LinkBack URL
About LinkBacksWell Duke, I don't think that you are alone in this situation. Will it be possible for you to share the names of some of this applications with us. You never know, many may not even be as good as you are.
Lanre
I'm retarded
I hate admitting it but man do I ever need a smack on the head sometimes. I dl'd some software from a less than repudable source, didn't scan it (doh) and now am dealing with malicious spyware on my rig. I've had to kill two toolbars with files hidden virtually everywhere then go into my registry and delete things I don't recognize.
What a nightmare.
Well Duke, I don't think that you are alone in this situation. Will it be possible for you to share the names of some of this applications with us. You never know, many may not even be as good as you are.
Lanre
Super Moderator
I take it you have done the usual with spybot s&d etc to clean it up then?
Yuk!Originally Posted by Duke
You can try M$'s anti-spyware:
http://www.microsoft.com/athome/secu...e/default.mspx
To be honest, if I were in your position (I have been in the past), the best thing you can do is reformat the HD and reinstall from scratch. Y'see, the thing is, once crap like that gets onto your system it tends to download a whole load of other crap onto your computer as well. Some of it will be recognised by the anti-spyware and antivirus apps but some of it can be missed and linger on, downloading more crap afterwards ... more spyware, keyloggers, spamming engines, etc, etc.
I thank you all for your responses. I did run AVG, Spybot, Ad Aware and always run Spyware Blaster in the background. The problem was what I believe an IE exploit that was embedded in a file that was supposed to be Doom 3, Resurrection of Evil, the recent expansion pack to Doom 3. I don't believe a reformat is necessary because both programs appear to be permanently nuked from my system, even after continued restarts and usage of Internet Explorer.
OK here is the story in detail. If you see any of this software around, run (don't walk) as fast as you can in the other direction.
Step 1: Idiot Duke (Ken) dl's um, a leaked warm copy of a game. This isn't something I do normally but I did it with Doom 3 simply because it was released late in Canada and I felt that since I've waited 3 years I'd had enough. I also believed that purchasing a copy wouldn't work with my cracked copy as it's mounted on a virtual drive.
I usually scan everything, but forgot to in my haste because of my excitement to play. I unzipped the file, mounted it and then proceeded to install the .exe. It took forever for a window to popup and by then it was already too late. I had a thank you for installing Hunt Bar window that all I could do was close. I was never prompted to chose directories; agree to disclaimer or nothing, just installed just like that. The program then opened up IE and took over, the rest is history.
I also ended up with another toolbar called IBIS but I'm not sure where it was because I never really saw it. I'm not sure if it was an extension of the Hunt Bar or what but it did have it's own separate registry entries.
I ended up with a trojan horse but I don't think it was related to these two toolbars, they both passed virus scan's so they had to be purely spyware, either that or there so new that there's currently no definitions written to combat them. That reminds me, maybe I'll do a Trend Micro House Call Scan just to make sure my systems not infected with a virus anymore.
Anyway, IBIS kept on changing its registry entries upon every start up so it was impossible to get rid of. I finally found dll's of it in Documents and Settings that could only be deleted in Safe Mode. It also worked it's way into my start menu (not to be confused with startup) and would execute upon every system startup anyway. These files could only be deleted in safe mode as well. Spybot provided the location of the registry entries so I just kept on going back until it was finally gone. I think the last delete in safe mode is what finally got rid of it though.
That was the easy one, Hunt Bar was way worse.
Hunt Bar had an uninstaller so in theory I should have been able to go to add/remove programs and get rid of it. That worked just great until I re-booted and there it was, larger than life. Hunt Bar was hidden in 9 different spots on My Computer from Program Files, Documents and Settings, Start Menu and 4 or 5 registry entries. All told there were 9 files to delete and they couldn't be deleted using spyware removal. Also, the files that were in Start Menu, Program Files, Common Files, Documents and Settings, WinTools, etc., were write protected or shared (windows couldn't tell) so they couldn't be deleted. Worse than that, they weren't easily identified, as they seemed to be legit files. I took a chance here, deleted all files in safe mode that had revise dates of April 16 (the day this all happened), since they were in the Recycle Bin they were not active files but easily retrievable if I happened to get rid of the wrong file. I also followed the roots of the files in my registry and got rid of them there, once again in safe mode. Files were in several places within the registry under names I didn't recognize. Files were scattered in HKEY_LOCAL_MACHINE, HKEY_CLASSES_ROOT, and HKEY_CURRENT_CONFIG. I was pretty confident here with what I was doing (believe it or not) but if your ever in your registry and worried about screwing something up, simply create a system restore point, you can boot up under your last system restore if need be.
Anyway, it looks like that's the end of it, I hope. If anything else develops I'll be sure to let you know.
