Tweaks.com Forum / Windows & System Security / Virus / Spyware Problems and Security Software Issues

My PC is damaged

Anwar — Fri, 16 May 2008 17:41:14 GMT

My PC got some problems. I already fixed it with HijackThis myself (Trust me, I know what I did) so, don't ask me to post another Hijackthis log because, you will waste space. The problem I got was that the malware changed my group policy, Regedit is blocked, Automatic Updates settings are grayed (I can't change it to update automatically) and Windows Firewall is also grayed. Please help me. I just need to know which policy to change to restore Windows.

Horribly destructive infection, please help

Fennesz — Fri, 16 May 2008 20:32:09 GMT

Hi. Yesterday I picked up on some rogue processes, and then over until this afternoon those few sprouted into many including (not precise) "mrofinu", "syst3m32.exe", "DILx.tmp" with "x" being a number between 1-15, and another I can't remember now. Amongst all this many important files became corrupt, including explorer.exe, and the internet was almost completely non-fucntional up until Generic Host Process (svchost.exe) crashed and took me offline properly until I restarted.

This evening I reformatted because I didn't see any possible salvage, but the problem seems to have brilliantly survived the wipe. My Temp folder is now full of DILx.tmp files again, and explorer among other things (the process that handles 16bit applications) have started to fail again. New processes, or ones I didn't notice before, have appeared, including ___r.exe and ___synmgr.exe.

I heard things can survive in the MBR, but I have no idea how to tackle this and in what order so as to actually contain the spread.

Help?

Edit: As a side note, most of the drivers I need to be installing are 16 bit, so I don't even have a working AGP chipset.

Multiple "Internet User Accounts"

HannibalJV — Fri, 16 May 2008 17:26:33 GMT

I searched for something similar to see why my pc is doing this.
I log on then log out no extra user accounts, when I restart my computer it makes 5 to 6 Internet user accounts all Password protected Administrator accounts. I'll go in and delete them, once a restart happens they're back.
The only Thing I've done differently On Vista is I tried the free trial of Trend Micro's Pccillin it has since expired and I'm currently running avast free home edition.
I've Ran Virus Checks, Full Scan - the Windows Defender program
Ran Searches on Websites haven't came across anything yet
Any Help would be appreciated

I return w/no viruses or spyware

Thank you

Josh

unknown behaviour

serfDy — Sat, 10 May 2008 00:24:25 GMT

hello,

well i have two pc both are windows xp sp2. One has the internet the other has no internet.
my little sis went to her friends house shared a usb came back home and used it in her pc that now it's acting weird. Her computer is slow the floppy drive makes noise everytime i go to msconfig it just automatically shuts the pc if i go to regedit it says i do not have permission and i need administrative rights.And i keep getting some web page link in my documents to some foreign language web site. I tried going in safe mode samething.She doesnt have a antivirus software. And im very worried to share any floppy or cd in her pc. So if anyone could help figure out what to do and what is the name or genre of this virus or trojan?

thank you

slow, very slow to start up and won't open programs

irebeer — Sun, 11 May 2008 14:25:03 GMT

I have an HP pavilian 7965, with windows xp that takes about 1/2 hour to start up, then it doesn't or won't open any programs to run. I get a bunch of messages while it goes through the motions of starting up. One message is "DDL C:|WINDOWS|system32\wowfx.dll is not a valid windows image. Please check this against your installation diskette." I tried to use a memory stick to put some spyware removal programs on it but that doesn't go either. I tried to open the c drive but I get "not responding" message. How does one approch this issue to cure its ills? Thank you for helping in which ever way you can.

Trend Micro and WinRar

CarolinaFaithful — Mon, 12 May 2008 14:44:55 GMT

I've changed my internet security from Norton to Trend Micro. Norton was automatically detected in WinRar virus scanner option, Trend Micro is not. I tried to insert it manually, but when I browsed to the Trend Micro file, there were several to chose from and I don't know which one to use. Can anybody help me with this?

