Malware here, malware there...etc..!!!

Discussion in 'Spyware' started by Guest, Apr 14, 2005.

  1. Guest

    Guest Guest

    OK I give up. something snuck into my system. the first indication was..??

    1. Attempted to d/l mcafee suite, only they indicated i was'nt using IE and
    I was an am.

    2. Attempted to d/l winpatrol update 9.1 no can do told me error 404 and
    403.

    3. attempted to d/l from majorgeeks, again unauthorized error 403

    4. any attempt to d/l from any web site handling spyware related software
    etc is not accepted.

    5. massive hairloss while attempting to deal with above.

    I'm running XP Pro SP2 with all current updates, Zone Alarm Pro, Sygate,
    winpatrol 9.0.03, NOD32, Spyware Sweeper, CWShredder 2.14, SpywareBlaster,
    Spybot Search & Destroy, Etrust Pest Patrol, Giant Antispyware,
    Ad-Aware SE Pro, Spysubtract, HijackThis 1.99.1, Rootkitrevealer,
    occasionally run AVERT Stinger and have a HOST file.
    When I ran Spybot it came up with SpywareStormer. ( think I got rid of that
    OK). Nothing else declared by any of the later system checks. All come up
    clean.

    I recently (last 60 days) installed a Motorola SB3100 Broadband cable modem
    and within 20 days added a Linksys wgt54gs for my HP compac NX9030 laptop
    (w/XP Pro SP2) using Intel 2200BG wireless also has nic card. All software
    is current with all the latest known updates. Presently using Zone Alarm
    Wireless, Panda, SpywareBlaster, and Microbloats version of Giant
    Antispyware.

    I have been experimenting with various antivirus products AVG, NOD32, PANDA,
    because earlier in the year my system was invaded while using Norton system
    works. Zone Alarm Pro, etc and I ultimately decided to reformate in
    reinstall software after 4 years worry free operation. Never could find
    culprit main drive kept repeating dirty bit set and I could not get into
    system safe mode.

    However I digress, now this grrrr. It's enough to break out the worry beads
    and go back to the abacus. Whatever snuck in is being very sneaky. Nothing
    untoward is showing up I had a little difficulty removing SpywareStormer via
    safe mode w/o restore so I can't go back to an earlier date.

    I'm stumped, anybody have any ideas? Sorry for the long ramble.
     
    Guest, Apr 14, 2005
    #1
    1. Advertisements

  2. Did you go into addremove programs and see if their is anything their
    to remove. Their might be :)
     
    Digital Sheep, Apr 14, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Yes nothing there. However I am unable to set Program access and defaults to
    Microsoft windows it repeatedly reverts to custom!!??? I just tried to d/l
    Microsoft's Malicious software removal tool from their website and got the
    403 forbidden etc. Still searching.
     
    Guest, Apr 14, 2005
    #3
  4. <snip>
    All those programs installed, just to keep IE safe? LOL.
     
    Michael Cecil, Apr 14, 2005
    #4
  5. Guest

    CWatters Guest

    From what I've read....

    Some spyware inserts itself into your network stack. If you simply delete it
    without repairing the stack then you have problems with your network
    connection. It sounds as if something like this may have happened - execpt
    that I would expect the problems to be worse - eg no working connection at
    all.

    Unfortunately I've no idea how to repair the network stack on it's own.
    Might be worth trying if you can find out.
     
    CWatters, Apr 18, 2005
    #5
  6. Guest

    CWatters Guest

    I've seen MS Antispyware beta available on some magazine cover CD's
    recently.
     
    CWatters, Apr 18, 2005
    #6
  7. Guest

    CWatters Guest

    Oh I see you've already got that.
     
    CWatters, Apr 18, 2005
    #7
  8. Guest

    CWatters Guest

    and have a HOST file.

    Some of these nasties put lots of blank lines in the host file and then the
    blocking entries. Make sure you scroll down to the end :)
     
    CWatters, Apr 18, 2005
    #8
  9. And failing, even at that. <~>

    --

    Jay T. Blocksom
    --------------------------------
    Appropriate Technology, Inc.
    usenet02[at]appropriate-tech.net

    "They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety."
    -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Unsolicited advertising sent to this domain is expressly prohibited under
    47 USC S227 and State Law. Violators are subject to prosecution.
     
    Jay T. Blocksom, Apr 19, 2005
    #9
  10. [snip]

    In which case, it could be reasonably argued that whatever this "thing" is, it
    actually did you a favor (albeit, probably unintentionally). <~>

    McAfee *anything* is CRAP, produced by long-time unrepentant spammers and
    privacy abusers:

    <http://groups.google.co.uk/groups?q=McAfee+group:news.admin.net-abuse.email>
    <http://groups.google.co.uk/groups?selm=87670vpm4y.fsf%40erlenstar.demon.co.uk>
    <http://groups.google.co.uk/groups?threadm=&rnum=1&prev=/groups?selm=>
    <http://groups.google.co.uk/groups?q=Mcaffee+OR+"McAfee+NetBus">
    [snip]

    Yikes!

    With all that "stuff" on the system -- much of it constantly executing, no
    doubt -- it's no wonder things are bollixed up.

    Security 101: As a general rule, security is not enhanced by *adding* things
    (particularly software -- and *especially* software which, in order to do its
    job, must be executing constantly) to a system. It is enhanced by *removing*
    those things which produce the security vulnerabilities in the first place.
    The ONLY truly "secure" computer is one which is powered-down, disconnected
    from all other computers, and locked away where no one can physically get to
    it.

    And Windows XP is it's own very large Pandora's Box, notwithstanding all the
    other issues.
    [snip]

    So let me get this straight...

    You connected your system(s) to a live "cable modem" drop at least a month
    *before* you installed a router/firewall?

    And you wonder why your system is hosed?

    [Actually, it may be even worse than this... I just did a quick Google search
    on "Linksys wgt54gs", and came up near-empty; there is also NO mention of such
    a model number on Linksys's web site, either under the current product
    listings or in the "support" section (where you'd expect discontinued models
    to be listed). The closest match, and what I *suspect* you really mean, is
    the WRT54GS model. But if this is the case, be aware that the "firewall"
    capability of that unit is so minimal as to be nearly nonexistent. So in
    effect, you're *still* running (nearly) naked on a wide open live world-wide
    'net connection. Yeow.]
    [snip]

    That's all well and good; but it is of trivial concern in light of the other
    problems.
    First and foremost: Shut down and/or disconnect your systems NOW.

    Do *NOT* reconnect them to any other systems (directly or indirectly, and that
    includes both your local LAN and the internet in general) until you are
    _absolutely_certain_ that they are "clean", properly configured (which means
    lots of things -- too many to go into detail here and now), and suitably
    protected by a *proper* outboard firewall.

    As for the steps required to actually clean up this mess... It is probably
    past the point where "band-aid" approaches can be reliably effective; and they
    will certainly be more trouble than they're worth, from a time/effort POV.
    Hence, your best bet is to simply wipe the HDD(s) clean, and start over from
    bare metal, making *very* sure you do not install those things which most
    eagerly invite infection (such as MSIE, for just the most obvious example),
    and locking everything down as tight as you possibly can in terms of OS &
    application setup/configuration. Do this *before* you allow the system(s) to
    connect to each other or the 'net, or you will surely defeat your own purpose.

    --

    Jay T. Blocksom
    --------------------------------
    Appropriate Technology, Inc.
    usenet02[at]appropriate-tech.net

    "They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety."
    -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Unsolicited advertising sent to this domain is expressly prohibited under
    47 USC S227 and State Law. Violators are subject to prosecution.
     
    Jay T. Blocksom, Apr 19, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.