I know I'm mucking around with items outside my forte. BUT if I Live dangerously sometimes me (and my DT) survive and actually learn a few things together along the road! You should see the looks of horror [​IMG] I am getting from men at my local electronics store when I requested a book to learn how to edit registrys. The first man who could not find one, -said [and so beatifully] "Oh dear, I don't think you want a book on that. You see registrys' are very delicate things,(long pause) you don't want to ever go in there."

    I frighten people when I go on my learning rampages. I explained I completely understood his warning, - I could destroy my OS, but NOW was the time for me to learn since I had decided to replace my HD anyway and reload a newer version OS to make our Network project easier. He really was horrified I even wanted to attempt.

    Right now for such an uninformed explorer of the inner workings of my DT, I am pleased with myself. I have hand deleted literaly thousands of files. Got rid of 8 virus's, webhancer, new.not etc...and still do NOT have the blue FATAL ERROR screens.. popping up. All whilst not knowing what the hell I was doing. It still runs, HOWEVER I have some mysterious files which all my efforts to get around their built-in protections and delete permenantly, - have not got rid of. Even though the DT has been off-line and my son has not played this particular Diablo Hack Data game on my system for almost a year. - I somehow have something running in the background which creates (on each calander day) approx 8 files in areas it should not. One an Excel file, one a Outlook, - one called Index, - etc. (Scary) When I try to open these and read them its looks like at least some contain MY stuff in these files! Being sure that I find the kernel program which creates this last 'bug' I can't get rid of, I'm just not confidant that it won't reestablishs after I erase all I can find.

    Just starting to look into finaly setting up a wireless network here. I see since my LT is XP, it will be easier to quit being fixated upon keeping the DT as it is. I found that o try to get a network finaly going here, I need a diffrent OS. I'm going to revamp it partially, and see if my old 1G Thunderbird Chip, (fresh HD) and XPpro will help to network my laptop.

    That's another thing that raises eyebrows at the local shop, (is keeping this unit at all) The reason I wanted to clean it, rather than trash it after I was unwise enough to ignore keeping my virus protection current for so long is that though the DT chip is outdated, this old DT running 98 and with DSL is faster to load screens surfing the web and opens my Excel files at a quicker clip, - than my new LT which has more Dimm, a DT based chip (not a mobil) and theoricitly the laptop should run rings around my DT - My old DT runs faster than even all family and friends DT's which are (bigger,faster,stronger) aquired in the last few years. Very weird it should run better, ...but it does. The bloat in XP when I load it, -may be . however. its final downfall.

    Thanks for the tip on the floppys ..should I run a scan before opening each one? (Or)is an enabled Norton Systemworks enough to do something if there is a prob. I will for a few months be moving many old floppys around as I shift some old work into a new format.

    ... Todd, even though I admit to blushing my head off when I saw that TCP, UPD's are IP's (goodness I have a long ways to go) I see that I might want to start learning what I can about where the address's orginate, block ports etc... Somehow knowing nothing, around here, - we built all our own computers till I purchased this LT I'm on. I should PAY someone, but it bugs me not to start learning, I always have the urge (but not the time) to know WHY do I block this, how dangerous is that, and HOW would i fix ...this /or that.

    Wish me luck! Sorry for the ramble its late!!! I'm taking a break from transferring files and catching up work!
     
  5. Glenn Overholt

    Glenn Overholt Producer

    Joined:
    Mar 24, 1999
    Messages:
    4,203
    Likes Received:
    0
    Trophy Points:
    0
    Quite alright to ramble. We get more info that way! [​IMG]

    How much have you done in the registry? I ask because I have poked around in it quite a lot, and it has saved me from a few messes.

    I know what a horror Norton is to 'reload' when it thinks that it is still in there. Try this... Go into the registry and type in Norton and search. Since it shouldn't be there whenever you get to one press the delete button and remove it. Also make sure that the Norton directories are all removed from Explorer. Then reboot and try to reload it. If you have the names of some 'infected' programs, you can do a search in the regestry for these too.

    As for deleating your hard drive's contents, you don't need to do that, especially if all of your files are in one directory (as they should be). Rename your directories/files and copy them to another new directory.

    Reboot into DOS. You can rename the windows directory and the program files, so if you put in a new OS 'Windows' really isn't there. If you have an older version of DOS that has deltree.exe on it, this file can delete entire directories at one time. This may not remove virus' that are not in the Windows and program files directories, but most of them aren't anywhere else anyway. I hope this has helped.

    Glenn
     
  6. Mary M S

    Mary M S Screenwriter

    Joined:
    Mar 12, 2002
    Messages:
    1,544
    Likes Received:
    0
    Trophy Points:
    0
    Thanks Glen for the reply. I got into DOS on the old 98 harddrive(new territory) and changed my confsys and autoexec, I never could get to a registry editor. I believe that one of the mutliple virus's (or hacker) had corrupted the regedit file, which was beyond my limited understanding to work-around. I did successfully edit my confsys and autoexec without screwing up my system. In addition, deleted (through DOS) 2 of my virus's that Nortons could not. After changing all that my system was still running. -I could work on the system, surf, print ect, but knew I had not ferreted out ALL the bad guys, it appeared I got all the virus's but not the hacker.

    So I replaced the HD and OS, I'm now typing on the DT with XP loaded. Made this choice finally because the hack/virus situation was out of hand. Additionally hoping that by loading XPpro in this DT, I would finally be able to network my wireless LT (XP home). I did get the LT (YIPPE!!!!) talking to this DT on the night I loaded XPpro and the router onto this DT. But then lost that capability the next day when I was setting up the LT for encryption. I AM LOST on networking, I can make it work but do not understand it, NOR all the settings for wireless networking that will protect me in the future (and there are lots of holes I see in security, if I am not careful in HOW I set the network up).

    SO I'm not going to surf via the laptop, - took my router offline (I can't confirm if I had a hardware firewall in the router). Till I can better understand security settings and choices for setting up my network. I prob should break down and call the router manuf helpline, and they can better explain why I should choose certain config of the router network over others for security. (all I did was get it talking....but I don't think that IS secure).

    My husband (the hardware person round here) got ancy while I was at a shower and yanked the 98 harddrive before I had got my sons old digital downloads of family pics off. So if I'm very dedicated (and can find the time) When I plug the old 98 hardrive into another old system we have, to salvage the rest of the files I want off it, I am going to use some of your advice and play with the 98's registry, for a learning curve.

    I may not be able to restore the registry editor in the 98 hardrive but if I can I will use that opportunity to edit it - not having to worry about if I trash it. A sort of test run! So if I ever need to in XP (the new OS). I will be more familiar with registry editing.

    Right now I feel like a burnt cat. Have so much work to do yet. Waiting on an upgrade disc for my printer from HP to make it work with XP etc. Need to change all my passwords everywhere and set up new e-mail accts. Everything I had was compromised. I WANT TO learn all about security and editing all systems, so as not to be a future danger to others on the WWW and to keep the boogyman out of my own home/office space!
     

Share This Page