Zombie infestation, perhaps

[Guest]

Hi all,

I've just discovered a serious problem with one of the computers I am
responsible for, and I need help fixing it. I'm hoping someone here can help
me out.

It appears a cruel and evil person has uploaded a great deal of games,
music, movies, adult content, and more onto my machine via the net. I
discovered this using a virus checker because my machine was running dog slow
and I was getting out of memory errors. It seems the problem files are
hidden in an invisible folder.

I need to know how I can view invisible folders. Once I view it, I will
delete the folder.

Once these files are gone, will that cure the problem? That is, will the
miscreant likely leave me alone? Or, do I need to take more proactive steps
to ensure this doesn't happen again? If there is some way to track this
fiend down please let me know -- I want to turn him in. Script kiddies are
such a drain on the gene pool.

My net connection was running painfully slow. I am assuming this is because
the cracker told all his buddies where to go to find the stuff he had stashed
away, and they were hogging the connection.

I am hoping, once the folder is gone, the memory errors will go away and the
net connection will speed back up. Is this a reasonable expectation?

If anyone has any advice on how to clear this up, I would appreciate hearing
it. Any tips on how to protect myself from this sort of thing again would
also be warmly accepted.

 

[Malke]

Hi all,

I've just discovered a serious problem with one of the computers I am
responsible for, and I need help fixing it. I'm hoping someone here
can help me out.

It appears a cruel and evil person has uploaded a great deal of games,
music, movies, adult content, and more onto my machine via the net. I
discovered this using a virus checker because my machine was running
dog slow
and I was getting out of memory errors. It seems the problem files
are hidden in an invisible folder.

I need to know how I can view invisible folders. Once I view it, I
will delete the folder.

Once these files are gone, will that cure the problem? That is, will
the
miscreant likely leave me alone? Or, do I need to take more proactive
steps
to ensure this doesn't happen again? If there is some way to track
this
fiend down please let me know -- I want to turn him in. Script
kiddies are such a drain on the gene pool.

My net connection was running painfully slow. I am assuming this is
because the cracker told all his buddies where to go to find the stuff
he had stashed away, and they were hogging the connection.

I am hoping, once the folder is gone, the memory errors will go away
and the
net connection will speed back up. Is this a reasonable expectation?

If anyone has any advice on how to clear this up, I would appreciate
hearing
it. Any tips on how to protect myself from this sort of thing again
would also be warmly accepted.

The smartest thing to do (and the least time-consuming) if your computer
has been truly compromised is to back up any data, format the hard
drive, and clean-install Windows. After installing Windows, before you
connect to the Internet make sure you have:

1. Service Pack 2 installed and the Windows Firewall or a third-party
firewall on.

2. A current version (not earlier than 2004) full-featured antivirus
installed.

3. Then connect to the Internet, update your av and apply any Windows
security updates from Windows Update.

Practice Safe Hex:
http://www.aumha.org/a/parasite.htm
http://www.claymania.com/safe-hex.html

Malke

 

[Frank Saunders, MS-MVP OE]

Hi all,

I've just discovered a serious problem with one of the computers I am
responsible for, and I need help fixing it. I'm hoping someone here
can help me out.

It appears a cruel and evil person has uploaded a great deal of games,
music, movies, adult content, and more onto my machine via the net. I
discovered this using a virus checker because my machine was running
dog slow and I was getting out of memory errors. It seems the
problem files are hidden in an invisible folder.

I need to know how I can view invisible folders. Once I view it, I
will delete the folder.

Once these files are gone, will that cure the problem? That is, will
the miscreant likely leave me alone? Or, do I need to take more
proactive steps to ensure this doesn't happen again? If there is
some way to track this fiend down please let me know -- I want to
turn him in. Script kiddies are such a drain on the gene pool.

My net connection was running painfully slow. I am assuming this is
because the cracker told all his buddies where to go to find the
stuff he had stashed away, and they were hogging the connection.

I am hoping, once the folder is gone, the memory errors will go away
and the net connection will speed back up. Is this a reasonable
expectation?

If anyone has any advice on how to clear this up, I would appreciate
hearing it. Any tips on how to protect myself from this sort of
thing again would also be warmly accepted.

First eliminate any spyware.
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

CAUTION!!!!! Removing some spyware can damage the Winsock stack and you may
not be able to connect to the Internet. Before you try to remove spyware,
download a copy of LSP-Fix - a free program to repair damaged Winsock 2
stacks AFTER you remove the software (all Windows versions)
http://www.cexx.org/lspfix.htm
Winsockfix for W95, W98, ME, NT, 2000, XP
http://www.tacktech.com/pub/winsockfix/WinsockFix.zip
Directions here: http://www.tacktech.com/display.cfm?ttid=257
WinXP:
Get WinSockxpFix
http://www.spychecker.com/program/winsockxpfix.html
How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/kb/299357
In WinXP SP2: You can fix Winsock by going to Start | Run and typing
CMD
In the command window type
netsh winsock reset

See
Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/data/tshoot.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com

--
Frank Saunders, MS-MVP OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/