1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

4th hack in 10 months

Discussion in 'Virus & Other Malware Removal' started by WendyBender, Jan 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. WendyBender

    WendyBender Thread Starter

    Joined:
    Jan 6, 2004
    Messages:
    1
    Hi tech guys, I am a non-tech chick with a big problem. I apolgize up front for the long message...anyway, I came across your site after one day turning on my PC and discovering it was hacked, nothing but porn site after porn site would come up. I searched for boredlife, which seemed to be a common thread in my newly reconfigured PC, and discovered the Christmas Eve post discussing spybot and adaware.
    A bit of background...I have a cable connection to the web and never turn off my PC. For the longest time, I had it logged in as a controlled user, but it quit working and went in as admin to test a few things and then got hacked. (Ok, I admit, I never re-logged in as the controlled user). Then the porn started, so just to keep my daughter from the porn, I turned on the content filter. Annoying but successful....I was running zonealarm so I was a bit more confident than I should have been...but...it appears that whatever hacked me has the ability to reset zonealarm. Per your recommendations, I downloaded spybot and adaware and ran them, found lots of 'bad stuff' and for a day things looked better. But as soon as I rebooted, you guessed it, I'm back to some nasty porn sites as my home page. And now, I can't even go into Tools\Options in IE, because I get a message saying that the rights for this user are restricted (And I am in as administrator!). I tried logging in as the controlled user on my PC, but it is prompting me to change the password, saying it's expired. I did not setup that user to have an expiring password...so I'm guessing that it's trying to 'capture' that password.
    So, I'm writing from work now, while I am downloading all of these programs to write to CD and take home, along with being faced with rebuilding my system for the (literally) fourth time in the past 10 months. I have downloaded CWShredder, Spybot, Adaware, Hijack This and Zone alarm and am ready to install them. I was thinking about buying a hardware firewall, but am not sure about that. Here are my questions:
    1. do I really need to rebuild? or is there any way I can clean up this BS and move forward safely?
    2. shouldn't my cable modem access work on a 'regular' or controlled user? I shouldn't have to be an administrator on there to use that, right?
    3. how can I prevent getting hacked again, or can I? I know, I have some bad habits so feel free to yell if I need it :)
    4. should I switch to XP? or load up SP4 on my Windows 2000? I usually try to stay pretty well patched from the Microsoft side of things...
    5. is it 'normal' to get hacked this often? should I be calling my cable provider and asking them to look into this?

    If you need any more info (Dell PC, Windows 2000, SP2) please advise. I'm at my wits end, ready to cancel my cable modem and tell my kids to go to the library when they need to surf the web!!!

    Thanks!!
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Hello and welcome to TSG

    The first thing well need is for you to run Hijackthis...Save the log and them post back on this thread.

    As soon as you do your post someone will take a look at it for you and give you some help

    Besure that the Hijackthis is 1.97
     
  3. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, First thing I would do is get the log from HijackThis posted- when you have time----the experts will review it and tell you how to proceed. With the new malwares we are seeing, not all the "tools" have been 100% effective out-of-the-box...but, with a little manual work, the stuff can be eliminated.
    When you are ready to proceed with FIXING:
    You will more than likely need Internet access from the affected pc. Most of the programs you will need to use update online. There ARE manual updates that can be added to the removal programs, and since you have a burner that would be easy for you to do. People without access have used these programs, but will need to do some extra steps when something can't be removed fully. You will also need to scan each "User"- this is true for XP and I would think 2k falls into that category. I am not sure if cleaning up the main logon would get rid of something preventing any controlled logon...it might. Sure can't hurt to try. I would get any files you have to have backed up first, for each user if possible.
    Even Instant messenger programs can cause hijacks- I suggest these be either turned off or uninstalled, but of course then we might not see any problems with them....up to you.
    AIM and MSN Messenger are two that can spread the worms if you have certain settings, no protection running....usually Windows Updates patch Security for these, but who knows....
    Antivirus programs lately are detecting some malwares, called ad trojans, as trojan worms, which they are very similar to...they can be taken care of by a combination of stopping processes (using Safe Mode, CTRL+ALT+DEL, etc) and running removers...not all AV programs can remove them. The ad-worms will usually show in HijackThis and can be dealt with.
    Then- when you are done- there are several programs you can get that can prevent reinfection- and steps to set things like SpyBot to immunize you against the hijackers known about so far.
    Spywareblaster and SpyGuard (hope I got that right) are only two that are commonly in use....make sure they are for win2k, though! Another- IE SpyAd--will block a lot of this stuff by adding to your restricted sites, not sure if will work with 2k.
    NOTE: A good cable NAT router will help- most have firewall built in. The ISP is a glitch, not all accept NAT---the company I am going to be switching to soon does not support NAT, however they also have a lot of old info up on their site so I am going to try using one! I use at times 3 pcs and need access with all of them at the same time- the router allows this, through one cable modem and networking cards installed in each pc. Of course, wait till the junk is all cleared up and things are working right for that.
     
  4. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    SpywareBlaster, SpywareGuard and IE-Spyad ALL work with Win2k ... no problems ... I've got them on all of my 2k boxes ... ;)

    SpywareBlaster v2.6.1 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

    IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: http://www.staff.uiuc.edu/~ehowes/resource.htm
     
  5. sorrento5

    sorrento5

    Joined:
    Jun 5, 2003
    Messages:
    174
    These are all good recommendations and should be followed. In answer to your question about the number of times you are hijacked, consider getting a firewall as one of your priorities, that way once you clean out the spyware and malware you will have some defenses built in. To some degree, we are all subject to repeated hijacks if we are unsuspecting> until the industry begins to adres the problem (today a NY Times article reported that AOL is going to include spyware removal soon to their user base) getting rid of spyware should be part of your strtup or shutdown routines.

    Good Luck
     
  6. WendyBender

    WendyBender Thread Starter

    Joined:
    Jan 6, 2004
    Messages:
    1
    Due to my rampant paranoia....I decided against trying to clean up what I have. So, I stripped and rebuilt the PC, setup a separate user account (no more logging on as Admin), put on ZoneAlarm and was given a dlink firewall to install on there. The guy that gave me the firewall told me to push the factory reset button on it when it comes up, and just put it in between the cable modem and my PC, no other config necessary. I'm going to give that a shot.
    Now, I hope the thing will be up and stable. Thank you to all who took the time to reply, I learned quite a bit about hacking while I was lurking here. You guys are great.....and if anyone else has any other recommendations, let me know.

    One last question for y'all, I refused to let my daughter install WinMX to download music anymore due to hacking fears. Is it safe to let her use AIM to chat with her buddies?

    Thanks again!!!
     
  7. Schnitzu

    Schnitzu

    Joined:
    Jun 5, 2003
    Messages:
    5,062
    Hi, and welcome to TSG. In your posts above, I didn't see any reference to anti-virus software. If you don't have an anti-virus product, I strongly recommend that you consider getting one.

    Grisoft offers a good free one called AVG. Find it at the following link:

    http://www.grisoft.com/us/us_dwnl7.php
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/192928

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice