Horribly infected XP machine
- Thread starter elymcd
- Start date
- Status
OMG
So Iscanned with Panda .. None found , got a wild hair n tried to update my network adapter driver... and ill be damned if my current packet problem cleared up!! currently Sent=87 Recieved=32 ! Ooh How frustrating is that , that explains the unusually high sent immmediatly after install , although i dnt know y the driver didnt update with the service pack . None the less i am excited that im back in business Thank You all VERY much and i will keep u posted if anything changes
So Iscanned with Panda .. None found , got a wild hair n tried to update my network adapter driver... and ill be damned if my current packet problem cleared up!! currently Sent=87 Recieved=32 ! Ooh How frustrating is that , that explains the unusually high sent immmediatly after install , although i dnt know y the driver didnt update with the service pack . None the less i am excited that im back in business Thank You all VERY much and i will keep u posted if anything changes
bushwhacker
Posts: 788 +2
Update
well here we are again the packet problem still ok , except the padlock icon is showing on the network status ... also , let computer on all night no big deal right .. well now its being horribly slow .. did a registry clean (tune up utils) shows an invalid shortcut that cant be deleted so ran super anti and it showed by home page had been hijacked , and i was gonna do a screenshot of the network status and it says that mspaint is missing or invalid which is odd cause i used it lst night . so umm i dunno . runnin SAS then MBAM and will post a hjt log
well here we are again the packet problem still ok , except the padlock icon is showing on the network status ... also , let computer on all night no big deal right .. well now its being horribly slow .. did a registry clean (tune up utils) shows an invalid shortcut that cant be deleted so ran super anti and it showed by home page had been hijacked , and i was gonna do a screenshot of the network status and it says that mspaint is missing or invalid which is odd cause i used it lst night . so umm i dunno . runnin SAS then MBAM and will post a hjt log
Definatly still infected
I was just checking things with tuneup utils in the rescue center it shows 2 system backups done at 230 in the morning ( i was sleep) somthing like 180 registry chages ... mostly HKCR\CLSID some HKCR\Interface and the weird ones like HKCR\soundrec\Shellex\contextmenuhandlers\wmpaddtoplaylist...and
HKCR\typelib\
and 1 backed up file : C:documents and settings\administrator\microsoft\internetexplorer\quick launch\MSN.ink which happens to be the on registry error that keeps coming up about an invalid shortcut and cant be deleted by tune up or ccleaner so ....wow ima freakout
I was just checking things with tuneup utils in the rescue center it shows 2 system backups done at 230 in the morning ( i was sleep) somthing like 180 registry chages ... mostly HKCR\CLSID some HKCR\Interface and the weird ones like HKCR\soundrec\Shellex\contextmenuhandlers\wmpaddtoplaylist...and
HKCR\typelib\
and 1 backed up file : C:documents and settings\administrator\microsoft\internetexplorer\quick launch\MSN.ink which happens to be the on registry error that keeps coming up about an invalid shortcut and cant be deleted by tune up or ccleaner so ....wow ima freakout
gbhall
Posts: 2,419 +77
I hope you did not use one of the many, many 'clean up your PC', 'clean your registry' links. They are mostly exotortion rackets !!! they download a load of mischief. And you did open the door yourself....you will probably need to reinstall all over again.....sorry.
padlock icon on the network ?? Could be peerguardian.
padlock icon on the network ?? Could be peerguardian.
You where right the icon came from peer gaurdian , as far as the reg scanner i was using c cleaner and tune up utililities there the only ones i trust to clean up the loose ends as far as my windows problems i have got desperate and am using a freinds xp install it... its pirated , but the wga works and it was a sp3 install no familiar probs yet , did a quick zero fill,jumped the cmos and flashed bios b4 i installed so i hope it goes good ! i am gettin so very annoyed with whatever the prob was and i wished i would have figured it out but i guess i cant always win
gbhall
Posts: 2,419 +77
From FPROT....is this you? http://www.f-secure.com/weblog/archives/00001510.html
Mebroot is the most advanced and stealthiest malware seen so far
It operates at the lowest level of the Windows operating system
Mebroot writes its startup code to the first physical sector on the hard drive
When an infected machine is started, Mebroot loads first and survives through the Windows boot
Mebroot hides all changes made to the infected system
It heavily uses undocumented features of Windows
It creates a complex network communication system, involving pseudo random domain names
Large parts of the code is highly obfuscated
Mebroot uses a very complex installation mechanism, trying to bypass security products and to make automatic analysis harder
All botnet communication is encrypted with advanced encryption mechanism
The malware has apparently gone through extensive quality assurance. It never seems to crash the systems it infects, even though it runs at the kernel level
The Mebroot gang has so far registered around 1000 com/net/biz domain names for their communication needs
The botnet backdoor functionality is very powerful, even allowing the upload and execution of arbitrary kernel-mode modules
As a payload, Mebroot attacks over 100 European online banks, trying to steal money as users do their online banking on infected machines
Mebroot is the most advanced and stealthiest malware seen so far
It operates at the lowest level of the Windows operating system
Mebroot writes its startup code to the first physical sector on the hard drive
When an infected machine is started, Mebroot loads first and survives through the Windows boot
Mebroot hides all changes made to the infected system
It heavily uses undocumented features of Windows
It creates a complex network communication system, involving pseudo random domain names
Large parts of the code is highly obfuscated
Mebroot uses a very complex installation mechanism, trying to bypass security products and to make automatic analysis harder
All botnet communication is encrypted with advanced encryption mechanism
The malware has apparently gone through extensive quality assurance. It never seems to crash the systems it infects, even though it runs at the kernel level
The Mebroot gang has so far registered around 1000 com/net/biz domain names for their communication needs
The botnet backdoor functionality is very powerful, even allowing the upload and execution of arbitrary kernel-mode modules
As a payload, Mebroot attacks over 100 European online banks, trying to steal money as users do their online banking on infected machines
bushwhacker
Posts: 788 +2
Ok, may i ask you what program did you installed in the fresh operating system? It will helps us to trace back to the troublesome program
List it in here please
So far I can see is.
iTune
Avast4
Spybot S&D
PeerGuardian2
And I ran the test on your hijackthis again, and it comes up clean, except 5 of your lines called up the cmd.exe /c five times, so it's still not right.
Are you able to list the programs that you installed the fresh XP, and where did you get the drivers from?
List it in here please
So far I can see is.
iTune
Avast4
Spybot S&D
PeerGuardian2
And I ran the test on your hijackthis again, and it comes up clean, except 5 of your lines called up the cmd.exe /c five times, so it's still not right.
Are you able to list the programs that you installed the fresh XP, and where did you get the drivers from?
bushwhacker
Posts: 788 +2
Very good. Please come back here if you have any problems
Enjoy your stay.
Enjoy your stay.
- Status
Similar threads
Latest posts
-
Pioneer's latest Blu-ray drive caters to disc diehards- ZedRM replied
-
Tesla is laying off 10% of global workforce amid declining sales and production cuts- captaincranky replied
-
Samsung's 2024 TV lineup receives a new 98-inch model for $3,999- Squid Surprise replied
