Quantcast

Maximum PC

It is currently Sat Oct 25, 2014 11:52 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 13 posts ] 
Author Message
 Post subject: Attacked?
PostPosted: Sun Jul 25, 2004 10:16 pm 
8086
8086

Joined: Sun Jul 25, 2004 9:03 pm
Posts: 4
Location: San Francisco - Bay Area
Help,

Please, I am a long time Max PC reader, new to this forum, I am hoping somebody can anybody figure out what is going on with my new computer. I’m wonder if I am a victim of a malicious attack. Actually I know that I was attacked, I’m trying to figure out if the attack is more serious than I first thought because of all of the anomalous, seemingly unrelated problems I’ve been having.

First, I was attacked when I was installing Service Pack 1 on a new system. After I installed the service pack I went to User Accounts only to find some low life logged on as CClogon. After I booted him (or her) off I did a virus scan and found the Blaster worm and a virus that I never heard of. I removed them. However I’ve had some really strange computer problems since then.

Hear is a list of seemingly unrelated problems that I’ve been experiencing: I get an error message every time I boot, “WbLogon.exe – Application Error”, I also get an error message “Error: loader couldn’t initialize service!”

Then my system cannot see the disks on either of my optical drives unless I reboot with the disk that I want to read in the internal drive (I also have a portable Plextor and the above info does not apply as it cannot read anything but installed games). If I go to My Computer and try to see what is on the disk it shows that there is no data at all on the disk. If I try to read the disk I get a “Disk not formatted” warning that says, “Windows cannot read from this disk. The disk may be corrupted or it could be using a format that is not compatible with Windows.”

I just had the last error on a back up disk of some of my photos. I had just read the data on my internal optical drive. Then I put it into my Plextor and got the error message above.

I am also having problems with my left mouse button not being “clickable” I can select things but cannot click on shortcuts to invoke apps.

BTW the disk reading problems do not apply to games which have already been installed!

Finally I am getting a rumbling in my woofer (Klipsch 2.1) when I am playing MS CFS 3 while I’m on head phones! This also sometimes happens when I am logging off but again with my head phones on.

My system is XP home, with a 2.6 P4, a Gforce 4, a SoundBlaster Audium, 512 ram, on an Iwill P4HT-S motherboard.

Help, I’m open to any ideas. Oh I forgot when I attempt to defrag I get another error message, “Disk Defragmenter could not start.” even when I just try to analyze my hard drives.

I’m thinking that my attacker planted some nasty little app in my registry to screw with me. Anybody have any ideas????

Finially FYI I have run chkdsk/ f twice.


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jul 25, 2004 10:28 pm 
Thunderbird
Thunderbird
User avatar

Joined: Fri Jun 25, 2004 3:51 pm
Posts: 844
ya'll could just post this once.


well since you seem to have been compromised yes other stuff could have been done.

this is why i always either

1. install SP's / updates from CD media i.e. download network install sp1 plus updates burn to CD) before hooking a windows pc upto the internet.

or

2. have my windows PC's behind a Linux Firewall/ or NAT router (shielding the Windows computer from such threats (to some extent) while installing the updates.

Actually I personally do not like the idea of having windows pc's hooked directly to the internet at all and Do and Recommend to others having something between the Windows PC's and the internet (NAT router/Linux Firewall...etc)

since you've been compromised I suggest you get the updates burned to a CD and reformat and apply the patches BEFORE hooking this box back up to the internet.

oh yeah and get a firewall and Antivirus (I suggest AVG antivirus and Sygate PF)


Top
  Profile  
 
 Post subject:
PostPosted: Mon Jul 26, 2004 6:15 am 
Sailorman
Sailorman
User avatar

Joined: Sun Jul 11, 2004 10:34 am
Posts: 480
Location: Redmond, Oregon, USA
maddingo wrote:

oh yeah and get a firewall and Antivirus (I suggest AVG antivirus and Sygate PF)


Just curious here: Why do you recomend AVG over Norton's. Because it's free? I've noticed many members like AVG but Norton's Antivirus seems to get better reviews based on performance and detection ability. It Does take more resources though.

By the way I've never used an anti virus program except for Norton's since ver. 4.0 and a 3 month stab a McCafee a few years ago.


Top
  Profile  
 
 Post subject:
PostPosted: Mon Jul 26, 2004 6:32 am 
Contributing Writer
Contributing Writer
User avatar

Joined: Wed Jun 23, 2004 8:09 pm
Posts: 9602
Location: Land of the Lounge Lizards
Nightcrawler wrote:
maddingo wrote:

oh yeah and get a firewall and Antivirus (I suggest AVG antivirus and Sygate PF)


Just curious here: Why do you recomend AVG over Norton's. Because it's free? I've noticed many members like AVG but Norton's Antivirus seems to get better reviews based on performance and detection ability. It Does take more resources though.

By the way I've never used an anti virus program except for Norton's since ver. 4.0 and a 3 month stab a McCafee a few years ago.


Because AVG is every bit as good as Norton and the less resources is a big plus. In MY personal experience, it's been faster and performed better. When I gave AVG a try on a bloated PC, it found 3 more viruses than I could get Norton to detect. Not exactly a scientifically test to be fair, but when a program runs faster and performs better, it earns my attention.

I'll also note that AVG's free version scored higher than the paid version of Norton in MaxPC some months back (9/10). IIRC, the only cons had to do with limitations of the free version.


Top
  Profile  
 
 Post subject: Re: Attacked?
PostPosted: Mon Jul 26, 2004 7:50 am 
I'd rather be modding!
I'd rather be modding!
User avatar

Joined: Fri Jun 25, 2004 3:47 pm
Posts: 3731
Location: Las Vegas
Even assuming no attack occured - you have enough problems that I would advise a reinstall on WIndows.

Before you do this, download a bios flash to floppy (don't use it - its just incase something in the BIOS has been affected by the attack - yes, I know I am paranoid :) But I have seen what happens to a computer that has had the BIOS "played with")

Do as the others said - patch offline first and makesure you have a firewall inplace before you go online. Use the ICF if need be. That would at least stop blaster.

Oh Yeah - other stupid things I have learned. Don't use any l337 or haxor speak in what you call your system. Or in anything that might gain the atttension of someone.

Anyways - since you don't know what the attacker did, its best to do a full reinstal and make sure its all gone.

Maybe do the CMOS Batt. dance as well? Let someone else second that - not sure it needed.

Manta


Top
  Profile  
 
 Post subject:
PostPosted: Mon Jul 26, 2004 7:56 am 
I'd rather be modding!
I'd rather be modding!
User avatar

Joined: Fri Jun 25, 2004 3:47 pm
Posts: 3731
Location: Las Vegas
Nightcrawler wrote:
maddingo wrote:

oh yeah and get a firewall and Antivirus (I suggest AVG antivirus and Sygate PF)


Just curious here: Why do you recomend AVG over Norton's. Because it's free? I've noticed many members like AVG but Norton's Antivirus seems to get better reviews based on performance and detection ability. It Does take more resources though.

By the way I've never used an anti virus program except for Norton's since ver. 4.0 and a 3 month stab a McCafee a few years ago.


I think mainly because its free and its good. I use NAV04 and haven't decided if I will switch when subscription time comes.

I will have to check AVG out first. Both are great at catching virii - but what is functionality of free AVG? Is it schedulable, does it autoupdate, does it autoprotect? Scan all incoming files including email? If not, I will stick with NAV. For me, the small fee is worth it. For others, maybe not.

Manta


Top
  Profile  
 
 Post subject:
PostPosted: Mon Jul 26, 2004 8:05 am 
Contributing Writer
Contributing Writer
User avatar

Joined: Wed Jun 23, 2004 8:09 pm
Posts: 9602
Location: Land of the Lounge Lizards
Seems to cover all your concerns:

AVG Free Highlights


Top
  Profile  
 
 Post subject:
PostPosted: Mon Jul 26, 2004 12:13 pm 
I'd rather be modding!
I'd rather be modding!
User avatar

Joined: Fri Jun 25, 2004 3:47 pm
Posts: 3731
Location: Las Vegas
One4yu2c wrote:
Seems to cover all your concerns:

AVG Free Highlights


Nice, I will look at it closer when my sub expires

Manta


Top
  Profile  
 
 Post subject: Re: Attacked?
PostPosted: Mon Jul 26, 2004 12:36 pm 
I'd rather be modding!
I'd rather be modding!
User avatar

Joined: Fri Jun 25, 2004 3:47 pm
Posts: 3731
Location: Las Vegas
BTW, I know you are new here, So welcome to the forum.

However, in the future only post in one place. It gets confusing when you post in two different sections.

For this problem, the Free Clinic is the right place.

Although the Windows parlor would have been acceptable (probably)

Manta


Top
  Profile  
 
 Post subject:
PostPosted: Mon Jul 26, 2004 6:46 pm 
Thunderbird
Thunderbird
User avatar

Joined: Fri Jun 25, 2004 3:51 pm
Posts: 844
Nightcrawler wrote:
maddingo wrote:

oh yeah and get a firewall and Antivirus (I suggest AVG antivirus and Sygate PF)


Just curious here: Why do you recomend AVG over Norton's. Because it's free? I've noticed many members like AVG but Norton's Antivirus seems to get better reviews based on performance and detection ability. It Does take more resources though.

By the way I've never used an anti virus program except for Norton's since ver. 4.0 and a 3 month stab a McCafee a few years ago.



hey I like AVG because it is good (been running it on a 1/2 dozen machines at my house for about 1.5 years without a virus undetected virus incident) and it is teh FREE :D additionally it is light on the system resource usage / lighter than norton certainly

being cheap I don't like to pay for things I do not need. If GIMP was a bit more robust I'd use it over photoshop but photoshop helps me get things done... so PS it is, but for my Antivirus AVG gets the job done well and for free.

I use to use Kerio PF until they released an update that cause BSOD's on 2x of my computers, so I switched to Sygate and it has been roxoring.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Aug 12, 2004 12:41 am 
8086
8086

Joined: Sun Jul 25, 2004 9:03 pm
Posts: 4
Location: San Francisco - Bay Area
For you all’s information. I took most of your advice. I rebuilt my system. I did a hard reformat, did the long version of CKDSK and after about five try’s reinstalled XP. Then I slowly reinstalled my software just to see if I was getting a software conflict. Everything was cool – until about two nights ago. First, I began getting a lot of warnings from Zone Alarm. Then I got a warning about Disk keeper not initializing (I’ve had probs with Disk Kepper before, but just hogging the CPU). I had done a couple of defrags with Diskeeper FYI.

Again I can’t read my optical drives nor even do a defrag analysis. I tried to do an XP repair. Then I got a demand that I had to input my administrator password (which I had not installed). I then did put in a password, but it was not recognized by XP when I again tried to do a repair. So the long and short is that I cannot do a repair, defrag, install new software or trust my system. Oh I also have a bunch of errors and warning in my event log.

So I may have a combination of a Diskeeper conflict (uninstalled) and or another hacker attack.

I’m coming to the opinion that I may have a lame brained POS in my neighborhood doing port scans and doing malicious hacking.

Anyway all thanks for the advice but I’m back to square one.

Anybody have any idea of how to catch a malicious hacker?


Top
  Profile  
 
 Post subject:
PostPosted: Thu Aug 12, 2004 2:24 am 
Boy in Black
Boy in Black
User avatar

Joined: Thu Jun 24, 2004 1:40 pm
Posts: 24345
Location: South of heaven
Hmmm...catching one has all sorts of edges. I haven't dealt with 'em in a while, but used to get them all the time (until, oh...1999?). Back then, it was just playing around with them. Like, laying honeypot traps then let 'em get a taste of their own medicine and such. Now days I'm sure it's harder than that, and really can't post the methods. It's not that no one here wants to help, it's just that it's not a topic that we should discuss. The tools are out there, you just have to look. It's just that in many cases, the tools used to defend yourself are the same tools that cause the trouble in the first place.

I'd like to advise the use of a hardware firewall in a router first of all. Then make sure you go through all the settings correctly. Change anything from default and just really dig through it. It's not easy at first and takes a lot of reading around while you learn what does what, but education is the best defense IMO. Maybe just head down to Barnes and noble to sit around reading a couple books. Oh, Software is fine, but a little too "user friendly" sometimes.

When I was wireless, you'd be amazed at how many you can stumble upon that were totally accessable due to default settings. And the same holds true to wired set ups, you just have to look harder and more directly for these.

I'm just guessing that you are right about someone just sniffing around and found your PC to play with. See if you can find some more clues. This guy, if it is an attack, is pretty small time if he's screwing with you're PC and tend to get really sloppy once their ego is boosted. If it's an attacker, he's in the training stages in all reality. See if your ISP can aid you at all. They have some wicked stuff at hand to see just about anything going on as far as activity on your line. I'd even bet they'd be eager to help.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Aug 12, 2004 7:10 am 
Team Member Top 500
Team Member Top 500
User avatar

Joined: Wed Jun 23, 2004 2:22 pm
Posts: 4154
Location: Tampa FL.
If you think or have solid data showing intrusion to the system, IMO the best bet is to redo from square 1. No sense in trying to manually look for and fix the multitude of things that could have been done. That would take more time than just whipping out the CD and rebuilding.

Oh ya and as pointed out get a firewall or NAT between you and the connection stat.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

© 2014 Future US, Inc. All rights reserved.