CiD Virus

bsmith40 — Sun, 11 May 2008 23:22:17 GMT

I have been having problems with the infamous CiD pop ups. Could someone help me resolve this issue? I have downloaded HijackThis as suggested in some other topics that I have read. Thanks

"WARNING! YOU'RE IN DANGER Desktop message

SSC-NY — Thu, 08 May 2008 02:20:07 GMT

Hi guys

I got a desktop wallpaper named "mywallpaper.bmp" which even I delete comes back having the message "WARNING! YOU'RE IN DANGER YOUR COMPUTER IS INFECTED WITH SPYWARE .......".

I installed the SUPERAntispyware freeware and cleaned the system. Now

1. what should I do to get rid of this wallpaper?

2. Did I do the right thing by running SUPERAntispyware?

3. What should be done for cleaning the system and for future protection?

I appreciate your valuable expert suggestions.

SSC-NY

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA

APK — Sat, 01 Dec 2007 09:58:57 GMT

[b]INTRODUCTION:[/b]

(Afterwards, the actual steps to perform beyond CIS Tool suggestions (which will need you to use tools like secpol.msc, gpedit.msc, services.msc, regedit.exe, explorer.exe + more, yet, all native tools to your OS) will be listed for your reference, each in their own post reply, to avoid "clutter"):

Windows CAN be secured very well, but, you have to go thru some "GYRATIONS/EFFORT" to do it, but, it IS doable (but not to any 100% levels, because again - new holes/vulnerabilities appear in the OS & its libs + apps, but this gets you closer, if not as close as a body needs to be!).

[b]THIS IS GEARED TO "stand-alone" systems online on the internet (However - it can be adapted for LAN/WAN office or home networked environs, BUT, pay attention to step #2's 'warnings' about pulling Client For Microsoft Networks, &/or File & printer sharing - most networks require/need this)

--------------------------------------------------------------------------------------------------------------
BACKGROUND & INFORMATION + TOOLS YOU CAN USE TO HELP YOU SECURE YOUR SYSTEM:
--------------------------------------------------------------------------------------------------------------[/b]

Here I am running Windows Server 2003 SP #2, fully current patched by MS update pages, here (I check it every 2nd Tuesday of the month of course, on "Patch Tuesday's"):

[url]http://www.microsoft.com/downloads/Browse.aspx?DisplayLang=en&nr=20&categoryid=7&sortCriteria=date&sortOrder=descending[/url]

It is a personally 'security-hardened' model I have been working on for many years, using principals I learned & used since the NT 3.5x days onward to this version of the OS: As is now?

[b]I score an 85.760 on the CIS Tool 1.x currently as of 10/10/2007![/b]

[img]http://forums.techpowerup.com//attachment.php?s=107872c1adbe7cefa0caa52fb704483a&attachmentid=10053&d=1192208359[/img]

This is up from my past score here of 76.xxx on it (default score I had prior to this security hardening via CIS TOOL & its advisements & past the 84.735 I initially hardened it up to, & later 85.185 as well), & here is how to do it!

Currently, I can go NO higher than this score of 85.760 (of 100 total) on CIS Tool 1.x for Windows, pictured here (photo proof/pictures DO say, a 1,000 words (like this post, lol)) & even IF I could get past the few areas I know are wrong (the test errs, as it does on some areas in LINUX as well), I cannot get past 88% or so, period!

============================================================================
[b]HERE ARE LINUX SCORES FROM CIS TOOL (SuSE Enterprise Linux under VMWare):[/b]
============================================================================

[b]HARDENED LINUX:[/b]

[url]http://forums.techpowerup.com//attachment.php?attachmentid=10194&stc=1&d=1192894351[/url]

[b]DEFAULT LINUX:[/b]

[url]http://forums.techpowerup.com//attachment.php?attachmentid=10193&stc=1&d=1192894012[/url]

(It appears that LINUX has FAR LESS TESTED, when compared to the SIZE of the Windows tets, & Linux CAN reach 90++ scores (but there is an error in CIS TOOL preventing myself from going to a higher than 85.760 score & I have submitted the data to CIS TOOL's authors on that account WITH PROOFS, and even if I could get the few areas I am scored down on still, it would not add to past 88% or so... bug, bigtime, do the math from my score & see))

============================================================================

That is a DECENT ENOUGH score (especially considering the default score of VISTA even, is FAR BELOW THAT! Nice part is? The techniques noted here can LARGELY APPLY TO VISTA AS WELL, but afaik there is no CIS Tool version for VISTA (yet)! Still, read on...)

