HELP ! My PC has been compromised !!

  • Thread starter Thread starter penang
  • Start date Start date
Nonsense.

Not really.
It depends entirely on the severity of the infestation.

Precisely. A severity you cannot determine without having a baseline.
I won't spend hours and hours on a troubled workstation, but if I can pretty easily
remove a not-very-invasive piece of malware or two, I simply do so.

And how exactly do you verify that the machine is now back in a
reliable state?
 
Straight Talk said:
Not really.


Precisely. A severity you cannot determine without having a baseline.


And how exactly do you verify that the machine is now back in a
reliable state?

Because it works and has no further symptoms when I run thorough scans.
That's generally good enough for a home user. Sorry, I'm bored now - done
with this thread. Have fun storming the castle.
 
Because it works and has no further symptoms when I run thorough scans.

This coming from someone bragging to be an MVP. Very sad.
That's generally good enough for a home user.

That's very good news for malware writers.
Sorry, I'm bored now - done
with this thread. Have fun storming the castle.

Oh, yes. Go back to sleep, MVP bragger.
 
Straight Talk said:
Not really.


Precisely. A severity you cannot determine without having a baseline.


And how exactly do you verify that the machine is now back in a
reliable state?

If you know what changes a malware made, you
can often reverse those changes and get the system
back to as reliable as it was before the malware hit.

Yes...it is that 'if' that is the bugger. Many malwares
allow communication outside the system so you no
longer know exactly what changes were made and
it is time to flatten and rebuild if you desire any sense
of confidence in its integrity.
 
If you know what changes a malware made, you
can often reverse those changes and get the system
back to as reliable as it was before the malware hit.

That's true. Which, as I said, requires a baseline and a thorough
understanding. Most users don't have that.
Yes...it is that 'if' that is the bugger. Many malwares
allow communication outside the system so you no
longer know exactly what changes were made and
it is time to flatten and rebuild if you desire any sense
of confidence in its integrity.

Yup.
 
Ok, you are victim of a internet worm, that seem to spread by mail.
a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like
"explroer.exe".
best would be making a hijackthis log and sending it to some people, known
to handle them (or here).
 
Delta said:
Ok, you are victim of a internet worm, that seem to spread by mail.
a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names
like "explroer.exe".
best would be making a hijackthis log and sending it to some people, known
to handle them (or here).

I assume that Delta meant "(NOT here)"

from a old post by Frank Saunders:

***************************************
First eliminate any scumware. See Dealing with Unwanted
Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm especially
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch


Note that AdAware and SpyBot S & D will each catch some
things the other won't. Also, each needs to be updated
with the program's update function before every use, even
when just downloaded. There's also a lot more to do than
just those two programs. CWShredder is also available
here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot,
HijackThis and CWShredder may be found on this page:
http://aumha.org/a/parasite.htm.


If nothing there helps, please post back to this thread.


********************************************
 
From: "Delta" <[email protected]>

| Ok, you are victim of a internet worm, that seem to spread by mail.
| a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like
| "explroer.exe".
| best would be making a hijackthis log and sending it to some people, known
| to handle them (or here).

No HJT logs posted in any Microsoft news group or posted to Usenet at large.
 
Back
Top