Got Hacked

O

o0pianoman0o

I must’ve downloaded something with a trojan in it, but my main
problem is that the guy changed, added or did whatever to my registry
plus added, deleted and changed my system files. I tried to reformat
my hard drive but that didn’t even work becuase all the stuff just
comes right back on there. I’ve tried norton kaspersky, and a few
others that didn’t find anything wrong but i can’t change anything
becuase He created admin rights to different things. Is there anyway I
can completly remove everything or get rid of the files he placed?
I’ve even tried a registry cleaner and so far nothing has restored
my computer to the original state.
 
S

Sparda

o0pianoman0o said:
I must've downloaded something with a trojan in it, but my
main problem is that the guy changed, added or did whatever to
my registry plus added, deleted and changed my system files. I
tried to reformat my hard drive but that didn't even work
becuase all the stuff just comes right back on there. I've
tried norton kaspersky, and a few others that didn't find
anything wrong but i can't change anything becuase He created
admin rights to different things. Is there anyway I can
completly remove everything or get rid of the files he placed?
I've even tried a registry cleaner and so far nothing has
restored my computer to the original state.

Formating the hard drive, so all the data is erased (tecnicly marked
as notuse, but nm that), will get rid of a virus, no matter how badly
infected with a virus it is (except MBR viruses and BIOS viruses, but
they are rather rare).

What has actualy changed?
 
G

Gerry Cornell

When dealing with a persistent virus / trojan you need to delete system
restore points and not use them as they will contain the virus and put
it back into your system. Turn off System Restore until cleaning is
finished. Also run your anti-virus with updated definitions in safe
mode. Sometimes you need to run an anti-virus from a floppy and Trend
offer one that can be used.

Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.

Download the latest Controlled Pattern Release zip
(http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.

Download HijackThis (Freeware)
http://tomcoyote.com/hjt/

Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.

Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.

If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).

Work through the spyware removal programmes etc in turn in safe mode
until you get no results.

Afterwards, update your own anti-virus application and perform another
full system scan.

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
L

Leythos

I must�ve downloaded something with a trojan in it, but my main
problem is that the guy changed, added or did whatever to my registry
plus added, deleted and changed my system files. I tried to reformat
my hard drive but that didn�t even work becuase all the stuff just
comes right back on there. I�ve tried norton kaspersky, and a few
others that didn�t find anything wrong but i can�t change anything
becuase He created admin rights to different things. Is there anyway I
can completly remove everything or get rid of the files he placed?
I�ve even tried a registry cleaner and so far nothing has restored
my computer to the original state.

I hate to tell you this, but once a system is compromised there is only
one way to be 100% certain that it's clean - wipe it completely and
reinstall your system from scratch, not a refresh, not a non-destructive
restore, a FULL wipe/reinstall.

If you want to clean your system, you can try the apps listed below,
but, you really need to boot into SAFE MODE and run them - if you can't
install them because your permissions have been changed, then you are
left with wipe/reinstall only.

One more thing - how did they get in, have your learned enough to keep
that from happening again? If you don't know, not blocked it from
happening again, there is no point in restoring until you learn to
secure your machine.

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

No person of sound mind would download files from a hack site that
requires a password to access the unknown files when they are available
directly from the vendors.

Always remember - only download files from Trusted Sites.

After you install any of these applications and update them, run them in
SAFE MODE to allow them to properly clean your system.

These sites are for downloading Anti-Spyware tools, in order that I
would use them myself:

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

HiJack can be found here:
http://www.spywareinfo.com/~merijn/downloads.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

CrapCleaner can be found at the vendors site here:
http://www.ccleaner.com/ccdownload.asp

CleanUp can be found at the vendors site here:
http://www.stevengould.org/software/cleanup/download.html
or from another reputable source:
http://www.tucows.com/get/405276_152071

The following are two links to Antivirus software in order that I would
use them:

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site. They also don't artificially increase the hits for sites that
get paid for the amount of traffic they can generate like one poster has
admitted to in this group.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top