Trojan Zombie

  • Thread starter Thread starter B
  • Start date Start date
B

B

I'm trying to help a friend who has had her computer compromised by a
Trojan. Here is a portion of the correspondence sent to her by her ISP.

You are receiving this email as Cogeco's network security dept has received
reports of atypical email traffic from your system that is indicative of
spam (unsolicited broadcast messages) being relayed through your system to
remote mail servers. It is most likely that your system has been
compromised with malware (i.e.: virus or Trojan) that is allowing a remote
entity to relay spam through your system.

If you are unable to contain and/or investigate this threat immediately we
request you temporarily disconnect your system from the internet until you
are able to further investigate. To prevent any possible interruption in
service we require a follow up email within 24 hours - what malware you
found, alternate reasons for this activity, what actions you are taking to
prevent further incidents, etc.

She uses a PC and a Laptop connected using a D-Link Wireless Router.

I've managed to scan the PC using Malwarebytes, and eliminated 3 viruses,
and followed up with a clean scan using AVG. However, the Laptop is a
different story. After booting it up, a number of apps opened and closed on
their own. After 10 minutes of this nonsense, the machine shutdown
completely, and could not be powered up at all. Can anyone think of any kind
of malware that could have caused any or all of the symptoms described
above, or any advice on further steps I need to take ?

WinXP SP2, and it's also important to note that the Wireless connection had
not been security-enabled.

Thanks in advance,

Brad
 
From: "B" <[email protected]>

| I'm trying to help a friend who has had her computer compromised by a
| Trojan. Here is a portion of the correspondence sent to her by her ISP.

| You are receiving this email as Cogeco's network security dept has received
| reports of atypical email traffic from your system that is indicative of
| spam (unsolicited broadcast messages) being relayed through your system to
| remote mail servers. It is most likely that your system has been
| compromised with malware (i.e.: virus or Trojan) that is allowing a remote
| entity to relay spam through your system.

| If you are unable to contain and/or investigate this threat immediately we
| request you temporarily disconnect your system from the internet until you
| are able to further investigate. To prevent any possible interruption in
| service we require a follow up email within 24 hours - what malware you
| found, alternate reasons for this activity, what actions you are taking to
| prevent further incidents, etc.

| She uses a PC and a Laptop connected using a D-Link Wireless Router.

| I've managed to scan the PC using Malwarebytes, and eliminated 3 viruses,
| and followed up with a clean scan using AVG. However, the Laptop is a
| different story. After booting it up, a number of apps opened and closed on
| their own. After 10 minutes of this nonsense, the machine shutdown
| completely, and could not be powered up at all. Can anyone think of any kind
| of malware that could have caused any or all of the symptoms described
| above, or any advice on further steps I need to take ?

| WinXP SP2, and it's also important to note that the Wireless connection had
| not been security-enabled.

| Thanks in advance,

If the Wireless was not secured and was not monitored then it could be compramised by a
wardriver and thus using her Cogeco for a spam campaign. Of course, you friend is
responsible.

If for the PC using Malwarebytes. You said it eliminated 3 viruses. It really doesn't
target viruses but what is needed to be known here is an excerpt of the log showing what
was found by MBAM.

As for the laptop, you said. "After booting it up, a number of apps opened and closed on
their own. After 10 minutes of this nonsense, the machine shutdown completely, and could
not be powered up at all. "

If the notebook is powering up then it probably isnet all malware related. Malware WANTS
the PC to be running such that its payload can do its required function. It is not in the
interest of the vast majority of Today's malicious actor's to not have the infected
platform running. Can you identify what those apps were that "...opened and closed on
their own" ?

As for WinXP SP2, it should have SP3 installed. It has been out for a LONG while now. I
wonder what else has not been updated and thus vulnerable. Plaese find out...
http://secunia.com/software_inspector
 
B said:
I'm trying to help a friend who has had her computer compromised by a
Trojan. Here is a portion of the correspondence sent to her by her
ISP.

You are receiving this email as Cogeco's network security dept has
received
reports of atypical email traffic from your system that is indicative
of
spam (unsolicited broadcast messages) being relayed through your
system to
remote mail servers. It is most likely that your system has been
compromised with malware (i.e.: virus or Trojan) that is allowing a
remote
entity to relay spam through your system.

If you are unable to contain and/or investigate this threat
immediately we
request you temporarily disconnect your system from the internet until
you
are able to further investigate. To prevent any possible interruption
in
service we require a follow up email within 24 hours - what malware
you
found, alternate reasons for this activity, what actions you are
taking to
prevent further incidents, etc.

She uses a PC and a Laptop connected using a D-Link Wireless Router.

I've managed to scan the PC using Malwarebytes, and eliminated 3
viruses, and followed up with a clean scan using AVG. However, the
Laptop is a different story. After booting it up, a number of apps
opened and closed on their own. After 10 minutes of this nonsense, the
machine shutdown completely, and could not be powered up at all. Can
anyone think of any kind of malware that could have caused any or all
of the symptoms described above, or any advice on further steps I need
to take ?

WinXP SP2, and it's also important to note that the Wireless
connection had not been security-enabled.
Click to expand...

Tell them what you have done.

There may be no way to tell whether the traffic was coming from her
computers or just from her unsecured wireless network access point.

BTW it is AVG that would address the unnamed "viruses" and MBAM the
unnamed other malware.

What were the malware names given by the antimalware and antivirus
programs? They should be in their repective logs.
 
FromTheRafters said:
Tell them what you have done.

There may be no way to tell whether the traffic was coming from her
computers or just from her unsecured wireless network access point.

BTW it is AVG that would address the unnamed "viruses" and MBAM the
unnamed other malware.

What were the malware names given by the antimalware and antivirus
programs? They should be in their repective logs.
Click to expand...

s <==== here's an 's' for "repective" above.
 
Am 08.05.2010 01:16, schrieb B:
After 10 minutes of this nonsense, the machine shutdown
completely, and could not be powered up at all.
Click to expand...

The latter seems to be a hardware issue. I am afraid that the laptop had
a short circuit somewhere, that first caused this strange behaviour
(keyboard sent irregular commands), until finally a fuse blew up.

If there is no means of powering the laptop up again, the only way to
save her data will be to remove the hard disk, and try if it can be read
from an adapter.


Gabriele Neukam

(e-mail address removed)
 
Gabriele Neukam said:
The latter seems to be a hardware issue. I am afraid that the laptop had
a short circuit somewhere, that first caused this strange behaviour
(keyboard sent irregular commands), until finally a fuse blew up.
Click to expand...

I'm inclined to think that the malware was running the CPU at 100% for a long
time and the computer had blocked air holes (due to dust, pet hair, etc) and
overheated. If it won't come on at all then it's likely that the overheating
fried the mother board.

As a preventive measure, I recommend cleaning the dust out of computers
-- in a laptop this means blowing several times into the exit holes to
dislodge the dust -- usually it comes out in big puffs of dust.

In a desktop I recommend vacuuming out the air holes both on the back of the
unit and also internally around the CPU and the power supply fan.

If there is no means of powering the laptop up again, the only way to
save her data will be to remove the hard disk, and try if it can be read
from an adapter.
Click to expand...

Yes.
 
From: "David Kaye" <[email protected]>


| I'm inclined to think that the malware was running the CPU at 100% for a long
| time and the computer had blocked air holes (due to dust, pet hair, etc) and
| overheated. If it won't come on at all then it's likely that the overheating
| fried the mother board.

| As a preventive measure, I recommend cleaning the dust out of computers
| -- in a laptop this means blowing several times into the exit holes to
| dislodge the dust -- usually it comes out in big puffs of dust.

| In a desktop I recommend vacuuming out the air holes both on the back of the
| unit and also internally around the CPU and the power supply fan.


| Yes.


If it was a notebook that had dust choked cooling fins then it would possibly indicate a
thermal shutdown and be able to reboot once cool and cycle through that. Compressed air
is good for cleaning the cooling fins.

When cleaning a desktop chassis a vacuum cleaner wand and soft-bristle paint brush is
best. Use the paint brush to gently dislodge the dust and vacuum the dislodged material
using the vacuum wand.
 
Gabriele Neukam<[email protected]> wrote:
Click to expand...

As a preventive measure, I recommend cleaning the dust out of computers
-- in a laptop this means blowing several times into the exit holes to
dislodge the dust -- usually it comes out in big puffs of dust.
Click to expand...
<SNIP>

I just replaced a keyboard on a new laptop this weekend (a bad "E") and
have done it in the past on various brands. I'd recommend removing the
keyboard and blowing out the insides. It's usually 2 screws and maybe a
couple of clips. You flip it out of the way, without disconnecting it,
and you can see the entire air path.

