I need a bit of computer advice/help, please!

12/06/04 | me

[IamHD]

I think that I may have a trojan or a keylogger or something on my computer. I have tried everything that you can think of, short of completely deleting everything from my computer. I have all up to date anti-virus protection, pop-up stoppers, hijackthis, etc., etc., etc. I accidentally found 1,000's of porno, gambling, dialers, etc., in my REGISTRY:

HKEY_CURRENT_USER

LEADS TO INTERNET SETTINGS, THEN HISTORY, FILLED WITH HUNDREDS OF PORNO, GAMBLING AND AD SITES, AND;

LEADS TO A FOLDER CALLED ZONEMAP, WITH IS FILLED WITH OVER A THOUSAND MORE DIALERS, GAMBLING AND PORN SITES.

I have tried everything to delete them, and they keep reappearing in my REGISTRY. If I use my search option and check for these files, they don't show up, but they are in the REGISTRY. In the registry, it shows that these files are in my History and my Favorites, but they aren't. HELP!

[IamHD]

Could they be in my registry because I have them in my Internet restrictions host files?? I went to an innocent enough looking website the other night, and bam, it was a hacking site. It made my ad-aware start up and parts were written in German, then it crashed. It did the same thing to my SpyBot, my firewall and my ZoneAlarm.

I'm so paranoid about this...I'm afraid I may have an invisible keylogger, or something on my computer! Is there anything that I can do short of totally formatting my hard drive?

Thanks for any help!

[timpad]

What's your OS version? If you have XP or such have you tried System Restore?

[ProudVet77]

Are you using XP? If so, it's hard to get rid of certain things as it automatically backs them up and when you delete them it replaces them.
Also to see all files, open My Computer, Select Tools, then Folder Options, Click View, then select "Show Hidden files and folders".

[M. Peach]

Have you downloaded ad-aware 6? It's free, and it seems to do a good job for me - however it has to be done about every week.

I would also go to tools, internet options - general tab - and delete all files, cookies and delete history. You could also try to restore your computer to an earlier date.

I'm no expert - but that's what I would try....

[Americanchild]

I would say your paranoia is well-founded!If these things are in your registry then they are probably installed malware, trojans, etc. Are you saying Spybot, Ad-aware, Zonealarm, and your firewall all crashed ? Do you have all the file sets checked under settings in Spybot? I would think Hijack This! would be the quickest way to clean all this out. Have you tried that yet?

[IamHD]

I have WindowsME. I turned my system restore off until I clean (or try to clean) all of this stuff out of my computer...I don't want to reinfect myself. There is a way to do a restore on my registry only, which I did, but this malware is still in my Registry. :(

[IamHD]

No, I have have windows ME. But, I do have my folders set to show the hidden files and folders. It's so frustrating, because I'm not finding anything that looks suspicious. :(

[Peace Is Coming]

bttt

[JSteff]

A good first step is to use spybots "hosts" file replacement. That will help keep it from completing connections to many of the sites that stuff will try to connect to.

(Make sure your cable or dsl line is not live while you do all this. They will just replace themselves.)

Then in safe mode run ad-aware several times. You can get it out when it is bad but it took me almost 8 hrs on an XP machine that spybot and ad-aware eventually found over 900 instances of spyware.

Also had two virii on it which AVG got rid of. I also used a registry cleaner... not Windows version... a free ware but the name escapes me.

I also wrote down all the stuff that was starting or rebuilding over and over and went into the registry and deleted anything with that name.

It was grueling and I would not want to do it again.

Safer easier is to use safe mode.. get what files you can save (just work and personal.. NO apps).. do a complete hd clean to take it back to baby state and reload windows. Scan the stuff you were able to save with a virus scanner and ad-aware before putting them on your reloaded system.

Chalk it all up to life under Windows.

Me? No, but I dad stay at a Holiday Inn.

[IamHD]

Yes, I have the new ad-aware SE. It's great, and it did find a few things, but nothing is working for my Registry.

[edchambers]

Try deleting all the stuff while running in safe mode.If the bugs are loaded into memory they won't be there in safe mode to reinstall and you should be able to get rid of them.Then run all your anti spyware stuff from safe mode.Turn off System Restore and get rid of all the restore points.If all that fails go for the nuclear option reformat re install the OS.

[ProudVet77]

The best advice I can give any owner of an ME system is to upgrade to XP. I'm not a fan of XP (I run 2003 Server) but it's a lot better than ME. The home edition is pretty cheap now. Buy one of those USB storage device http://www.xpcgear.com/usbmemory.html
and back up all your mail, favorites, documents etc and then upgrade to XP.

[The Spirit Of Allegiance]

FIRST thing to do is to download and use either Firefox or Netscape, these are not nearly as vulnerable to being hacked.

Second thing is, when you are not actually needing to be online, physically disconnect your computer from its telecommunications capabilities--phone jack, Ethernet cable, USB cable or disable any wireless.

The rest of my suggestions could TRASH your computer, so do at your own risk. Exact sequence and steps taken would depend on the version of Windows and other "hunches" along the way....make a backup of your data in case of the worst!

Third, hit Ctl/Alt/Delete and using this key sequence and your mouse, kill programs ("end task") one at a time, keep track which ones can be safely killed without hanging/rebooting your machine. You'll have to do this a few times most likely...including restarts.

Fourth, when you get past #3 and you have only a couple programs (Explorer will be one but NOT IExplore.exe) running, then go to Start/Run and type in MSCONFIG and click Run. Go to the Startup tab and disable everything there that does not have to do with virus prevention (McAfee or NAV, for example) or ZoneAlarm.

Fifth, restart your computer. Try SAFE mode first. See if it seems to act "faster" You can make a backup of the system registry (export ALL) to the desktop. Then start deleting all the crap. If it's too much, you may just want to reinstall Windows from your CD...you do have one, I hope? Of course you also have a backup of your crucial stuff...?

Sixth, get yourself a copy of Norton Utilities 2003 or later, or Systemworks....$45-$100 but well worth it.

[IamHD]

"I would say your paranoia is well-founded!If these things are in your registry then they are probably installed malware, trojans, etc."

I'm scared stiff! lol I'm afraid to check my email, or Christmas shop online, because if there is a hidden keylogger, they will get my passwords, credit card info., etc. I called my telephone company and asked them to check and see if there are any suspicious long distance #'s on my bill. There are tons of dialers in my registry from all over the world and I'm afraid they will steal my telephone # and use it for?? porno sites, and god knows what else.

"Are you saying Spybot, Ad-aware, Zonealarm, and your firewall all crashed ?" Yes. :( I'm redoing my Spybot right now.

I've left my HijackThis log over at the ComputerCops site, but they haven't gotten back to me yet.

[Prophet in the wilderness]

Thats what I had to do, reinstall everything.
people who go for that option should save any work, or pictures or files they want to save ( save them on a floppy, but, do a separate scan on those floppies ). Reformat , and then reinstall, took me about 2 hours.

[tallhappy]

Is there anything that I can do short of totally formatting my hard drive?

Unplug it from the network if you think its being accessed.

Check hard disk size. See if it has increased significantly.

Search for any large files, make sure you've selected to see all file types, system and invisible etc...

Look for processes that shouldn't be running. Kill them. If they don't get killed it is suspicious.

Root kits can be hidden in the recycle, in volume info, buried deep in system directories.

[potlatch]

ping

[Cedar]

Go to www.spywareinfo.com and post your HiJackThis log. Those pros will answer back pretty quickly and clear things up for you.

It's the best site around for technical help, and it's free!

[1L]

Download the following four files:

1. Avast anti-virus
2. Adaware SE
3. Spybot
4. CleanCache

(Just do a google search). Install and run in reverse order. That should clean things up well.

Then, after its clean, install and run Firefox and dump IE as a browser.

[ChefKeith]

check your pings for info in a different thread