Solved

Virus, Trojan, Worm? Must Hard Drive be Reformatted? A Puzzle For You!!!

Posted on 2003-10-21
6
533 Views
Last Modified: 2013-12-04
WinXP Home, Dell 8300, DialUpATT, ZoneAlrmv3.7.202, VisualZone, Norton SystemWorks, NAV2003 w/current updates, Sysbot S-D, NO CHAT, MUCH
Internet Website Hopping on seedy locations.  1st:ZoneAlarm mssg "I am
infected w/known malicious program-don't allow it internet Access. (COM Surrogate-DLL Host.exe is a known malicious prgm also known as Nachi or Welchia. My NAV full sys scans never detected this. Ran 2 removers from Symantec site: WBlaster.D & Nachi, nothing found, ran safe mode & regular.
2nd.Noticed many SRVHOST.exe in TaskMgr-Process List. GenerincHost Process for Win 32 were present (2 of them)seen on top of ZoneAlarm & if these were not given access to net via InterExplorer 6.2600 no internet contact possible. One of these always was monitoring Ports b/n # 3400 to 3599. These were always like this. I restrict all on ZoneAlarm, only IExplr6 is direct to the internet as Server. The Spooler SubSystem, Generic Host 32,
LiveUpdate, & Spybot Search-Destroy. ALL WAS OK FOR A WHILE...NEXT
came a delay upon clicking the Desktop Icon, any Icon... I click & no response whatsoever, until apx. 2 minutes pass & then all of those prior clicks appear @ once...(Dozens)...then if I shut all but one, I could use syst.
Next it became worse such that it isn't possible to use computer. I manage to get on w/comp but barely. I have all the Windows Updates installed, run the AV always & keep it current, Sysbot SD daily, no Chatting ever. Today I changed the Icon on a desktop Shortcut via its Properties access and after doing this a new problem began...a rectangular 3" X 4" box kept flashing on & off, it said..."File Download" w/a green bar across center, a globe icon upper left & folder icon upper right. When this flashed on every 1 seond it
would take control of the desktop menu. The Task Manager showed 1 to 2 flashing rectangles & said only "File Download" this went on for 1/2 hr & unit was never online during this. Manual Power Reset & then OK, until I clicked that same desktop short cut, it began again. I deleted the Icon & it continued, until Recycle bin was emptied. I had been told by Dell Tech that maybe too many startup items, msconfig to uncheck most...same prblm w/
delayed icon activation. After this came the flashing FileDownload & we
went into service.msc changes the three "what to do if system fails" to do nothing, also changed something else in there...same problem w/Icons on Desktop & start menu....we used systemrestore in sys tools to reset system to Oct. 14...one week back...the oldest date available. It still does same delayd activation of Icons.  I am hoping I can resolve this unknown prblm w/o wiping my hard drive and reinstalling. I am holding off on a major software install (3Gig & 2 complex search engines. NO ONE KNOWS WHAT
THE CAUSE IS OR HOW TO RESOLVE THIS. THE ORIGINAL EXE FILES THAT WERE FLAGGED AS MALICIOUS, ETC ARE ALSO WINDOWS SYSTEM 32 FILES...WHAT SHOULD BE IN THE PROCESS LIST TO OPERATE SYSTEM?
PLEASE READ THIS CAREFULLY AND SEE IF YOU CAN PUT YOUR FINGER
ON THE ACTUAL PROBLEM.  I am also concerned that the problem might be from a bit of infested data...jpg, gif, doc, txt, ??? Help????Thanks much!!!! Be advised-tonight I ran another Virus Scan at www.housecall.antivirus.com & this came out clean.
0
Comment
Question by:nikkorrook
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
ahmedbahgat earned 63 total points
ID: 9597073
ok it is a long story and it will take longer to troubleshoot, the best and shortest answer will be backing up your files, formatting the HD, reinstall windows and all software and its updates, restore your files, I do this without any hesitation when any OS I use start to show weired stuff

cheers

0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 62 total points
ID: 9599320
I like that answer.   before trying to sort all that out, think of this: Go offnet, Erase all HD, install OS, Install ZoneAlarm, Install all upgrades to OS and patch all the holes. Install applications like Office, and patch all of them. You didn't forget the IE and IRC patches, right? Now if that was done, what are we left with?  OK, add SAV with updated pattern to ready to detect new malwares.

> Be advised-tonight I ran another Virus Scan at www.housecall.antivirus.com & this came out clean.

Why? Oh, I guess that may help if some malware trashed the local AV files. But if you want webscan, why not run Symantec's? (except that it does not manage IE windows well):

http://www.symantec.com/siteindex.html

Run the online security check on the right hand side of that link

Your comment is quite a runon, you're competing well with me with that. The answer to what happened, is, I think, that you failed to maintain your upgrades to MS wares such as IE and OS.  You probably got hit by at least one if not two malwares, one that trips up you A/V detect, so you'd have to reinstall that, and reinstall ZA, but not until the beast is DOA. You probably got another that exploited IE to maladjust your DNS.  One of the latest also hooked google's engine. Can you use browser to go to google? If not, this is most likely qhosts. Here's the tool for that very popular one:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html

0
 
LVL 24

Expert Comment

by:SunBow
ID: 9599348
>  & then all of those prior clicks appear @ once...(Dozens)...then if I shut all but one, I could use syst.

do you think you may have a neighbour who is interested in hacking your system via key trackin and remote control?  Guess what, a lot of them programs are so junky that they don't work and the intruder is caught.  You have to accept that you'll be outted before you should try any of that.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9600350
Hard drives do not have to be reformatted, but it is a good practice. I agree with the comments the others have made above.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question