Anti-Spyware Forums


Reply
Thread Tools Display Modes

afteraffects of a worm

 
 
peace101
Guest
Posts: n/a

 
      07-07-2009, 01:57 AM
im very smart with computers. been fighting that conficter worm since
aug/sep of 2008. after this worm which i sorta still have, ive learned that
i know nothing about computers. i though maybe fbi or similar was watching.
one thing i cant figure out is how it affects my cd/dvd drives. i bought new
restore disk and every disk i put in, it says invalid disk till the 3rd time
i open/close the door. when it asked for disk2 of restore(note new and never
used). same result. wrong disk till i open drive twice. at same time, if i
burn a disk and put it in my cd player in my vehicle, it also says invalid
disk twice for the first time i use it.

the only explanation i can come up with is this:
the worm hides and runs from the first master boot record of the 2 in sector
0.
that gives the worm full access no matter what OS is on. that explains the
invalid signatures if i low level format with more than one drive installed
it shuts down the program that tries to wipe the drive. but if i remove all
drives cept 1 and even low level format drive a that it creates just in case,
it will finish the format.
it then stores and locks memory for its use using virtual technoligy. if i
scan memory, it says its bad, but its not.
it seems to monitor a lot of ports and watched it change info instantly.
if the hacker logs on for example using anonymous logon, i see the IP
address change instantly.

as time goes on and i learn more about this worm, it seems that im missing
something cause i cant get rid of it. and if i do get rid of the worm, it
scares me that since march, i get 1 or 2 thousand blocked incoming random IPs
on random ports. so my computers will get infected anyways.

i have 1 computer that i need to know if i need to throw away the
motherboard, cause even in dos mode using windows, it lags big time. i have
a quad, dual and 2 computers with speeds over 2ghz and it acts as though its
a 10meg machine. and i do notice that my cd/dvd drives works only when they
chose.

can anyone help me with this situation. there are more, but to much to put
all together. also no one seems to be helping me with the worm situation...
 
Reply With Quote
 
 
 
 
1PW
Guest
Posts: n/a

 
      07-07-2009, 02:49 AM
peace101 wrote:
> im very smart with computers. been fighting that conficter worm since
> aug/sep of 2008. after this worm which i sorta still have, ive learned that
> i know nothing about computers. i though maybe fbi or similar was watching.
> one thing i cant figure out is how it affects my cd/dvd drives. i bought new
> restore disk and every disk i put in, it says invalid disk till the 3rd time
> i open/close the door. when it asked for disk2 of restore(note new and never
> used). same result. wrong disk till i open drive twice. at same time, if i
> burn a disk and put it in my cd player in my vehicle, it also says invalid
> disk twice for the first time i use it.
>
> the only explanation i can come up with is this:
> the worm hides and runs from the first master boot record of the 2 in sector
> 0.
> that gives the worm full access no matter what OS is on. that explains the
> invalid signatures if i low level format with more than one drive installed
> it shuts down the program that tries to wipe the drive. but if i remove all
> drives cept 1 and even low level format drive a that it creates just in case,
> it will finish the format.
> it then stores and locks memory for its use using virtual technoligy. if i
> scan memory, it says its bad, but its not.
> it seems to monitor a lot of ports and watched it change info instantly.
> if the hacker logs on for example using anonymous logon, i see the IP
> address change instantly.
>
> as time goes on and i learn more about this worm, it seems that im missing
> something cause i cant get rid of it. and if i do get rid of the worm, it
> scares me that since march, i get 1 or 2 thousand blocked incoming random IPs
> on random ports. so my computers will get infected anyways.
>
> i have 1 computer that i need to know if i need to throw away the
> motherboard, cause even in dos mode using windows, it lags big time. i have
> a quad, dual and 2 computers with speeds over 2ghz and it acts as though its
> a 10meg machine. and i do notice that my cd/dvd drives works only when they
> chose.
>
> can anyone help me with this situation. there are more, but to much to put
> all together. also no one seems to be helping me with the worm situation...


Hello:

You have offered no positive proof that you have a worm or any other
malware. However, since you failed to offer detailed information
about your hardware and OS all I can offer is that you run the following:

GMER: <http://www.gmer.net/#files>
MBAM: <http://www.malwarebytes.org/mbam.php>
SAS: <http://www.superantispyware.com/superantispywarefreevspro.html>

*and* a known good, and highly reputable antivirus with a full scan.

Please update this thread with much more detail and progress.

