system security 2009

View previous topic View next topic Go down

system security 2009

Post by tam37 on 3rd August 2009, 8:00 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:03 AM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\DLL\RUNDLL32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\WINDOWS\system32\3361\services.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\windows\ld11.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\DOCUME~1\default\LOCALS~1\Temp\xk0vh.exe
C:\DOCUME~1\default\LOCALS~1\Temp\winamp.exe
C:\DOCUME~1\default\LOCALS~1\Temp\xk0vh.exe
C:\program Files\Manson\liser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\DOCUME~1\default\LOCALS~1\Temp\ms1246233725.exe
C:\DOCUME~1\default\LOCALS~1\Temp\xk0vh.exe
C:\DOCUME~1\default\LOCALS~1\Temp\xk0vh.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\3361\services.exe
J:\Winlogon.exe
C:\Documents and Settings\default\default.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\msoyezbm.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msdbhyw.exe
O2 - BHO: (no name) - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [userfaultcheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [tkbellexe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [systemtray] SysTray.Exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
O4 - HKLM\..\Run: [semanticinsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [roxiodragtodisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [rgc94ej0e1eg] C:\WINDOWS\system32\qgce4ej0e1eg.exe
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKLM\..\Run: [pctvoice] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nvmediacenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mxo auto loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [media pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [loadmsvcmm] "G:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [koqf] C:\WINDOWS\system32\koqf.exe \u
O4 - HKLM\..\Run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [istray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [epson stylus photo 820 series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [cpqeasyacc] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccapp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [16388094] C:\Documents and Settings\All Users\Application Data\16388094\16388094.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\default\LOCALS~1\Temp\xk0vh.exe
O4 - HKCU\..\Run: [kell] C:\program Files\Manson\liser.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\default\default.exe /i
O4 - HKCU\..\Run: [] C:\DOCUME~1\default\LOCALS~1\Temp\xk0vh.exe
O4 - HKCU\..\Run: [windows system recover!] C:\DOCUME~1\default\LOCALS~1\Temp\winamp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [microsoft works update detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [inetchk] C:\DOCUME~1\default\LOCALS~1\Temp\ms1246233725.exe work
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [a00f5775fc5.exe] C:\DOCUME~1\default\LOCALS~1\Temp\_A00F5775FC5.exe

tam37
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-03
OS OS : windows xp
Points Points : 26855
# Likes # Likes : 0

View user profile

Back to top Go down

Re: system security 2009

Post by tam37 on 3rd August 2009, 8:00 am

O4 - HKCU\..\Run: [a00f57757c0.exe] C:\DOCUME~1\default\LOCALS~1\Temp\_A00F57757C0.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msgku.exe
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Default user')
O4 - Startup: fmnupd32.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F1U201.401.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &Viewpoint Search - [You must be registered and logged in to see this link.] Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\92103597.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\92103597.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3862F4BC-E9EA-4004-830E-C2F960E10816}: NameServer = 68.2.16.30,68.2.16.25,68.2.16.20,68.2.16.29
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: __c0028740 - C:\WINDOWS\system32\__c0028740.dat (file missing)
O20 - Winlogon Notify: __c0094153 - C:\WINDOWS\system32\__c0094153.dat (file missing)
O20 - Winlogon Notify: __c009cda7 - C:\WINDOWS\system32\__c009CDA7.dat (file missing)
O20 - Winlogon Notify: __c00a42c4 - C:\WINDOWS\system32\__c00A42C4.dat
O21 - SSODL: ylMEhODfr - {A0E01C18-0A4A-B6B2-061F-3BB09A0610DE} - C:\WINDOWS\system32\hgvbv.dll
O23 - Service: 6to4 - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Message Screener (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Message Screener\bin\compaq-rba.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\DLL\RUNDLL32.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Movielink Core Service - Unknown owner - G:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: sys - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 18098 bytes

tam37
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-03
OS OS : windows xp
Points Points : 26855
# Likes # Likes : 0

View user profile

Back to top Go down

Re: system security 2009

Post by Belahzur on 3rd August 2009, 7:11 pm

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: system security 2009

Post by tam37 on 6th August 2009, 7:17 am

i haven't been using the computer that is infected much recently. how much can they see that has been done on that computer in the past? like if i purchased something online a year ago would there be a way for them to trace the transaction and get my credit card info or is it just what was done on the computer since it got the virus? good thing i had important files, like pictures and documents, backed up to an external hard drive, i will just reinstall the os instead of trying to get rid of the virus. thanks for the help

tam37
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-03
OS OS : windows xp
Points Points : 26855
# Likes # Likes : 0

View user profile

Back to top Go down

Re: system security 2009

Post by Belahzur on 6th August 2009, 2:18 pm

Everything since you had the virus is logged, everything before should be okay, but you can never be sure.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum