What's new
TerraForums Venus Flytrap, Nepenthes, Drosera and more talk

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Battlehelm.com has reached Attack Site status!

  • Thread starter swords
  • Start date
Rather ironic isn't it? :D

My server company said I myself uploaded the corrupted files on May 15th so the "hacker is on your PC" - the call is coming from inside the house!

Obviously I wanna clear out my PC, what should I do? Do any of you have suggestions as to what is a good hacker/spy ware/whatever software to use and try to clean up my PC before re uploading my files? I've reset my account at the server they are sending me a list of affected files that I supposedly uploaded on my last update. My browser wouldn't let me see my homepage and when I forced it to open all clicks went to look for "martuz.cn" before opening the correct page on my site. Should I change all my passwords after running the fix-it software?
 
I don't know about most of your questions. But I would most certainly change all your passwords. Sometimes those viruses have a key logger attached.

On the lighter side, I love the "The call is from inside the house" reference! Good luck.

xvart.
 
I like kaspersky AV, but it is not always the most user friendly

But if you are looking for quickie without downloading an entire program, here are a couple good utils... the bit defender is a rather deep scan so it will take a bit

http://www.bitdefender.com/scanner/online/free.html

http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1243057268572

If you are wanting freebee AV/Malware/Firewall etc... then go to downloads.com and see what CNET has to offer, they always have a good selection of feeware. Plus, you can filter through the options by editor/user choice, free/pay etc

Hope this helps,
Av
 
Thanks for those links. I'm running the Kaspersky now (I don't use IE cos it's all screwed up) so I couldn't use bit defender. But Kasper is busy now and finding a number of things.

Scan Complete: apx 1200 infected objects! :D

So what now? I know apx how many I have but the program didn't give me any options for erasing them.
 
1200... ? My dad freaked out when I had 17.. o.o
 
1200!?! Things are looking pretty grim my friend. Most machines I've seen with that level of infection weren't the same after the quarantine procedure. It would be similar to a lobotomy....A few good free programs are

Avast! Anti-virus
http://www.avast.com/eng/download-avast-home.html

Spybot Search&Destroy
http://www.safer-networking.org/en/download/index.html

The spybot program is getting on in years, but still works quite well. Personally I have stopped using the Avast! in favor of the CA security suite, but that is one you have to pay for. Although with this years edition of it (if i read it right) they no longer require a yearly fee.

Hope that helps. Good luck fighting the good fight!
 
Trying to remove malware on your own can be a frustrating, time consuming an often fruitless endeavor. Enlist some help. There are plenty of legitimate support forums with experts to help you out. We got help at work when one of the networks got infected. It saved a lot of time then trying to do it ourselves. I don't remember which forum they used.

Be sure to read all the steps they want you to take before posting. Each group will recommend different tools so it is best to post on one forum only and stick with them. Read some of the existing threads to see which forum is to your liking.

You will need a combination of tools to clean your system. Some work better than others depending on your particular infection. This is where expert advice comes into play.

Some support forums:

Dslreports Security Cleanup Forum:
http://www.dslreports.com/forum/cleanup
http://www.dslreports.com/faq/13616

MajorGeeks:
http://forums.majorgeeks.com/forumdisplay.php?f=35
http://forums.majorgeeks.com/showthread.php?t=35407

BleepingComputer:
http://www.bleepingcomputer.com/forums/forum79.html
http://www.bleepingcomputer.com/forums/forum103.html

Most if not all of these sites will recommend using HiJackThis! and uploading the log.
You can download HiJackThis! for free from TrendMicro. Google "Hijackthis log" to find additional sites that will help with malware removal.

If you know how to read the logs, this can be a very useful tool. I use it to remove unwanted browser toolbars and startup programs that get installed with video, printer drivers, Adobe Acrobat etc.

If you do online banking or shopping of any sort assume that your passwords and account numbers have been compromised. Contact your credit card companies and either have new cards issued or have alerts put on them for any unusual activities. Change your account passwords from a clean computer. Running a credit report would not be a bad idea. You're allowed one free report per year. There are three major companies that do this so run one company every 4 months and you can cover a whole year for free.
 
