Please help me get my PC back

Discussion in 'other security issues & news' started by Bradf, Aug 17, 2004.

Thread Status:
Not open for further replies.
  1. Bradf

    Bradf Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    2
    Hello,

    I have had to put in a new hard drive and re-load XP pro. The problem I have now is that when I went on-line to get the XP updates, I've been hit with viruses and trojans. I've removed Sasser, bugbear and blaster, but still have a keylogger that I know of. I still haven't been able to stay online long enough to d/l all updates yet.

    My biggest problem is that now when I select Shutdown or restart from the start menu, I get no response. I also notice that when I select either shutdown or restart I lose access to some programs including outpost firewall and also anti-virus program. Then when i try to restart the program, i get a message saying that I have used "fast switch" to change to another user.
    I only have my user profile and a guest profile (which is turned off). I have also turned off the fast switch function, but I still get switched.

    Any assistance would greatly help me and my stress levels.

    Regards,
    Brad
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  4. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Do you have access to any other functioning PC that you can use to download a software firewall like ZoneAlarm, Outpost, Sygate, Look 'n Stop, etc.? I would just wipe my harddrive and start over, this time installing ZA or one of the others via "sneaker-net" prior to plugging into my DSL/cablemodem/whatever and going to Windows Update. That should give you enough breathing room to go directly to WU and get your patches.

    Thankfully, I have a hardware firewall for just this sort of problem. An unwashed internet connection is pretty nasty these days. :eek:

    By the way, anyone know what RAT or worm variant is listening on TCP 5969? I have been getting TONS of stuff thrown at that port for some time now and I haven't really come across anything in particular about that port (although I haven't looked that hard for info).
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Alec,

    Please feel free to start a new thread in the appropriate forum regarding your question about ports so as not to have this thread go off topic. ;)

    Regards,

    snap
     
  6. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    It appears from his post that he already has Outpost.
     
  7. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Err... my bad... you are quite correct. Nevermind! No seriously, though, that does raise the question of just how he got hit so hard so quickly even running a personal firewall. Perhaps he tried to install Outpost AFTER he noticed the worm/trojans and tried to add it during the clean-up process.

    snapdragin: Sorry about the question. I guess I was just thinking out loud.
     
  8. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Bradf, please tell us if you're able to thwart the shutdown timer. if yes then download the free MWAV utility from www.mwti.net its good for keyloggers. if no then tell us what service is causing this error. we'll provide a step-by-step process to tweak that service. in any case try pressing CTRL-ALT-DEL to bring up the task manager and try shutting down from there. or try this command from command-line to shut down "SHUTDOWN -s -t 01".
     
  9. Bradf

    Bradf Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    2
    Thanks for the feedback here. I did have Outlook running before I went on-line, but am now realising that it is re-installed as the original version without the last 12 months of updates.
    I had also tried to shutdown or restart via the task manager and that didn't work either. I'll try the shutdown commands as soon as I get home from work and training.
    I'm thinking Alec's suggestion of wiping everything and starting again could be the easiest option, as I haven't loaded much else onto the PC.
    I have been able to install a patch to remove and prevent re-occurence of the shutdown timer. I've been downloading stuff at work and using my Flash drive MP3 player to transfer the files home and stay off-line.
     
Loading...
Thread Status:
Not open for further replies.