The Mother Board

Motherboards.org forums. Free tech support, motherboard ID, and more.
It is currently Tue Sep 18, 2018 5:48 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 30 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject:
PostPosted: Sat Apr 17, 2010 8:01 am 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37463
Location: Netherlands
That looks quite familar to me, someone making money out of a free project again?
http://w3.win.tue.nl/nl/onderzoek/onder ... uoiaview//

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 11:11 am 
Offline
Brown Belt
Brown Belt

Joined: Mon Jun 09, 2003 9:26 pm
Posts: 289
Location: MA
I have a fear that a virus may be the doing of my increased hard drive. I ran a thorough scan in both ZoneAlarm & Avast. Nothing showed up in ZoneAlarm but a file did show up in Avast (a file name something like UPS Invoice.exe). I wish I had written the entire folder location down but I chose to delete the file @ the next startup. If I remember correctly it was in Application data or local settings. My hard drive is still increasing making me concerned if it really did get deleted. I did a Windows search looking for the file (I made sure to select to look in hidden files & folders) but nothing showed up. What else should I do?

My other option would be to restore my HD to July 3, 2009 which would suck b/c I would loose a lot of date. Although a few days ago I threw my most important stuff onto my Powerbook just in case.

Also, should I be worried about security? I haven't logged into any banking sites or sites w/ important info just in case.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 11:44 am 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37463
Location: Netherlands
hmmm or something like this:
http://en.wikipedia.org/wiki/Rootkit

In which case a system restore won't help either. Tried some rootkit revealing tools yet?

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 11:53 am 
Offline
Brown Belt
Brown Belt

Joined: Mon Jun 09, 2003 9:26 pm
Posts: 289
Location: MA
I ran F-Secure a few days ago but I ran it in regular mode, tried running it in Safe Mode but it said I had to run it regular. Can you recommend any other good rootkit eliminators?


Last edited by dizzyflower28 on Sat Apr 17, 2010 11:56 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 11:54 am 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Wed Nov 12, 2003 11:57 am
Posts: 20858
Location: 07438
If you have removed suspicious files or folders, and they return, likely it could be a virus. Or a program that loads when the OS starts, replicating "lost" files. The 'Start-up' link from the start menu should have no listings except what is actually needed. Any program needed will load when required, and then close completely when you want it to.. instead of lingering unused in the background, wasting CPU cycles and memory.
You can check the Task Manager for what processes are running, and note which are taking the largest chunk of operating space. The Task Manager also shows what applications are running, whether or not in actual use. The 'performance' part of Task Manager shows what memory and CPU usage is, at the current time. More than 50 processes running when you have no actual programs in use indicates excess overhead.
You can check what programs auto-start from running msconfig and check the 'start up' tab. Any changes made will require a restart. Be cautious about certain processes, as they may cause a failure of the OS to load properly. The SysTray box in the lower right corner of the screen shows active processes. Any more than eight, including the clock and speaker symbol, indicates excessive programming in operation.
Some "finder" programs are notorious about collecting files it deems you would like, and are more a nuisance than a help.
In the worst case, you may want to get a new hard drive and do a full new install. It would be a hassle, but you can set your preferences as needed. Then just copy over your files. But before any copy is made with the old drive, use the new setup to give it a good, deep scan. This would reduce the risk of that "infection" migrating to your new install.

_________________
F@H.. to solve mankind's maladies.. in our lifetimes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 12:05 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37463
Location: Netherlands
dizzyflower28 wrote:
I ran F-Secure a few days ago but I ran it in regular mode, tried running it in Safe Mode but it said I had to run it regular. Can you recommend any other good rootkit eliminators?


there's no such thing as an eliminator, only a detector. a rootkit is specifically written to penetrate your system to the level where you cannot remove it...

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 12:05 pm 
Offline
Brown Belt
Brown Belt

Joined: Mon Jun 09, 2003 9:26 pm
Posts: 289
Location: MA
As far as the task manager, I'm under processes and am not seeing anything too alarming. Although I did count 68 processes running.

In your opinion could this be a virus is there a possibility it's Photoshop?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 12:07 pm 
Offline
Brown Belt
Brown Belt

Joined: Mon Jun 09, 2003 9:26 pm
Posts: 289
Location: MA
Would most rootkit detectors be able to detect a problem in regular mode vs safe mode?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 12:53 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Wed Nov 12, 2003 11:57 am
Posts: 20858
Location: 07438
Rootkits are a nasty form of DRM, or Digital Rights Management. The Sony/BMG rootkit was one of the worst. But there are rootkit removers from many sources, some free and others that do cost a few dollars. This Rootkit Removal Guide should help explain the safest way to remove them.
Some brands of anti-virus software do have rootkit detection/removal facilities. Rootkits come not only from installed software, but can come from certain unsavory sites.. even suspicious Emails. My AVG program picked up a rootkit the other day, and I had not installed any programming in more than a week, or visited untrusted sites. Was moved to the 'virus vault' and I deleted it. So far, no return.

_________________
F@H.. to solve mankind's maladies.. in our lifetimes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Apr 17, 2010 12:57 pm 
Offline
Brown Belt
Brown Belt

Joined: Mon Jun 09, 2003 9:26 pm
Posts: 289
Location: MA
Thanks, I'll try running it and see what happens. If the problem is a virus & not a rootkit, would doing a system restore to July 3, 2009 remove the problem?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 30 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group