Screw antivirus software. First, go to another computer that you know is secure (a well-maintained public machine - like at the library - works, or the computer of a tech-savvy and cautious friend) and change all of the passwords for your internet-related stuff. Backup all of your important documents - anything that isn't a program. Backup all of your scripted stuff (Flash documents, MS Office files) to a different disk so that you can check them for macro viruses later. Then wipe your computer - find a disk utility that will actually overwrite your whole hard drive with blank data. Your hosting company has probably already done so, but if they have any of the old data from your site, you should remove it all (preferably just delete it, or if some things are irreplaceable put it on a disk to pick through later.) Contacting your bank(s) as the others said is also a pretty good idea. You might also want to call anyone that you make regular online payments to, such as your utility companies - those folks do have a fair amount of your sensitive information, and they aren't always the best about keeping it private.
Particularly if you're doing something like running a website, where you disseminate data to thousands of other users, you should have your computer set up so that you can do the above stuff at any time with little trouble. Adopt a filing method that will allow you to find all of the stuff you need to keep without a lot of searching - this will make backing up and rebuilding faster. I suggest getting a second hard drive to be used exclusively for maintaining backups of any files you create or work with before posting them online, so if anything is ever compromised you have your data in a separate place from your system and configuration files (which is where things usually go wrong.) Then all you need to do is disconnect your backup drive and you're ready to wipe the rest of the system down. When you go back to reconnect it, since you only used it to save your documents and static files, you'll know that if any programs start running from it, they're not supposed to be there and can be removed. You could also consider finding yourself a cheap junker computer to use for your day-to-day casual internet tasks.
The benefit to any of these options is that you can re-install your operating system easily once you come up with a routine for doing it. It is a chore, but for most users you can actually get a pretty noticeable performance bump if you do it, so it's not just something for treating urgent problems like viruses. It shouldn't be necessary, but most operating systems tend to accumulate unnecessary and erroneous configuration data over time - files are loaded at startup to support programs you deleted long ago, or bad data gets saved in a setup file and has to be corrected each time a program loads because no-one thought to overwrite the setup file after the information was fixed. I work tech support at my school and am also going for a degree in computer science. The kinds of problems we see with software most of the time are truly asinine - it never ceases to disappoint me.
Best luck...
~Joe

PS - When I first saw this thread I thought that "attack site status" was some sort of honor among the internet metal communities or something. CONGRATULATIONS! :p
 
I was wondering perhaps I could bring it to Best Buy/Geek Squad and see if they could wipe it all down, install a new OS (WIN XP32 bit or VISTA 32 Bit) and I'd be clear of the infestation? I have XP 64 OS and it's rather useless anyway since a lot of stuff doesn't jive with 64 bit I wouldn't be opposed to doing this. But do you think this will clear it?

If not I do have a laptop to use for now and can just buy a new desktop in a few weeks time perhaps that would be cheaper than getting this one fixed anyway?

I do have two huge fast Harddrives but they are both internal, not easy to unhook.

The list of activity from the server shows that when I did my last update I downloaded every image file and re-uploaded them a few bytes heavier. I don't update my site that way at all, I only upload the 10-20 new record reviews and occasional interview. My update took only a few seconds. Doing what they say I would have been logged in for an hour or more - though they claim it all came from my IP address. Was I sleep-blogging? :D
 
  • #10
The Geeksquad is a viable option. I'm not sure how they go about erasing the old data. Like Seedjar was saying, sometimes a simple format isn't enough. If there isn't anything on your comp you want to tray and save, a complete re-install is the best.

If you are going for the new OS and don't want to save any files, I would skip the Geeksquad. As long as you know what equipment is in your computer so that you can find the drivers, the OS handles pretty much everything else. Doing it yourself should also decrease the amount of extra programs that get put on there. You know, that starter package with stuff like office programs and a billion AOL shortcuts.

I don't know if it would work to get rid of the virus, if it is one that does this, but you might be able to format the drives a few times in succession to remove it. I've never had to reformat more than once on a new install to get rid of all the little nasties, but I've never had one that sounds as bad as yours either.

After all this is through, make sure to get a good anti-virus, spyware, and firewall. Not sure if any of that is actually useful with hosting web pages but for day to day tasks its a necessity.
 
  • #11
You can't buy Windows XP any longer. You can still get it as a downgrade from Vista from Microsoft or pre-installed on a new system. Microsoft announced the end-of-life for XP some time ago.

If there is a backdoor program installed on your system a hacker could have taken over your system and uploaded the infected files to your website host.
 