Important Tip: if you ever experience anything like this, make sure to scan your system with spyware software prior to reboot and at the beginning of a restart before loading any programs. This gives you an idea of where the files may be hidden, as they have to execute either at start up or whenever you launch an associated program.
Senior Member
wow that sux. looks like you got everything back undercontrol... lol maybe a lesson... dont dl games, or make sure you fully scan them a few times to make sure their safe
Like I said, I rarely dl games, Doom 3 just happened to be one that I'd had enough of waiting for so I took a chance. I paid for it dearly though in the end (literally).
Recent scans with both AVG and Spybot have produced no resulting infectious files so I'm clean, at least as far as those programs are concerned. I feel sorry for anyone who's less confident with messing around in their computer because programs such as this completely take over. I do some of my banking online and was extremely worried that this would be a window into my financial info.
So you're telling me that even though I did no banking in this time, it's possible that it got access to my info from an encrypted page?
The other thing is that there's nothing that can be done (to my knowledge) other than pay my bills through the one account I have online. I don't have PayPal or anything else configured either.
If what you say in your previous post is true, then what is to stop any spyware? I'm not being sarcastic either, just very curious. I get new spyware on my computer weekly. Spyware Blaster has cut the amount down by close to 95% but can't catch everything.
No, I'm saying it is possible, since you have already activated the nasties by running the downloaded program, that you have lurking, somewhere on your computer, one or two programs that shouldn't be there. Some type of back door.
The first thing a trojan usually does is download other software from a remote server. The same with certain spywares which operate more like trojans. This may explain why you are having problems with spyware repeatedly appearing on your system.
First place a trojan usually replicates itself to is within system restore. The polymorphic varieties will stash themselves in numerous locations in varying ways so as not to get picked up by antivirus or antispyware.
Antivirus and antispyware is effective, for the most part, in preventing infection, not curing it once it has gotten onto your system. Sure, it will pick up the virii that is already known but there is a lot of stuff out there that is new and has not yet been picked up and antivirus does not pick up keylogger software, for example. Spyware Blaster is pretty good but again, it is highly unlikely it will pick up keyloggers.
It's the same with bios which does not have a password, depending on what sort of user privileges can be gained. A skilled cracker can identify the bios on your system and flash it (reprogram it) so as to allow him/her access to your computer. This is very rare and requires proper skills but it can be done if the user privileges gained are high enough. It cannot happen if the bios is password protected.
I'm not trying to freak you out with a load of scare stories, just pointing out what can be done.
What concerns me about your own particular case is that you located a trojan on your system after you ran some nasty program from the dark side of the internet. As soon as that program was run, your system was fully compromised. It may be that the crapware and trojan was all that was put on your system but I doubt it.
It doesn't mean every file on your computer is toast. You can back up what you need to and scan it once you have completely secured your system should you choose to reformat the HD.
If it were my computer, I would reformat the HD, including scrapping any existing partitions and turning the power off, so there is nowhere for anything to hide, including memory-residents; then reinstall from scratch.
It's not a fun option and might take you a few days to get back to operational, but given your situation, I don't see any other way to be certain your machine is clean.
Take a few days, unlikely, it'll take me a week. I've got two hard drives 80 GB and 40 GB full to the rim with software and essential files.
I do understand what your saying but this is something that can happen at anytime virtually anywhere. It's also easy to get an instance of spyware installed, all you need do is visit a site with a popup and voila, you have spyware.
As far as virus' are concerned, I agree with you 110% but in order for a definition to be written to even remove existing virus', information pertaining to the virus has to come from somewhere. That information comes from infected computers through either online scan or allowing McAffee, Norton, Panda, etc., to dip into their computers for their "Customer Improvement Programs" or whatever they decide to call it.
A lot of what your posting is horror story stuff and isn't confined to my computer because I ran a malicious program, your computer and the computer of any user connected to the internet is vulnerable by a skilled enough hacker. I am also quite certain my computer is clean and not too worried about key logging or background apps reporting info over the net, as I said previously, the only bank info I have online is access to my bank account and nothing can be done with it (not even transfer of funds). I never signed up for those programs and never will, the only access I have is to pay bills and thats it.
I will take your suggestions under advisement and am keeping a close eye on my system. I even have my modem within earshot just to see if it's running when it shouldn't be due to my paranoia level.
Lastly, I'm pretty sure that there's software running on my computer, yours and everyone else's that we don't know about. Operating Systems, Virus Software, Spyware Removal, Software Firewalls, Search Engines, hell even Alexa gather stats from somewhere to continually improve their software apps. I'm pretty sure that information comes from everyone who connects to the net.
I do have a question though, instead of a whole re-format which I simply don't want to do because there's no way I can even do it without purchasing another hard drive at this point, what if I was to change my IP address? It seems to me that any running program that may be logging keys is using a gateway provided by my IP, if I were to change the address don't I close the door?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Bookmarks