Someone is stealing my bandwith ????

[kalniel]

Update: 5:47am
Weather: Hostile as a Moose's fart ( Solar Storm ?? )

Downloaded Emsisoft Anti Malware ( heard it was best - sry kal )
detected and quarantined 35 objects
trying to manually remove one called spigot

m

Never heard of that before. Is it this one:
http://www.pcmag.com/article2/0,2817,2364196,00.asp
?

With one off scanners it's no problem running more than one (just not at the same time!) - so try MBAM as well.

Anyway, sounds like you did have some bad things around. If you have difficulty removing them look up combofix.

[MadduckUK]

http://howtoformatacomputer.com/

+



=

[mycarsavw]

Work your way through the suggestions in this thread - http://forums.majorgeeks.com/showthread.php?t=35407.

If you're still stuck at the end of it, start a thread over there and let them sort you out.

[TheAnimus]

Work your way through the suggestions in this thread - http://forums.majorgeeks.com/showthread.php?t=35407.

If you're still stuck at the end of it, start a thread over there and let them sort you out.

Sorry but no.

We've got at least a remote access trojan.

"I say we take off and nuke the site from orbit."

[mycarsavw]

Sorry but no.

We've got at least a remote access trojan.

"I say we take off and nuke the site from orbit."

You're not a DM reader, be rational, it's not insurmountable.

Copying the files off to another location could easily bring the trojan with them, thus infecting another HDD?

Start with the basics - download the tools you need (from another PC if you can) to perform the suggestions in the thread and then remove the connection to the internet.

[TheAnimus]

You're not a DM reader, be rational, it's not insurmountable.

Copying the files off to another location could easily bring the trojan with them, thus infecting another HDD?

No, no it can't.

It could write the boot sector of the device, hell it could even convert every JPEG or WMF to have a known exploit for GDI+ system to allow arbitary code execution.

None of that will be a problem if the steps I gave are followed, refromat from a known good source (ie DVD) Apply all patches, updates and set up MSE or similar. Then in a restricted user scan the drive and copy the files across to restricted places only. Nothing in Program Files or Windows folder.

Start with the basics - download the tools you need (from another PC if you can) to perform the suggestions in the thread and then remove the connection to the internet.

We've got a simple trojan already picked up, a few odd connections to an AUZ host (didn't want to pry) but not nearly enough for a computer that has had that kind of infection on average has.

As such I'd hazard a guess there is a rootkit present, or at the very least stealthed files.

Given that OP hasn't followed proper security procedures, I don't think he will get a removal of such things right.

[mycarsavw]

I agree to a point, but your last statement kinda goes against your first (now in bold)

None of that will be a problem if the steps I gave are followed, refromat from a known good source (ie DVD) Apply all patches, updates and set up MSE or similar. Then in a restricted user scan the drive and copy the files across to restricted places only. Nothing in Program Files or Windows folder.We've got a simple trojan already picked up, a few odd connections to an AUZ host (didn't want to pry) but not nearly enough for a computer that has had that kind of infection on average has.

[...]

Given that OP hasn't followed proper security procedures, I don't think he will get a removal of such things right.

If it was my PC, I'd want to rescue it (more for the thrill of the challenge than anything but...) - your reasoning is more sound though.

It's also much quicker to start again.

[Ferral]

Could try removal with Malwarebytes after booting into safe mode without networking. Its pretty comprehensive and manages to remove most things.

Reformat is the definate get shot of but I always look at recovery first and formost

[scaryjim]

My experience of dealing with virus-ridden machines (in particular a family with one PC that was used for all their business purposes *and* as the main family PC - two teenage children *shudder*) is that once you hit a certain critical mass of problem files the time spent trying to unpick the problems on the current install is amost always an order of magnitude greater than the time it takes to do a fresh install and restore backed up critical files. Hell, I used to keep a machine around specifically for scanning the backups from infected machines (which I would then nuke and reinstall regularly) so I didn't infect any of my critical machines, and it was *still* quicker and more efficient than trying to clean a heavily infected machine.

As much as it may be possible to thoroughly and properly clean the OPs computer, I sincerely doubt that it's worth the time and effort, particularly since you only need one unrecognised threat to start the whole nasty mess off again ... after all, no anti-virus or threat detector is 100% effective.

[KeyboardDemon]

Could try removal with Malwarebytes after booting into safe mode without networking. Its pretty comprehensive and manages to remove most things.

Reformat is the definate get shot of but I always look at recovery first and formost

I tend to follow this school of thought, recover the system, back up essential data/files, gamesaves etc... Then get those files scanned from a protected PC for hidden threats etc... I have an older PC with no OS installed as I ran out of licences so I usually install a trial of Windows, update it and the install a trial of a good Internet Security package like Kaspersky and use this to scan the external HDD with the copied files on.

Once I'm confident that I have no more files with issues and that my most important files are safe then I will reformat and install from fresh. But I think it has been close to 10 years since I have had to do this on any of my own computers.

[Apex]

No, no it can't.

It could write the boot sector of the device, hell it could even convert every JPEG or WMF to have a known exploit for GDI+ system to allow arbitary code execution.

None of that will be a problem if the steps I gave are followed, refromat from a known good source (ie DVD) Apply all patches, updates and set up MSE or similar. Then in a restricted user scan the drive and copy the files across to restricted places only. Nothing in Program Files or Windows folder.We've got a simple trojan already picked up, a few odd connections to an AUZ host (didn't want to pry) but not nearly enough for a computer that has had that kind of infection on average has.

As such I'd hazard a guess there is a rootkit present, or at the very least stealthed files.

Given that OP hasn't followed proper security procedures, I don't think he will get a removal of such things right.

^This - If there is a root kit on there then he/she would be stuffed and wasiting their time trying to unpick it.

Been there done that leanred when to give up and nuke it.

[directhex]

There's only one solution to an infestation like this.

[shaithis]

This is why I like a system image backup online that is less than a week old.

[lodore]

I agree with TheAnimus.
To reduce the risk of infection to the fresh installed OS I would recommend using a antivirus rescue disc to scan the user files copied to external drive. there are a few free solutions avaliable. my favourite atm is the kaspersky one.

[melon]

Never heard of that before. Is it this one:
http://www.pcmag.com/article2/0,2817,2364196,00.asp
?

With one off scanners it's no problem running more than one (just not at the same time!) - so try MBAM as well.

Anyway, sounds like you did have some bad things around. If you have difficulty removing them look up combofix.

Yes thats it , it detected 25 objects which I deleted as opposed to the other which I just put in quarantine.

m

[melon]

Could try removal with Malwarebytes after booting into safe mode without networking. Its pretty comprehensive and manages to remove most things.

Reformat is the definate get shot of but I always look at recovery first and formost

should I try it again then as I just booted in normally ?

m