my computer is hacked and weird files found on my machine what do i do?

i have had problems for months and now i have lost controll of my machine ,
an inbound attack shows at my firewall, constently and latley i have had DNS poisening attacks,
i have been battling for more than a week to regin control of my own machine,
today i found files on my machine that i didnt put there,

can any one tell me what course of action i can take,
because i now have no control of my machine,

any help would be apriciated as this is quite worrying,

do i go to the police or will they not be interested?

i have tryed to regain controll but cant

please

xploder

You really need to be more explicit before anyone can help you. What files? What do you mean "regain control." What are the symptoms? The better the information you provide the better the help you will receive.

reply to post by XPLodER

Do you have a virus scanner installed?
Do you have windows firewall turned on?
Do you have the firewalling capabilities of your router turned on?
Do you have windows updates enabled?

Basically there are 2 scenarios. Boot from a so-called Live Anti-Virus CD and attempt to clean the virus/spyware from the machine or copy any wanted data to an external USB drive, reformat and start again with a fresh windows.

reply to post by XPLodER


Try this. IF you have a 32 bit Windows. (Does not work well in 64 bit Windows).

Download Combofix, from here:
www.bleepingcomputer.com...

Save it with another name. Like: zrreeppk.exe
That way bad viruses, and rootkits won't recognize it.

Then reboot the computer, and press F8 while starting up.
Start up in Safe Mode with Networking.

Run Combofix.

That will take care of most of these things.

If it is really bad, you might need to run Combofix 2 or 3 times.

Good luck..

Yeah, you haven't really given any information that helps..

I've seen some really persistent malware where even after removing everything I could find that could be potentially related, it managed to come back, or at least parts of it did.

My recommendation, if it's really that bad, is to back up and reinstall your OS.

Before you do this run Malwarebytes and tell us what it finds. There are many really persistent viruses where running and quarantining isn't enough. The virus can create processes that will re-create anything you've deleted that it needs to live. Often times you need to do some registry adjustments..

Because Windows computers under the control of the common user tend to end up with all sorts of crapware, spyware, etc on them after a period of time, when I see these systems I always recommend a full backup and reinstall.

If you've got some more info post it, but it sounds to me like you need to wipe.

First thing you should do: Unplug it from all networks immediately, for the sake of your own computer and for the sake of everyone else's (immediately after infection your host could be sending out 1000's of spam emails, uploading your personal files to a remote server or participating in a botnet).

Grab any files you need, photos, music etc. scan them from another computer (without opening them of course).

The best thing to do next is reformat your computer (reinstall the whole operating system to factory settings using your OEM installation disc). I say this, because, no matter what you do after getting an infection/malware on your computer, even if an anti-virus says "clean", you can never guarantee that your computer is clean as the host has been compromised. Many malware/adware will replace system files enabling it to hide from all kinds of anti-virus software as is with rootkits.

Never trust a computer if it's been compromised.

Do you take backups? If not, you should. The only thing you can do to be sure a computer is clean after an infection is to wipe the disks and start over.

cpu maxing out,
ram maxing out,
strange splash screen on start up

antivirus good,
op sys uptodate

strange files i did not have on my machine, did not put on my machine,
and when i tryed to delete them the macine wouldnt let me,

cheak all logs and found software fire wall recieving inbound covert channnel exploits at three per time spaced out by about 2-3 hours,

poisen DNS attacks many times over the last few months,

i cant make changes on my own machine,

i have delt to bots before but this is adapting way to fast, and is preventing me from fixing the machine,

instance,
boot from DVD=windows boot ,
machine repeatedly resets and yet will boot into c:windows fine with exception of strange splash screen,

when i watched the idle machine for 10 mins it reset and tryed to ask for admin password?

i reset and tryed to boot from CD/DVD and machine reset.

its like its figting me i swear this is really weird

xploder

Do you have your hard drives partitioned? If so just do a clean windows install to your windows drive problem solved, do a full scan of your drives though.

If not do a system restore to a previous safe time. Startup in safe mode and run whatever virus/registary scanner (Malwarebytes is a good free one) and hope for the best.

If you have a really nasty virus on your windows drive sometimes the only way to get rid is to do a clean install.

if you cant trust that the operating system hasnt been root kitted i'd backup any important data and then use dban to absolutely ensure that theres nothing hiding then reinstall os/anti virus and be more careful of where you browse and with what browser

ok i will wipe and reinstall freash as this seems to be the consensus,
so much for my expensive antivirus huh,

can i supply the logs to someone in law enforce ment?
i have previously tried to email my service provider,
to little help.

time for a more expensive firewall too,
i never had a machine so good at fighting back.

wish me luck i will be a while

xploder

reply to post by XPLodER

You shouldn't need an expensive firewall. Windows and your router/adsl/cable modem should provide that. Just make sure you have a virus scanner installed and receive windows updates. You never mentioned what version of windows you have (Tsk Tsk!) but XP, Vista and 7 all have it. Good luck with the reinstall. Hope you have your passwords all saved on paper somewhere (mail, websites, etc).

reply to post by XPLodER


Format Reinstall windows

Install Linux if your pro and baym No viruses or hacking attempts.

reply to post by XPLodER


Are there any errors appearing in System in your Windows Event Log?

A hard drive corruption could also be causing some of the issues you describe.

reply to post by XPLodER


Purchase a comprehensive security suite like CA Internet Security LINK

Before that, you'll want to download the FREE antivirus/spyware programs available like AVAST (link)

And AVG (Link)

Once you've downloaded the free tools, make sure to UPDATE the definition sets immediately.

After you've updated your definitions, SHUT DOWN your computer.
Next, Start your computer in SAFE MODE. How to get into Safe Mode

Once in Safe Mode, run full system scans with every single option available checked for maximum full effect.
This will take a VERY long time.
Run one full scan with Avast, and One full scan with AVG.

After that, before restarting your computer back to normal mode, you'll need to go to the registry.
To do this, clcik on your start menu button, usually located in the lower left hand corner of your screen, then in the blank RUN area, type in regedit.

this will open up the registry editor.
Once open, go to HKEY_LOCAL_MACHINE, then SOFTWARE, then Microsoft, then Windows, then CurrentVersion, then finally down to Run.

When you click on Run, off to the right hand side you'll probably see a number of different things listed.
For the sake of simplicity, I recommend deleting all of them if you're not tech savvy, and don't know enough to know what to keep and toss.
These are just preferences for programs to start up immediately when your computer starts, so, you're not deleting anything.
Lots of Malware likes to drop pointers in this spot, so, by wiping out everything, you prevent some nasty stuff that may not have been detected and removed by the free antivirus software from starting up.

Once done, restart your system, and once back up to regular mode, ensure you are disconnected from the internet, and RUN ANOTHER FULL SYSTEM VIRUS SCAN.

Running another scan checks to see if any nastiness was missed in an archived file somehwere when you scanned in SAFE MODE, but hase now hatched in regular mode.
If more nasty stuff is found, you'll have to go back to safe mode, and try manually digging around in Temp folders, to find the culprit while doing more scans in safe mode.

It helps to go check the registry again. If anything new has popped up in the RUN section, then, look at the file path, and track that sucker down.

G'Luck.

Most hacker-like activity on home PCs is the result of trojans, spyware, and other nasty stuff by getting rid of the nasty software, you essentially get rid of the 'hacker' activity.

There's other alternatives to cleaning your system up, like physically removing your harddrives, plugging them into another other computer via a USB enclosure, and scanning them that way from a clean system.
This is particularly effective for scanning your C: drive, where the OS lives.

Other alternatives involve booting to a CD OS, usually some flavor of Linux like Ubuntu, and solving the problem from an OS that's not going to get any bugs.

Another solution is to migrate over to using a Mac, or Switch to Linux on your PC.

I prefer using Windows myself, but, to each his/her own.


Edit: Seems Consensus pointed you to take the cheap way out. I'd have avoided the nonsense of wiping the machine, but, eh, that's what people that don't know what they're doing recommend every time.
Sad.

I really have no idea how people can get these things, in all my years ive never had a trojan or anything serious.

On that note, i recommend that you stop going on all those weird/dodgey websites.

reply to post by XPLodER


I got hit by some serious, and I mean SERIOUS software exploits back in December.

If you got hit by what I did... good frickin' luck.

I had to upload my HD into a server file to have it separated and run through a code search to clean all the crap out of the hidden windows files that got corrupted.

You need to run a DDS search on your computer and post the file logs on here for me to really help you. If not, run a GMER scan and give me the files it lists for me to see how bad it is.

I just got off of work and this was the first post I saw and responded to and now I can't remember if anyone has already told you to run ComboFix on your PC a few times.

I would love to offer more help, but without knowing what is on your PC, all I can give is generic info. Run the scans I mentioned and see what pops up and post me a list of what it finds, and I can help more from there.

Edit: David - 90% of all PCs have some form of virus in them and the owners just don't know. Norton AV even had to pay-off customers a few years ago because one of their products was loading backdoor exploits so that the AV would locate it and ask people to upgrade to the "Pro" version to remove it.

There's some scandalous ways virus' get on some PC's and it's not always porn sites. And actually my favorite porn site has never given me anything bad on my PC.

One place that a lot of malware comes from that people don't know is the Adverts that pop up on websites, and you don't even always have to click on the ad for the code to run in the background of a webpage.

Google was NOTORIOUS a few years ago for letting bad ads on websites that would infect other people's PCs.


Edit #2 - ComboFix is only best-used on a 32-bit Windows. If you have 64-bit it get's a little more complicated. Run a scan and get back to me.

You really havent explained what type of system you have so providing the correct advice is very hit and miss. Ive gathered its windows but what version of windows?

The best advice i can give short of a complete format and full reinstall is to use a boot disk to bypass your infected system and them attempt a repair from that. Its the only way to get round these trojans/virus progs that completely take over your system and prevent you from repairing them. I use Hirens boot disk disk which is a free download and can be run from a USB key or a cd/dvd disk.

Hirens boot disk will boot up with a separate temporary version of windows XP which you will be able to use without triggering the program that is infecting your system. It also comes with many anti-virus programs pre loaded.

I worked information systems for well over a decade, and not once, have I EVER absolutely HAD to format/wipe a system due to compromise.

For the sake of economy in time, I've wiped, but, if you want to take the time, and would rather not wipe your system, there really is not excuse or reason to wipe your system.

Wiping a system is unnecessary.

A couple of months ago, i had a problem,which was like fighting for my computer. Every morning i would open up my laptop - which is wifi- someone had attempted to type a password. In some instances, whoever tried also hit enter, with the access denied statement. I then attempted to change my password and the whole laptop went spastic, returning to the login screen. It then wouldn't let me back in.

Once returning home at the end of the day, i tried for a while to log in, ending up successful.

Now, i have no problems whatsoever. Does anyone know what this was?

Sorry to hijack your thread OP.

reply to post by PhoenixOD


x2 for Hiren's boot CD. Excellent tool.