RB
 
(e-mail address removed) (David Kaye) wrote in
I'm inclined to think that the malware was running the CPU at 100% for
a long time and the computer had blocked air holes (due to dust, pet
hair, etc) and overheated. If it won't come on at all then it's
likely that the overheating fried the mother board.
As a preventive measure, I recommend cleaning the dust out of
computers -- in a laptop this means blowing several times into the
exit holes to dislodge the dust -- usually it comes out in big puffs
of dust.

In a desktop I recommend vacuuming out the air holes both on the back
of the unit and also internally around the CPU and the power supply
fan.



Yes.
Click to expand...

May have just blown the cpu instead of the mainboard.. not exactly sure
about the fuse... (I haven't seen an actual fuse in the laptop itself in
a very long time).. but otherwise, good advice!
 
David H. Lipman said:
If it was a notebook that had dust choked cooling fins then it would possibly
indicate a
thermal shutdown and be able to reboot once cool and cycle through that.
Compressed air
is good for cleaning the cooling fins.
Click to expand...

I recommend against using compressed air for a laptop because I feel the
pressure is too great and may bend the delicate fins on the fan. This is why
I recommend gently blowing into the air output holes, since it's far easier to
control one's breath than it is a cannister full of compressed air. A few
puffs can dislodge a lot of gunk.

When cleaning a desktop chassis a vacuum cleaner wand and soft-bristle paint
brush is
best. Use the paint brush to gently dislodge the dust and vacuum the dislodged
material
using the vacuum wand.
Click to expand...

I bought a cheap feather duster. I use it with just a touch of spray
furniture polish (just a light spray, to just give it enough oil to pick up
the dust. With this I can gently pull the plumes along various circuit
boards, around components, under the HD bay, etc., to pick up a *lot* of gunk
from inside the chassis. Then a rigorous shake of the duster will dislodge
the dust.
 
sfdavidkaye2 said:
I recommend against using compressed air for a laptop because I feel the
pressure is too great and may bend the delicate fins on the fan. This is why
I recommend gently blowing into the air output holes, since it's far easier to
control one's breath than it is a cannister full of compressed air. A few
puffs can dislodge a lot of gunk.
Click to expand...

The nice things about Air Compressors is that they can be set to any PSI
between 0 and 120 in most cases - a 30PSI setting is not going to harm
anything.

Using your own breath isn't going to do much and certainly has it's own
issues, spit/moisture....
 
From: "David Kaye" <[email protected]>


| I recommend against using compressed air for a laptop because I feel the
| pressure is too great and may bend the delicate fins on the fan. This is why
| I recommend gently blowing into the air output holes, since it's far easier to
| control one's breath than it is a cannister full of compressed air. A few
| puffs can dislodge a lot of gunk.


| I bought a cheap feather duster. I use it with just a touch of spray
| furniture polish (just a light spray, to just give it enough oil to pick up
| the dust. With this I can gently pull the plumes along various circuit
| boards, around components, under the HD bay, etc., to pick up a *lot* of gunk
| from inside the chassis. Then a rigorous shake of the duster will dislodge
| the dust.


The air pressure from a cannister of compressed air will not "bend the delicate fins on
the fan" (blades) or the fins of the heat sink.

I wouldn't use any "furniture polish" as you don't know what chemicals are used which may
cause corrosion of electronics.
 
Leythos said:
The nice things about Air Compressors is that they can be set to any PSI
between 0 and 120 in most cases - a 30PSI setting is not going to harm
anything.
Click to expand...

Most people are not going to be lugging an air compressor around; and why
should they when a simple lips to the out-hole and a few puffs will dislodge
the dust?

Using your own breath isn't going to do much and certainly has it's own
issues, spit/moisture....
Click to expand...

I have done this countless times and blown out a good deal of dust, so much so
that formerly hot running computers now run cool. You're operating from
theory; I'm operating from real life experience.

Yeah, it's not elegant, but a lot of repairs are not elegant. I learned this
from a car body shop when I noticed that people often fixed bumpers by
removing them and then jumping on them. Of course, never show the inelegant
fix to the customer...
 
David H. Lipman said:
The air pressure from a cannister of compressed air will not "bend the delicate
fins on the fan" (blades) or the fins of the heat sink.
Click to expand...

All I can say is that I'm operating from personal experience. I used a can of
compressed air and a couple puffs was enough to bend a fan blade so that it
woudn't even turn.

I wouldn't use any "furniture polish" as you don't know what chemicals are used
which may cause corrosion of electronics.
Click to expand...

Again, I'm saying to just LIGHTLY spritz the feather duster, NOT saturate it.
The idea is to give the dust something to hold onto. Some feather dusters
have enough oil on them naturally that this isn't necessary, but some don't
have enough natural oil to do so.

I'm talking from personal experience. The computer I'm using at this moment I
dusted in this manner about 2 years ago and everything is working fine. In
fact, SpeedFan shows that all 4 temperature sensors are operating cool -- 34,
48, 34, 33 degrees Celsius. The last time I looked inside, I didn't see
anything odd about any components, either.
 
From: "David Kaye" <[email protected]>


| All I can say is that I'm operating from personal experience. I used a can of
| compressed air and a couple puffs was enough to bend a fan blade so that it
| woudn't even turn.


| Again, I'm saying to just LIGHTLY spritz the feather duster, NOT saturate it.
| The idea is to give the dust something to hold onto. Some feather dusters
| have enough oil on them naturally that this isn't necessary, but some don't
| have enough natural oil to do so.

| I'm talking from personal experience. The computer I'm using at this moment I
| dusted in this manner about 2 years ago and everything is working fine. In
| fact, SpeedFan shows that all 4 temperature sensors are operating cool -- 34,
| 48, 34, 33 degrees Celsius. The last time I looked inside, I didn't see
| anything odd about any components, either.



I am a certified Toshiba NB technician.

Even a spritz of "furniture polish" is too much. It is the wrong solution for
electronics.

For a blade of a fan to be impacted by air pressure from cannister of compressed air the
blades would have to be of pie tin grade aluminum. There just isn't that mch force.
 
sfdavidkaye2 said:
I have done this countless times and blown out a good deal of dust, so much so
that formerly hot running computers now run cool. You're operating from
theory; I'm operating from real life experience.
Click to expand...

David, I've been doing this for 30 years and have a LOT of experience in
not just computers but other devices that have heat-sinks as well as
many forms of cooling.

Try and learn from us, you're showing your not all you claim and your
arrogance will limit your growth.
 
sfdavidkaye2 said:
All I can say is that I'm operating from personal experience. I used a can of
compressed air and a couple puffs was enough to bend a fan blade so that it
woudn't even turn.
Click to expand...

If the air from a poof-can was enough to damage a computer case, heat
sink, video card, etc.. cooling fan the fan should not have been used to
start with. In 30 years I've not seen a single fan, heat-sink, etc...
damaged from the standard store bought poof-cans, even using the little
wand that comes with them.
Again, I'm saying to just LIGHTLY spritz the feather duster, NOT saturate it.
The idea is to give the dust something to hold onto. Some feather dusters
have enough oil on them naturally that this isn't necessary, but some don't
have enough natural oil to do so.
Click to expand...

Oil will transfer to the fan causing it to collect MORE dust more
quickly, and I say this from 30 years of experience.

Why do you think that the Navy uses a light sprits of OIL on the metal
filters in duct-work on ships - because IT ATTRACTS DUST.
I'm talking from personal experience. The computer I'm using at this moment I
dusted in this manner about 2 years ago and everything is working fine. In
fact, SpeedFan shows that all 4 temperature sensors are operating cool -- 34,
48, 34, 33 degrees Celsius. The last time I looked inside, I didn't see
anything odd about any components, either.
Click to expand...

It would appear that many of us have 20+ years your experience.
 
David Kaye said:
Most people are not going to be lugging an air compressor around; and
why
should they when a simple lips to the out-hole and a few puffs will
dislodge
the dust?



I have done this countless times and blown out a good deal of dust, so
much so
that formerly hot running computers now run cool. You're operating
from
theory; I'm operating from real life experience.

Yeah, it's not elegant, but a lot of repairs are not elegant. I
learned this
from a car body shop when I noticed that people often fixed bumpers by
removing them and then jumping on them. Of course, never show the
inelegant
fix to the customer...
Click to expand...

Professionally, I always used the can of air method - haven't you guys
ever used that old standby?

(spit shines and air compressors - sheesh <rolls eyes>)
 
Hello, David!

You wrote on Sun, 9 May 2010 12:07:40 -0400:

|> I bought a cheap feather duster. I use it with just a touch of spray
|> furniture polish (just a light spray, to just give it enough oil to pick
|
| I wouldn't use any "furniture polish" as you don't know what chemicals
| are used which may cause corrosion of electronics.
|
Furniture polish?
Egads.....
 
In your 30 years experience you could not learn how to blow air out of your
mouth without spitting?


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
 
Back
Top