eliminatebotnets

When I got hit by it, there was an exploit out where your computer could get infected by simply getting tricked into looking at a Flash page. It could have happened that way or by downloading a file from a file sharing site that was packaged with malware. There are literally hundreds of ways for malicious files to secretly install on your computer. There was no AV running on my pc and I'll admit by router password was pretty weak, probably using WEP . Was broadcasting my wireless SSID with no encryption. I'd never been hacked before so I was an easy target. So my complete lack of security enabled this to happen but my point is if I had antivirus running, it would have alerted me that someone was trying to break in. You are right that once your hardware is effected, your antivirus does NOT help. It doesn't know what is happening because it cannot read what is happening at the BIOS level. So scans will come up clean because nothing is detected at the operating system level. This type of attack has apparently existed for years but because of it's undetectable nature, many people never know anything is wrong. The only sign of it's existence is random errors when trying to install/uninstall software. Especially programs from the internet as they are always modified. So while you may have to be targeted and the person must know your computer specs for this to happen, my point is it can happen. There's a "script kiddie" in every neighborhood scanning for unsecure computers, just looking to cause problems. You don't respect security until you get hit.

I used your same approach in the past and have paid dearly for it. There are nasty rootkits/trojans out there that can attack the BIOS and Firmware despite what people tell you. Physical Access is NOT necessary IF the trojan is able to gain administrative rights to your pc. Then a hacker can view all your files/hardware settings and pick from any rouge file on the web to execute on your pc. Which can be done silently in the background with stealth. http://www.securityfocus.com/news/11372 Most good Anti-Virus programs will block/alert 99 percent of threats. Have to agree with Infiltrator that Kaspersky Internet Security is the best paid AV out there in my opinion. In addition to just having virus definitions, it also monitors all processes, memory, etc. and stop any suspicious activity before it executes. Yet it manages to use very little system resources. It's expensive at $80 but it is the most advanced AV in the world. Otherwise like others have said a free AV like AVG or Avast does a solid job and is much better than no protection. If I could secure my pc it would be Kaspersky, Comodo Firewall, and maybe a good spyware scanner. Haven't kept up on spyware scanners lately but Lavasoft Ad-Aware used to be a good one.

Low risk? ;) I'm 29 and have never had an interest in hacking. So that was a pretty bad guess. There are programs/files in the past I shouldn't have downloaded. Guessing there may have been even careful users that have done the same. So one bad download deserves a lifetime of trouble? Obviously you couldn't have read much in the links because if you did you would know that NOTHING detects this. It runs before anything in some sort of virtual hardware. This whole experience in these forums has been a huge embarrassment, from you to the admin that runs it. Ignoring the things I say and then asking me why I don't just format my hard drive. Seriously. People like you just see me as a troll trying to get attention because my information conflicts with your obviously superior knowledge. I posted here to try to find help for a serious problem, when I couldn't find anything on google. Now that I have, there is hope to get some real information on this. Now there has been people here that actually tried to help and actually came up with some good suggestions. I'd like to thank them. If noone has anything else (meaningful) to add, I'm long gone. Only came back because I thought some might be interested by the info. Ignorance is underestimated.

Ok.. it looks like I was wrong about this existing since 2003. According to this guy that is just as crazy as me, this "thing" has existed since 1997. :o Re: Researchers: Rootkits headed for BIOS 2006-11-19 hylas You are not going crazy, it's real. I concur with 99% of what you have written, it's the same thing, (I have Macs, System 7 - OS X 10.4.x) See my previous post above - I'm coming late to this thread. This has been around a long time, I first found it (fought it in '97). Most recently '05, I'm sure it's still on (all) my machines. Yes, it's cross-platform, with an insidiously wicked sense of humour, not to discount the seriousness of this thread and several of our predicaments (mine included), but that's how I'm able to identify it as the same (group?) as the attack in '97. I think it's a serious problem for (US-World) national security (unless, of corse it *is* "national security". "The trojan has controllers on the universal power supply." Which elevates it to "logic bomb" status, I've lost monitors, graphic cards. If you get too close it soft-power shutdowns your ass. (which is stunning). Complete control (IMHO). "... sometimes it lets you think that you are winning, only to find out after hours of hard work that it was a nasty joke played on you." Exactly. "Rules as we know them, are no longer are applied." I believe it places microcode on closed (previously burned) CDs, DVDs, etc. it tags everything, thats why you can't rid yourself of it. Hardware trumps root. No, you're not crazy. Question is, what are (we?) you going to do about it? I'm been trying to get attention about this for almost 10 years. hylas [ reply ] Link to this comment: http://www.securityfocus.com/comments/arti...372/34207#34207

Well that is one persons perception, but there are others in the links provided at the bottom of the page that disagree... Personally after everything I've been through, I know this to be a COMPLETE LIE. Even if someone DID break into my old apartment without me knowing and installed this shit on my computer, the fact remains that the devestation it causes and how easily in can spread is F#$%ING SCARY. Another fact? Many people have this on their PC and have no idea it's there. Like I said you can give me the run around all you want about the Physical Access. But anyone that decides to target you with this can do anything to your pc and any device with an internet connection. End of Story. Look at the posts at the bottom going all with way back to 2003!! Think of how many machines this has spread too since that time. It's mind boggling how this has never been publicized.

Ok, I don't care if I'm bringing this thread back from the dead. Also I don't care if you don't believe what is said in the below link. This is exactly the kind of crap I was trying to explain. http://subversionhack.livejournal.com/ Also try googling "BIOS level rootkits" or "SMM rootkits" for more info. Don't know how I was never able to find this before. This sounds like a complete joke but IT IS 100% NOT. The only reason I can think that this isn't more public is because you simply cannot believe it until it affects you. It displays the ignorance of society, that this shit has existed for years but nothing has been done about it??

Wow. Didn't Win95 originally come with no USB support? I'm sure they made an update for it near the end of it's lifecycle. I remember USB support being a fairly new thing in Win98. Also since it hasnt been supported for several years, the malware exploits have to be scary if you use it on internet at all. Even with all the existing patches, your pc could get compromised in minutes. Himem.sys is an old standard DOS file. Should be able to find that anywhere. Like say... Google. But in all seriousness this was a funny post. Wether you were intentionally trying to be or not.

Honestly, I thought maybe you weren't an ass. Calling me a troll and an idiot. You could of just said you don't know what the problem is and left it at that. You don't seem to understand the problem. I told you that whatever the hell this is, it DOESN'T COME OFF THE SYSTEM. Even replacing the HD. If someone has full access to my computer and has keyloggers installed, what the hell good is changing my mac going to do? He's going to see what I changed the MAC to and just change it to that. Is it that hard to understand? But I know you guys all say its impossible to get into the BIOS or Hardware and you guys know it all. I'll try changing my MAC as you suggested, but I'm giving it a 10% chance of working at best. If some admin of this site could please close this post. Obviously nothing constructive is going to come out of it at this point.

I see what your saying about the differences between the ram and hard drive. Was just trying to make a weak analogy. ;)

Well if you read about botnets/botmasters (http://www.symantec.com/norton/theme.jsp?themeid=botnet), they basically do have sort of a virtual physical access to your computer, if they can bypass your router or firewall. They can see all the files on your machine, change settings, flood your computer with data and redirect network traffic. While I'm not sure if they can actually get into your bios, they could change your boot settings in windows and then insert a boot sector virus on a failed boot and somehow infect the BIOS that way. When your computer is soft rebooted, the ram in not completely erased and some data/settings can carry over after a restart. Kind of like when you quick format a hard drive and it deletes the data but it's not really deleted. This actually happened to me. I restarted my pc, wanting to get into setup but I missed the setup screen and windows started to load. I didn't want to wait for windows to load, so I restarted before the boot could finish. What I didn't realize is that by doing that you corrupt the boot sector. So now when the system was restarted again, the boot sector was altered. Then when I looked in the BIOS settings, a couple of settings were different than before. In regards to the transferring a virus across a network: Yes, my phone and PDA must have been infected that way, as they were used to transfer data from my pc, when I didn't know a hacker was in my system. What doesnt make sense though, is how my PDA is able to be accessed remotely with my pc or internet not even turned on. Unless there is some way to silently connect to it with a dial up number without me authorizing it? I can see the network adapters he installed, but can't remove them. Weird. It is an old outdated version of mobile windows though. So I guess limited security.

