backdoor.trojan virus and internet connection PROBLEMS

[mac0071]

any help would be greatly appreciated as this has been bugging me for
too long -

I'm running xp sp2
a few weeks ago some nasties appeared on my computer and slowed
everything down.
i managed to get rid of trojan.goldun and problems with svchost.exe by
running norton antivirus in safe mode
but i'm still infected by hacktool.rootkit and something called h3yb0y.

the main problem now is the fact i can't get on the internet as my 'rpc
server is unavailable'
and when i check my ip config everything is 0 (IP address is 0.0.0.0).
i think some files must have been erased or damaged but i need to get
back on the net before i can tackle h3yb0y (i found a text file of
h3yb0y's activities next to the rest of it's files in my documents and
settings folder and it has been trying to connect to a dns.server -
what does that mean?)

hope i've explained this ok. i am new to all of this..

 

[Malke]

I'm running xp sp2
a few weeks ago some nasties appeared on my computer and slowed
everything down.
i managed to get rid of trojan.goldun and problems with svchost.exe
by
running norton antivirus in safe mode
but i'm still infected by hacktool.rootkit and something called
h3yb0y.

the main problem now is the fact i can't get on the internet as my
'rpc server is unavailable'
and when i check my ip config everything is 0 (IP address is 0.0.0.0).
i think some files must have been erased or damaged but i need to get
back on the net before i can tackle h3yb0y (i found a text file of
h3yb0y's activities next to the rest of it's files in my documents and
settings folder and it has been trying to connect to a dns.server -
what does that mean?)

Your system is not clean and is now owned by The Bad Guys. See this
Symantec article:
http://securityresponse.symantec.com/avcenter/venc/data/hacktool.rootkit.html

Not only do you *not* want to put that machine on the Internet, you
should just flatten it and clean-install Windows. Even for a
professional, it would be hard to make 100% sure that the system was
completely clean after being compromised to that extent. There is no
way an end user could do this. I rarely suggest wiping an XP
installation and starting over, but I'm doing that now.

Back up your data and clean-install Windows per this link:
http://michaelstevenstech.com/cleanxpinstall.html

Or if you have an OEM machine - Compaq, HP, etc. - with a Recovery Disk,
return the computer to factory condition.

Do not connect the clean computer to the Internet until you have
installed an antivirus, Service Pack 2, and the Windows Firewall is
active. Then go to at least some of these links to see how to prevent
future infection.

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get
Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight

Malke

 

[mac0071]

thanks Malke - looks like i'll have to bite the bullet and start again.
i have a few questions, though - if i backup, for instance, my program
files folder, can i restore all the programs to where they once were or
will i have to download and re-install each one again? i've deleted all
the installation files!
one more thing - if we know where mr.h3yb0y was attempting to send all
the info. from my hard drive, couldn't we (or the appropriate
authorities) trace and prosecute. i want to put the ***** in hospital!

 

[Malke]

thanks Malke - looks like i'll have to bite the bullet and start
again.
i have a few questions, though - if i backup, for instance, my
program files folder, can i restore all the programs to where they
once were or will i have to download and re-install each one again?
i've deleted all the installation files!
one more thing - if we know where mr.h3yb0y was attempting to send all
the info. from my hard drive, couldn't we (or the appropriate
authorities) trace and prosecute. i want to put the ***** in hospital!

You should back up only your data - the information that *you* created.
Other items to back up besides things from My Documents (files,
pictures, music, etc.):

1. Addressbook
2. Favorites/bookmarks
3. Any data created in programs that need to have a special
"backup/restore" function run - Quickbooks, Quicken, Outlook.
4. Any installer executables for programs that you downloaded from the
Internet.
5. Make sure to write down any Customer Numbers and/or Product Keys from
programs you've downloaded and installed (if necessary). That
information usually is found by clicking on the program's Help>About
file.

You cannot back up a program by copying its files/folders from Program
Files. You must reinstall the program from the installation media -
either CD/DVD's or the installer executable.

You could spend your energy trying to find the hacker who owns your
computer, but it is probable that s/he lives in a different country so
that isn't a very realistic goal. I understand and sympathize with your
anger, but that's just the way it is. Go to the various links I gave
you about protecting your computer and read the information there. If
you practice "Safe Hex", you won't get infected again.

Good luck and best wishes,

Malke