Jump to content
Sign in to follow this  
sroberts

Spamcop after virus / spyware attack

Recommended Posts

this morning i spoke to belkin who went through the wep stuff with me on this machine but not the other so i believe it is all setup correctly.

Share this post


Link to post
Share on other sites
i am running the anti virus/spam software provided by telewest and the number under the firewall block is steadily going up and up .. its now at 3000 + does this indicate that i still haveĀ  aproblem on my machine?

41188[/snapback]

If by that you mean that the number represents outgoing connection attempts from your PC, then yes, your PC has the problem. Have you seen Suggested Free Security Tools and Apps for Windows and run PepiMK's CoolWWWSearch.SmartKiller removal tool, CWShredder, Microsoft Update, Microsoft Office Update, Ad-Aware, Stinger, SpywareBlaster, and HiJackThis?

Share this post


Link to post
Share on other sites

I would trust you ISP with all their massive amounts of infected computers like I would trust a hungry alligator.

Your IP should not even be sending mail.

Update and run Spybot Search & Destroy

After that run the Free Online Virus Scan here: http://housecall.trendmicro.com/

After thet run the Free Online Virus Scan here: http://www.symantec.com/securitycheck/ click to start then click check for Virus

If you do not find anything on your systems after that then someone could be connecting to your router. If you are connecting via wireless then you can enable WEP and set up a key for your computers. Then if anyone else wants to connect they will have to get a key from you.

You can learn how to set it up by Googling [your router type] and Setting up a WEP key or use your router manual.

Share this post


Link to post
Share on other sites
this morning i spoke to belkin who went through the wep stuff with me on this machine but not the other so i believe it is all setup correctly.

41191[/snapback]

The other computer will also need WEP set up if you want it to connect wirelessly.

Share this post


Link to post
Share on other sites

i got distracted while on the phone to belkin and they didnt tell me how to add the web to the other pc ..,.

Share this post


Link to post
Share on other sites
The other computer will also need WEP set up if you want it to connect wirelessly.

41195[/snapback]

Yes, any computer that connects will need a key.

Share this post


Link to post
Share on other sites

Keep us posted. when you setup the WEP keys did you restart your router? If you didn't them all connected machines will stay connected (In case another machine was connected)

Edited by Merlyn

Share this post


Link to post
Share on other sites

ok .. thanks . will let you know how i get on .. one checker says 6 hours to go !

speak later and thanks again to everyone for their help so far .

Share this post


Link to post
Share on other sites
thanks again to everyone for their help so far .

41203[/snapback]

You're welcome. "Good luck, Jim!" and "May the Force be with you!". :)

Share this post


Link to post
Share on other sites
im sure you mean may the FARCE be with you !

41206[/snapback]

No, I meant what I wrote, in the spirit of the original STAR WARS movie. Any further discussion of this should be in the SpamCop Lounge.

Share this post


Link to post
Share on other sites

i have run everything and all that i can see is that trend micro keeps saying scanning outgoing messages ... perhaps every 10 seconds .. i have no mail progs running .

Share this post


Link to post
Share on other sites

something is sending them :-)

You should install the latest version of spybot search and Destroy then after you install it sheck through the program for updates. Once all updates are completed then disconnect from internet and run this program first

Share this post


Link to post
Share on other sites

At this point I would VERY strongly recommend that you hire a competant computer technician to come out and clean your network. If one or both of the machines have been compromised, which is what it sounds like, you may very well not be able to detect the rootkits, viruses or trojans already installed on them, and it may require someone with experience actually take care of the problem hands-on.

Share this post


Link to post
Share on other sites
sorry the model number for the router is f5d7231-4.

i am using the wireless router for both machines ...i have not started outlook for the last few hours ...

Last day 4.5 14151%

Last 30 days 2.8 225%

Average 2.3

and it looks to be going down ..

is there any outlook specific virus/spyware that i should look for ?

thanks for all the help folks.

Steve

41190[/snapback]

The change is not significant enough to make the statement that the problem is fixed. Keep in mind that the last day percentage will go down because the average magnitude is going up.

Prior to 3-7-06 our volume of mail sent through the router IP address of zero. You were/are using a mail server on the other side of the router.

At a current magnitude of 4.5 you are looking at somewhere around 50,000 emails a day and with your settings it should be zero.

Also if you go back and look at the first posted magnitude number of 4.3 I would say that there has not be any appreciable change in the volume going out. Magnitude numbers are based on the total estimatd daily internet volume of mail and may varry from day to day.

Were you able to keep both computers unpluged for several hours or not?

If you can leave both computers turned off for 8hours and you do not see a significant reduction in the magnitude number after that then you can easily assume the problem is the router and not your PC's.

Share this post


Link to post
Share on other sites

the only thing search and destroy finds is newdotnet and it cant remove it .. its asks to run again on startup .. i let it and it still finds it .. any ideas if this is what would cause such a problem ?

Share this post


Link to post
Share on other sites

Any luck tightening up the wireless router settings?

In case you are interested, the following is the subject line of one of the emails that hit a spamtrap on another site: Subject: Re[3]: incredible prices for best drug$! Date: Fri, 10 Mar 2006 14:44:05 +0100

So this is what is still comming throught your IP address.

Also were you able to power down your PC's for a few hours or not?

There has basicly been no real change in the amount of spam being sent through your IP address. You need to stop it soon before your ISP cut you off.

Have they been able or willing to give you any help?

Share this post


Link to post
Share on other sites
the only thing search and destroy finds is newdotnet and it cant remove it .. its asks to run again on startup .. i let it and it still finds it .. any ideas if this is what would cause such a problem ?

41222[/snapback]

Running Windows read my Signature

Trouble is the barn door has been open

ALL info on that computer is now available to every thug that wants to know

Like your name, phone number, street address, when you are not home, passwords, bank details and maybe worse (black mail is also a possibility)

Reformatting hard drive is now your best option then going through my Signature

Share this post


Link to post
Share on other sites

I think this is what John wanted to happen;

From: (John E. Malmberg)

Newsgroups: spamcop.help

Subject: Re: Assume miles for wireless router range.

Date: 10 Mar 2006 13:35:06 -0600

In article <NN3aNusoprZD[at]eisner.encompasserve.org>,

wb8tyw[at]qsl.network (John E. Malmberg) writes:

> There is a posting on the webforum about "Spamcop after virus / spyware

> attack" where it appears that the cause was an insecure wireless router.

(and from an earlier post);

Posters to the thread should be aware that with the right equipment on the attackers side, it may be possible to access such routers from miles away.
As another data point, if a hacker has access to an insecure wireless router, it may be possible that those hackers got full access to the hardrives of the connected systems.

With that type of access, they can install malware that does not need to propagate by viruses, and as such is not detectable by any scanner that looks for patterns.

They can also replace the scanner programs with spoofs, which from what I understand is one of the tricks that malware has been doing for years. So at this point, since spam is still being sent, it must be assumed that the computers have been taken over by unknown programs.

The only reliable fix in this case is reload all files from known good media, which on modern PCs can require a trip to an authorized repair center, because if you did not make the full recovery CDs or DVDs before the infection, you no longer have any reliable way to restore the PC to a clean state. Only an authorized repair center has that information.

There is no safe way for a non-technical user to recover any information off of infected hard drives. That needs to be done by someone with the technical expertise to sort out the files that can not contain an infection, and can be very time consuming and expensive. There are tools that can replicate documents that may have malware hidden in them with out replicating the malware.

It also has to be assumed that who ever put the malware on the computer has access to any information that has ever been displayed or entered in that computer.

This means that critical passwords, bank account numbers, PINs, TAX information may have been stolen, and the attacker may have access to the bank and credit/debit cards of the system owner or the easy ability to do identity theft.

-John

wb8tyw[at]qsl.network

Personal Opinion Only

Edit: 2006/03/11 00:10 EST -0500 Jeff G. rewrapped the words.

Edited by Jeff G.

Share this post


Link to post
Share on other sites
i have run everything and all that i can see is that trend micro keeps saying scanning outgoing messages ... perhaps every 10 seconds .. i have no mail progs running .

41211[/snapback]

That's what you think!

It would now seem that the spammers have far more control over your network and data than do you.

Nothing less than an unplug from the internt, a complete re-setup of your router (or a replacement) with all the security tightned down and a a complete reformat of both PC's seems likely to solve your problems.

Spammers spoilit for everyone. IMNSHO people selling or supplying unsecured routers are almost as much to blame. I played hell with my ISP for doing just that. Someone on news.spamcop.help helped me to make it safe before the spammers hacked in - I was both lucky and just savvy enough to know there might be a problem. Most home users are neither.

Edit: change ALL your usernames and passwords too!

Edited by Derek T

Share this post


Link to post
Share on other sites

i have now wiped one pc and it is connected straight to the modem .. router now not involved ..

2 questions...

1) how do i check if the other pc is infected or not?

2) the pc that i wiped has 3 drives on it .. the other 2 are now disconnected .. howcan i check if it is safe to reconnect the other 2 drives?

THanks again for everyones help.

steve

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×