I think my pc have been hacked.

[Guest]

I have no access to registry, a lot of program dont work, outlook express
one important file is missing so all mails are locked in. I have tried to
reinstall WinXP (write over) and some important missing files cannot be
repaired. SP2 cannot be installed as access is denied for some files.
All points to restore system is gone, I cannot run safe mode.
I cannot log in as administator to fix problems.
The program for my ADSLconnection is not working and now uninstalled due to
traffic over the modem.
Something read my HD and use the modem. If I unplug the USBmodem it stops.
As soon as I connect the modem the reading (or writing) starts again.
Also some driver is missing for USB so USB ports dont work properly but
nothing wrong with modem and internet connection and this without the program
from my ISP needed to connect. (uninstalled)

I want to get control over my HD again, please help me. I have all
pestprograms up and running and also ZoneAlarm and I havnt open any unknown
file lately and not runned any unknown program. I cant open my own files,
have no rights, meaning access denied.
Thanks for your help.

 

[webster72n]

From the looks of it you are in *deep* trouble, Bjorn.
Probably have to start from scratch.
One of the masterminds will help you sort it out.
A new machine might be the best solution <g>.
Just hang around for a while.

Harry.

 

[Haggis]

have you tried a "repair install" ?

http://www.michaelstevenstech.com/XPrepairinstall.htm

 

[Alias]

I have no access to registry, a lot of program dont work, outlook express
one important file is missing so all mails are locked in. I have tried to
reinstall WinXP (write over) and some important missing files cannot be
repaired. SP2 cannot be installed as access is denied for some files.
All points to restore system is gone, I cannot run safe mode.
I cannot log in as administator to fix problems.
The program for my ADSLconnection is not working and now uninstalled due to
traffic over the modem.
Something read my HD and use the modem. If I unplug the USBmodem it stops.
As soon as I connect the modem the reading (or writing) starts again.
Also some driver is missing for USB so USB ports dont work properly but
nothing wrong with modem and internet connection and this without the program
from my ISP needed to connect. (uninstalled)

I want to get control over my HD again, please help me. I have all
pestprograms up and running and also ZoneAlarm and I havnt open any unknown
file lately and not runned any unknown program. I cant open my own files,
have no rights, meaning access denied.
Thanks for your help.

If you have everything backed up, reformat and reinstall XP. In the long
run, it will be quicker. If you don't have everything backed up and it's
very important to you to not lose the data, it's a long road to clean up
the mess you're in and I'm sure someone here will post ways to clean it up.

 

[Juan]

a) Scan your system with HijackThis and select suspicious processes, and
click on Fix Checked, and then click on Configuration\Backups\select backed
up processed and delete.

b) Scan your system Online with http://www.kaspersky.com/scanforvirus
http://www.kaspersky.com/virusscanner

c) Scan for other malware
http://antivirus.about.com/cs/softwarereviews/tp/aaonline.htm

Download HijackThis
http://www.majorgeeks.com/downloads31.html

d) If nothing of above works you may want to remove your HD and install it
as Slave on another computer from which you can scan the HD or access the
C:\drive Security and take ownership, regain access and delete any unknown
account from the HD security. Then replace the HD on your computer and try
to recover the security settings once more, and thoroughly disinfect the
system.

 

[Guest]

Thanks for your replies.

I cant do anything with RUN .... regedit its not allowed. Have no right to
use it or something. I dont have an english version.

I cannot scan anything and not use online tools as I cannot use my internet
connection myself. Something on my systen disk can use the internet
connection but I cant. Both antivirus and ZoneAlarm is a mess and both have
important files missing. One files is missing for outlook express, it why I
cant same my e-mail as OE cant start.

I am running WinXP on a tempoary disk and naturally I have no backups.
I can save my data I think but stored url and e-mails and search results I
think I cannot save that.

Help me with this, please. I am now moving or coping programs folders to
temporary HD by first installing my programs and make a copy of the old
folder to past over the new folder. Sometimes it do not work depending on the
registry I think. There must be a way to save data.

If backdoor or spyware its very intellegent as all points for system restore
is gone too. I saved the last point only 3 days ago.
Only thing I can think of is a hacker that is able to hack ZoneAlarm.

 

[Juan]

These links should help you learn how to recover access to the HD from
another computer and remove any unknown account from the security.