  • #12
I'm using Windows 7 64bit and I really like it..
Swords, another caveat.... any external storage media you have is probably infected as well. e.g., usb drives, cdroms you have created etc etc etc

once you do a clean install, do not access any of these untill you are well protected with good software

the bitdefender suite is highly rated and they have a free 30 day trial, that will buy you some time to figure out which one you want

unbiased reviews

If you read the reviews you will discover that each has its own strengths and weaknesses... the suites are a good choice for anyone who doesnt want to pick and choose the individual components and then worry if they conflict with each other.

Its a good "no-worries" security approach

Av
 
  • #13
I believed I was using the built in XP firewall (I'm sure I turned it on when I got the PC in 06 or 07) but it says that it's not running. I installed "Ghostsurf" but I couldn't get online with most of the security settings turned up. I only open emails from about 6 addresses regularly(my writers, ebay, paypal and amazon), everything else gets dumped and I almost never download anything. Did all this get at me from just google surfing and using the forums?
 
  • #14
maybe... there is one class of trojan that is used to "open the flood gates" so other, more intrusive trojans can be installed without your knowledge.. trojans, malware, and viruses can be installed via webpages, emails, removable drives, etc

Windows firewall is a very weak firewall, good ones are very "intuitive"

IMHO, do a clean install... then before you do anything else install a good security suite

Av
 
  • #15
I can pick up the Norton software at BestBuy, the review says $70 for three users, does that mean I can install it on both my laptop and my desktop (and another if I had another machine)?

I had my desktop custom built (in NY and shipped here), the only disks which came with it is WIN XP64 OS, a disk for the motherboard, a disk for the graphics card and a disk called Nero for burning CDroms. I put everything else on here (there isn't much). Can I just stick the XP 64 OS disk in and hit restart or do I have to do something more than that to cleanup/reinstall? Will I have to reinstall the motherboard and graphics card as well? Would the Motherboard disk have to go in first? I know how to reboot a system from best buy using the "handy reboot disk" but this is a bit different.
 
  • #16
I can pick up the Norton software at BestBuy, the review says $70 for three users, does that mean I can install it on both my laptop and my desktop (and another if I had another machine)?

yes..., but you should be able to beat that price by about 50% if you search online, try amazon.com first... then go from there

I had my desktop custom built (in NY and shipped here), the only disks which came with it is WIN XP64 OS, a disk for the motherboard, a disk for the graphics card and a disk called Nero for burning CDroms. I put everything else on here (there isn't much). Can I just stick the XP 64 OS disk in and hit restart or do I have to do something more than that to cleanup/reinstall? Will I have to reinstall the motherboard and graphics card as well? Would the Motherboard disk have to go in first? I know how to reboot a system from best buy using the "handy reboot disk" but this is a bit different.

Yes, you will start with a clean install using your XP64 disk, then install your MOBO and graphics card software, they are probably drivers and/or patches required by the hardware

then install the Norton package and at that point make a full disk image using the XP's backup utility

that way you can always revert back to that point with ease if need be

BTW, im not an expert by any means... just someone who has been there and done that till I learned the lessons you are learnign now, Im sure there are much better RKI's who are member's here :)

and yes, you can get more "bullet-proof"... but that has its own issues, just stay off the russian porn and warez sites ;)

Av
 
  • #17
How to do a clean reinstall. I would also recommend you getting the most up to date versions of your Mobo and video card drivers and putting them on a CD prior to the reinstall. Just make sure the files don't get infected.:

http://pcsupport.about.com/od/operatingsystems/ss/instxpclean1.htm
http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp
http://support.microsoft.com/kb/316941

You may or may not be able to backup and restore your Windows activation also:
http://netsecurity.about.com/od/windowsxp/qt/aaqtwinxp0829.htm
 
  • #18
1. Buy a mac

2. Stop surfing all that porn


and you should be golden :)


hahaha just messing around of course...

...kind of...
 
  • #19
LOL you can buy me a mac and I'll give up my google plant porn! :D

I can barely use a PC I know even less about a Mac. I may have used one in Highschool...

NAN
Thanks for that link to the clean reinstall steps, I'll setup my laptop to read the steps while I reload the desktop. I tried reloading back in December when my video card quit working for no reason but I couldn't get XP to reinstall. There's a lot more steps there than I went through so I surely did something wrong.

I'm not worried about re-registering windows boring but not the worst activity out there, but who knows if the guy who built my PC registered it in my name or his, or doesn't it matter?
 
  • #20
If enough time has passed since Windows was activated Microsoft will assume you are just upgrading or repairing your system if the hardware configuration signature doesn't match to what's on file.
 
Back
Top