Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [resolved] Computer hijacked.
New Posts  All Forums:Forum Nav:

[resolved] Computer hijacked. - Page 4

post #31 of 75
Quote:
Originally Posted by MrCynical View Post
http://bshades.com/clean.php

Try this. Creator of the Blackshades RAT made this program in case any HF members got infected by the Blackshades RAT.

Run it and you should be okay.

Hopefully you read this in time before doing anything drastic though.
Wrong, he needs to reformat or remove the worm, or the worm will just reinstall the RAT.
The worm does the spreading.
    
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8P67 Pro Nvidia 560 TI Corsair XMS3 @ 9/9/9/24 1600 1.5 
Hard DriveOSMonitorPower
Samsung F3 Windows 7 x64 Bit 2x 19" Samsung @ 1440x900 Corsair HX650 
Case
HAF 922 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8P67 Pro Nvidia 560 TI Corsair XMS3 @ 9/9/9/24 1600 1.5 
Hard DriveOSMonitorPower
Samsung F3 Windows 7 x64 Bit 2x 19" Samsung @ 1440x900 Corsair HX650 
Case
HAF 922 
  hide details  
Reply
post #32 of 75
Thread Starter 
I don't care if it's the RAT, I don't care what virus it is, I probably need to reformat anyways. But I think I found a clue.
My router had Upnp on, and guess what? The only port on the portmap table was ... 8564. I disabled UpNP and now it should no longer allow that port.. hopefully..

Upnp is a "dynamic" port forwarding service of some sort ... I don't know much more..
Edited by srsdude - 5/18/11 at 10:51pm
post #33 of 75
Quote:
Originally Posted by Omega329 View Post
Wrong, he needs to reformat or remove the worm, or the worm will just reinstall the RAT.
The worm does the spreading.
No.
    
CPUMotherboardGraphicsRAM
i7 920 D0 Stepping EVGA X58 SLI LE EVGA GTX580 12 GB Corsair Dominator 
Hard DriveOptical DriveOSMonitor
300 GB WD Velociraptor LG Blu-Ray Reader/Burner Windows 7 Ultimate 64 bit SAMSUNG S27A550H 
KeyboardPowerCaseMouse
Zowie Celeritas Kingwin Mach 1 Thermaltake Xaser IV Roccat Kone [+] 
Mouse Pad
Razer Ironclad 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 Stepping EVGA X58 SLI LE EVGA GTX580 12 GB Corsair Dominator 
Hard DriveOptical DriveOSMonitor
300 GB WD Velociraptor LG Blu-Ray Reader/Burner Windows 7 Ultimate 64 bit SAMSUNG S27A550H 
KeyboardPowerCaseMouse
Zowie Celeritas Kingwin Mach 1 Thermaltake Xaser IV Roccat Kone [+] 
Mouse Pad
Razer Ironclad 
  hide details  
Reply
post #34 of 75
johnny guitar is an idiot, posting idiotic comments.

best thing to do is reformat your rig, and then change all of your account details, including calling your bank and informing them of the situation so that you dont get money stolen.
 
Simba
(16 items)
 
Gulftown Memories
(16 items)
 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q6600 @3.6GHz Asus Maximus II Formula EVGA GTX 570 @900 Core 4GB (aww yea) GeiL Black Dragons 
Hard DriveHard DriveHard DriveHard Drive
128GB Crucial M4 Seagate Barracuda 3TB 7200.14 2TB Western Digital Red 1TB Western Digital Caviar Green 
Optical DriveCoolingCoolingCooling
ASUS DVD R/RW SATA x24 Prolimatech Megahalems Boss Status 2x 1850rpm Scythe Gentle Typhoons 2x Sanyo Denki San Ace 9G1212H1011 
CoolingOSMonitorKeyboard
1x Scythe Ultra Kaze 3k Windows 8 Pro Dell S2740 27 Inch IPS Das Keyboard 
PowerCaseMouseMouse Pad
NZXT Hale90 1000W Antec P280 Steelseries Sensei Steelseries QCK Mini 
AudioOther
Fiio E9 to Asus Xonar DX (headphone amp AND DAC) Sennheiser HD598 
CPUMotherboardGraphicsRAM
Intel Core i7 3770K @ 5GHz 1.43V Gigabyte GA-Z77X-UP4 TB MSI Twinfrozr III 7870 2x4GB Samsung Wonder Ram 
Hard DriveHard DriveHard DriveCooling
128GB Crucial M4 1TB Caviar Blue, 640GB Caviar Blue 2x2TB Western Digital Reds coming Prolimatech Megahalems w/ 2x San Ace H1011's pu... 
OSMonitorKeyboardPower
Windows 8 Pro 32 inch Toshiba LCD, 24 inch Dell ST2412L Coolermaster Quickfire Rapid Antec Truepower New 750W 
CaseMouseMouse PadAudio
Antec P280 Razer Deathadder 1800dpi frankenstein! just hdmi audio to the tv for now 
  hide details  
Reply
 
Simba
(16 items)
 
Gulftown Memories
(16 items)
 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q6600 @3.6GHz Asus Maximus II Formula EVGA GTX 570 @900 Core 4GB (aww yea) GeiL Black Dragons 
Hard DriveHard DriveHard DriveHard Drive
128GB Crucial M4 Seagate Barracuda 3TB 7200.14 2TB Western Digital Red 1TB Western Digital Caviar Green 
Optical DriveCoolingCoolingCooling
ASUS DVD R/RW SATA x24 Prolimatech Megahalems Boss Status 2x 1850rpm Scythe Gentle Typhoons 2x Sanyo Denki San Ace 9G1212H1011 
CoolingOSMonitorKeyboard
1x Scythe Ultra Kaze 3k Windows 8 Pro Dell S2740 27 Inch IPS Das Keyboard 
PowerCaseMouseMouse Pad
NZXT Hale90 1000W Antec P280 Steelseries Sensei Steelseries QCK Mini 
AudioOther
Fiio E9 to Asus Xonar DX (headphone amp AND DAC) Sennheiser HD598 
CPUMotherboardGraphicsRAM
Intel Core i7 3770K @ 5GHz 1.43V Gigabyte GA-Z77X-UP4 TB MSI Twinfrozr III 7870 2x4GB Samsung Wonder Ram 
Hard DriveHard DriveHard DriveCooling
128GB Crucial M4 1TB Caviar Blue, 640GB Caviar Blue 2x2TB Western Digital Reds coming Prolimatech Megahalems w/ 2x San Ace H1011's pu... 
OSMonitorKeyboardPower
Windows 8 Pro 32 inch Toshiba LCD, 24 inch Dell ST2412L Coolermaster Quickfire Rapid Antec Truepower New 750W 
CaseMouseMouse PadAudio
Antec P280 Razer Deathadder 1800dpi frankenstein! just hdmi audio to the tv for now 
  hide details  
Reply
post #35 of 75
Thread Starter 
update

I'm dealing with a very smart hacker here.
I had 2 ports forwarded to my main rig, and even though the IP that it's forwarded to leads to nothing, the hacker used a portscanner of some sort to find out the open port. I deleted both port forward entries, and I'm watching the logs for more LAN ACCESS's. Oh joy.
post #36 of 75
Quote:
Originally Posted by MrCynical View Post
No.
How so? 1-2 years ago when I was stupid enough to run around trying to spread viruses everywhere there were very complex worms out there, I am pretty sure if his can spread through the network that it has multiple deploying features.
    
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8P67 Pro Nvidia 560 TI Corsair XMS3 @ 9/9/9/24 1600 1.5 
Hard DriveOSMonitorPower
Samsung F3 Windows 7 x64 Bit 2x 19" Samsung @ 1440x900 Corsair HX650 
Case
HAF 922 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8P67 Pro Nvidia 560 TI Corsair XMS3 @ 9/9/9/24 1600 1.5 
Hard DriveOSMonitorPower
Samsung F3 Windows 7 x64 Bit 2x 19" Samsung @ 1440x900 Corsair HX650 
Case
HAF 922 
  hide details  
Reply
post #37 of 75
run hijack this post the log here please
No need to reformat. Its simple to remove drive by infections. Its exploited thru Adobe not being up to date.
Just run Ccleaner first. Then hijackers this. Then post the log.
post #38 of 75
Quote:
Originally Posted by srsdude View Post
update

I'm dealing with a very smart hacker here.
I had 2 ports forwarded to my main rig, and even though the IP that it's forwarded to leads to nothing, the hacker used a portscanner of some sort to find out the open port. I deleted both port forward entries, and I'm watching the logs for more LAN ACCESS's. Oh joy.
This is more than likely a built in feature of the RAT
    
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8P67 Pro Nvidia 560 TI Corsair XMS3 @ 9/9/9/24 1600 1.5 
Hard DriveOSMonitorPower
Samsung F3 Windows 7 x64 Bit 2x 19" Samsung @ 1440x900 Corsair HX650 
Case
HAF 922 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel i5 2500k Asus P8P67 Pro Nvidia 560 TI Corsair XMS3 @ 9/9/9/24 1600 1.5 
Hard DriveOSMonitorPower
Samsung F3 Windows 7 x64 Bit 2x 19" Samsung @ 1440x900 Corsair HX650 
Case
HAF 922 
  hide details  
Reply
post #39 of 75
Quote:
Originally Posted by srsdude View Post
update

I'm dealing with a very smart hacker here.
I had 2 ports forwarded to my main rig, and even though the IP that it's forwarded to leads to nothing, the hacker used a portscanner of some sort to find out the open port. I deleted both port forward entries, and I'm watching the logs for more LAN ACCESS's. Oh joy.
Just use lspfix and fix you winsock. He doesn't use a port scanner all he got to do is do a traceroute. And the packet shows all the ips the hopping over
post #40 of 75
@OP: coming from a guy who's spent the last 6 years of his life removing infections from computers I can say this with utter confidence. The people posting that "it's probably ____ worm, run this tool from a hacking forum and you'll be fine" are complete and total nards. Disconnect from the internet, don't run those programs, you can have any of thousands of back doors that I've seen over the years.

Fire up an ubuntu disk, disconnect your MODEM from the wall so it is totally off, delete the infected FILES manually in Ubuntu. Boot a windows install disk, do a repair on your computer (sfc /scannow) to replace any files you just deleted that are system files, log in to your router, remove all port forwarding, change the name of your router, change your wireless password, change the password to log into your router. Boot safe mode, run MBAM scan, run TDSSKiller, run MSE, remove all infections they found. Get a real AV software (Kaspersky Internet Security, NOD32), make sure Window's firewall is installed and active if you're too cheap to get a real AV program. Shut down that computer.

Go to the next computer, power it on, do the exact same steps to repair it, then shut it down.

Go to EVERY other computer on your network, repeat these same steps.

Plug your modem back in, it get's a new IP address, problem solved.

YOU WON'T BEAT THIS WHILE CONNECTED TO THE INTERNET.
Maximum Dwarf
(15 items)
 
Density!
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5-3570k ASUS MAXIMUS IV GENE HD7970 Gen 1 Ripjaws Z 2x8GB 2133MHz 
Hard DriveHard DriveOptical DriveCooling
1TB RE4 2x3TB WD Red LG 10x BD-R Corsair H80i w/push pull 
OSMonitorKeyboardPower
Win 7 Ultimate 3x 1920x1080 LG IPS displays. Razer Mass Effect 3 Blackwidow Ultimate Cooler Master Silent Pro M850 
CaseMouseMouse Pad
Silverstone TJ08B-E R.A.T. 7 An ergonomic one 
CPUMotherboardRAMHard Drive
i7 3770k Gigabyte Sniper M3 1155 mATX CORSAIR Vengeance 8GB (2 x 4GB) 1600MHz 1TB WD RE4 
Hard DriveHard DriveHard DriveHard Drive
2TB WD Red 2TB WD Red 4TB WD Red 4TB WD Red 
PowerCaseAudioOther
750W Seasonic Gold Fractal Node 804 5.1 Definitive Def Tech PERC 5i RAID card w/ BBU (LSI Firmware) 
  hide details  
Reply
Maximum Dwarf
(15 items)
 
Density!
(12 items)
 
 
CPUMotherboardGraphicsRAM
i5-3570k ASUS MAXIMUS IV GENE HD7970 Gen 1 Ripjaws Z 2x8GB 2133MHz 
Hard DriveHard DriveOptical DriveCooling
1TB RE4 2x3TB WD Red LG 10x BD-R Corsair H80i w/push pull 
OSMonitorKeyboardPower
Win 7 Ultimate 3x 1920x1080 LG IPS displays. Razer Mass Effect 3 Blackwidow Ultimate Cooler Master Silent Pro M850 
CaseMouseMouse Pad
Silverstone TJ08B-E R.A.T. 7 An ergonomic one 
CPUMotherboardRAMHard Drive
i7 3770k Gigabyte Sniper M3 1155 mATX CORSAIR Vengeance 8GB (2 x 4GB) 1600MHz 1TB WD RE4 
Hard DriveHard DriveHard DriveHard Drive
2TB WD Red 2TB WD Red 4TB WD Red 4TB WD Red 
PowerCaseAudioOther
750W Seasonic Gold Fractal Node 804 5.1 Definitive Def Tech PERC 5i RAID card w/ BBU (LSI Firmware) 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [resolved] Computer hijacked.