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
 
Reply With Quote
 
 
 
 
PA Bear [MS MVP]
Guest
Posts: n/a

 
      07-07-2009, 07:54 AM

Please state your full Windows version (e.g., WinXP SP3; Vista x64 SP2) when
posting to this newsgroup.

PS: Please avoid chatspeak here.

peace101 wrote:
> im very smart with computers. been fighting that conficter worm since
> aug/sep of 2008. after this worm which i sorta still have, ive learned
> that
> i know nothing about computers. i though maybe fbi or similar was
> watching.
> one thing i cant figure out is how it affects my cd/dvd drives. i bought
> new restore disk and every disk i put in, it says invalid disk till the
> 3rd
> time i open/close the door. when it asked for disk2 of restore(note new
> and never used). same result. wrong disk till i open drive twice. at
> same time, if i burn a disk and put it in my cd player in my vehicle, it
> also says invalid disk twice for the first time i use it.
>
> the only explanation i can come up with is this:
> the worm hides and runs from the first master boot record of the 2 in
> sector
> 0.
> that gives the worm full access no matter what OS is on. that explains
> the
> invalid signatures if i low level format with more than one drive
> installed
> it shuts down the program that tries to wipe the drive. but if i remove
> all drives cept 1 and even low level format drive a that it creates just
> in
> case, it will finish the format.
> it then stores and locks memory for its use using virtual technoligy. if
> i
> scan memory, it says its bad, but its not.
> it seems to monitor a lot of ports and watched it change info instantly.
> if the hacker logs on for example using anonymous logon, i see the IP
> address change instantly.
>
> as time goes on and i learn more about this worm, it seems that im
> missing
> something cause i cant get rid of it. and if i do get rid of the worm, it
> scares me that since march, i get 1 or 2 thousand blocked incoming random
> IPs on random ports. so my computers will get infected anyways.
>
> i have 1 computer that i need to know if i need to throw away the
> motherboard, cause even in dos mode using windows, it lags big time. i
> have
> a quad, dual and 2 computers with speeds over 2ghz and it acts as though
> its
> a 10meg machine. and i do notice that my cd/dvd drives works only when
> they
> chose.
>
> can anyone help me with this situation. there are more, but to much to
> put
> all together. also no one seems to be helping me with the worm
> situation...


 
Reply With Quote
 
ObiWan [MVP]
Guest
Posts: n/a

 
      07-07-2009, 01:43 PM

> Please state your full Windows version (e.g., WinXP SP3; Vista x64

SP2)
> when posting to this newsgroup.


> PS: Please avoid chatspeak here.


heh... and in particular when one starts a post with a
"im very smart with computers." now, I think of myself
that I know something about computers not that "I'm
smart" since I think that when you start considering
stuff "usual" it's time to do a deep-check since there
is something which definitely isn't working <g>

(Murphy is ALWAYS there )



 
Reply With Quote
 
~BD~
Guest
Posts: n/a

 
      07-07-2009, 03:00 PM
An interesting post. I suggest you post same in the Usenet group
'alt.computer.security' too.

Perhaps you should try asking at www.aumha.net - there are some *very*
clever people there. You will need to register though.

Another place to ask is at www.annexcafe.com - specifically the
User2User computer help group. Again you will have to register

I've been where you seem to be. Other folk seem to think it cannot
happen - but I trashed my machine eventually and bought a new one!

Good luck!
--
Dave

....


 
Reply With Quote
 
PA Bear [MS MVP]
Guest
Posts: n/a

 
      07-07-2009, 04:05 PM

ObiWan [MVP] wrote:
>> Please state your full Windows version (e.g., WinXP SP3; Vista x64 SP2)
>> when posting to this newsgroup.

>
>> PS: Please avoid chatspeak here.

>
> heh... and in particular when one starts a post with a
> "im very smart with computers." now, I think of myself
> that I know something about computers not that "I'm
> smart" since I think that when you start considering
> stuff "usual" it's time to do a deep-check since there
> is something which definitely isn't working <g>
>
> (Murphy is ALWAYS there )


Anyone who's "been fighting that conficter [sic] worm since aug/sep of 2008"
is not the brightest bulb in the box.

 
Reply With Quote
 
peace101
Guest
Posts: n/a

 
      08-07-2009, 04:04 AM
it seems to not matter which operating system. even after a low level
format, same thing. but i both use vista and xp, and have vista on this
computer pertaining to the restore disk.
the computer used is a HP dual core pavillion media center.



"PA Bear [MS MVP]" wrote:

> ObiWan [MVP] wrote:
> >> Please state your full Windows version (e.g., WinXP SP3; Vista x64 SP2)
> >> when posting to this newsgroup.

