Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by eliminatebotnets

  1. When I got hit by it, there was an exploit out where your computer could get infected by simply getting tricked into looking at a Flash page. It could have happened that way or by downloading a file from a file sharing site that was packaged with malware. There are literally hundreds of ways for malicious files to secretly install on your computer. There was no AV running on my pc and I'll admit by router password was pretty weak, probably using WEP . Was broadcasting my wireless SSID with no encryption. I'd never been hacked before so I was an easy target. So my complete lack of security enabled this to happen but my point is if I had antivirus running, it would have alerted me that someone was trying to break in. You are right that once your hardware is effected, your antivirus does NOT help. It doesn't know what is happening because it cannot read what is happening at the BIOS level. So scans will come up clean because nothing is detected at the operating system level. This type of attack has apparently existed for years but because of it's undetectable nature, many people never know anything is wrong. The only sign of it's existence is random errors when trying to install/uninstall software. Especially programs from the internet as they are always modified. So while you may have to be targeted and the person must know your computer specs for this to happen, my point is it can happen. There's a "script kiddie" in every neighborhood scanning for unsecure computers, just looking to cause problems. You don't respect security until you get hit.
  2. I used your same approach in the past and have paid dearly for it. There are nasty rootkits/trojans out there that can attack the BIOS and Firmware despite what people tell you. Physical Access is NOT necessary IF the trojan is able to gain administrative rights to your pc. Then a hacker can view all your files/hardware settings and pick from any rouge file on the web to execute on your pc. Which can be done silently in the background with stealth. http://www.securityfocus.com/news/11372 Most good Anti-Virus programs will block/alert 99 percent of threats. Have to agree with Infiltrator that Kaspersky Internet Security is the best paid AV out there in my opinion. In addition to just having virus definitions, it also monitors all processes, memory, etc. and stop any suspicious activity before it executes. Yet it manages to use very little system resources. It's expensive at $80 but it is the most advanced AV in the world. Otherwise like others have said a free AV like AVG or Avast does a solid job and is much better than no protection. If I could secure my pc it would be Kaspersky, Comodo Firewall, and maybe a good spyware scanner. Haven't kept up on spyware scanners lately but Lavasoft Ad-Aware used to be a good one.
  3. Low risk? ;) I'm 29 and have never had an interest in hacking. So that was a pretty bad guess. There are programs/files in the past I shouldn't have downloaded. Guessing there may have been even careful users that have done the same. So one bad download deserves a lifetime of trouble? Obviously you couldn't have read much in the links because if you did you would know that NOTHING detects this. It runs before anything in some sort of virtual hardware. This whole experience in these forums has been a huge embarrassment, from you to the admin that runs it. Ignoring the things I say and then asking me why I don't just format my hard drive. Seriously. People like you just see me as a troll trying to get attention because my information conflicts with your obviously superior knowledge. I posted here to try to find help for a serious problem, when I couldn't find anything on google. Now that I have, there is hope to get some real information on this. Now there has been people here that actually tried to help and actually came up with some good suggestions. I'd like to thank them. If noone has anything else (meaningful) to add, I'm long gone. Only came back because I thought some might be interested by the info. Ignorance is underestimated.
  4. Ok.. it looks like I was wrong about this existing since 2003. According to this guy that is just as crazy as me, this "thing" has existed since 1997. :o Re: Researchers: Rootkits headed for BIOS 2006-11-19 hylas You are not going crazy, it's real. I concur with 99% of what you have written, it's the same thing, (I have Macs, System 7 - OS X 10.4.x) See my previous post above - I'm coming late to this thread. This has been around a long time, I first found it (fought it in '97). Most recently '05, I'm sure it's still on (all) my machines. Yes, it's cross-platform, with an insidiously wicked sense of humour, not to discount the seriousness of this thread and several of our predicaments (mine included), but that's how I'm able to identify it as the same (group?) as the attack in '97. I think it's a serious problem for (US-World) national security (unless, of corse it *is* "national security". "The trojan has controllers on the universal power supply." Which elevates it to "logic bomb" status, I've lost monitors, graphic cards. If you get too close it soft-power shutdowns your ass. (which is stunning). Complete control (IMHO). "... sometimes it lets you think that you are winning, only to find out after hours of hard work that it was a nasty joke played on you." Exactly. "Rules as we know them, are no longer are applied." I believe it places microcode on closed (previously burned) CDs, DVDs, etc. it tags everything, thats why you can't rid yourself of it. Hardware trumps root. No, you're not crazy. Question is, what are (we?) you going to do about it? I'm been trying to get attention about this for almost 10 years. hylas [ reply ] Link to this comment: http://www.securityfocus.com/comments/arti...372/34207#34207
  5. Well that is one persons perception, but there are others in the links provided at the bottom of the page that disagree... Personally after everything I've been through, I know this to be a COMPLETE LIE. Even if someone DID break into my old apartment without me knowing and installed this shit on my computer, the fact remains that the devestation it causes and how easily in can spread is F#$%ING SCARY. Another fact? Many people have this on their PC and have no idea it's there. Like I said you can give me the run around all you want about the Physical Access. But anyone that decides to target you with this can do anything to your pc and any device with an internet connection. End of Story. Look at the posts at the bottom going all with way back to 2003!! Think of how many machines this has spread too since that time. It's mind boggling how this has never been publicized.
  6. Ok, I don't care if I'm bringing this thread back from the dead. Also I don't care if you don't believe what is said in the below link. This is exactly the kind of crap I was trying to explain. http://subversionhack.livejournal.com/ Also try googling "BIOS level rootkits" or "SMM rootkits" for more info. Don't know how I was never able to find this before. This sounds like a complete joke but IT IS 100% NOT. The only reason I can think that this isn't more public is because you simply cannot believe it until it affects you. It displays the ignorance of society, that this shit has existed for years but nothing has been done about it??
  7. Wow. Didn't Win95 originally come with no USB support? I'm sure they made an update for it near the end of it's lifecycle. I remember USB support being a fairly new thing in Win98. Also since it hasnt been supported for several years, the malware exploits have to be scary if you use it on internet at all. Even with all the existing patches, your pc could get compromised in minutes. Himem.sys is an old standard DOS file. Should be able to find that anywhere. Like say... Google. But in all seriousness this was a funny post. Wether you were intentionally trying to be or not.
  8. Honestly, I thought maybe you weren't an ass. Calling me a troll and an idiot. You could of just said you don't know what the problem is and left it at that. You don't seem to understand the problem. I told you that whatever the hell this is, it DOESN'T COME OFF THE SYSTEM. Even replacing the HD. If someone has full access to my computer and has keyloggers installed, what the hell good is changing my mac going to do? He's going to see what I changed the MAC to and just change it to that. Is it that hard to understand? But I know you guys all say its impossible to get into the BIOS or Hardware and you guys know it all. I'll try changing my MAC as you suggested, but I'm giving it a 10% chance of working at best. If some admin of this site could please close this post. Obviously nothing constructive is going to come out of it at this point.
  9. I see what your saying about the differences between the ram and hard drive. Was just trying to make a weak analogy. ;)
  10. Well if you read about botnets/botmasters (http://www.symantec.com/norton/theme.jsp?themeid=botnet), they basically do have sort of a virtual physical access to your computer, if they can bypass your router or firewall. They can see all the files on your machine, change settings, flood your computer with data and redirect network traffic. While I'm not sure if they can actually get into your bios, they could change your boot settings in windows and then insert a boot sector virus on a failed boot and somehow infect the BIOS that way. When your computer is soft rebooted, the ram in not completely erased and some data/settings can carry over after a restart. Kind of like when you quick format a hard drive and it deletes the data but it's not really deleted. This actually happened to me. I restarted my pc, wanting to get into setup but I missed the setup screen and windows started to load. I didn't want to wait for windows to load, so I restarted before the boot could finish. What I didn't realize is that by doing that you corrupt the boot sector. So now when the system was restarted again, the boot sector was altered. Then when I looked in the BIOS settings, a couple of settings were different than before. In regards to the transferring a virus across a network: Yes, my phone and PDA must have been infected that way, as they were used to transfer data from my pc, when I didn't know a hacker was in my system. What doesnt make sense though, is how my PDA is able to be accessed remotely with my pc or internet not even turned on. Unless there is some way to silently connect to it with a dial up number without me authorizing it? I can see the network adapters he installed, but can't remove them. Weird. It is an old outdated version of mobile windows though. So I guess limited security.