How to disable simplified sharing and set permissions on a shared folder in
Windows XP
http://support.microsoft.com/kb/307874

How to take ownership of a file or folder in Windows XP
http://support.microsoft.com/kb/308421

How to set, view, change, or remove special permissions for files and
folders in Windows XP
http://support.microsoft.com/kb/308419

How to set, view, change, or remove file and folder permissions in Windows
XP
http://support.microsoft.com/kb/308418

----------------------------------

 

[Mungo Bulge]

My workaround is the same, basically as Juan's, although it dose not
involve exposing another production PC to the same problems as your
own.
Hard drives are not that expensive, if you keep the size down. I would
suggest buying or borrowing a HD of suitable size and then remove your
hard drive from the infected system. Install the new drive, format and
install Win XP, complete with all patches, and personal firewall,
Virus protection etc. and all the spy ware addware, Intrusion
Detection, HijackThis, and anything else you can find. Do all this
before you reconnect to the DSL, in fact, I'd stay off the Internet
until I was fairly sure I had cleaned the infected drive.
Now set about gaining access to all the directories and
sub-directories on the infected drive and then scan the drive with
everything you got. Do not attempt to repair anything. If it is
infected or modified, note it and leave it.Once you have all the data
you need from the drive, make an image of what is left and send it to
your favourite virus reporting organisation for the to do as they
please.
Scrub the drive with what ever utility you trust to scrub it clean.
Reformat the drive and use it as D: and put all your data back on the
drive.
At this point you can begin to rebuild your PC by re-installing your
favourite software packages etc.
Having successfully cleaned your PC, create a BLOG telling us all how
you successfully routed the Willy Hacker.
Good Luck

| a) Scan your system with HijackThis and select suspicious processes,
and
| click on Fix Checked, and then click on Configuration\Backups\select
backed
| up processed and delete.
|
| b) Scan your system Online with
http://www.kaspersky.com/scanforvirus
| http://www.kaspersky.com/virusscanner
|
| c) Scan for other malware
| http://antivirus.about.com/cs/softwarereviews/tp/aaonline.htm
|
| Download HijackThis
| http://www.majorgeeks.com/downloads31.html
|
| d) If nothing of above works you may want to remove your HD and
install it
| as Slave on another computer from which you can scan the HD or
access the
| C:\drive Security and take ownership, regain access and delete any
unknown
| account from the HD security. Then replace the HD on your computer
and try
| to recover the security settings once more, and thoroughly disinfect
the
| system.
|
| -------------------------------
| "Bjorn" <[email protected]> escribió en el mensaje
| | >
| > I have no access to registry, a lot of program dont work, outlook
express
| > one important file is missing so all mails are locked in. I have
tried to
| > reinstall WinXP (write over) and some important missing files
cannot be
| > repaired. SP2 cannot be installed as access is denied for some
files.
| > All points to restore system is gone, I cannot run safe mode.
| > I cannot log in as administator to fix problems.
| > The program for my ADSLconnection is not working and now
uninstalled due
| to
| > traffic over the modem.
| > Something read my HD and use the modem. If I unplug the USBmodem
it stops.
| > As soon as I connect the modem the reading (or writing) starts
again.
| > Also some driver is missing for USB so USB ports dont work
properly but
| > nothing wrong with modem and internet connection and this without
the
| program
| > from my ISP needed to connect. (uninstalled)
| >
| > I want to get control over my HD again, please help me. I have all
| > pestprograms up and running and also ZoneAlarm and I havnt open
any
| unknown
| > file lately and not runned any unknown program. I cant open my own
files,
| > have no rights, meaning access denied.
| > Thanks for your help.
| >
|
|
|

 

[Guest]

Well, I have made 2 replies here but I cant see them.

 

[Guest]

well, I posted a reply here but its gone too.

 

[Rock]

I have no access to registry, a lot of program dont work, outlook express
one important file is missing so all mails are locked in. I have tried to
reinstall WinXP (write over) and some important missing files cannot be
repaired. SP2 cannot be installed as access is denied for some files.
All points to restore system is gone, I cannot run safe mode.
I cannot log in as administator to fix problems.
The program for my ADSLconnection is not working and now uninstalled due to
traffic over the modem.
Something read my HD and use the modem. If I unplug the USBmodem it stops.
As soon as I connect the modem the reading (or writing) starts again.
Also some driver is missing for USB so USB ports dont work properly but
nothing wrong with modem and internet connection and this without the program
from my ISP needed to connect. (uninstalled)

I want to get control over my HD again, please help me. I have all
pestprograms up and running and also ZoneAlarm and I havnt open any unknown
file lately and not runned any unknown program. I cant open my own files,
have no rights, meaning access denied.
Thanks for your help.

From a post by David Lipman:

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE
to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed
files or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

 

[Juan]

Bjorn: Now that you have installed the infected HD as slave HD, from the
system you are working on scan the infected HD, with the local antivirus
application (the infected HD is recognized by the master system as a
partition and you can do everything from there, you can scan locally or
online with any antivirus or antispyware program. I repeat; you can scan it
from the host computer with a local antivirus, anti-spyware or an
antivirus-antispyware-online...

When you have scanned the HD remove simple file sharing on your Windows
Explorer\Tools\View\ uncheck "Use Simple File sharing (recommended) this
will make the Security tab present in the infected HD's
C:\Properties\Security. Next take ownership in Security\Advanced
Options\Ownership and remove any unknown account. The following links
should help you learn how to do the rest. After you click on the Microsoft
KB article and the page has opened, on the URL change "en-us" for your
country abbreviation and language abbreviation (is it sw-sw?) .. this will
translate
the Knowledge Base articles to your language for your better comprehension.

How to set, view, change, or remove special permissions for files and
folders in Windows XP
http://support.microsoft.com/kb/308419

How to set, view, change, or remove file and folder permissions in Windows
XP
http://support.microsoft.com/kb/308418

How to disable simplified sharing and set permissions on a shared folder in
Windows XP
http://support.microsoft.com/kb/307874

How to take ownership of a file or folder in Windows XP
http://support.microsoft.com/kb/308421

----------------------------------

 

[Juan]

Try this link for the Web view of this newsgroup

http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx?dg=micr
osoft.public.windowsxp.general&lang=en&cr=US

 

[Juan]

Mungo: if I understand correctly he has already installed the HD as slave
and is accessing it to retrieve his files... and according to some experts,
the host system is not in the risk of getting infected unless he retrieves
infected files which he is already doing, that's why I say he should scan
the infected HD before attenpting to retrieve files.... but seems he can not
see all the responses he's getting.

------------------------------

 

[Guest]

Sorry all, I am tired and not able to handle this. My posts here dont show
up, I am not so good with english, it take me too looong and ....
Before I get disconnected and for short:
From 2 new 100% clean and up to date disks I have scanned the "infected"
disk and nothing found, it is free from all known viruses, spyware and adware.

Is it possible to hack thru ZA? or can it be a disk crash? I was not allowed
to check the disk status from that disk but it worked from my temporary disk
and it was error free. Fragmented but defrag started so nothing wrong with
the disk.
Still the disk is locked by damaged files.
If this is the only thing I still dont know how it could happen and how to
repair it.
And why cant I run regedit and were are all restoring points?

Please explain, but to me it seems very difficult to explain and I still
dont know how to save my e-mails as a file is mising/damaged Outlook Express
will not start and reinstall is denied.

I have no access to registry, a lot of program dont work, outlook express
one important file is missing so all mails are locked in. I have tried to
reinstall WinXP (write over) and some important missing files cannot be
repaired. SP2 cannot be installed as access is denied for some files.
All points to restore system is gone, I cannot run safe mode.
I cannot log in as administator to fix problems.
The program for my ADSLconnection is not working and now uninstalled due to
traffic over the modem.
Something read my HD and use the modem. If I unplug the USBmodem it stops.
As soon as I connect the modem the reading (or writing) starts again.
Also some driver is missing for USB so USB ports dont work properly but
nothing wrong with modem and internet connection and this without the program
from my ISP needed to connect. (uninstalled)

I want to get control over my HD again, please help me. I have all
pestprograms up and running and also ZoneAlarm and I havnt open any unknown
file lately and not runned any unknown program. I cant open my own files,
have no rights, meaning access denied.
Thanks for your help.

From a post by David Lipman:

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE
to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed
files or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

 

[Guest]

No problems with HDs I have four, two of them extern on a long IDE cable. I
only disconnect the power cord. I run the same Windows on all, I have no
problem with that as it is a separate installation. The problem HD is inside
and it has two partions and only the Windows partion has problems. I have
scanned all disks I have used recently and they are all free from viruses and
spyware with todays update.