Still Got Problems

[rowyn]

Lut's computer was being hacked, by some script kiddie, we guess. He found a file labeled "webdav.exe" planted on his machine, along with various other permissions being messed up, to prevent him from undoing the damage. We downloaded a patch from Microsoft that's supposed to fix the security hole that allowed it in. Lut used the command-prompt safemode to get the permissions he needed back, and thinks he's got his computer back under control.

But whatever this was, it's not apparently connected to the problems plaguing my computer. Mine doesn't have any of the signs of attack that his machine did. He doesn't think anyone's been after it; I'm not so sure. I noticed this morning I was getting a lot of harddrive activity when I wasn't doing anything. WHich went away after I unplugged the cablemodem and rebooted. But I still don't know. Maybe I'm just paranoid.

Upshot: I'm still basically unable to "talk" from home, and I'm not counting on my continued ability to use my machine to scan the net, either. I talked to Lut about possibly re-formatting my harddrive and reinstalling Windoze, but there's no guarantee that'll work, either, since we've no idea what the problem is. At least I've got all my email and writings backed up to CD, as of Sunday evening.

We'll see.

(Gosh, Linux sounds so attractive right now ....)

Comments

[kelloggs2066.livejournal.com]

Zone alarm is a pretty nice little firewall.

It's also free! :)

http://www.zonelabs.com/

[rowyn]

Lut's had problems with ZoneAlarm befoer. But he did decide to look at downloadable software firewalls, and we've got Kerio Personal Firewall running now. So far, so good, though I haven't tried posting any long entries or sending emails yet. Or even opening Outlook. I'm feeling all paranoid at the moment. :)

[tuftears.livejournal.com]

Hard drive activity would definitely make me suspicious. I use 'netstat -a' in the DOS command prompt to detect if there are any programs that are accessing the net when they shouldn't be.

My suggestion would be to copy off all the data files (only, not any of the programs) and reformat the hard drive, then install Win2000 Pro fresh, then download all the latest patches before reinstalling programs and copying your data back in. Odds sound rather good that it's a worm of some kind.

[gen.livejournal.com]

I don't know if Scott's chimed up here yet, but we tried Linux for a bit and it wasn't all it was cracked up to be.

My suggestions would be along the lines of attempting to uninstall and reinstall your ethernet drivers, or just trying a new card.

[shockwave77598.livejournal.com]

I'll second Scott's recommendation of ZoneAlarm. But I'll add that you should never, ever try to remove it or it'll royally mess up your TCP stack.

I'm highly suspicious that the disk activity stopped when you unplugged the modem. There is a worm going around that let's people host porn sites on unsuspecting people. It's possible you have such a worm in your computer. And though ZoneAlarm will keep that program from reaching the internet it sounds to me that the worm is what's crashing your machine and it will continue to do so until you remove it with Norton Antivirus or similar GOOD virus killer. You might also try Spybot Search and Destroy.

[jordangreywolf.livejournal.com]

Let me add another recommendation for ZoneAlarm. It's helped to catch a lot of troublesome Trojans, such as Gator. I also make use of AdAware. Kagetsume was able to provide me with a link to some freeware that did a nice job of cleaning some especially troublesome "adware" programs off of my system as well.

[krud42.livejournal.com]

Remember: Just because you're paranoid, doesn't mean you're wrong. ';P