Increasing Hard Drive Issue

Help and Discussion

Moderator: The Mod Squad

Postby evasive » Sat Apr 17, 2010 8:01 am

That looks quite familar to me, someone making money out of a free project again?
http://w3.win.tue.nl/nl/onderzoek/onder ... uoiaview//
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby dizzyflower28 » Sat Apr 17, 2010 11:11 am

I have a fear that a virus may be the doing of my increased hard drive. I ran a thorough scan in both ZoneAlarm & Avast. Nothing showed up in ZoneAlarm but a file did show up in Avast (a file name something like UPS Invoice.exe). I wish I had written the entire folder location down but I chose to delete the file @ the next startup. If I remember correctly it was in Application data or local settings. My hard drive is still increasing making me concerned if it really did get deleted. I did a Windows search looking for the file (I made sure to select to look in hidden files & folders) but nothing showed up. What else should I do?

My other option would be to restore my HD to July 3, 2009 which would suck b/c I would loose a lot of date. Although a few days ago I threw my most important stuff onto my Powerbook just in case.

Also, should I be worried about security? I haven't logged into any banking sites or sites w/ important info just in case.
dizzyflower28
Brown Belt
Brown Belt
 
Posts: 289
Joined: Mon Jun 09, 2003 9:26 pm
Location: MA

Postby evasive » Sat Apr 17, 2010 11:44 am

hmmm or something like this:
http://en.wikipedia.org/wiki/Rootkit

In which case a system restore won't help either. Tried some rootkit revealing tools yet?
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby dizzyflower28 » Sat Apr 17, 2010 11:53 am

I ran F-Secure a few days ago but I ran it in regular mode, tried running it in Safe Mode but it said I had to run it regular. Can you recommend any other good rootkit eliminators?
Last edited by dizzyflower28 on Sat Apr 17, 2010 11:56 am, edited 1 time in total.
dizzyflower28
Brown Belt
Brown Belt
 
Posts: 289
Joined: Mon Jun 09, 2003 9:26 pm
Location: MA

Postby Karlsweldt » Sat Apr 17, 2010 11:54 am

If you have removed suspicious files or folders, and they return, likely it could be a virus. Or a program that loads when the OS starts, replicating "lost" files. The 'Start-up' link from the start menu should have no listings except what is actually needed. Any program needed will load when required, and then close completely when you want it to.. instead of lingering unused in the background, wasting CPU cycles and memory.
You can check the Task Manager for what processes are running, and note which are taking the largest chunk of operating space. The Task Manager also shows what applications are running, whether or not in actual use. The 'performance' part of Task Manager shows what memory and CPU usage is, at the current time. More than 50 processes running when you have no actual programs in use indicates excess overhead.
You can check what programs auto-start from running msconfig and check the 'start up' tab. Any changes made will require a restart. Be cautious about certain processes, as they may cause a failure of the OS to load properly. The SysTray box in the lower right corner of the screen shows active processes. Any more than eight, including the clock and speaker symbol, indicates excessive programming in operation.
Some "finder" programs are notorious about collecting files it deems you would like, and are more a nuisance than a help.
In the worst case, you may want to get a new hard drive and do a full new install. It would be a hassle, but you can set your preferences as needed. Then just copy over your files. But before any copy is made with the old drive, use the new setup to give it a good, deep scan. This would reduce the risk of that "infection" migrating to your new install.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20687
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby evasive » Sat Apr 17, 2010 12:05 pm

dizzyflower28 wrote:I ran F-Secure a few days ago but I ran it in regular mode, tried running it in Safe Mode but it said I had to run it regular. Can you recommend any other good rootkit eliminators?


there's no such thing as an eliminator, only a detector. a rootkit is specifically written to penetrate your system to the level where you cannot remove it...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby dizzyflower28 » Sat Apr 17, 2010 12:05 pm

As far as the task manager, I'm under processes and am not seeing anything too alarming. Although I did count 68 processes running.

In your opinion could this be a virus is there a possibility it's Photoshop?
dizzyflower28
Brown Belt
Brown Belt
 
Posts: 289
Joined: Mon Jun 09, 2003 9:26 pm
Location: MA

Postby dizzyflower28 » Sat Apr 17, 2010 12:07 pm

Would most rootkit detectors be able to detect a problem in regular mode vs safe mode?
dizzyflower28
Brown Belt
Brown Belt
 
Posts: 289
Joined: Mon Jun 09, 2003 9:26 pm
Location: MA

Postby Karlsweldt » Sat Apr 17, 2010 12:53 pm

Rootkits are a nasty form of DRM, or Digital Rights Management. The Sony/BMG rootkit was one of the worst. But there are rootkit removers from many sources, some free and others that do cost a few dollars. This Rootkit Removal Guide should help explain the safest way to remove them.
Some brands of anti-virus software do have rootkit detection/removal facilities. Rootkits come not only from installed software, but can come from certain unsavory sites.. even suspicious Emails. My AVG program picked up a rootkit the other day, and I had not installed any programming in more than a week, or visited untrusted sites. Was moved to the 'virus vault' and I deleted it. So far, no return.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20687
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby dizzyflower28 » Sat Apr 17, 2010 12:57 pm

Thanks, I'll try running it and see what happens. If the problem is a virus & not a rootkit, would doing a system restore to July 3, 2009 remove the problem?
dizzyflower28
Brown Belt
Brown Belt
 
Posts: 289
Joined: Mon Jun 09, 2003 9:26 pm
Location: MA

PreviousNext

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest