So I Reformated My Comp In Hopes Of Getting Rid Of

kidakida Join Date: 2003-02-20 Member: 13778Members
<div class="IPBDescription">a virus, and the hacker strikes again!</div> Yea, I reformated it, and the lights on my modem are blinking for some odd reason still, even though nothing is downloading. Also, the comp is sporadically changing in comp use in the windows task manager. I could seriously go on for 12 years about how messed my comp is still after the reformat. One thing you guys need to know is that system32 is still on my harddrive, which from what I read from a site, is a backdoor trojan program that lets hackers have complete access to your comp.

What should I do?

Comments

  • manrinmanrin Join Date: 2003-08-10 Member: 19340Awaiting Authorization
    get fire walls?

    also some program like hacker tracer maybe....

    also if a hacker strikes again after u reformated... its cuz u had something precious befor u reformated most probly
    and id say he went by ip so he can easly do that...

    use Zone alarms (serch on google)

    and other programs :8
  • eedioteediot Join Date: 2003-02-24 Member: 13903Members
    1) theres maybe a 1/1000000 chance that an actual cracker is going after your computer

    2) secure your computer

    you say you formatted? great. format again, but this time, dont connect yourself up to the internet. get an uninfected computer to download the patches, firewalls, security, etc that you need. dont connect to the internet right after a format, especially if you have no hardware firewall between you and the net, youre just begging to be reinfected by the virus.

    go download some virus scanners, and patch your system
  • CForresterCForrester P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
    Was this an actual format or a "Factory Reset"?
  • CreepieCreepie Join Date: 2003-02-19 Member: 13734Members
    edited June 2004
    I re-installed over the weekend. I didn't connect the PC to the internet until I had my firewall in place, and all service packs installed. Ie, pretty much the last thing I did. Within 2 <i>minutes</i>, the firewall blocked an intrusion attempt. That's how quick these people are with their scans and whatnot.

    Are you on a static IP, or dynamic ? You could be being targetted, but I reckon probably not. On balance of probability, I think you've been unlucky.

    [edit]

    Just had a another thought - consider where you got your OS CD from. It is possible that the trojan is acutally being installed when you install the OS itself. That applies to any apps you're installing too.
  • CForresterCForrester P0rk(h0p Join Date: 2002-10-05 Member: 1439Members, Constellation
    <!--QuoteBegin-_Creep_+Jun 11 2004, 02:05 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (_Creep_ @ Jun 11 2004, 02:05 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I re-installed over the weekend. I didn't connect the PC to the internet until I had my firewall in place, and all service packs installed. Ie, pretty much the last thing I did. Within 2 <i>minutes</i>, the firewall blocked an intrusion attempt. That's how quick these people are with their scans and whatnot. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Most of the "intrusion attempt"s your firewall reports are innocent little port scans and infected computers trying to send you a virus.
  • eedioteediot Join Date: 2003-02-24 Member: 13903Members
    <!--QuoteBegin-CForrester+Jun 11 2004, 05:08 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (CForrester @ Jun 11 2004, 05:08 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-_Creep_+Jun 11 2004, 02:05 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (_Creep_ @ Jun 11 2004, 02:05 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I re-installed over the weekend.  I didn't connect the PC to the internet until I had my firewall in place, and all service packs installed.  Ie, pretty much the last thing I did.  Within 2 <i>minutes</i>, the firewall blocked an intrusion attempt.  That's how quick these people are with their scans and whatnot. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    Most of the "intrusion attempt"s your firewall reports are innocent little port scans and infected computers trying to send you a virus. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    its true about the viruses scanning you, but i wouldnt call the hacker/cracker port scans 'innocent'.. if they find anything, or they know what theyre doing, not so innocent <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
  • RaVeRaVe Join Date: 2003-06-20 Member: 17538Members
    Ehh...next time when you reformat again, be sure to burn firewall software or buy a hardware firewall before you do.

    Trust me on this, my friend kept on being hacked by some anonymous person and didn't have no clue until my other friend told him to get a firewall. Well, we could say the firewall worked wonders....until 5 days later that is <!--emo&:(--><img src='http://www.unknownworlds.com/forums/html//emoticons/sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /><!--endemo-->

    And CFor, port scans aren't as harmless as you think. Sometimes it may be a malicious one disguised as a harmless portscan, and that's not good.

    In short, NEVER trust portscans.

    And _Creep may be right about the CD. My brother bought a CD with one in it, and needless to say, his favorites were son filled with pr0n and he enjoyed it, maybe except when the person decided to throw in a keylogger and change the password.
  • WheeeeWheeee Join Date: 2003-02-18 Member: 13713Members, Reinforced - Shadow
    <!--QuoteBegin-kida+Jun 11 2004, 01:14 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (kida @ Jun 11 2004, 01:14 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Yea, I reformated it, and the lights on my modem are blinking for some odd reason still, even though nothing is downloading. Also, the comp is sporadically changing in comp use in the windows task manager. I could seriously go on for 12 years about how messed my comp is still after the reformat. One thing you guys need to know is that system32 is still on my harddrive, which from what I read from a site, is a backdoor trojan program that lets hackers have complete access to your comp.

    What should I do? <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    reformat again (if the HDD came with a utility disk, use that and low-level format it), or add it as a slave to an uninfected computer and format it there.

    if your computer is messed up by reformatting, something is seriously wrong. as per other people's suggestions, get a software firewall or a router.

    and this "system32", could you actually describe it? (is it a dll, vbs, what?)
  • TalesinTalesin Our own little well of hate Join Date: 2002-11-08 Member: 7710NS1 Playtester, Forum Moderators
    Or just format and install Linux. <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->

    If you must use windows, here's how y'do it without needing a secondary computer.

    -A) Use FDISK or some other utility (preferably a 'clean' version, or one from the IS Install CD to make sure yours isn't infected) to format the disk.
    -B) Install from the OS install disc. Do NOT connect it to any network, even an in-house LAN or (especially) wireless.
    -C) Start->Control Panel->Network Connections.
    -D) Right-click on each of your network interface devices in turn, selecting 'properties', then the 'Advanced' tab, and checking the 'Enable Internet Connection Firewall' box.
    -E) Now that they say 'protected', you can attach the system to the net/web with a slight measure of security from the most blatant crud. Immediately go to the 'windows update' tool and installl all security patches/updates.
    -F) Go to www.zonealarm.com and grab the free version. It's worth it.
    -G) Disable NetBIOS message sends.
    -H) Download Mozilla. Install. Forget IE/OE ever existed.
    -I) Do a sanity-scan at <a href='http://antivirus.housecall.com' target='_blank'>http://antivirus.housecall.com</a> to make sure nothing really got through. DO NOT INSTALL THAT POS 'NAV'.

    Sure it's quite a few steps, but it'll make relatively sure that you won't have a virus from the get-go.
    Then again, there's a reason I run all of my computers behind a Linux NAT/firewall, and the only reason any of my Windows workstations have ever been virally infected is when a friend brought a laptop over, said 'it's okay, it's clean' and hooked up without actually running a scan.
  • CyndaneCyndane Join Date: 2003-11-15 Member: 22913Members
    Oh Noes... not the evil peguin talesin... <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html//emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
  • OttoDestructOttoDestruct Join Date: 2002-11-08 Member: 7790Members
    <!--QuoteBegin-Wheeee+Jun 11 2004, 03:23 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Wheeee @ Jun 11 2004, 03:23 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-kida+Jun 11 2004, 01:14 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (kida @ Jun 11 2004, 01:14 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Yea, I reformated it, and the lights on my modem are blinking for some odd reason still, even though nothing is downloading. Also, the comp is sporadically changing in comp use in the windows task manager. I could seriously go on for 12 years about how messed my comp is still after the reformat. One thing you guys need to know is that system32 is still on my harddrive, which from what I read from a site, is a backdoor trojan program that lets hackers have complete access to your comp.

    What should I do? <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    reformat again (if the HDD came with a utility disk, use that and low-level format it), or add it as a slave to an uninfected computer and format it there.

    if your computer is messed up by reformatting, something is seriously wrong. as per other people's suggestions, get a software firewall or a router.

    and this "system32", could you actually describe it? (is it a dll, vbs, what?) <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    system32 is a folder which lots of system files are kept, usually nobody goes in there, so spyware likes to hide in there as theres TONS of files
  • Dorian_GrayDorian_Gray Join Date: 2004-02-15 Member: 26581Members, Constellation
    System32 is the folder that keeps most of the files required to run WinNT or XP. I'm not going to try it... but i'm betting that you'll get some access denied errors if you even try to delete it. If you delete stuff in that folder, you _will_ screw your comp (very very hight chance). Talesin's suggestion regarding Linux is still best tho...
  • RaVeRaVe Join Date: 2003-06-20 Member: 17538Members
    well, if that's the case then someone installed a backdoor into your computer, and put it in the system32 folder.

    Sneaky stuff, but virii (eg Blaster) and spyware love to hide there, due to the fact that NOBODY would like to touch them (except for the extra leet computer savvy people who can memorize everything in there)
  • raz0rraz0r Join Date: 2003-07-24 Member: 18395Members
    I always look in system32
    i have to delte crap out of there once every week :/
  • kidakida Join Date: 2003-02-20 Member: 13778Members
    Thx for the replies everyone, its so very appreciated!@! <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html//emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo-->

    Have a cookie everyone:

    <img src='http://www.whoi.edu/generalinfo/buttery/cookie.gif' border='0' alt='user posted image' />
  • WheeeeWheeee Join Date: 2003-02-18 Member: 13713Members, Reinforced - Shadow
    oh, i thought it was actually a file called system32 (i know about the folder, but afaik you can't execute a folder <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html//emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif' /><!--endemo--> )
  • MavericMaveric Join Date: 2002-08-07 Member: 1101Members
    Buy a new hard drive and get someone to install it.


    Use thermite to destroy the infected hard drive.
    Problem solved. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
Sign In or Register to comment.