Well I've been a bit ticked off with people telling me that X is not possible and being written off like I don't know much about computers. On the same hand I can understand that if someone told me this stuff before I had witnessed it, I'd probably think they were a little paranoid too. Admittedly my knowledge on hacking and networking was very limited and still have allot to learn. Computers have basically been my life for the past 15 years. I'll admit that I've not had much experience with vista and many of the folders and network settings are very different than XP. All I was trying to do is come up with some concrete proof that something is not right with my pc. Problem is, just about all the files APPEAR to be fine, since just about all are legit files and services. The problem is HOW they are being used. It's impossible to really know what each process is doing under the hood, so pictures do nothing to help. I'm convinced the OS is compromised, yes. The thing is, I put in a brand new hard drive TWICE and it did nothing. Have same problems on both PCs. Laptop im using now has a OEM version of Vista 64-Bit Home Premium. My desktop has a Retail 32-Bit Home Basic version. The RAM and Hardware on both should be fine but both can be exploited. There has to be a process running at boot that loads a modified version of windows into ram. Then windows setup grabs that file from ram and loads it. When I try to look at the BCD bootfile it tells me its being used by another process. Which means its running in memory but when I look online it says you should be able to edit it. I'm in a Windows Shell of some sort. Forget the MITM attack. That allowed him on my PC but now he is ON the PC. He can load anything on any device I connect to it. Also, my PDA and Phone work they just not how they should. I'm getting a replacement phone BTW and im NOT going to get anywhere near my PC or use wifi this time and see if it works. We'll see. Exaggerated a bit when talking about my old Pocket PC. It's from 2002. Wifi did exist at the time but all it has in it is a network card. The manual only listed the ability to sync with a pc and to dial a connection. It is positively being controlled remotely. The windows i open can be closed, if he chooses he can open certain programs by himself. The screen can even be locked out, so pressing on it does nothing. Even showed a couple of people this in person and their only explanation was that "Well it is pretty old. When did you get that thing?". Seriously, how many old computer programs have you seen that automatically open and close programs? It is denial kicking in because they can't explain it. Could make a youtube video of it or something, if im allowed to upload it. One last thing: When I moved and got a dsl connection, I did not change any hardware because I'd just made a new pc months before. Wasn't about to drop another grand on another one. So that may have got rid of it for one computer but the rest still would of been screwed. Apologies for every post being long. Impossible to explain in short detail.

I think ADMIN is more likely.

All I know is that I've gone through 3 printers. 2 were brand new and stopped working at all a week after using them and the latest wont let me install the software. I've had countless programs on countless devices that have stopped working out of the blue. Usually shortly after the first installation. Errors popping up or programs being shutdown in the middle of thier execution. Reinstalls and reformats that make no difference. It even effected a really old PDA that had a prehistoric version of Pocket PC and did not mention wireless capabilities anywhere in the manual. My phone constantly drops calls in the middle of a conversation while im in a strong cell zone, just standing. Either I'm using the most faulty combination of software/hardware ever made or something is seriously #$*&ed up. And it isn't me. I'm infected with some criminal program that will not go away and it won't leave me alone. I could be ignorant and pretend it's all in my head and none of it has ever happened. Already tried that and every time I'm trying to run an app and it stops working im reminded of it. Just about everyone never believes anything until it happens to them. Ignorance is bliss. There are many supposedly "Expert" computer users that have never even heard of a BotNet or a Rootkit. They think hackers are made up by the media. Yet those same people will tell me I'm not informed. Has this made me paranoid you say? Hell yes. Would you be if all this supposedly impossible stuff happened? Hell yes. Has this paranoia caused me to see things that weren't there and make up things that didn't happen? Hell NO. But that's the great part about the internet. You can say stuff you believe or know is true and not have to feel embarassed about it. Allowing you to say things you wouldn't dare say face to face with someone else for risk of looking like a fool. Then again people are less likely to believe what you say on the internet. So it's kind of a double edged sword you could say. Don't worry, this lunatic won't post again. Really appreciate the thoughts. Good Day.