Results 1 to 15 of 15

Thread: Security Compromised

  1. #1
    Senior Member wannabgeek's Avatar
    Join Date
    Jan 2005
    Location
    Essex
    Posts
    723
    Thanks
    8
    Thanked
    1 time in 1 post
    • wannabgeek's system
      • Motherboard:
      • Asus M4A89GTD-Pro-USB3
      • CPU:
      • AMD x6 1055T Phenom @3.3ghz with Hyper 212+ HSF
      • Memory:
      • 4GB Corsair XMS3 (2x2GB) since upgraded to Corsair DD3 XMS3 8gb (2x 4gb) CMX8GX3M2A1600C9
      • Storage:
      • OCZ 120GB SSD / 250GB Samsung Spinpoint Sata H / 200GB Maxtor
      • Graphics card(s):
      • Powercolor HD 6850 1GB GDDR5
      • PSU:
      • Tx 650w Corsair PSU
      • Case:
      • Lancool K62
      • Operating System:
      • Windows 7 64 Ultimate (the cheapest)
      • Monitor(s):
      • Dell 19"
      • Internet:
      • Firefox & 20MB Sky max

    Security Compromised

    Hi
    Hope you can ps help me here! Yesterday i got a warning from spyblaster telling me my ie security settings have been changed I can only put this down to me uninstalling Spybots 'Teatime', A2 & MSantispy! The reason i got rid of them was because i purchased spy sweeper (supposedly a lot better) and i wanted just 1 dedicated prog running at startup monitoring everything instead of 3 as to avoid conficts! But now i think its back fired on me! Is there a site/prog to test spysweeper to see if its working ok?
    Ps i also have; Adaware se/Spybot/Ewido (free)/CCleaner/CWShredder & of course a FW and AV progs
    Windows 7 64 Ultimate
    AMD x6 1055T Phenom @3.3ghz
    Asus M4A89GTD-Pro-USB3
    HD 6850 1GB GDDR5
    4GB Corsair XMS3 (2x2GB)
    Tx 650w Corsair PSU
    250GB Samsung Spinpoint Sata HD
    200GB Maxtor Dmax10 IDE
    LG Sata2 DVD/RW
    Lancool K62 Case

  2. #2
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,963
    Thanks
    2,717
    Thanked
    3,263 times in 2,587 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine
    What aspect of your security settings have changed? You could have a look at www.grc.com although that won't necessarily give you much info about spyware/adware that is already installed on your system.
    Last edited by peterb; 31-12-2005 at 02:20 PM.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. #3
    Senior Member wannabgeek's Avatar
    Join Date
    Jan 2005
    Location
    Essex
    Posts
    723
    Thanks
    8
    Thanked
    1 time in 1 post
    • wannabgeek's system
      • Motherboard:
      • Asus M4A89GTD-Pro-USB3
      • CPU:
      • AMD x6 1055T Phenom @3.3ghz with Hyper 212+ HSF
      • Memory:
      • 4GB Corsair XMS3 (2x2GB) since upgraded to Corsair DD3 XMS3 8gb (2x 4gb) CMX8GX3M2A1600C9
      • Storage:
      • OCZ 120GB SSD / 250GB Samsung Spinpoint Sata H / 200GB Maxtor
      • Graphics card(s):
      • Powercolor HD 6850 1GB GDDR5
      • PSU:
      • Tx 650w Corsair PSU
      • Case:
      • Lancool K62
      • Operating System:
      • Windows 7 64 Ultimate (the cheapest)
      • Monitor(s):
      • Dell 19"
      • Internet:
      • Firefox & 20MB Sky max
    Hi Sinse the last post my Norton AV will not protect my PC ie Auto protect off,email scanning off and i cannot turn it on! I have scanned the pc but nothing found! Any ideas!

    Ps also tried removing spysweeper & Ewido guards ans resetting ie back yo defaults but i still cannot get Norton to protect! I am wondering if it was a prog (xpsafe) that i installed recently i have also reset it back to the state before it was installed but that dont work! I might have to do a clean install
    Windows 7 64 Ultimate
    AMD x6 1055T Phenom @3.3ghz
    Asus M4A89GTD-Pro-USB3
    HD 6850 1GB GDDR5
    4GB Corsair XMS3 (2x2GB)
    Tx 650w Corsair PSU
    250GB Samsung Spinpoint Sata HD
    200GB Maxtor Dmax10 IDE
    LG Sata2 DVD/RW
    Lancool K62 Case

  4. #4
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,963
    Thanks
    2,717
    Thanked
    3,263 times in 2,587 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine
    Have you re-installed Norton?
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  5. #5
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Download & run Rootkit Revealer - your system may appear unresponsive for a couple of minutes while it runs as it has to dig deep.

    Run Trend Micro Housecall on your system, see what it says.

    And I would reiterate what peterb said - have you tried a reinstall of Norton?
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  6. #6
    Senior Member wannabgeek's Avatar
    Join Date
    Jan 2005
    Location
    Essex
    Posts
    723
    Thanks
    8
    Thanked
    1 time in 1 post
    • wannabgeek's system
      • Motherboard:
      • Asus M4A89GTD-Pro-USB3
      • CPU:
      • AMD x6 1055T Phenom @3.3ghz with Hyper 212+ HSF
      • Memory:
      • 4GB Corsair XMS3 (2x2GB) since upgraded to Corsair DD3 XMS3 8gb (2x 4gb) CMX8GX3M2A1600C9
      • Storage:
      • OCZ 120GB SSD / 250GB Samsung Spinpoint Sata H / 200GB Maxtor
      • Graphics card(s):
      • Powercolor HD 6850 1GB GDDR5
      • PSU:
      • Tx 650w Corsair PSU
      • Case:
      • Lancool K62
      • Operating System:
      • Windows 7 64 Ultimate (the cheapest)
      • Monitor(s):
      • Dell 19"
      • Internet:
      • Firefox & 20MB Sky max
    Hi thaks for replying!
    I have uninstalled Norton and installed a new AV (etrust) for a few minutes that too was unprotected but now seems ok,i am just running all tests/scans as i am now worried i have viruses due to the unsecured settings! Thanks for the Rootkit i will run asap. I think i have conflicts with the new progs installed (Ewido, spysweeper) and cause they both have guards at startup they was conflicting and maybe because prior to there instalation i had also removed MSas, and got rid of the 'teatimer' as that too was a ie setting protector! But for the life of me i dont know why Norton got unprotected and why i now have an extra setting in 'Internet options/ security' called 'Your computer' which has a restriction icon just like the one on 'Restricted zone' ! Sorry to go on!

    Ps since lowered the new icons settings and now the icon is 'ie with 2 keys' Never seen that before!

    EDIT: Re ROOTKIT; What will it tell me?
    Last edited by wannabgeek; 31-12-2005 at 07:20 PM.
    Windows 7 64 Ultimate
    AMD x6 1055T Phenom @3.3ghz
    Asus M4A89GTD-Pro-USB3
    HD 6850 1GB GDDR5
    4GB Corsair XMS3 (2x2GB)
    Tx 650w Corsair PSU
    250GB Samsung Spinpoint Sata HD
    200GB Maxtor Dmax10 IDE
    LG Sata2 DVD/RW
    Lancool K62 Case

  7. #7
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,963
    Thanks
    2,717
    Thanked
    3,263 times in 2,587 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine
    Quote Originally Posted by Paul Adams
    Download & run Rootkit Revealer - your system may appear unresponsive for a couple of minutes while it runs as it has to dig deep.
    30 minutes later - and it's still running!
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  8. #8
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    Your best bet would be to reinstall Windows, and then install just 1 AV and one Anti-Spyware. Your Mesh probably has a reinstallation CD, which gives you a fresh, factory setting installation of Windows.
    New Sig on the Way...

  9. #9
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by wannabgeek
    Re ROOTKIT; What will it tell me?
    Rootkit Revealer dumps the raw contents of the registry hives and compares it to what the Windows APIs report (e.g. viewing with RegEdit).
    If there is a discrepancy then it can indicate some keys are being hidden by a rooted set of APIs - so they become invisible to AV & trojan scanners.
    Same kind of principle for files hidden on your disk and processes running in memory - the APIs are intercepted and the results modified so regular processes can't see these nasty things lurking on the system.

    This is the principle that Sony used to hide their DRM software, which is why there was a massive uproar - they silently installed the equivalent of a rootkit on your system just by putting a CD in.

    Hopefully Rootkit Revealer will find nothing - if it reports anything odd then post the results here.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  10. #10
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,963
    Thanks
    2,717
    Thanked
    3,263 times in 2,587 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine
    Full re-install really shhould be a last resort. Running one type of scanner though is a good idea to avoid conflicts. Running Trend's housecall (described by Paul) should check if your system is clean.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  11. #11
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,661
    Thanks
    53
    Thanked
    381 times in 312 posts
    how exactly do you think Shileds UP! will help ?

    it is a complete waste of time , its just a very rudementry port scanner that has been proven not to find trojans.

    take everythin you read on grc.com with a large pinch of salt , most of it is Self Publicism for the sites owner.

    grcsucks.com
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  12. #12
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,963
    Thanks
    2,717
    Thanked
    3,263 times in 2,587 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine
    Quote Originally Posted by Moby-Dick
    how exactly do you think Shileds UP! will help ?

    it is a complete waste of time , its just a very rudementry port scanner that has been proven not to find trojans.

    take everythin you read on grc.com with a large pinch of salt , most of it is Self Publicism for the sites owner.

    grcsucks.com
    I did say that it wouldn't help find spyware (or other malware) but it does give some assurance that there is some protection that malware that attacks open ports can be stopped - but of course gives no assurance that protection against 'legitimately' imported malware (ie through e mail, suspect web sites, FTP etc) is in place. Read the grcsucks site with interest!
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  13. #13
    Senior Member wannabgeek's Avatar
    Join Date
    Jan 2005
    Location
    Essex
    Posts
    723
    Thanks
    8
    Thanked
    1 time in 1 post
    • wannabgeek's system
      • Motherboard:
      • Asus M4A89GTD-Pro-USB3
      • CPU:
      • AMD x6 1055T Phenom @3.3ghz with Hyper 212+ HSF
      • Memory:
      • 4GB Corsair XMS3 (2x2GB) since upgraded to Corsair DD3 XMS3 8gb (2x 4gb) CMX8GX3M2A1600C9
      • Storage:
      • OCZ 120GB SSD / 250GB Samsung Spinpoint Sata H / 200GB Maxtor
      • Graphics card(s):
      • Powercolor HD 6850 1GB GDDR5
      • PSU:
      • Tx 650w Corsair PSU
      • Case:
      • Lancool K62
      • Operating System:
      • Windows 7 64 Ultimate (the cheapest)
      • Monitor(s):
      • Dell 19"
      • Internet:
      • Firefox & 20MB Sky max
    Hi paul sorry for late reply
    Below is the results of rootkits scan. There are also 4 new lines without a GREEN TICK in spybots WINSOCK LSP's Would these results have compromised my credit card details/PAYPAL etc as now i'm too scared to even check

    HKLM\SOFTWARE\Classes\webcal\URL Protocol 13-2-05 19:53 13 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SOFTWARE\Sonic Desktop Software\Common\LibraryFilesFolder 25-6-05 20:20 87 bytes Data mismatch between Windows API and raw hive data.
    C:\Documents and Settings\Me\Local Settings\Temp\~DF651.tmp 2-1-06 13:10 16.00 KB Hidden from Windows API.
    C:\Documents and Settings\Me\Local Settings\Temp\~DF662.tmp 2-1-06 13:10 512 bytes Hidden from Windows API.
    C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\85M7OHM7\CAV2SV75.HTM 2-1-06 13:11 1.15 KB Hidden from Windows API.
    Last edited by wannabgeek; 02-01-2006 at 03:17 PM.
    Windows 7 64 Ultimate
    AMD x6 1055T Phenom @3.3ghz
    Asus M4A89GTD-Pro-USB3
    HD 6850 1GB GDDR5
    4GB Corsair XMS3 (2x2GB)
    Tx 650w Corsair PSU
    250GB Samsung Spinpoint Sata HD
    200GB Maxtor Dmax10 IDE
    LG Sata2 DVD/RW
    Lancool K62 Case

  14. #14
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by wannabgeek
    HKLM\SOFTWARE\Classes\webcal\URL Protocol 13-2-05 19:53 13 bytes Data mismatch between Windows API and raw hive data.
    HKLM\SOFTWARE\Sonic Desktop Software\Common\LibraryFilesFolder 25-6-05 20:20 87 bytes Data mismatch between Windows API and raw hive data.
    C:\Documents and Settings\Me\Local Settings\Temp\~DF651.tmp 2-1-06 13:10 16.00 KB Hidden from Windows API.
    C:\Documents and Settings\Me\Local Settings\Temp\~DF662.tmp 2-1-06 13:10 512 bytes Hidden from Windows API.
    C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\85M7OHM7\CAV2SV75.HTM 2-1-06 13:11 1.15 KB Hidden from Windows API.
    The first appears to be a common false positive according to posts on Rootkit Revealer's forum.

    The second looks a like a registry corruption, it is a reference to an app's folder not an executable so I would assume is benign (to fix this I would remove the "Sonic Desktop Software" and check again - if still present then delete the key HKLM\SOFTWARE\Sonic Desktop Software\Common\LibraryFilesFolder).

    3 files hidden from the OS, though 1 is too small to be of signifance I think (512 bytes) so the other 2 may be false alarms too.
    What you could try to do is 1 of the following:
    1. Clean out all temporary files and rescan
    2. Delete the user profile for "Me"

    To clean the temp folders:
    - reboot the machine to release all file locks
    - go into IE - Tools/Internet Options:
    -- click "Delete Cookies"
    -- click "Delete Files" (check "all offline content")
    -- click "Clear History"
    - enter the following command at the Start/Run prompt (including quotes):
    "%userprofile%\Local Settings\Temp"
    This should open an Explorer window with the ceontents if the user's temp folder - delete all the contents you can in here.

    To delete the user profile for "Me" entirely:
    - login as a different user with admin privileges
    - right-click My Computer, click Properties
    - go to the Advanced tab, click the middle "Settings" button (User Profiles)
    - select the profile for "Me" and click Delete
    - log back in as "Me" and you will get a default profile again
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  15. #15
    Senior Member wannabgeek's Avatar
    Join Date
    Jan 2005
    Location
    Essex
    Posts
    723
    Thanks
    8
    Thanked
    1 time in 1 post
    • wannabgeek's system
      • Motherboard:
      • Asus M4A89GTD-Pro-USB3
      • CPU:
      • AMD x6 1055T Phenom @3.3ghz with Hyper 212+ HSF
      • Memory:
      • 4GB Corsair XMS3 (2x2GB) since upgraded to Corsair DD3 XMS3 8gb (2x 4gb) CMX8GX3M2A1600C9
      • Storage:
      • OCZ 120GB SSD / 250GB Samsung Spinpoint Sata H / 200GB Maxtor
      • Graphics card(s):
      • Powercolor HD 6850 1GB GDDR5
      • PSU:
      • Tx 650w Corsair PSU
      • Case:
      • Lancool K62
      • Operating System:
      • Windows 7 64 Ultimate (the cheapest)
      • Monitor(s):
      • Dell 19"
      • Internet:
      • Firefox & 20MB Sky max
    Well it looks as if i have got the JPG Virus!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. IEEE approves 802.11i security spec
    By Steve in forum PC Hardware and Components
    Replies: 1
    Last Post: 25-06-2004, 05:48 PM
  2. Have you done all of your windows updates ?
    By Moby-Dick in forum General Discussion
    Replies: 33
    Last Post: 05-05-2004, 01:23 PM
  3. "Real" Security Sites
    By Moby-Dick in forum Software
    Replies: 6
    Last Post: 13-04-2004, 11:05 AM
  4. WTF is this about? Security Breach?
    By megatron in forum Welcome to HEXUS!
    Replies: 2
    Last Post: 08-10-2003, 06:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •