Helllllllp... my system is locked up

Discussion in 'malware problems & news' started by LindaHewitt, May 22, 2003.

Thread Status:
Not open for further replies.
  1. LindaHewitt

    LindaHewitt Guest

    Help....

    I am not sure what is going on with one of my systems or what I need to do. This is a new desktop system, which I bought about 18 months ago with Win 2000, Panda Titanium and ZoneAlarm 3.x.

    Over the weekend, I encountered 7 HitBox tracking cookies. I used SpyBot to see if I had spyware on my system. As I said, it showed 7 tracking cookies and 2 registry changes for Microsoft Media Player.

    I had just downloaded the Media Player the day before, along with the other Windows updates. When a friend of mine brought it to my attention that I probably had tracking cookies on my system, I ran SpyBot, deleted the tracking cookies but left the registry changes. Then I shut down my system and unplugged the dialup modem.

    The next morning (Tuesday), I turned on the system, and discovered that it was in a coma. I could not get the system to respond to any of my actions including alt-ctl-del or shutting down the system. It would not respond to the power button either, so I unplugged.

    Today, Panda Platinum, which includes a firewall, notified me that the laptop was under a Denial of Service attack. The Panda firewall prevented any damage. This got me to thinking that my problem might not be with HitBox but it could be with the denial of service attack.

    I did a Windows Update on my systems and d/l Microsoft Media Player on both systems. Unfortunately, I had forgotten that my ZoneAlarm license had expired a couple of days earlier.

    Someone else suggested that I might have a trojan. Because I have always been prudent and very careful about my surfing and purchase habits on the internet, I have never been infected with a virus of any kind now have I ever had spyware on any of my systems. MailWasher is one of my favorite programs, which helps me determine what I want to have downloaded onto my computer.

    Needless to say, I don't have a clue as to where to start.

    Can any of you experts point me in the right direction.

    Thanks,

    Linda

    :rolleyes:
     
  2. xor

    xor Guest

    If it is a trojan, then proberly a SDBot / IRC Trojan then you may have such effects as you wrote.

    Did you make a online scan with other scanners ?
    For instance with PCCillin Housecall ?
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Hi Linda - Welcome to the forum!

    Okay, let's see what we've got here. First up, I want to be sure of the facts here... You have two systems involved here:

    A desktop system, which is now (still?) total unresponsive?? Can you describe this a little more. What happens when you power it up? Does it power up at all? Does it display the normal boot process into Windows? If it does boot, do you have any keyboard and/or mouse control? Do either or both of those work?

    For this system you have to be sure that all cables are tightly connected. Many systems won't take response from the keyboard if the keyboard gets unplugged at any point while windows is running. Response may not come back even if you plug the keyboard back in, while Windows is up. So, let us know the exact conditions on this.

    These spyware items are not serious enough to cause the type of problem you are having. Certainly there are viruses and trojans that could cause similar problems, but, you may actually have a hardware problem instead. The answers to the above questions will help us with that.

    With what you saw on the laptop, the "denial of service" attack... Since you said you have a dialup connection, it is not likely that the same intrusions that you saw on this laptop were also occurring the day before on the desktop. When you dial into an ISP you get a different IP address, so the scans you saw probably are not connected with what happened to the other PC.

    If you do have keyboard and mouse control on the desktop system, and if there is not another hardware problem which is keeping the system down, then I suggest trying a few different things. First, you can try booting into Safe Mode - when you power up, you hold the F8 key ealry during the boot until the system brings up either a boot menu, or drops you right into safe mode.

    In Safe Mode you can run a Scan Disk / Chkdsk to see if you have any disk or file system errors. If the disk is alright, but you can't do a regular boot, we can walk you through what to do next. It may involve virus/trojan scanning, or perhaps a review of the things loading at startup, perhaps showing some kind of infection.

    But, let's start with the current system state and move on from there. OK?
     
  4. Ph33r_

    Ph33r_ Guest

    You should never power-off the computer by unplugging it, Press & Hold Power-OFF button for like 10 seconds whenever something like that occurs and it should do the trick…

    Problem is the Quick Press-a-roo Power-OFF relies on the Software; Press & Hold Power-OFF button for like 10 seconds relies on the Hardware :)
     
  5. LindaHewitt

    LindaHewitt Registered Member

    Joined:
    May 22, 2003
    Posts:
    4
    :D

    I realize that unplugging the computer is not the right way, but I held down the power switch for more than 10 seconds and as I said alt-ctl-del would not respond.

    The HitBox is for a limited time period 1-3 days. My desktop was locked up yesterday but after I got all the input from this forum, I decided to try again before I responded.

    As soon as the system tray for finished loading, I loaded Panda AV, (I tried this yesterday and it locked up in mid-stream but today it worked), so I ran a full scan, which was clean. Next, I ran SpyBot, which also came back clean. Next, I connected to the internet and d/l email,....

    I have worked on the desktop for several hours this morning and all seems OK but I don't have the foggiest idea what caused the problem or what I did to fix it (assuming that it was something that I did).

    Yesterday, the only thing that worked on the system were the built in games such as free cell and solitaire.

    I am going to accept my good fortune, if that is what it is, but it is obvious that I may need some additional tools in my toolkit.

    Currently, I am using the following software to address the issue of malicious code and other activities:


    FireTrust MailWasher Pro v 3.x
    FireTrust Benign v 1.x
    ZoneAlarm 3.x
    Panda Titanium AV
    SpyBot

    I do not d/l anything, if I did not request it or it is from someone that I do not know. Benign is designed to strip out the malicious code, which may be embedded in graphics, html, etc. I am careful about which website that I visit and which websites that I purchase from online.

    This past weekend, I did W2K Windows update on both computers. Microsoft Video Player has a security hole, but I have downloaded the fix and plan to install that today. I also downloaded the software, so that tracking cookies cannot be put on my computers.

    Are there other programs, which I should be using to detect trojans, worms, etc., which are not on my list.

    I would welcome any suggestions as to which W2K files should be monitored by FileChecker.

    The Washington Post article was a real eye-opener. I also found it interesting that the privacy policies of most websites do not address the issues pertaining to spyware, etc.

    Thanks for all of your help from everyone on this forum. I really appreciate your assistance. This is going to become one of my regular stops.

    Ya'all are great.

    Cheers,

    Linda

    :cool:
     
  6. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I'm wondering if maybe w2k got something from Update that it choked on a little bit--maybe a driver, or funky patch or something that gave it "indigestion" and required a couple of reboots.

    Stranger things have happened...! :D
     
  7. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi LindaHewitt,

    perhaps you once stop by here:

    http://www.diamondcs.com.au/

    They have some very nice tools (some of them are even free) and I'm pretty sure that you'll find something which fits your needs. Other nice Spyware related applications are Ad-aware and Spywareblaster. Perhaps you have a look at them as well. ;)

    Best regards,

    Patrice
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Yes, I have to say that's what I'm thinking too Jim. Between a possible update problem and then having to power it down hard, a couple reboots might very well have helped to clear it.

    Linda -

    I still recommend running a Scandisk / Chkdsk if you haven't. A hard power down can leave some bad data blocks on the disk that would not be fixed by the malware scans you have run. (Or, perhaps an automated disk scan was done when you booted? Did you notice if that happened?)
     
Loading...
Thread Status:
Not open for further replies.