> >
> >> PS: Please avoid chatspeak here.

> >
> > heh... and in particular when one starts a post with a
> > "im very smart with computers." now, I think of myself
> > that I know something about computers not that "I'm
> > smart" since I think that when you start considering
> > stuff "usual" it's time to do a deep-check since there
> > is something which definitely isn't working <g>
> >
> > (Murphy is ALWAYS there )

>
> Anyone who's "been fighting that conficter [sic] worm since aug/sep of 2008"
> is not the brightest bulb in the box.
>
>

 
Reply With Quote
 
peace101
Guest
Posts: n/a

 
      08-07-2009, 04:15 AM

ok smartelic pa bear. when i say i been fighting this worm since aug/sep
2008, the version i have is not the same as those listed. this one is
undetectable, breaks through any security and any electronics. i went
through 2 routers and 3 hubs. and watched the hacker go to Tech sites trying
to work around any settings. and he always succeeds. this version the
hacker was always connected.
he seems to use a virtual technology to make a computer outside my operating
system. whenever i found a flaw in his worm, he always fixed it and each
time i tried to figure it out and block it, then he changes security settings
and i get access denied. he takes over part of my memory and always logs on
in memory location 3e7 as remote anonymous login. later i found out he uses
root certificates and makes his own allowing him to gain access to any
computer. and if i block power users and deny all remote or anonymous
connections, he uses cookies to tell his worm what to do to allow him access
which later i found out his worm stores on every drive in the first master
boot record in sector zero as fat12 or fat16

good news is that i waited for him to make a mistake so i can find out who
he is, and that day came march 31st. i used a packet sniffer to see what he
does, and he uses codes between him and the worm, and after a neibor got a
call with my name oncaller id, an our later, i got a text with the same
signature. he claims he has the same worm, and paniced thinking i said his
name.

and i got another person through dns settings that linked back to another
person who also has the worm and is in a lawsuit for cybercrime.

fbi getting involved, and hoping i find out how its possible for every drive
to not work till 3rd time. i can only assume that he changed cmos or bios
settings using firmware and bind method and intercepts the drive info. it
does this to every cd drive i add. and also on my other computers...


anyways take care MR murphys law.... lol



"PA Bear [MS MVP]" wrote:

> ObiWan [MVP] wrote:
> >> Please state your full Windows version (e.g., WinXP SP3; Vista x64 SP2)
> >> when posting to this newsgroup.

> >
> >> PS: Please avoid chatspeak here.

> >
> > heh... and in particular when one starts a post with a
> > "im very smart with computers." now, I think of myself
> > that I know something about computers not that "I'm
> > smart" since I think that when you start considering
> > stuff "usual" it's time to do a deep-check since there
> > is something which definitely isn't working <g>
> >
> > (Murphy is ALWAYS there )

>
> Anyone who's "been fighting that conficter [sic] worm since aug/sep of 2008"
> is not the brightest bulb in the box.
>
>

 
Reply With Quote
 
PA Bear [MS MVP]
Guest
Posts: n/a

 
      08-07-2009, 06:07 AM
I'm sure the FBI will be knocking at your door very soon to investigate
this.

peace101 wrote:
> ok smartelic pa bear. when i say i been fighting this worm since aug/sep
> 2008, the version i have is not the same as those listed. this one is
> undetectable, breaks through any security and any electronics. i went
> through 2 routers and 3 hubs. and watched the hacker go to Tech sites
> trying to work around any settings. and he always succeeds. this version
> the hacker was always connected.
> he seems to use a virtual technology to make a computer outside my
> operating
> system. whenever i found a flaw in his worm, he always fixed it and each
> time i tried to figure it out and block it, then he changes security
> settings and i get access denied. he takes over part of my memory and
> always logs on in memory location 3e7 as remote anonymous login. later i
> found out he uses root certificates and makes his own allowing him to gain
> access to any computer. and if i block power users and deny all remote or
> anonymous connections, he uses cookies to tell his worm what to do to
> allow
> him access which later i found out his worm stores on every drive in the
> first master boot record in sector zero as fat12 or fat16
>
> good news is that i waited for him to make a mistake so i can find out who
> he is, and that day came march 31st. i used a packet sniffer to see what
> he
> does, and he uses codes between him and the worm, and after a neibor got a
> call with my name oncaller id, an our later, i got a text with the same
> signature. he claims he has the same worm, and paniced thinking i said
> his
> name.
>
> and i got another person through dns settings that linked back to another
> person who also has the worm and is in a lawsuit for cybercrime.
>
> fbi getting involved, and hoping i find out how its possible for every
> drive
> to not work till 3rd time. i can only assume that he changed cmos or bios
> settings using firmware and bind method and intercepts the drive info. it
> does this to every cd drive i add. and also on my other computers...
>
>
> anyways take care MR murphys law.... lol
>
>
>
> "PA Bear [MS MVP]" wrote:
>
>> ObiWan [MVP] wrote:
>>>> Please state your full Windows version (e.g., WinXP SP3; Vista x64 SP2)
>>>> when posting to this newsgroup.
>>>
>>>> PS: Please avoid chatspeak here.
>>>
>>> heh... and in particular when one starts a post with a
>>> "im very smart with computers." now, I think of myself
>>> that I know something about computers not that "I'm
>>> smart" since I think that when you start considering
>>> stuff "usual" it's time to do a deep-check since there
>>> is something which definitely isn't working <g>
>>>
>>> (Murphy is ALWAYS there )

>>
>> Anyone who's "been fighting that conficter [sic] worm since aug/sep of
>> 2008" is not the brightest bulb in the box.


 
Reply With Quote
 
Milo
Guest
Posts: n/a

 
      08-07-2009, 04:21 PM

Hi peace101,

Better call the nearest FBI office ask to be transferred to the Cybercrime
unit.

"peace101" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> ok smartelic pa bear. when i say i been fighting this worm since aug/sep
> 2008, the version i have is not the same as those listed. this one is
> undetectable, breaks through any security and any electronics. i went
> through 2 routers and 3 hubs. and watched the hacker go to Tech sites
> trying
> to work around any settings. and he always succeeds. this version the
> hacker was always connected.
> he seems to use a virtual technology to make a computer outside my
> operating
> system. whenever i found a flaw in his worm, he always fixed it and each
> time i tried to figure it out and block it, then he changes security
> settings
> and i get access denied. he takes over part of my memory and always logs
> on
> in memory location 3e7 as remote anonymous login. later i found out he
> uses
> root certificates and makes his own allowing him to gain access to any
> computer. and if i block power users and deny all remote or anonymous
> connections, he uses cookies to tell his worm what to do to allow him
> access
> which later i found out his worm stores on every drive in the first master
> boot record in sector zero as fat12 or fat16
>
> good news is that i waited for him to make a mistake so i can find out who
> he is, and that day came march 31st. i used a packet sniffer to see what
> he
> does, and he uses codes between him and the worm, and after a neibor got a
> call with my name oncaller id, an our later, i got a text with the same
> signature. he claims he has the same worm, and paniced thinking i said
> his
> name.
>
> and i got another person through dns settings that linked back to another
> person who also has the worm and is in a lawsuit for cybercrime.
>
> fbi getting involved, and hoping i find out how its possible for every
> drive
> to not work till 3rd time. i can only assume that he changed cmos or bios
> settings using firmware and bind method and intercepts the drive info. it
> does this to every cd drive i add. and also on my other computers...
>
>
> anyways take care MR murphys law.... lol
>
>
>
> "PA Bear [MS MVP]" wrote:
>
>> ObiWan [MVP] wrote:
>> >> Please state your full Windows version (e.g., WinXP SP3; Vista x64
>> >> SP2)
>> >> when posting to this newsgroup.
>> >
>> >> PS: Please avoid chatspeak here.
>> >
>> > heh... and in particular when one starts a post with a
>> > "im very smart with computers." now, I think of myself
>> > that I know something about computers not that "I'm
>> > smart" since I think that when you start considering
>> > stuff "usual" it's time to do a deep-check since there
>> > is something which definitely isn't working <g>
>> >
>> > (Murphy is ALWAYS there )

>>
>> Anyone who's "been fighting that conficter [sic] worm since aug/sep of
>> 2008"
>> is not the brightest bulb in the box.
>>
>>

 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WORM/DELF.FPV - new worm?? TheITDude Virus Information 4 18-01-2008 08:11 PM
Security Experts Warn of Kama Sutra Worm (yet another MS worm) Imhotep Security Software 8 31-01-2006 06:02 PM
Worm VB.AS Aliases W32.Alcra.B and W32/Alcan.worm!p2p =?Utf-8?B?cm9udzE5NTA=?= Virus Information 1 18-07-2005 01:29 PM
Is anyone looking for the worm who is sending the worm? Judy Security Software 3 20-09-2003 08:15 AM
RATE MY ANTI WORM IDEA (microsoft vs Worm) Jose Security Software 3 14-08-2003 02:20 PM


All times are GMT. The time now is 02:57 AM.