User Tag List

Informational! Informational!:  0
Likes Likes:  0
Page 1 of 2 12 LastLast
Results 1 to 8 of 12

Thread: My Computer is Evil...

  1. #1
    Kung Fu Fighting! NeciFiX's Avatar
    Join Date
    Mar 2007
    Location
    Wisconsin
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My Computer is Evil...

    I have Zone Alarm Security Suite, very little can smash through my firewall and if it does it's eliminated. However, my computer has turned against me...

    Yes, it's true, this thing keeps popping up random documents and doing stuff I never told it to and opening the drives. After scanning my PC deeply and eliminating all threats of hackers etc. I have come to the conclusion my PC is evil.

    Or it just doesn't like the CP CD in the drive...

    Is yours evil too? Are computers conspiring against us?

    Edit: I told my computer it was bad and kicked it. That'll teach it.
    - NeciFiX

  2. #2
    Gamer Ridetsu's Avatar
    Join Date
    Jun 2007
    Location
    Bellevue, Washington
    Posts
    161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well, most computers aren't evil - their manufacturers are
    Computers, if anything, are so stupid that they can't be evil. They do whatever we tell them do, whether it will hurt them or not - they have no will of their own, and can't do much of anything by themselves.

    So, chances are, you're evil
    ~The Fallen and Forgotten~

  3. #3
    I drink to make others more interesting. bpullin's Avatar
    Join Date
    May 2007
    Location
    Cartersville, GA
    Posts
    170
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I recommend Spybot Search & Destroy. Install it, run the updates. Run Immunize. Reboot the machine and go into Safe Mode. ( F8). Run the scan. Fix everything it shows.

    What version of Internet Explorer do you have? I would upgrade to IE7. Then turn on Pop up blocker, anti-phishing. Also go into it and have it clear out all of your cached files. Set your Security for the Internet Zone to Medium-High.

    Make sure your anti-virus is up to date. When in safe mode, run it also. There are viruses and such that run as system files. These will be running when Windows loads. Your program will find them but won't be able to clean them. Going into safe mode will prevent them from running. Then they can be deleted, cleaned when they are found. Make sure your a/v program is set to delete threats as the first option, quarantine second.

    I would also advise against using IM programs. Viruses see them as open doors, even if you aren't chatting. Stay off of questionable sites. While you are browsing and downloading what you want, viruses, trojans and other crap is being installed in the background. This is actually true of most legit sites as well. Don't open emails and attachments from people you don't know.

    If your computer becomes totally bogged down and unusable, then it will be time to back up your docs (which you should do on a regular basis anyway), blow it away and reload Windows and your apps.

    Good luck.
    We'll raise up our glasses against evil forces
    Singing whiskey for my men, beer for my horses

    1-20-13 = The End of an Error.

  4. #4
    Kung Fu Fighting! NeciFiX's Avatar
    Join Date
    Mar 2007
    Location
    Wisconsin
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Zone Alarm has a IM security thing (it tries to terminate anything that IM's me) aaand it's extremely protective, and I use Firefox since IE is a scam...

    It's not slow at all, not even a problem I'm sure, my computer was just acting evil for a second.

    And yes I am evil. What of it?
    - NeciFiX

  5. #5
    Hello, I must be going... Not a Number's Avatar
    Join Date
    Nov 2006
    Location
    Los Angeles, CA
    Posts
    7,506
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    It's a common error to rely on one source of computer protection. Obviously if your computer software is behaving in a suspicious manner then your Zone Alarm has been compromised.

    There are a large number of backdoor malware programs, many do not get detected by virus scanners etc. Many of them specifically target and disable or circumvent the more popular virus scanners and firewall pacakges. Many of them allow a hacker to take direct control of your computer and allow them access to any and all files and information stored on or accessed through the Internet.

    An independent test showed that the "free" adware/malware scanners like Spybot only detected 30-50% of the nasties at the time of the test. The "premium" paid version were higher but none detected 100%. Conclusion - use more than one scanner.

