I'm so paranoid about this...I'm afraid I may have an invisible keylogger, or something on my computer! Is there anything that I can do short of totally formatting my hard drive?
Thanks for any help!
What's your OS version? If you have XP or such have you tried System Restore?
Are you using XP? If so, it's hard to get rid of certain things as it automatically backs them up and when you delete them it replaces them.
Also to see all files, open My Computer, Select Tools, then Folder Options, Click View, then select "Show Hidden files and folders".
Have you downloaded ad-aware 6? It's free, and it seems to do a good job for me - however it has to be done about every week.
I would also go to tools, internet options - general tab - and delete all files, cookies and delete history. You could also try to restore your computer to an earlier date.
I'm no expert - but that's what I would try....
bttt
FIRST thing to do is to download and use either Firefox or Netscape, these are not nearly as vulnerable to being hacked.
Second thing is, when you are not actually needing to be online, physically disconnect your computer from its telecommunications capabilities--phone jack, Ethernet cable, USB cable or disable any wireless.
The rest of my suggestions could TRASH your computer, so do at your own risk. Exact sequence and steps taken would depend on the version of Windows and other "hunches" along the way....make a backup of your data in case of the worst!
Third, hit Ctl/Alt/Delete and using this key sequence and your mouse, kill programs ("end task") one at a time, keep track which ones can be safely killed without hanging/rebooting your machine. You'll have to do this a few times most likely...including restarts.
Fourth, when you get past #3 and you have only a couple programs (Explorer will be one but NOT IExplore.exe) running, then go to Start/Run and type in MSCONFIG and click Run. Go to the Startup tab and disable everything there that does not have to do with virus prevention (McAfee or NAV, for example) or ZoneAlarm.
Fifth, restart your computer. Try SAFE mode first. See if it seems to act "faster" You can make a backup of the system registry (export ALL) to the desktop. Then start deleting all the crap. If it's too much, you may just want to reinstall Windows from your CD...you do have one, I hope? Of course you also have a backup of your crucial stuff...?
Sixth, get yourself a copy of Norton Utilities 2003 or later, or Systemworks....$45-$100 but well worth it.
Unplug it from the network if you think its being accessed.
Check hard disk size. See if it has increased significantly.
Search for any large files, make sure you've selected to see all file types, system and invisible etc...
Look for processes that shouldn't be running. Kill them. If they don't get killed it is suspicious.
Root kits can be hidden in the recycle, in volume info, buried deep in system directories.
ping
Download the following four files:
1. Avast anti-virus
2. Adaware SE
3. Spybot
4. CleanCache
(Just do a google search). Install and run in reverse order. That should clean things up well.
Then, after its clean, install and run Firefox and dump IE as a browser.
check your pings for info in a different thread
Ping
There is an executable somewhere on your hardrive that is doing the nasty work of recreating all the registry entries.
I had the same problem with a friend's PC running XP. I had to reformat the drive and reload the OS to get rid of it. The bugger was hiding out in the Windows directory as an executable called "svhost.exe" which is supposed to look like a valid and necessary Microsoft program called "svchost.exe". It would run every ten minutes and recreate all the entries after deletion. It also would not allow Spybot S&D or CWShredder to run. The problem with XP is there is no way to delete a file that runs at startup per se. Since XP is the OS, you can't just startup in DOS mode and delete nasty files. And the creators of the spyware know this.
You may be horked and in need of a wipe 'n' load.
"Filthy nasty spywareses,
trying to hurt the Precious!
But we won't lets them, no we won't!"
I run ME too, and just the other day I made an updated "nasties" list, which is/are unwanted cookies.
Go into Tools>Internet Options>Security, highlight "Restricted Sites", then click on "sites" and hopefully there is the list of what you speak.
If you find the list in the trusted sites, then of course thats something else again and then you can worry.
My point is that if you're running Adaware or SpyBot or something similar it might very well be they put them there. You can individually place unwanted sites there as well, as I and others do, and then save them, (which someone started referring to as "nasties").
Here's an example of a good thing, the registry address of one site example I have in my restricted list:
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonadialer.com]
Hijack works well by identifying unusual windows registry entries, and allows you to delete them.
Let me be the first to say...."Are you logged in?"
What happens when you delete them and what are you using to do the deletion.?
I suspect you are not erasing the actual items, but the reg keys that keep track of them. That is why they get replaced.
There are a few free reg cleaners that have a nifty automatic cleaner that does pretty well.
I use reg Medic, that I paid a few dollars for and it is safe to use in auto. It roots out all of the locations and creates a backup if you screw something up.
Your op system is part of the problem. It is a real piece of work. I dumped mine and got XP.
I would not worry too much, now that you have ZA. It works like a charm. But remember that you tell it what to do, so it will open a port if you say it is OK.
I run mine with the warnings turned off unless a prog asks for permissions.
Also, make sure you have a updated virus screener that has a recovery data base. These fool hooks latch onto required files and kill your OS.
Run scan disk at full checkout and then run defrag. You need to kill your browser and all working programs when you do this so nothing interferes with the defrag.
I used to recommend doing it in safe mode, but some os defragers misinterpret and rearrange or loose data so I run it hot booted but programs off.
It really helps the speed if you keep it defraged if you do not have a high speed drive or large capacity. I have a older machine that needs tuneup frequently.
As a good start, go to SEARCH. Search by date for all CREATED files in the last two weeks.
That should give you a start.
If you are clueless, you could have stuff in there for a year already.
bump for later read