PDA

View Full Version : What is this machine infected with? Some kind of trojan / malware?



Chilling_Silence
09-08-2007, 08:33 AM
Hi all,

Basically my younger brother was searching for game cheats / trainers, and now the family PC appears to be infected with something.

When its turned on, ping times to ihug are approx 1500 -> 2500ms, 9 times outta 10 pages dont load (Local pages, like google.co.nz, ihug, pressf1 etc). As soon as its turned off though, suddenly my MSN / Jabber / ICQ re-connect, pages load immediately without an issue, ping times drop to <50ms.

So, they've got their emails for the morning, and now Ive rebooted the family PC into the Ubuntu 7.04 Live CD. They're gonna hafta use Webmail for a bit... ;)
But yeah, while its loaded from the Live CD the internet and everythings fine, so its definitely something thats in XP.

Anyways, AVG's on there, fully up-to-date, but Ive been 'out of it' for a while when it comes to malware removal. Spybot turned up only a couple of regular items.

So, what would be the best tools / apps to run on the family PC that'll check it out and let me know why its FUBAR'd?

Format is coming for them, maybe after BGLan this weekend, but I just want to find out why its broken for curiosity's sake :D

Cheers all


Chill.



BTW - Ive told him a game worth playing is a game worth NOT cheating on.. here's hoping he takes it to heart!

kjaada
09-08-2007, 08:46 AM
I am running PCLOS and have these same symptoms.I have posted on this forum about PF1 in particular but other pages are also affected.
eg.PF1 clk shortcut,maybe 30 sec just the busy thing on the cursor.Clk close then re press PF1 and walla up it comes straight away.The lag is usually while trying to connect to "inl adbureau".
This happens on other sites also but I had suspected most of them were in Akl.

jason_f90
09-08-2007, 09:06 AM
The apps listed in my signature should do the job nicely for you. :cool:

Renmoo
09-08-2007, 10:43 AM
Comodo BOClean might be the answer.

By the way, what is FUBAR?

Cheers :)

kjaada
09-08-2007, 10:44 AM
Yr barking up the wrong tree there mate:We are running linux and do not need those apps although I have a very good AV and a topnotch firewall.The problem is with the sites somehow.Chills is also talking about a linux Operating system.

Morgenmuffel
09-08-2007, 10:48 AM
.

By the way, what is FUBAR?

Cheers :)

James james james, wikipedia is at your finger tips (http://en.wikipedia.org/wiki/Fubar)

Note Foobar is different to Fubar

Morgenmuffel
09-08-2007, 11:27 AM
Yr barking up the wrong tree there mate:We are running linux and do not need those apps although I have a very good AV and a topnotch firewall.The problem is with the sites somehow.Chills is also talking about a linux Operating system.

Actually Chill is talking about his families windows XP machine which is having issues regarding the net BUT when he puts a linux live CD in the machine and boots into that there are no internet problems, So the utilities suggested should be fine for the Xp system

Erayd
09-08-2007, 11:31 AM
[edit: snap]

kjaada
09-08-2007, 11:39 AM
Point Taken:

pctek
09-08-2007, 12:40 PM
Basically my younger brother was searching for game cheats / trainers, and now the family PC appears to be infected with something.


Anyways, AVG's on there, fully up-to-date, but Ive been 'out of it' for a while when it comes to malware removal. Spybot turned up only a couple of regular items.

BTW - Ive told him a game worth playing is a game worth NOT cheating on.. here's hoping he takes it to heart!

Nah, he should just stick to actual cheats, the ones you type in, as opposed to trainers or such.
But www.gameburnworld.com is safe to look for that sort of thing - generally.

Spybot has been updated??? It should be, plus as you know always run more than one anti-spyware.

And Hijackthis of course as well.

Chilling_Silence
09-08-2007, 07:54 PM
Spybot updated - PC is WinXP Pro. As in first post, Linux is a temporary solution for them :)

And thing is, when the family PC is turned on, it affects ALL the rest of the PCs on the LAN.. Every single one, OS independant... This is regardless of anything running on the family PC, as long as its turned on, and XP is booted up (Sitting at the login screen even) it'll kill the 'net :(

Will have a look at those options

Cheers

beama
09-08-2007, 09:32 PM
chill
packet sniff that machine, (Im sure you know how :xmouth:) see if that gives you any clues.

other wise

try stinger and all the other anti spyware tools.
hijackthis and speedy is good combination as well

put the xp machines firewall back to defaults and see want alerts you get back ie what programs are try to access the net

Chilling_Silence
10-08-2007, 12:00 AM
Good point about packet sniffing, I'd honestly not thought of that! Wonder what'd turn up in a port-scan too!

I would be doing it right now, but I got home from a poker tournament and my father had formatted it. Bit gutted, but oh well.

Thanks for the tips guys... next time.. im sure it wont be long ;)

Myth
10-08-2007, 06:54 AM
You realise you still have to fix the first problem .. PEBKAC. Let us know how you get on with that one :)