What's new
TerraForums Venus Flytrap, Nepenthes, Drosera and more talk

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

My Computer is Evil...

  • Thread starter NeciFiX
  • Start date

NeciFiX

Kung Fu Fighting!
I have Zone Alarm Security Suite, very little can smash through my firewall and if it does it's eliminated. However, my computer has turned against me...

Yes, it's true, this thing keeps popping up random documents and doing stuff I never told it to and opening the drives. After scanning my PC deeply and eliminating all threats of hackers etc. I have come to the conclusion my PC is evil.

Or it just doesn't like the CP CD in the drive...

Is yours evil too? Are computers conspiring against us?

Edit: I told my computer it was bad and kicked it. That'll teach it.
 
well, most computers aren't evil - their manufacturers are :p
Computers, if anything, are so stupid that they can't be evil. They do whatever we tell them do, whether it will hurt them or not - they have no will of their own, and can't do much of anything by themselves.

So, chances are, you're evil :p
 
I recommend Spybot Search & Destroy. Install it, run the updates. Run Immunize. Reboot the machine and go into Safe Mode. ( F8). Run the scan. Fix everything it shows.

What version of Internet Explorer do you have? I would upgrade to IE7. Then turn on Pop up blocker, anti-phishing. Also go into it and have it clear out all of your cached files. Set your Security for the Internet Zone to Medium-High.

Make sure your anti-virus is up to date. When in safe mode, run it also. There are viruses and such that run as system files. These will be running when Windows loads. Your program will find them but won't be able to clean them. Going into safe mode will prevent them from running. Then they can be deleted, cleaned when they are found. Make sure your a/v program is set to delete threats as the first option, quarantine second.

I would also advise against using IM programs. Viruses see them as open doors, even if you aren't chatting. Stay off of questionable sites. While you are browsing and downloading what you want, viruses, trojans and other crap is being installed in the background. This is actually true of most legit sites as well. Don't open emails and attachments from people you don't know.

If your computer becomes totally bogged down and unusable, then it will be time to back up your docs (which you should do on a regular basis anyway), blow it away and reload Windows and your apps.

Good luck.
 
Zone Alarm has a IM security thing (it tries to terminate anything that IM's me) aaand it's extremely protective, and I use Firefox since IE is a scam...

It's not slow at all, not even a problem I'm sure, my computer was just acting evil for a second.

And yes I am evil. What of it?
 
It's a common error to rely on one source of computer protection. Obviously if your computer software is behaving in a suspicious manner then your Zone Alarm has been compromised.

There are a large number of backdoor malware programs, many do not get detected by virus scanners etc. Many of them specifically target and disable or circumvent the more popular virus scanners and firewall pacakges. Many of them allow a hacker to take direct control of your computer and allow them access to any and all files and information stored on or accessed through the Internet.

An independent test showed that the "free" adware/malware scanners like Spybot only detected 30-50% of the nasties at the time of the test. The "premium" paid version were higher but none detected 100%. Conclusion - use more than one scanner.

Here's an example of one that was detected by only a few virus scanners (tested against some 30 or so packages):

The file "setup.exe" contains a trojan.

Files created:
C:\WINDOWS\raova.dll
C:\WINDOWS\raova.exe
C:\WINDOWS\akltb.tul

Registry keys created:
[HKEY_CURRENT_USER\Software\Adobe\SBHC]
"SBM" = "C:\WINDOWS\akltb.tul"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed
Components\{gracutni-fjqb-bykh-sjhf-hcxivuvcattb}]
"StubPath" = "C:\WINDOWS\raova.exe"

Network Activity:
This trojan logs everything you do on your computer.
Whenever the logfile reaches a size of 100kB it is decrypted, sent, renamed
and replaced with a new "akltb.tul".
Opens FTP connection with "ftp1.hompy.com" on TCP port 21
(222.239.73.137:21 at the time of writing this)
USER roceone@ftp1.hompy.com
PASS cho********
And uploads the decrypted logfile containing everything you've done on your
box for the last 100kB of logging.
It also sends e-mails with the same logfiles to:
"logs@popmail.com"
"elogger@naver.com"

Positive results of a scan of the infected "setup.exe":
ClamAV: Trojan.Bifrose-876
Norman Virus Control: W32/PoisonIvy.YH

Positive results of a scan of the trojan itself:
AntiVir: Found HEUR/Crypted
ClamAV: Found Trojan.Small-2868
VBA32: Found Malware.Delf.43 (probable variant)

Info on domain hompy.com:

Domain Name.......... hompy.com
Creation Date........ 1999-12-24
Registration Date.... 2006-11-22
Expiry Date.......... 2008-12-24
Organisation Name.... Lee Changhyun
Organisation Address. 1710-1
Organisation Address. SEOULSeocho-guSeocho-dong
Organisation Address. Seocho-gu
Organisation Address. 137-070
Organisation Address. SEOUL
Organisation Address. KOREA, REPUBLIC OF

Admin Name........... Changhyun Lee
Admin Address........ 1710-1
Admin Address........ SEOULSeocho-guSeocho-dong
Admin Address........ Seocho-gu
Admin Address........ 137-070
Admin Address........ SEOUL
Admin Address........ KOREA, REPUBLIC OF
Admin Email.......... lee@ziobiz.com
Admin Phone.......... +82.266731166
Admin Fax............ +82.266731167

Tech Name............ Won Ho Song
Tech Address......... 1701-1 Hanaro Telecom Internet
Tech Address......... Data Centre B/D SF
Tech Address......... Seocho
Tech Address......... 137070
Tech Address......... Seoul
Tech Address......... KOREA, REPUBLIC OF
Tech Email........... domain@badanet.co.kr
Tech Phone........... +82.262692100
Tech Fax............. +82.262692112
Name Server.......... NS1.ZIOBIZ.CO.KR
Name Server.......... NS.HOMPY.COM​

You would do yourself a favor to download HiJackThis! and post the log on the support forum for HiJackThis!
 
I like Macs. You don't have to deal with viruses, plus I find the OS much more stable, but that's just me. One of the only downsides is that if you play a lot of PC games, you don't have as big of a selection (though you can install windows on them if you need to).
 
If your computer is behaving that way, the only solution is to start pulling boards; one by one. You'll be safe once it starts sing, "Daisy, Daisy, . . . ".
 
It's nothing... quit making such a big deal out of it. I was installing iTunes from the website, lol, it was just weird for a second... doesn't mean my computer is going down.

It's a common error to rely on one source of computer protection. Obviously if your computer software is behaving in a suspicious manner then your Zone Alarm has been compromised.

There are a large number of backdoor malware programs, many do not get detected by virus scanners etc. Many of them specifically target and disable or circumvent the more popular virus scanners and firewall pacakges. Many of them allow a hacker to take direct control of your computer and allow them access to any and all files and information stored on or accessed through the Internet.

An independent test showed that the "free" adware/malware scanners like Spybot only detected 30-50% of the nasties at the time of the test. The "premium" paid version were higher but none detected 100%. Conclusion - use more than one scanner.

Here's an example of one that was detected by only a few virus scanners (tested against some 30 or so packages):

The file "setup.exe" contains a trojan.

Files created:
C:\WINDOWS\raova.dll
C:\WINDOWS\raova.exe
C:\WINDOWS\akltb.tul

Registry keys created:
[HKEY_CURRENT_USER\Software\Adobe\SBHC]
"SBM" = "C:\WINDOWS\akltb.tul"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed
Components\{gracutni-fjqb-bykh-sjhf-hcxivuvcattb}]
"StubPath" = "C:\WINDOWS\raova.exe"

Network Activity:
This trojan logs everything you do on your computer.
Whenever the logfile reaches a size of 100kB it is decrypted, sent, renamed
and replaced with a new "akltb.tul".
Opens FTP connection with "ftp1.hompy.com" on TCP port 21
(222.239.73.137:21 at the time of writing this)
USER roceone@ftp1.hompy.com
PASS cho********
And uploads the decrypted logfile containing everything you've done on your
box for the last 100kB of logging.
It also sends e-mails with the same logfiles to:
"logs@popmail.com"
"elogger@naver.com"

Positive results of a scan of the infected "setup.exe":
ClamAV: Trojan.Bifrose-876
Norman Virus Control: W32/PoisonIvy.YH

Positive results of a scan of the trojan itself:
AntiVir: Found HEUR/Crypted
ClamAV: Found Trojan.Small-2868
VBA32: Found Malware.Delf.43 (probable variant)

Info on domain hompy.com:

Domain Name.......... hompy.com
Creation Date........ 1999-12-24
Registration Date.... 2006-11-22
Expiry Date.......... 2008-12-24
Organisation Name.... Lee Changhyun
Organisation Address. 1710-1
Organisation Address. SEOULSeocho-guSeocho-dong
Organisation Address. Seocho-gu
Organisation Address. 137-070
Organisation Address. SEOUL
Organisation Address. KOREA, REPUBLIC OF

Admin Name........... Changhyun Lee
Admin Address........ 1710-1
Admin Address........ SEOULSeocho-guSeocho-dong
Admin Address........ Seocho-gu
Admin Address........ 137-070
Admin Address........ SEOUL
Admin Address........ KOREA, REPUBLIC OF
Admin Email.......... lee@ziobiz.com
Admin Phone.......... +82.266731166
Admin Fax............ +82.266731167

Tech Name............ Won Ho Song
Tech Address......... 1701-1 Hanaro Telecom Internet
Tech Address......... Data Centre B/D SF
Tech Address......... Seocho
Tech Address......... 137070
Tech Address......... Seoul
Tech Address......... KOREA, REPUBLIC OF
Tech Email........... domain@badanet.co.kr
Tech Phone........... +82.262692100
Tech Fax............. +82.262692112
Name Server.......... NS1.ZIOBIZ.CO.KR
Name Server.......... NS.HOMPY.COM​

You would do yourself a favor to download HiJackThis! and post the log on the support forum for HiJackThis!
 
It's nothing... quit making such a big deal out of it. I was installing iTunes from the website, lol, it was just weird for a second... doesn't mean my computer is going down.

Famous last words...
 
  • #10
Watch… next, your computer will yell out “Get to the choppa!” while attempting to fight off a T1000. :) You better be careful… they’re out to get us… ALL of of us.
 
  • #11
Download and run:

Spybot

and Ad-Aware

Let us know what they find.
 
  • #12
I'm SO glad I ditched Windows 8 years ago.....

Good luck.
 
Back
Top