    Here's an example of one that was detected by only a few virus scanners (tested against some 30 or so packages):

    The file "setup.exe" contains a trojan.

    Files created:
    C:\WINDOWS\raova.dll
    C:\WINDOWS\raova.exe
    C:\WINDOWS\akltb.tul

    Registry keys created:
    [HKEY_CURRENT_USER\Software\Adobe\SBHC]
    "SBM" = "C:\WINDOWS\akltb.tul"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed
    Components\{gracutni-fjqb-bykh-sjhf-hcxivuvcattb}]
    "StubPath" = "C:\WINDOWS\raova.exe"

    Network Activity:
    This trojan logs everything you do on your computer.
    Whenever the logfile reaches a size of 100kB it is decrypted, sent, renamed
    and replaced with a new "akltb.tul".
    Opens FTP connection with "ftp1.hompy.com" on TCP port 21
    (222.239.73.137:21 at the time of writing this)
    USER roceone@ftp1.hompy.com
    PASS cho********
    And uploads the decrypted logfile containing everything you've done on your
    box for the last 100kB of logging.
    It also sends e-mails with the same logfiles to:
    "logs@popmail.com"
    "elogger@naver.com"

    Positive results of a scan of the infected "setup.exe":
    ClamAV: Trojan.Bifrose-876
    Norman Virus Control: W32/PoisonIvy.YH

    Positive results of a scan of the trojan itself:
    AntiVir: Found HEUR/Crypted
    ClamAV: Found Trojan.Small-2868
    VBA32: Found Malware.Delf.43 (probable variant)

    Info on domain hompy.com:

    Domain Name.......... hompy.com
    Creation Date........ 1999-12-24
    Registration Date.... 2006-11-22
    Expiry Date.......... 2008-12-24
    Organisation Name.... Lee Changhyun
    Organisation Address. 1710-1
    Organisation Address. SEOULSeocho-guSeocho-dong
    Organisation Address. Seocho-gu
    Organisation Address. 137-070
    Organisation Address. SEOUL
    Organisation Address. KOREA, REPUBLIC OF

    Admin Name........... Changhyun Lee
    Admin Address........ 1710-1
    Admin Address........ SEOULSeocho-guSeocho-dong
    Admin Address........ Seocho-gu
    Admin Address........ 137-070
    Admin Address........ SEOUL
    Admin Address........ KOREA, REPUBLIC OF
    Admin Email.......... lee@ziobiz.com
    Admin Phone.......... +82.266731166
    Admin Fax............ +82.266731167

    Tech Name............ Won Ho Song
    Tech Address......... 1701-1 Hanaro Telecom Internet
    Tech Address......... Data Centre B/D SF
    Tech Address......... Seocho
    Tech Address......... 137070
    Tech Address......... Seoul
    Tech Address......... KOREA, REPUBLIC OF
    Tech Email........... domain@badanet.co.kr
    Tech Phone........... +82.262692100
    Tech Fax............. +82.262692112
    Name Server.......... NS1.ZIOBIZ.CO.KR
    Name Server.......... NS.HOMPY.COM

    You would do yourself a favor to download HiJackThis! and post the log on the support forum for HiJackThis!
    Grand Hotel... always the same. People come, people go. Nothing ever happens.

  6. #6

    Join Date
    Jun 2007
    Location
    Seattle, WA
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I like Macs. You don't have to deal with viruses, plus I find the OS much more stable, but that's just me. One of the only downsides is that if you play a lot of PC games, you don't have as big of a selection (though you can install windows on them if you need to).

  7. #7
    herenorthere's Avatar
    Join Date
    Feb 2003
    Location
    almost Hartford
    Posts
    3,785
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If your computer is behaving that way, the only solution is to start pulling boards; one by one. You'll be safe once it starts sing, "Daisy, Daisy, . . . ".
    Bruce in CT

    Madness is something rare in individuals but in groups, parties, peoples, ages it is the rule. Friedrich Nietzsche

  8. #8
    Kung Fu Fighting! NeciFiX's Avatar
    Join Date
    Mar 2007
    Location
    Wisconsin
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's nothing... quit making such a big deal out of it. I was installing iTunes from the website, lol, it was just weird for a second... doesn't mean my computer is going down.

