system hijacked. being used as proxy server. how fix?

[Mike Hollywood]

Hi,
I got an email from a friend whoes system, winxp home with a router, has
been compromised somehow and now, because his system is being used to send
spam, comcast has closed his outgoing mail service.
Virus scans, local and on line, found nothing.
Can anybody give me some insite on how to fix this? He was told, I don't
know by who, that the only way to fix it was to re-format the hard drive.
Can that be?
Also, could the problem be in the router?
Thanks,
Mike

 

[Guest]

Hi,
I got an email from a friend whoes system, winxp home with a router, has
been compromised somehow and now, because his system is being used to send
spam, comcast has closed his outgoing mail service.
Virus scans, local and on line, found nothing.
Can anybody give me some insite on how to fix this? He was told, I don't
know by who, that the only way to fix it was to re-format the hard drive.
Can that be?
Also, could the problem be in the router?
Thanks,
Mike

Firstly, either turn off the router, or disable the Internet in Control
Panel (Network Connections, I think). This should stop the system being used,
as the person in control can no longer access the computer throught the
Internet. TRy searching for spyware or malware, not viruses.

 

[Malke]

Hi,
I got an email from a friend whoes system, winxp home with a router,
has been compromised somehow and now, because his system is being used
to send spam, comcast has closed his outgoing mail service.
Virus scans, local and on line, found nothing.
Can anybody give me some insite on how to fix this? He was told, I
don't know by who, that the only way to fix it was to re-format the
hard drive. Can that be?
Also, could the problem be in the router?
Thanks,
Mike

Your friend can follow the malware removal steps here if s/he has access
to another, known-clean computer that was never connected to the
infected one:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

The infected machine must be taken off the Internet and any LAN
immediately. However, things must be really bad on that box if Comcast
cut him/her off. It might be a better course of action for your friend
to either take the machine to a professional computer repair shop (not
your local version of BigStoreUSA) or format the drive and start over.

Malke

 

[Mike Hollywood]

thanks for the replys.
looks like its more of a problem than I thought.
I guess the easies solution would be to just
format the drives and start new. No problem
with the tower because he bought a XP disk
and I'm sure they will let him activate it a
second time in a case like this.
The daughter's laptop is new, and it didn't
come with an XP disk so that one may pose
a problem.
Mike

 

[Malke]

thanks for the replys.
looks like its more of a problem than I thought.
I guess the easies solution would be to just
format the drives and start new. No problem
with the tower because he bought a XP disk
and I'm sure they will let him activate it a
second time in a case like this.
The daughter's laptop is new, and it didn't
come with an XP disk so that one may pose
a problem.
Mike

Yeah, wiping it is probably a good idea if it's that badly compromised.
Here are some sites that you can pass onto him to help him stay safe in
the future:

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get
Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP
Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.spywarewarrior.com/rogue_anti-spyware.htm - Eric Howes on
Rogue Antispyware Programs
http://www.microsoft.com/security/protect/default.asp - Protect Your PC
http://www.cert.org/homeusers/HomeComputerSecurity/ - Home Computer
Security

Naturally, he should not connect the newly-clean box to the Internet
until it has SP2 with the Windows Firewall and an av installed.

Malke