Wolfire Games Forums

You might not see me around, depending. I've purged few virus files from my PC since the internet host told me my computer has been hijacked and was used for nefarious purposes. One of the deleted files was a rootkit, but I assume deleting the file will only help against the symptoms, not the actual thing, so...

I have a possible wipe/reinstall/changing all passwords thing waiting for me.

Sad times man! I'm sure I can speak for the entire forum when I say, we won't miss you, or even notice you've left! Such are the wonders of the internet.

Deleting the rootkit won't solve the problem at all. All of the infected files and/or directories have to be fixed first. The rootkit is just how your pc's security was compromised. That's the sign of n inexperienced hacker though (not deleting rootkits/IP logs from servers) so I wouldn't worry. I'm assuming that a RAT was installed, and those are hard to keep fully undetectable; especially for a newbie hacker. Your antivirus will probably update their database with it within a couple of weeks.


Can someone say random? This is my first post in a while =D

How is it that people get viruses on their PCs

I had a computer for 4 years without any type of active anti virus software installed and it stayed clean (well, except for things like tracking cookies) the entire time.

I guess you guys should get your porn and bootleg software from reputable sites ...

Assaultman67 wrote:How is it that people get viruses on their PCs

I had a computer for 4 years without any type of active anti virus software installed and it stayed clean (well, except for things like tracking cookies) the entire time.

I guess you guys should get your porn and bootleg software from reputable sites ...

Yay, school internet!

It's been very long for me too. I don't think I've had any virus my antivir software didn't instantly catch for 3-4 years. My advice? You should fix the leaking roof when it's still sunny, since it's too late once the trouble comes pouring in.

Also, for the record, if I got this virus last Sunday (my computer acted weirdly, shut parts of itself down, crashed, and I was forced to restart it), I was browsing the Wolfire forum, reading the Wolfire chat, and possible checking the posts of ill repute for disapproves. I didn't initialize any downloads on my own, but I remember at least two auto-updaters asking for updating permission. The rootkit I found from the Java update files.

I haven't heard the exact details yet, but I understand the type of malware I got gets to the computer through browser vulnerabilities with no downloads required.

What browser were you using?

Oh, it was a java-driveby. Those things suck. As soon as you give them permission to do anything you're screwed. It usually is because you're using Firefox or IE (the two most used browsers). Anyways, that sucks. Do you remember what was asking for updates?

Yeah, I've done a lot of research on malware. I'm doing a report on malware for my networking class =D

Sandurz wrote:Oh, it was a java-driveby. Those things suck. As soon as you give them permission to do anything you're screwed. It usually is because you're using Firefox or IE (the two most used browsers). Anyways, that sucks. Do you remember what was asking for updates?

Yeah, I've done a lot of research on malware. I'm doing a report on malware for my networking class =D

I usually use Opera, might I've used Firefox occassionally.

Java and DivX updaters were running. Avast! found a rootkit from the Java update file. Nothing from the DivX files. I've ran two full scans of my computer now, with no more viruses or malware found, but I've only used Avast!.

I've been thinking of getting an Ubuntu live cd and a linux antivir program, and checking for rootkits that way. Even if they can hide from the Window programs, the Linux checker might be able to find them.

However, I think I'll first run through some other tests or a MalwareBytes check or something similar. Perhaps run a Highjack This! test, but I can't make head or tales out of the log file so I'd need help in understanding what it tells.

My svchost.exe is listening on ports 9423, 9422, 9421 and 1670. It also has UDP out connections to two different IP addresses to their port 3478. One of those seems to be related to having installed Photoshop trial once (but why would the Akamai downloader still be around?).

MalwareBytes check found some registry values it identified as backdoor trojans or irc bots. I'm going to put it to full scan next and see what happens.

Backtrack is an excellent Linux LCD to use. It has everything you could want on it to help you with security in the future.

Sandurz wrote:Backtrack is an excellent Linux LCD to use. It has everything you could want on it to help you with security in the future.

It looks too complicated for me to use. I haven't used any Linux OS in a few years, and I don't know hacking terminology, and since my internet access has been disconnected I can't check it either. I'll just download a Rescue CD, which is a Linux Live CD with an antivirus software.

Woot! My internet is finally back! I got rid of the virus surprisingly easily with a rescue CD, but then my ISP was the subject of workers' strike, and then my modem (which I had reset to factory settings) had to be set up again.