    Quote Originally Posted by Not a Number View Post
    It's a common error to rely on one source of computer protection. Obviously if your computer software is behaving in a suspicious manner then your Zone Alarm has been compromised.

    There are a large number of backdoor malware programs, many do not get detected by virus scanners etc. Many of them specifically target and disable or circumvent the more popular virus scanners and firewall pacakges. Many of them allow a hacker to take direct control of your computer and allow them access to any and all files and information stored on or accessed through the Internet.

    An independent test showed that the "free" adware/malware scanners like Spybot only detected 30-50% of the nasties at the time of the test. The "premium" paid version were higher but none detected 100%. Conclusion - use more than one scanner.

    Here's an example of one that was detected by only a few virus scanners (tested against some 30 or so packages):

    The file "setup.exe" contains a trojan.

    Files created:
    C:\WINDOWS\raova.dll
    C:\WINDOWS\raova.exe
    C:\WINDOWS\akltb.tul

    Registry keys created:
    [HKEY_CURRENT_USER\Software\Adobe\SBHC]
    "SBM" = "C:\WINDOWS\akltb.tul"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed
    Components\{gracutni-fjqb-bykh-sjhf-hcxivuvcattb}]
    "StubPath" = "C:\WINDOWS\raova.exe"

    Network Activity:
    This trojan logs everything you do on your computer.
    Whenever the logfile reaches a size of 100kB it is decrypted, sent, renamed
    and replaced with a new "akltb.tul".
    Opens FTP connection with "ftp1.hompy.com" on TCP port 21
    (222.239.73.137:21 at the time of writing this)
    USER roceone@ftp1.hompy.com
    PASS cho********
    And uploads the decrypted logfile containing everything you've done on your
    box for the last 100kB of logging.
    It also sends e-mails with the same logfiles to:
    "logs@popmail.com"
    "elogger@naver.com"

    Positive results of a scan of the infected "setup.exe":
    ClamAV: Trojan.Bifrose-876
    Norman Virus Control: W32/PoisonIvy.YH

    Positive results of a scan of the trojan itself:
    AntiVir: Found HEUR/Crypted
    ClamAV: Found Trojan.Small-2868
    VBA32: Found Malware.Delf.43 (probable variant)

    Info on domain hompy.com:

    Domain Name.......... hompy.com
    Creation Date........ 1999-12-24
    Registration Date.... 2006-11-22
    Expiry Date.......... 2008-12-24
    Organisation Name.... Lee Changhyun
    Organisation Address. 1710-1
    Organisation Address. SEOULSeocho-guSeocho-dong
    Organisation Address. Seocho-gu
    Organisation Address. 137-070
    Organisation Address. SEOUL
    Organisation Address. KOREA, REPUBLIC OF

    Admin Name........... Changhyun Lee
    Admin Address........ 1710-1
    Admin Address........ SEOULSeocho-guSeocho-dong
    Admin Address........ Seocho-gu
    Admin Address........ 137-070
    Admin Address........ SEOUL
    Admin Address........ KOREA, REPUBLIC OF
    Admin Email.......... lee@ziobiz.com
    Admin Phone.......... +82.266731166
    Admin Fax............ +82.266731167

    Tech Name............ Won Ho Song
    Tech Address......... 1701-1 Hanaro Telecom Internet
    Tech Address......... Data Centre B/D SF
    Tech Address......... Seocho
    Tech Address......... 137070
    Tech Address......... Seoul
    Tech Address......... KOREA, REPUBLIC OF
    Tech Email........... domain@badanet.co.kr
    Tech Phone........... +82.262692100
    Tech Fax............. +82.262692112
    Name Server.......... NS1.ZIOBIZ.CO.KR
    Name Server.......... NS.HOMPY.COM

    You would do yourself a favor to download HiJackThis! and post the log on the support forum for HiJackThis!
    - NeciFiX

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •