Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the
shift key down while inserting the USB storage device for about
10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.
Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.
Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can
disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to
steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:
What danger is presented by rootkits? Rootkits and how to combat them r00tkit Analysis: What Is A RootkitIf you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please
get to a known clean computer and change all passwords where applicable.
Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?What Should I Do If I've Become A Victim Of Identity Theft? Identity Theft Victims Guide - What to doIt is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits
cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIWhere to draw the line? When to recommend a format and reinstall?Guides for format and reinstall:how-to-reformat-and-reinstall-your-operating-system-the-easy-wayHowever, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please
consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware,
I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.
Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