(For CIS Tool - There are Linux, Solaris, BSD variants, & other OS models ports (some only in .pdf security guide form though, not programmatically automated yet, like MacOS X) of this are available too by the way - not really "ports" strictly speaking, they require JAVA to run)

[b]-------------------------------------------------------------------------------------------------------------------
DOWNLOAD URL FOR CIS TOOL (for multiple platforms), from "The Center for Internet Security" here:
-------------------------------------------------------------------------------------------------------------------[/b]

[url]http://www.cisecurity.org/bench.html[/url]

[b]IMPORTANT:[/b] This tool IS invaluable in guiding you to a more secure OS, on any OS platform really!

It actually makes it "FUN", in a techie/geeky/nerdy (whatever) kind of way, in that you really find out WHAT it is you know, vs. the CIS Tool results, as far as securing a Windows NT-based system. E.G./I.E,-> I've been @ this field in a professional capacity since 1994, & it taught me a "trick-or-two", let's put it THAT way.

CIS Tool = Great stuff, that makes much of this easier (what I add ontop of it is in the next steps)!

APK

P.S.=> Now that the "introductory material" (tools to use, how/why, results possible, etc. et al) has been put down? Now, here we go to the actual "meat" of the subject in my next post(s).

Also - IF you have more to add to this, OR critique of my points? Please - have @ it & let 'em rip (as we ALL can gain by for security & peace-of-mind online hopefully)

HOWEVER, please - hold off on the "English Grammar" critiques + "writing style" stuff (I did my best + refine it as I go & add more)

I would try to have made it shorter too, but it's complex material @ times, & definitely a lot of it (CIS Tool helps though)!

(So please, as to critiques - I only ask that you keep it computer security technically oriented, adding points I may have missed or supplementing those I suggest with alternates to things I Have).

Thanks! apk

Spyware and virus

harsh — Tue, 29 Apr 2008 07:59:25 GMT

Hi Richie,

Recently I got my laptop fixed through your help. But it looks like my desktop is now affected. Please help me to clean this and I will make sure to follow all your instructions to keep it clean in future.

Thanks,

harsh.

Trojans

krispy21212 — Tue, 29 Apr 2008 07:43:53 GMT

i have acquired a trojan vundo and a trojan nebuler any help?

VIRUS HEAT

KingNet — Mon, 28 Apr 2008 15:18:57 GMT

I have this random symbol on the right side of my screen whihc changes from a sheild to a question mark and keeps telling me that i may have spyware running thats neeeds a scanner and also virus heat got downloaded onto my comp somehow

Advertisement Pop ups with side bar in google showing sponsored links

harsh — Tue, 22 Apr 2008 05:28:44 GMT

Please Help!!!

It looks like my system is affected with virus. I am getting popups of advertisement and some sponsored links in left side of google search page. Please help, its quiet urgent. I am using Windows XP Professional version 2002, SP 2.

Port Scanning

Sebastian — Mon, 21 Apr 2008 01:16:42 GMT

Dear Richie

Hi! Hope u're keeping well.

For a while now, i've managed to run my system without having any virus on it. However, off late, i've started getting messages from sygate that "Somebody is scanning your computer.
Your computer's TCP ports:
6588, 1080, 8080, and 8000 have been scanned from 118.168.156.153.." "Somebody is scanning your computer.
Your computer's TCP ports:
3124, 4480, 50050, and 8080 have been scanned from 118.161.243.89.."

Somebody is scanning your computer.
Your computer's TCP ports:
6588, 1080, 8080, and 8000 have been scanned from 118.168.148.196..

and a lot more of these...

Could you please advise what could be resulting in this.

I'm on a wireless network, XP Pro SP2. I've run kaspersky/webroot spyware but found no traces.

Please help

Thanks

Running vista possible virus

d.i.verse — Wed, 16 Apr 2008 12:45:18 GMT

need help identifing and deleting possible viruses