Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: virus? worm? trojan?

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    30

    Default virus? worm? trojan?

    Hey Guys,

    Theory and practial question here. My computer seems to be acting strange at the moment in that cpu useage is through the roof, secure websites gettin time out error, system start up slower than usual etc etc.

    Im guessing it is virus/worm etc thats chewing my cpu etc. scanned comp with PC tools software and nothing is coming up, firewall is up and running fine.

    I use WEP on my wireless (hardware issue with mulitmedia box) even though i know i should be WPA at least (alot of old people living here so figured would not be to much of a risk), so i wondering if someone has cracked my WEP, and somehow uploaded something to my computer.

    How would they have uploaded something to my comp without my knowledge, and how can i guard against such things happening??

    (best defence is to know there offence)

    Many thx

    The0

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    You can start out by sniffing some traffic. BT comes with Wireshark. Pop that open and see if anything unusual is going on.

    If your computer is comprimised, you're better off just reformatting and starting over. Move over to WPA and use stronger passwords.

  3. #3
    Junior Member
    Join Date
    Sep 2008
    Posts
    30

    Default

    Hey lincon,

    Ive sent a report to security company, waiting to hear back from them, see if they can id anything.

    If they carnt find it, will have to resort to factory reset. In regards to WPA, hardware issue mean WPA isnt supported (crap on a stick i know) so in that case may have to relocate said hardware and hardwire to router.

    How the hell would someone have go something onto the comp in the first place??

    Metaspolit?

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by theoleek View Post
    How the hell would someone have go something onto the comp in the first place??

    Metaspolit?
    that's just one of many possibilities.

    It's far more likely that you downloaded/installed something you shouldn't have, plugged in a USB key or other media from a source you shouldn't have trusted, are behind on patches (which might play to the metasploit angle), visited a web site with an insecure browser or accepted installation of a component/plugin/activeX etc when visiting a website of questionable repute (with or without your knowledge).

    Things to try:
    1. Restart in Safe mode and see how performance is.
    2. Check msconfig and see what junk is in your startup items list.
    3. Get processexplorer and see what's running/using CPU time.
    4. Use wireshark/netstat/other tools to see what connections your machine is making.
    5. Check your OS logs for errors or other strange messages.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by thorin View Post
    that's just one of many possibilities.

    It's far more likely that you downloaded/installed something you shouldn't have, plugged in a USB key or other media from a source you shouldn't have trusted, are behind on patches (which might play to the metasploit angle), visited a web site with an insecure browser or accepted installation of a component/plugin/activeX etc when visiting a website of questionable repute (with or without your knowledge).

    Things to try:
    1. Restart in Safe mode and see how performance is.
    2. Check msconfig and see what junk is in your startup items list.
    3. Get processexplorer and see what's running/using CPU time.
    4. Use wireshark/netstat/other tools to see what connections your machine is making.
    5. Check your OS logs for errors or other strange messages.
    That is a real simple thing to try. A user at a client's place downloaded a Trojan last week, and managed to become a spambot. Within 5 minutes of my arrival, Wireshark showed a huge amount of traffic coming from one machine - all on port 25. Running netstat on the suspected machine confirmed the problem when the console window scrolled for a solid minute showing nothing but connections to email servers.

    I think the user is recovering nicely from the bludgeoning the boss gave her...

    For the record, the client has previously been told a whole host of best practices, which they continue to ignore.
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Member godcronos's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Smile Re:

    Also, since your AP/router is a DHCP server also, check and see if another computer got an IP address from your router.
    I tried this with some embedded viruses, that were trying to go out to the net or "call home", whichever.
    Install ZoneAlarm , the free edition, it will by default tell if if something is trying to get outside of your computer and so many other things. Mind IP addresses, .exes,file extension,etc. Read up on it!
    Come back and let us know!

    Good luck!

  7. #7
    Junior Member
    Join Date
    Sep 2008
    Posts
    30

    Default

    Thank for all the reply's guys.

    Take my own advise and use wpa2, will just have to do alot of cabling around the house to hardwire the offending hardware to router.

    Cheers guys

    the0

  8. #8
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    4

    Default

    You might want to consider using a Homeplug device before re-wiring the house. Also keep in mind that you can convert phone jacks into RJ45 jacks with minimal effort. Most houses have enough to make it doable. If you do decide to re-wire, don't run the cable itself! Install conduit instead so you can upgrade your network with far less effort the next time.

    Have you already formatted your system? I remove malware and medium depth rootkits for a living and should be able to help you remove it in about 45 minutes to an hour and a half (from your initial description of slow ssl pages, cpu usage etc.) it sounds like you have either a BHO or dll injector infection.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by AgentK View Post
    Also keep in mind that you can convert phone jacks into RJ45 jacks with minimal effort. Most houses have enough to make it doable.
    Only if the house is relatively new and was installed with CAT5 or better cable. Attempting to run Ethernet over CAT3 at speeds higher than 10Mb would be unreliable.

    If you do decide to re-wire, don't run the cable itself! Install conduit instead so you can upgrade your network with far less effort the next time.
    You're advising someone to install conduit in their home? Do you expect them to rip up their drywall/plaster to do so? That may be a good idea in a new construction, but any retro-fitting wouldn't really be feasible even by the most experienced weekend warrior.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Only if the house is relatively new and was installed with CAT5 or better cable. Attempting to run Ethernet over CAT3 at speeds higher than 10Mb would be unreliable.



    You're advising someone to install conduit in their home? Do you expect them to rip up their drywall/plaster to do so? That may be a good idea in a new construction, but any retro-fitting wouldn't really be feasible even by the most experienced weekend warrior.
    I've pulled around four thousand feet of network cable in the last two houses I've lived in, none of it has been in conduit.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •