Results 1 to 10 of 12

Thread: virus? worm? trojan?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    30

    Default virus? worm? trojan?

    Hey Guys,

    Theory and practial question here. My computer seems to be acting strange at the moment in that cpu useage is through the roof, secure websites gettin time out error, system start up slower than usual etc etc.

    Im guessing it is virus/worm etc thats chewing my cpu etc. scanned comp with PC tools software and nothing is coming up, firewall is up and running fine.

    I use WEP on my wireless (hardware issue with mulitmedia box) even though i know i should be WPA at least (alot of old people living here so figured would not be to much of a risk), so i wondering if someone has cracked my WEP, and somehow uploaded something to my computer.

    How would they have uploaded something to my comp without my knowledge, and how can i guard against such things happening??

    (best defence is to know there offence)

    Many thx

    The0

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    You can start out by sniffing some traffic. BT comes with Wireshark. Pop that open and see if anything unusual is going on.

    If your computer is comprimised, you're better off just reformatting and starting over. Move over to WPA and use stronger passwords.

  3. #3
    Junior Member
    Join Date
    Sep 2008
    Posts
    30

    Default

    Hey lincon,

    Ive sent a report to security company, waiting to hear back from them, see if they can id anything.

    If they carnt find it, will have to resort to factory reset. In regards to WPA, hardware issue mean WPA isnt supported (crap on a stick i know) so in that case may have to relocate said hardware and hardwire to router.

    How the hell would someone have go something onto the comp in the first place??

    Metaspolit?

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by theoleek View Post
    How the hell would someone have go something onto the comp in the first place??

    Metaspolit?
    that's just one of many possibilities.

    It's far more likely that you downloaded/installed something you shouldn't have, plugged in a USB key or other media from a source you shouldn't have trusted, are behind on patches (which might play to the metasploit angle), visited a web site with an insecure browser or accepted installation of a component/plugin/activeX etc when visiting a website of questionable repute (with or without your knowledge).

    Things to try:
    1. Restart in Safe mode and see how performance is.
    2. Check msconfig and see what junk is in your startup items list.
    3. Get processexplorer and see what's running/using CPU time.
    4. Use wireshark/netstat/other tools to see what connections your machine is making.
    5. Check your OS logs for errors or other strange messages.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by thorin View Post
    that's just one of many possibilities.

    It's far more likely that you downloaded/installed something you shouldn't have, plugged in a USB key or other media from a source you shouldn't have trusted, are behind on patches (which might play to the metasploit angle), visited a web site with an insecure browser or accepted installation of a component/plugin/activeX etc when visiting a website of questionable repute (with or without your knowledge).

    Things to try:
    1. Restart in Safe mode and see how performance is.
    2. Check msconfig and see what junk is in your startup items list.
    3. Get processexplorer and see what's running/using CPU time.
    4. Use wireshark/netstat/other tools to see what connections your machine is making.
    5. Check your OS logs for errors or other strange messages.
    That is a real simple thing to try. A user at a client's place downloaded a Trojan last week, and managed to become a spambot. Within 5 minutes of my arrival, Wireshark showed a huge amount of traffic coming from one machine - all on port 25. Running netstat on the suspected machine confirmed the problem when the console window scrolled for a solid minute showing nothing but connections to email servers.

    I think the user is recovering nicely from the bludgeoning the boss gave her...

    For the record, the client has previously been told a whole host of best practices, which they continue to ignore.
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Smile Re:

    Also, since your AP/router is a DHCP server also, check and see if another computer got an IP address from your router.
    I tried this with some embedded viruses, that were trying to go out to the net or "call home", whichever.
    Install ZoneAlarm , the free edition, it will by default tell if if something is trying to get outside of your computer and so many other things. Mind IP addresses, .exes,file extension,etc. Read up on it!
    Come back and let us know!

    Good luck!

  7. #7
    Junior Member
    Join Date
    Sep 2008
    Posts
    30

    Default

    Thank for all the reply's guys.

    Take my own advise and use wpa2, will just have to do alot of cabling around the house to hardwire the offending hardware to router.

    Cheers guys

    the0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •