similar to previous post--not same prob. Also long with weird probs.

Discussion in 'malware problems & news' started by taezo, Nov 21, 2005.

Thread Status:
Not open for further replies.
  1. taezo

    taezo Registered Member

    Nov 21, 2005
    These probs are similar to those of BairbreJ, whose tale can be seen at:

    Main difference: I installed a new HD, so it's not likely a hardware problem.
    After rereading my post I wonder if it's not a mobo problem.


    I'm a freelance editor and I had to download 300G of photos from the publisher's FTP site last wednesday. It took a few hours, and while I had MS Antispy, firewall, router firewall, and NAV 2006 running at the time, I think I picked up a rootkit worm (or trojan or whatever it is).

    It's not possible I got it from a music CD I played, nor from a cheesy website. No one else uses my computer and I am very careful. I make my living using it.

    Here's how my computer acted after the download:

    First thing I did after getting the photos was to try to get Picasa to detect them. Though there were in my compuer I could view them through MyComputer, Picasa could not find the folder.

    So I did some research and downloaded ACDsee (highly rated photo organizing software). It went fine and I started tagging and analyzing the photos.

    After several hours, the system slowed WAY down, so I scanned with MSAntispy, NAV, spybot, MS Malicious software tool, TrendMicro. Nada.

    I tried to run Registry First Aid, but it hung. I downloaded trial of Reg MEchanic. It fixed some common minor reg stuff.

    Then I decided to remove both Picasa and AcDsee. When I went to add/remove programs, the list wouldn't populate.

    So I went to search to see if I could find recently changed files. Search did not work.

    Event Log showed lots of disk errors, odd since I'd run HDHealth, chdsk, and defragged eariler in the week.

    Windows explorer kept shutting down.

    Dr.Watson shut down a few times.

    My wireless card adapters had to be reinstalled twice while searching for answers.

    Lots of gnashing of the teeth, many attempts to fix it (XP restore didn't work, nor did a repair install of windows, etc).

    Finally gave up and got a new HD, and I popped in my drive image recovery cd (NTI Backup Now Deluxe 4.0). Horrors. It didn't work! It was supposed to be able to start the computer and find the back up on external USB (not the old HD, fyi), then install it.

    After a few tries it did find the USB, but it couldn't install the image. It got halfway through and asked for another cd, which of course I didn't have--the thing was backed up on a usb drive. Then I got the error that it couldn't restore.

    So I reformatted, reinstalled and updated xp, installed most programs, updated drivers, etc.

    BTW, a month or more ago I had a notice from NAV that my system had been entered by hacker and that I should reformat. I ran a scan, read up on my router firewalls, and MS firewall and thought that wasn't possilble. I also use WEP with a long alphanurmeic PSK to secure my wireless network. NAV wanted me to reformat. I thought I'd watch and see. I completely for forgot about it until a half hour ago. Related? Remember it was at least a month later that the system started misbehaving--after hours of daily use.

    I installed lots of av and anti-spyware, ran all the internet checks, and nothing. I then copied some data from MyDocs on the old HD--after scanning the folder with two different anti-virus programs found it clean.

    After the first copy, the old HD seemed to hang in the second file, and I unplugged it, whereupon I got a ballon notice saying it couldn't write to _olddrive:/$ then something.

    An hour or so ago I restarted my computer (with the old drive still connected) and the computer ran chdsk automatically and found that there were a lot of sectors in F that were unreadable.

    I'm running all anti-spyware and av again--nothing so far. Rootkit revealer shows some discrepancies, but I'm not sure what to do with that info. They are in IE5 temp folders in my C:! I did this install today--with an XP SP2 cd and all updates immediately applied. This is a brand new properly updated install. Was IE5 ever even installed?

    I don't know what's going on, and now my system seems toasted. Again.

    I didn't even have the new install long enough to image it!

    Any ideas on what happened, and if I can fix it? Or am I in for another 12 hours of installation?

  2. beads

    beads Registered Member

    Jun 1, 2005
    How big of a new hard drive was the upgrade? It almost sounds like a controller problem, hence a bit closer than your mobo but that almost means nothing today as most controllers are directly on the mobo anyways.

    If its a rootkit you can try the following beta:

    If theres really something there this will find it. Otherwise, try using the old hard drive, provided its not been reformatted and should run as it did before upgrading.

    You've run most of the current AV progs but no luck there. Chances are you don't have a virus. Rootkit(s) are a possibility but you'll need to use an old fashioned IDS or PE to see if anyone else is on your computer, right? Well, try unplugging the PC from the 'Net and see if the performance increases at all. At the very least you'll know that no one else is "on" your computer as well.

    Let us know what you find! This one is interesting and I'd like to hear how everything comes out.

    - beads
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.