  11. Well I've been a bit ticked off with people telling me that X is not possible and being written off like I don't know much about computers. On the same hand I can understand that if someone told me this stuff before I had witnessed it, I'd probably think they were a little paranoid too. Admittedly my knowledge on hacking and networking was very limited and still have allot to learn. Computers have basically been my life for the past 15 years. I'll admit that I've not had much experience with vista and many of the folders and network settings are very different than XP. All I was trying to do is come up with some concrete proof that something is not right with my pc. Problem is, just about all the files APPEAR to be fine, since just about all are legit files and services. The problem is HOW they are being used. It's impossible to really know what each process is doing under the hood, so pictures do nothing to help. I'm convinced the OS is compromised, yes. The thing is, I put in a brand new hard drive TWICE and it did nothing. Have same problems on both PCs. Laptop im using now has a OEM version of Vista 64-Bit Home Premium. My desktop has a Retail 32-Bit Home Basic version. The RAM and Hardware on both should be fine but both can be exploited. There has to be a process running at boot that loads a modified version of windows into ram. Then windows setup grabs that file from ram and loads it. When I try to look at the BCD bootfile it tells me its being used by another process. Which means its running in memory but when I look online it says you should be able to edit it. I'm in a Windows Shell of some sort. Forget the MITM attack. That allowed him on my PC but now he is ON the PC. He can load anything on any device I connect to it. Also, my PDA and Phone work they just not how they should. I'm getting a replacement phone BTW and im NOT going to get anywhere near my PC or use wifi this time and see if it works. We'll see. Exaggerated a bit when talking about my old Pocket PC. It's from 2002. Wifi did exist at the time but all it has in it is a network card. The manual only listed the ability to sync with a pc and to dial a connection. It is positively being controlled remotely. The windows i open can be closed, if he chooses he can open certain programs by himself. The screen can even be locked out, so pressing on it does nothing. Even showed a couple of people this in person and their only explanation was that "Well it is pretty old. When did you get that thing?". Seriously, how many old computer programs have you seen that automatically open and close programs? It is denial kicking in because they can't explain it. Could make a youtube video of it or something, if im allowed to upload it. One last thing: When I moved and got a dsl connection, I did not change any hardware because I'd just made a new pc months before. Wasn't about to drop another grand on another one. So that may have got rid of it for one computer but the rest still would of been screwed. Apologies for every post being long. Impossible to explain in short detail.
  12. All I know is that I've gone through 3 printers. 2 were brand new and stopped working at all a week after using them and the latest wont let me install the software. I've had countless programs on countless devices that have stopped working out of the blue. Usually shortly after the first installation. Errors popping up or programs being shutdown in the middle of thier execution. Reinstalls and reformats that make no difference. It even effected a really old PDA that had a prehistoric version of Pocket PC and did not mention wireless capabilities anywhere in the manual. My phone constantly drops calls in the middle of a conversation while im in a strong cell zone, just standing. Either I'm using the most faulty combination of software/hardware ever made or something is seriously #$*&ed up. And it isn't me. I'm infected with some criminal program that will not go away and it won't leave me alone. I could be ignorant and pretend it's all in my head and none of it has ever happened. Already tried that and every time I'm trying to run an app and it stops working im reminded of it. Just about everyone never believes anything until it happens to them. Ignorance is bliss. There are many supposedly "Expert" computer users that have never even heard of a BotNet or a Rootkit. They think hackers are made up by the media. Yet those same people will tell me I'm not informed. Has this made me paranoid you say? Hell yes. Would you be if all this supposedly impossible stuff happened? Hell yes. Has this paranoia caused me to see things that weren't there and make up things that didn't happen? Hell NO. But that's the great part about the internet. You can say stuff you believe or know is true and not have to feel embarassed about it. Allowing you to say things you wouldn't dare say face to face with someone else for risk of looking like a fool. Then again people are less likely to believe what you say on the internet. So it's kind of a double edged sword you could say. Don't worry, this lunatic won't post again. Really appreciate the thoughts. Good Day.
  13. Is data packets getting sent while you are on your lan, not connected to any computers or the internet, considered normal then? Don't see how you can explain this one. Should have mentioned this one right away, as it makes no logical sense. It's communicating wirelessly somehow, even though I have remote connections off and no wireless connection running. I'm talking about being connected DIRECTLY to the router, zero internet access, sitting on idle.
  14. NEVER go to Geek Squad. I actually tried them once unfortunately because I didn't know any good computer techs. My problem was a DNS poisoning attack. Had 3 different guys look at it and none of them had heard of it, let alone any knowledge about it. All they do is run thier software, which is basically just a big anti-virus program. Even after I showed them some of the websites that explained it, they just shrugged and said it "wasn't likely" that it could happen. Ended up wasting $300 on this laughable garbage. There are many people that would do the simple things Geek Squad do for free. Just have to find the right people. ;)
  15. Is it just Steam where you are basing your download speed? The only time I ever used steam was to play Half-Life 2 and Counter Strike several years ago. The speeds were awful at the time I used it. Maybe it's better now? I would try www.speedtest.net for a fairly accurate guage of your dl and upload speeds. Your lucky you probably weren't around during the 56K era. It was exciting just to see a connection of over 40K and a ping less than 300 back then. Not to mention the connection losses. ;)
  16. Then how do you tell what devices represent those addresses? I know the is your subnet, but what about the other ones? Sorry, im a newb when it comes to this.
  17. Is there any way to tell what device goes with the mac and ip or is that just given automatically through your isp?
  18. Well my bad on the tunnel adapters then. Everywhere I read it mentioned them being used in VPNs and I never remember them being used in XP. I guess the protocols have changed allot since. As for the DNS. I never specified it. For some reason it was already entered for me. I'll have to find out my isps dns servers. As for the ARP command line... I'm embarassed that i never knew it existed. Heres my info on that. Tell if this is normal or whether static or dynamic matters. I have no clue on those IPs, other than my router ip. I knew almost nothing about networking before I was attacked and now I know quite a bit more. There is still some paranoia about certain things, so sometimes I make assumptions.
  19. Here is some of my network info to help with the problem: Are tunnel adapters normally used on home connections? I don't use VPN or use any special connections. And here are my running processes: Is it really normal to see this many service hosts running with minimal software installed and a real basic network? Notice how one svchost.exe is taking up about 100 MB of ram. I will post more pictures later on the other stuff I find odd as well.
  20. So your saying their is a way to clear the cache but then since he knows the MAC, he could poison it again? I have noticed that i CANNOT reset the router to its factory firmware version. I remember when I used to hold down the reset button in the back for 30 seconds or so, it would flash red and take a while to reconnect and turn green. Well it never does that anymore. No matter how long i hold reset, the led just stays green and the firmware version stays the same for the router. Apparently when your poisoned it wont let your reset the ARP of the device. I'd be interested to know this command and see if it actually worked. I appreciate your help allot so far. Any ideas help allot in at least understanding what is happening even if there is not a true answer.
  21. It may be a legit file but it is in several folders throughout a hidden folder labeled "BOOT" on the root directory. Just about all the files on my system are legit files but are used with malicious intent. For example there is a process called Spoolsv.exe, which I know is a legit process for printers. But this proccess often pops up at random, reguardless of whether im using a printer or not. Lots of times taking up 50% of the processor. I can close the process or even disable it, but then of course i couldn't use a printer. Which my printers don't work anyway but thats another story. Under Services in Control Panel the process Spoolsv.exe is set to logon under Local System. With a box next to it that says: Allow service to interact with desktop is checked by default. Windows even recommends that you do not check the box because it could allow a malicious user to see what you are doing. If I try to disable processes many times it corrupts my windows installation. Thats by design so I dont mess with that stuff. I know people aren't going to understand but I won't give up trying to get rid of this fool.
  22. I didn't purchase a new router or modem. He can still use just the plain modem for an access point. I've moved since. I've been through 2 different connections and the same crap. I had cable and now I have dsl. The problem is he must have infected my computer with a boot sector virus as well. So even getting a new connection did not get rid of it. I'm telling you it's absolutely terrifying and i have hard time trying to wrap my head around it. Most other people, including my family only part believe me. They just think its a bad virus or something, but it's way to random to be a virus. It seems like some immature 16 year old crossing the line on having fun with it. Threre is all kinds of even crazier #$%t I haven't mentioned yet, but I want people to think i have some credibility before I say anymore. Although I doubt there is any. There is a hidden folder named "BOOT" on the root of my hard drive. It contains a bunch of obscure files. A bunch of them that contain the file bootmgr.exe.mui Most computers ive seen do not have this folder on it. Usually double extention files are not used on legit files. So it's certainly fishy. It is still there after a fresh reinstall.
  23. I've tried using no router at all. He can still modify programs and any pretty much anything else. My lan light blinks intermittently for both the ethernet and internet pretty much all the time. I know this happens ocassionally for ARP to talk to the network. But this happens frequently and you can tell major packets are being sent even when i have no programs open. I know it sounds like bs, but this a$$hole has been doing this for years and does not quit even when i ignore him for weeks. I can't tell you how maddening it is having a problem noone else seems to have. THough I also know that many people probably have this problem but do not notice it. Possible I never would have, had i not noticed a file on my hard drive. There are millions of compromised computers that people dont notice because the criminals want it that way. I happen to have some kind of criminal software on mine, except this guy is purely using it to annoy me and spy on everything. I know for a FACT, he is on my lan and actually part of my network(or his VPN). That is the only way he could have constant access to my pc.
  24. Is there a definate way to find out his ip?? Also my router itself is actually wired, with the option to broadcast wireless, I only see the option to block wireless, but not a blacklist section for wired ip requests. I've had the people test the connection and say its fine on their end. (Well duh, if its a Man-In-The-Middle attack, the attacker is basically invisible). So noone has been able to understand or help. Ive done the basic suggestions and obvious stuff. If it was as easy as blocking an IP address I would have done it long ago. But i've heard there are ways to spoof your IP and even MAC addresses, so the ARP is confused and doesn't know the difference. Trust me this is a really unusual attack. BTW I have WireShark. So I could send you a log if that would help any. P.S. You notice how there are all kinds of articles on how to prevent DNS or ARP Poisoning attacks but not ONE that mentions what to do if you are a victim?
  • Create New...