• My PC is a target for hackers
    9 replies, posted
My antivirus has blocked rapidshare from downloading strange files on my PC. Most of them were worms but some were trojans. The files were .exe's like this: 812.exe 5574.exe etc. The last time I checked my av it said that it blocked 402 attacks in 2 hours. Even if it blocks them, it makes my PC work extremely slowly. Even double-clicking on my computer is very slow.. I once saw that my AV blocked cdrom.sys because it wanted to modify svchost.exe. I reformatted only a week ago. I'm typing this from my dad's PC; this PC is safe. I booted in safe mode to delete cdrom.sys, and after I deleted it I checked task manager and saw that all of those strange files were running, and used only a few K's of memory. Btw, it wasn't 4chan because I never visited that site since I reformatted. Also, it was a quick reformat. Please help.. This is serious!
Reformat? Scan with Malwarebytes in Safe Mode?
Just format again. What's worse, reformatting or getting hacked?
[QUOTE=tratzzz;26027786]Reformat? Scan with Malwarebytes in Safe Mode?[/QUOTE] Wouldn't work. Those pesky programs would block malwarebytes.
Have you even tried scanning?
[QUOTE=supervoltage;26027815]Wouldn't work. Those pesky programs would block malwarebytes.[/QUOTE] [del]Programs running inside Windows are stopping you from wiping your hard drive and starting over?[/del] Use a Linux Live CD and scan with an antivirus that way.
Nevermind, I downloaded Malwarebytes from my dad's PC and put it on a flash drive. Booted into safe mode with NO networking and performed a scan. Then I booted normally and performed a scan again. Here's the log: [code]Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 11/13/2010 1:28:50 PM mbam-log-2010-11-13 (13-28-50).txt Scan type: Quick scan Objects scanned: 104061 Time elapsed: 8 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yhriikay (Trojan.Agent) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\yhriikay.sys (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\supervoltage\csrss.exe (Trojan.Palevo.Gen.A) -> Delete on reboot. C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\ndisvvan.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\All Users\secupdat.dat (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\Default User\secupdat.dat (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\LocalService\secupdat.dat (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\NetworkService\secupdat.dat (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\supervoltage\secupdat.dat (Worm.Autorun) -> Delete on reboot. C:\WINDOWS\system32\config\systemprofile\secupdat.dat (Worm.Autorun) -> Delete on reboot. [/code] Moderator can lock this thread.. Sorry for wasting your time..
There's still a chance it didn't detect something. The safest way is to format and reinstall your OS. I've had 2 viruses during my life, format and reinstall both times.
I doubt it's necessary to format your pc. It might be your safest bet, but not necessary. Instead you could try running a scan with another virusscanner such as Avast!
MBAM generally takes care of everything. Just monitor what's running and if their is anything suspicous a format would be the best bet.
Sorry, you need to Log In to post a reply to this thread.