Help me,my computer maybe at risk with some trojan.

Hi every one.
My pc have many problem that i feel there's trojans sheltering in
it.It usually shutdown my IE,disable me to use Process
Explorer,sometimes disable other,often security center notice
Kaspersky be disable while it look like alive and active normaly.
Kaspersky often report explorer.exe,svchost... "load new or modify"
other files and module,inject to other process, and it till report
intergrity violation,hidden object. I check some module that reported
by Kaspersky and see that the modified day is changed.I try setup
Commview to see the connection in and out but immediately the
connection disable too and when i enable the connection then my pc
shutdown imediately.(many things suspicious,not clear and no rules). I
did scan my pc with some anti-trojan but can't detect anything.Use
Kaspersky Online Scanner to scan fully computer and it say many files
infected,essential are log files,cookies and history files but nothing
clearly. I don't have anything important that others or hacker can use
but can not logon to the Internet in the normally make me very angry.I
think it may infected in the OS files system or it came from programs
CD-rom i installed but i don't know how to detect it,where it is and
how to discover it. Anyone can help me,show me the step to find it,i
want know it and bring it to light.
Hope will have some pro man come and help soon.Thanks very much!

Re: Help me,my computer maybe at risk with some trojan.

Olicaca wrote:

> Hi every one.
> My pc have many problem that i feel there's trojans sheltering in
> it.


Even if not, your abuse of MSIE as a webbrowser provides sufficient reason
for this assumption.

It usually shutdown my IE,disable me to use Process
> Explorer,sometimes disable other,often security center notice
> Kaspersky be disable while it look like alive and active normaly.
> Kaspersky often report explorer.exe,svchost... "load new or modify"
> other files and module,inject to other process, and it till report
> intergrity violation,hidden object. I check some module that reported
> by Kaspersky and see that the modified day is changed.


So, did you ever try uninstalling the Kaspersky stuff? After all, this is a
much more likely cause than a trojan horse.

> I did scan my pc with some anti-trojan but can't detect anything.

So after restoring the registry from the repair folder on the backup should
have already done the job.

> I don't have anything important that others or hacker can use

Hm... no bandwitdh at all?

> I think it may infected in the OS files system


Huh? Didn't you already state above that you ran a scan? That is, the scan
should have already validated all signatures of the OS files and/or compared
them to a known trusted base.

> or it came from programs

> CD-rom i installed but i don't know how to detect it,where it is and
> how to discover it. Anyone can help me,show me the step to find it,i
> want know it and bring it to light.


Well, why don't you do it like any serious person does? Create an image, do
a clean reinstall and analyze it later.

Re: Help me,my computer maybe at risk with some trojan.

On Apr 9, 9:57 pm, "Sebastian G." wrote:
> Olicaca wrote:
> > Hi every one.
> > My pc have many problem that i feel there's trojans sheltering in
> > it.
>
> Even if not, your abuse of MSIE as a webbrowser provides sufficient reason
> for this assumption.
>
> It usually shutdown my IE,disable me to use Process
>
> > Explorer,sometimes disable other,often security center notice
> > Kaspersky be disable while it look like alive and active normaly.
> > Kaspersky often report explorer.exe,svchost... "load new or modify"
> > other files and module,inject to other process, and it till report
> > intergrity violation,hidden object. I check some module that reported
> > by Kaspersky and see that the modified day is changed.
>
> So, did you ever try uninstalling the Kaspersky stuff? After all, this is a
> much more likely cause than a trojan horse.
>
> > I did scan my pc with some anti-trojan but can't detect anything.
>
> So after restoring the registry from the repair folder on the backup should
> have already done the job.
>
> > I don't have anything important that others or hacker can use
>
> Hm... no bandwitdh at all?
>
> > I think it may infected in the OS files system
>
> Huh? Didn't you already state above that you ran a scan? That is, the scan
> should have already validated all signatures of the OS files and/or compared
> them to a known trusted base.
>
> > or it came from programs
>
> > CD-rom i installed but i don't know how to detect it,where it is and
> > how to discover it. Anyone can help me,show me the step to find it,i
> > want know it and bring it to light.
>
> Well, why don't you do it like any serious person does? Create an image, do
> a clean reinstall and analyze it later.

You need to conduct a security assessment on your system. Try this
tool to enumerate and audit your system for vulnerabilities. It checks
trojans, viruses, malwares and spy ware as well.
http://www.download.com/Secure-Auditor/3000-2653-10826743.ht ml?part=dl-SecureAud&subj=uo&tag=button

Re: Help me,my computer maybe at risk with some trojan.

anatodd wrote:


>> Well, why don't you do it like any serious person does? Create an image, do
>> a clean reinstall and analyze it later.
>
> You need to conduct a security assessment on your system.


The system is already compromised, so it's well to late for that.

[Stupid spam snipped]

Re: Help me,my computer maybe at risk with some trojan.

First thing,i really amazed that see you on all my topic.(Xie xie ni a
-X-.)
Now go to the main topic.Why don't teach me how to check if a trojan
stay on ur computer instead of reasoning,argueing, about the reason of
bug on the PC..? You really think antivirus can check out all trojan
huh?Do you hear that if you have trojan on source setup than it quite
pass anti-shitwares check??I heard some story about the software war?
I'm acquainted with some friend and he declares that,if he write a
trojan then no antivirus can detect, because his is not destroy
anything and...And i believe him,anti virus just detect famous trojan
and things destroy internet ...Day after day,many trojan were born,and
how many programmer put noxious code into his software for the protect
the copyright purpose,do you know?I think it is being,not is the
joke.Virus and worm is easy to detect but trojan is not,specially it
is the economic war.(i dont have any company ya,haha)
Ok ,leave all waste thing ja.Come back with ur saying.All ur saying
not help me at all,i just see the big of ur knowlegde.You say
manything and about bandwidth but i need u teach how to detect
trojan,bandwidth is no problem. Could you help?Seemed you join in IT
very soon,and i see you from the 2000 ja,then you really be my brother
ja,so let teach me,will be grateful so much.Ah,if you want teach me
then please use English in the simple grammar,hornestly i'm idiotic in
English maybe and i must try so much to understand.It is real(coz my
country not use English and not join with the World soon).
------------------------------------------------------------ ----------------=
----------------------------------------
On Apr 9, 11:57=A0pm, "Sebastian G." wrote:
> Olicaca wrote:
> > Hi every one.
> > My pc have many problem that i feel there's trojans sheltering in
> > it.
>
> Even if not, your abuse of MSIE as a webbrowser provides sufficient reason=

> for this assumption.
>
> It usually shutdown my IE,disable me to use Process
>
> > Explorer,sometimes disable other,often security center notice
> > Kaspersky be disable while it look like alive and active normaly.
> > Kaspersky often report explorer.exe,svchost... "load new or modify"
> > other files and module,inject to other process, and it till report
> > intergrity violation,hidden object. I check some module that reported
> > by Kaspersky and see that the modified day is changed.
>
> So, did you ever try uninstalling the Kaspersky stuff? After all, this is =
a
> much more likely cause than a trojan horse.
>
> =A0> I did scan my pc with some anti-trojan but can't detect anything.
>
> So after restoring the registry from the repair folder on the backup shoul=
d
> have already done the job.
>
> =A0> I don't have anything important that others or hacker can use
>
> Hm... no bandwitdh at all?
>
> > I think it may infected in the OS files system
>
> Huh? Didn't you already state above that you ran a scan? That is, the scan=

> should have already validated all signatures of the OS files and/or compar=
ed
> them to a known trusted base.
>
> =A0> or it came from programs
>
> > CD-rom i installed but i don't know how to detect it,where it is and
> > how to discover it. Anyone can help me,show me the step to find it,i
> > want know it and bring it to light.
>
> Well, why don't you do it like any serious person does? Create an image, d=
o
> a clean reinstall and analyze it later.

Re: Help me,my computer maybe at risk with some trojan.

Olicaca wrote:

> Why don't teach me how to check if a trojan stay on ur computer instead of reasoning


Simply said, since I make sure there're no point to hook into, any malicious
software would have to appear as a separate process in the process list.
That's trivial to check.

> argueing, about the reason of bug on the PC..?

Well, that's the reason why I suggest to create an disk image of the
compromised system. Later on you may start analyzing what malware it is and
which security hole was exploited. It's pretty unlikely that it wasn't a
configuration or random problem, which is unlikely to occur again. You don't
have to the put the system online either.

> You really think antivirus can check out all trojan huh?

No. Analysis are normally conducted with serious tools.

> Do you hear that if you have trojan on source setup than it quite

> pass anti-shitwares check??


Well, that's pretty trivial.

> I'm acquainted with some friend and he declares that,if he write a
> trojan then no antivirus can detect, because his is not destroy
> anything and...


Well, although this is generally possible, the argument is bogus. The real
argument is that one can create malware that modifies itself in a way such
that no L0, L1 or L2 pattern signature could match it in every fashion, and
not even behaviour anaylsis would conclude anything.

> Virus and worm is easy to detect but trojan is not,specially it

> is the economic war.


They're only detectable by their defined behaviour, that is a virus does
modify other executables, and a worm modifies the behaviour of server processes.

> You say manything and about bandwidth but i need u teach how to detect

> trojan,bandwidth is no problem.


What I said is that bandwidth is a valueable resource that is definitely in
the interest of the attacker.

> Could you help?

How many more times do I have to ask you if you have flattened and rebuild
the system? Bring it back to a well-defined state first, since this is the
only reliable way to recover from a compromise.

> Ah,if you want teach me

> then please use English in the simple grammar,hornestly i'm idiotic in
> English maybe and i must try so much to understand.It is real(coz my
> country not use English and not join with the World soon).


"coz" is obviously not an English word.

Re: Help me,my computer maybe at risk with some trojan.

On Apr 10, 8:10=A0pm, "Sebastian G." wrote:
> Olicaca wrote:
> > Why don't teach me how to check if a trojan stay on ur computer instead =
of reasoning
>
> Simply said, since I make sure there're no point to hook into, any malicio=
us
> software would have to appear as a separate process in the process list.
> That's trivial to check.
>
> =A0> argueing, about the reason of bug on the PC..?
>
> Well, that's the reason why I suggest to create an disk image of the
> compromised system. Later on you may start analyzing what malware it is an=
d
> which security hole was exploited. It's pretty unlikely that it wasn't a
> configuration or random problem, which is unlikely to occur again. You don=
't
> have to the put the system online either.
>
> =A0> You really think antivirus can check out all trojan huh?
>
> No. Analysis are normally conducted with serious tools.
>
> =A0> Do you hear that if you have trojan on source setup than it quite
>
> > pass anti-shitwares check??
>
> Well, that's pretty trivial.
>
> > I'm acquainted with some friend and he declares that,if he write a
> > trojan then no antivirus can detect, because his is not destroy
> > anything and...
>
> Well, although this is generally possible, the argument is bogus. The real=

> argument is that one can create malware that modifies itself in a way such=

> that no L0, L1 or L2 pattern signature could match it in every fashion, an=
d
> not even behaviour anaylsis would conclude anything.
>
> =A0> Virus and worm is easy to detect but trojan is not,specially it
>
> > is the economic war.
>
> They're only detectable by their defined behaviour, that is a virus does
> modify other executables, and a worm modifies the behaviour of server proc=
esses.
>
> =A0> You say manything and about bandwidth but i need u teach how to detec=
t
>
> > trojan,bandwidth is no problem.
>
> What I said is that bandwidth is a valueable resource that is definitely i=
n
> the interest of the attacker.
>
> =A0> Could you help?
>
> How many more times do I have to ask you if you have flattened and rebuild=

> the system? Bring it back to a well-defined state first, since this is the=

> only reliable way to recover from a compromise.
>
> =A0> Ah,if you want teach me
>
> > then please use English in the simple grammar,hornestly i'm idiotic in
> > English maybe and i must try so much to understand.It is real(coz my
> > country not use English and not join with the World soon).
>
> "coz" is obviously not an English word.

------------------------------------------------------------ -
Ok,now we begin have the common voice.I reinstall OS and creat backup
image but nothing resolved.Because right here,most of us use
unofficial CD to install OS.I just want check my resource.So let help
me check hooked module and handle...,really i don't know how to check
it,and the open port too.I want get some files to send out to
analysis.If my CD is dirty then certainly i will buy one but first
must bring everything to light.Could u help?Ok,and notice that i'm a
home user,not a networking man,so i was wrong when didnt read the
"about this group".Maybe you not a security agent to treat malware :
((.Maybe i will go to bitdefenden forum better use google group.Bye
bye.
"Coz" =3D because and "brb"=3Dbe right back ja.I'm just using familiar
chatting English,not know formal language,forgive me.

Re: Help me,my computer maybe at risk with some trojan.

Olicaca wrote:


> Ok,now we begin have the common voice.I reinstall OS and creat backup
> image but nothing resolved.Because right here,most of us use
> unofficial CD to install OS.


Then you have a very serious problem. Without a trusted base, you're
essentially hosed.

> I just want check my resource.So let help
> me check hooked module and handle...


Maybe you should get familiar with the aspects of rootkits.

> and the open port too.


WTF? You don't even know how to handle the 'netstat' command?

> "Coz" = because and "brb"=be right back ja.I'm just using familiar
> chatting English,not know formal language,forgive me.


Which is considered inpolite, as it would be in any real-life discussion.

Re: Help me,my computer maybe at risk with some trojan.

Olicaca writes:

> ------------------------------------------------------------ -
> Ok,now we begin have the common voice.I reinstall OS and creat backup
> image but nothing resolved.Because right here,most of us use
> unofficial CD

Stolen software? I will not help you with that.

> to install OS.I just want check my resource.So let help me check
> hooked module and handle...,really i don't know how to check it,and
> the open port too.I want get some files to send out to analysis.If
> my CD is dirty then certainly i will buy one but first must bring
> everything to light.Could u help?Ok,and notice that i'm a home
> user,not a networking man,so i was wrong when didnt read the "about
> this group".Maybe you not a security agent to treat malware :
> ((.Maybe i will go to bitdefenden forum better use google group.Bye
> bye. "Coz" = because and "brb"=be right back ja.I'm just using
> familiar chatting English,not know formal language,forgive me.

Security is hard enough to explain to a native speaker of a language.
Your poor English makes the task nearly impossible I'm afraid.

Yes, by all means, go to a google group. Preferably in your native
language. And quit stealing American software, okay?

--
Todd H.
http://www.toddh.net/

Re: Help me,my computer maybe at risk with some trojan.

On Apr 10, 11:13=A0pm, comph...@toddh.net (Todd H.) wrote:
> Olicaca writes:
> > ------------------------------------------------------------ -
> > Ok,now we begin have the common voice.I reinstall OS and creat backup
> > image but nothing resolved.Because right here,most of us use
> > unofficial CD
>
> Stolen software? =A0 I will not help you with that.
>
> > to install OS.I just want check my resource.So let help me check
> > hooked module and handle...,really i don't know how to check it,and
> > the open port too.I want get some files to send out to analysis.If
> > my CD is dirty then certainly i will buy one but first must bring
> > everything to light.Could u help?Ok,and notice that i'm a home
> > user,not a networking man,so i was wrong when didnt read the "about
> > this group".Maybe you not a security agent to treat malware :
> > ((.Maybe i will go to bitdefenden forum better use google group.Bye
> > bye. =A0"Coz" =3D because and "brb"=3Dbe right back ja.I'm just using
> > familiar chatting English,not know formal language,forgive me.
>
> Security is hard enough to explain to a native speaker of a language.
> Your poor English makes the task nearly impossible I'm afraid.
>
> Yes, by all means, go to a google group. Preferably in your native
> language. =A0And quit stealing American software, okay?
>
> --
> Todd H.http://www.toddh.net/
Sorry Todd,i'm not stealing American software,most of us use computer
of Intel,Dell from USA,you really think that Intel,Dell,IBM,Compact
can sell their product to our country with out OS.We just the
student,and most of our family just have the incoming about 1500 USD/
year(parent+children...).I'm not stealing software,because i really
have not enought the aptitude to do that...,let think is lighter way
that American have a part in helping humen improve the
cilivization,and not all of humen turn the back on them,at least
Del,IBM,Intel and other get the large sum of money from selling
hardware.And not all person on world steal your software.Believe me,we
not use your software for the trading,we just home user,try to improve
our cilivization,all of trading company in my place,they must buy ur
product in the serious way.And belive me that,i commit to you that
when i have the better life,by improve my knowledge,have good job,i
will buy ur software in the straight way,because i know that just only
do that then i must have the surpport,the safe...No one give any one a
thing without ask a thing,we use unofficial product then we must pay
the penalty (for the hacker,etc...,do you understand).In the world,i
think no anything is absolute,don't think that we just receive from
you not pay you anything.Why don't think you grow up the civilization
will become grow up the needs in the future.Not at all of the world
use the unoficial software then it is ok,but if you want all of the
world use the official software then believe me,you will not sell any
things to the third world,as us.Dont be egoistic,we alway feel
grateful to you for the dedicating the world.I come for the
friendship,i dont have the behaviour to give lesson you and you not
too.If you teach me about IT then OK,the world be more
beautiful,contrary,the world till be the world,nothing else.(I did
think that American be richer because in the past,they did steal many
thing of many one and many country,but just the think,not important,we
are go on, and here,in Google group,i don't want we make the fire
again.If you not agree with me then maybe better i go,no thing and no
one for me ..
----------
I don't know "netstat",could i use any software instead of command
line?

Re: Help me,my computer maybe at risk with some trojan.

On Apr 10, 11:13=A0pm, comph...@toddh.net (Todd H.) wrote:
> Olicaca writes:
> > ------------------------------------------------------------ -
> > Ok,now we begin have the common voice.I reinstall OS and creat backup
> > image but nothing resolved.Because right here,most of us use
> > unofficial CD
>
> Stolen software? =A0 I will not help you with that.
>
> > to install OS.I just want check my resource.So let help me check
> > hooked module and handle...,really i don't know how to check it,and
> > the open port too.I want get some files to send out to analysis.If
> > my CD is dirty then certainly i will buy one but first must bring
> > everything to light.Could u help?Ok,and notice that i'm a home
> > user,not a networking man,so i was wrong when didnt read the "about
> > this group".Maybe you not a security agent to treat malware :
> > ((.Maybe i will go to bitdefenden forum better use google group.Bye
> > bye. =A0"Coz" =3D because and "brb"=3Dbe right back ja.I'm just using
> > familiar chatting English,not know formal language,forgive me.
>
> Security is hard enough to explain to a native speaker of a language.
> Your poor English makes the task nearly impossible I'm afraid.
>
> Yes, by all means, go to a google group. Preferably in your native
> language. =A0And quit stealing American software, okay?
>
> --
> Todd H.http://www.toddh.net/

Sorry Todd,i'm not stealing American software,most of us use computer
of Intel,Dell from USA,you really think that Intel,Dell,IBM,Compact
can sell their product to our country with out OS.We just the
student,and most of our family just have the incoming less than 2000
USD/year(parent+children...).I'm not stealing software,because i
really
have not enought the aptitude to do that...,let think is lighter way
that American have a part in helping humen improve the
cilivization,and not all of humen turn the back on them,at least
Del,IBM,Intel and other get the large sum of money from selling
hardware.And not all person on world steal your software.Believe
me,we
not use your software for the trading,we just home user,try to
improve
our cilivization,all of trading company in my place,they must buy ur
product in the serious way.And belive me that,i commit to you that
when i have the better life,by improve my knowledge,have good job,i
will buy ur software in the straight way,because i know that just
only
do that then i must be had the surpport,the safe...No one give any one
a
thing without ask a thing,we use unofficial product then we must pay
the penalty (for the hacker,etc...,do you understand).In the world,i
think no anything is absolute,don't think that we just receive from
you not pay you anything.Why don't think you grow up the civilization
will become grow up the needs in the future.Not at all of the world
use the unoficial software then it is ok,but if you want all of the
world use the official software then believe me,you will not sell any
things to the third world,as us.Dont be egoistic,we alway feel
grateful to you for the dedicating the world.I come for the
friendship,i dont have the behaviour to give lesson you and you not
too.If you teach me about IT then OK,the world be more
beautiful,contrary,the world till be the world,nothing else.(I did
think that American be richer because in the past,they did steal many
thing of many one and many country,but just the think,not
important,we
are go on, and here,in Google group,i don't want we make the fire
again.If you not agree with me then maybe better i go,no thing and no
one for me ..
----------
I don't know "netstat",could i use any software instead of command
line?

Re: Help me,my computer maybe at risk with some trojan.

Olicaca wrote in news:923df428-7814-4c42-80f5-
283f62338280@q1g2000prf.googlegroups.com:

.....
> again.If you not agree with me then maybe better i go,no thing and no
> one for me ..


Plenty of free software out there that you can use.
Try one of the flavors of Linux.
If you need to run windows software, install 'wine' on your Linux machine.

If you run your computer off of a CD, like KNOPPIX CD, then you are safe
from worms and viruses because the CD can not be corrupted by a worm or
virus.
If you get infected, you just reboot your computer and you are clean again.

Good luck in life.



--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Re: Help me,my computer maybe at risk with some trojan.

On Apr 11, 8:14=A0pm, bz wrote:
> Olicaca wrote in news:923df428-7814-4c42-80f5-
> 283f62338...@q1g2000prf.googlegroups.com:
>
> ....
>
> > again.If you not agree with me then maybe better i go,no thing and no
> > one for me ..
>
> Plenty of free software out there that you can use.
> Try one of the flavors of Linux.
> If you need to run windows software, install 'wine' on your Linux machine.=

>
> If you run your computer off of a CD, like KNOPPIX CD, then you are safe
> from worms and viruses because the CD can not be corrupted by a worm or
> virus.
> If you get infected, you just reboot your computer and you are clean again=
..
>
> Good luck in life.
>
> --
> bz =A0 =A0 =A0
>
> please pardon my infinite ignorance, the set-of-things-I-do-not-know is an=

> infinite set.
>
> bz+...@ch100-5.chem.lsu.edu =A0 remove ch100-5 to avoid spam trap

Thank you,you seemed to be a easygoing person.But forgive me (and
anyone same as me),your software really be beauty,then the worl use
all,and many one (who don't want be behind of the time then they) buy
the unoficial CD,if for the official CD,i'm afraid it must be 10,20
years after now,we then have money buy ur nowly CD (but at that
time,i'm sure that nowly CD old all,..),and in that way,i will never
have enought money buy gold product.Ok,leave the future,help us
improve the economic now then the future we will have money buy
yours.He he.I think the fault is in your abit,why you creat so good
and famous thing,and advertise it so large,then we know it???Hi
hi,hope that you feel be better.
Ok,leave it,thanks for your friendship but you will be able to change
my decision.I decide use thing (which other using) for study and when
be able make money ,i will be able buy everything.Never think that we
dont want have gold CD,we want much but now stop there (gold CD for
gold men and the worse for non-trading men)

Re: Help me,my computer maybe at risk with some trojan.

Olicaca wrote in news:fe02d421-6828-478b-b9e5-
a33d9e43b91c@y18g2000pre.googlegroups.com:

.....
> Thank you,you seemed to be a easygoing person.But forgive me (and
> anyone same as me),your software really be beauty,then the worl use
> all,and many one (who don't want be behind of the time then they) buy
> the unoficial CD,if for the official CD,i'm afraid it must be 10,20
> years after now,we then have money buy ur nowly CD (but at that
> time,i'm sure that nowly CD old all,..),and in that way,i will never
> have enought money buy gold product.Ok,leave the future,help us
> improve the economic now then the future we will have money buy
> yours.He he.I think the fault is in your abit,why you creat so good
> and famous thing,and advertise it so large,then we know it???Hi
> hi,hope that you feel be better.
> Ok,leave it,thanks for your friendship but you will be able to change
> my decision.I decide use thing (which other using) for study and when
> be able make money ,i will be able buy everything.Never think that we
> dont want have gold CD,we want much but now stop there (gold CD for
> gold men and the worse for non-trading men)
>

One of the best advantages of using the FREE _open_source_ software is that
YOU can study the code and even join in writing the code and fixing
problems with the software.

That way, YOU can REALLY learn about computers, from the ground up.

Once you have a 'bullet proof' system running, you can use a virtual
machine emulator program, virtualPC, available FREE from microsoft, WITH
operating system pre-installed and legal.

You can then do your testing on a LEGAL and bullet proof system.

Again, I wish you good luck.

I had some very good computer science grad students work for me, over the
years, some from your country, so I have no problem with where you live.
--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap