I have Bot's!

I have Bot's!

PostBy: bksaun On: Sun Dec 16, 2007 10:04 pm

My cable company shut down my modem until I called them,they said I have a bot? AND I need to re forrmat my hard drive! HOLY CRAP! I am not good with computers, they suggested I take it and have it done profesionally.

I wonder if our spam visitor did this to me the other day?

I have virus protection, with spam guard and addware prevention. The tech at insight told me right now there is no soft ware to prevent this. DAMN IT!

He said this bot is sending out 1900 e-mails a day! No wonder my computer is a little slow!

If anyone has any suggestions for me please reply.

Thanks

BK

P.S. This is worse than " Ass Mites" I can't even get to the sorce!
bksaun
 
Stoker Coal Boiler: Hybrid, Gentleman Janitor GJ-6RSU/ EFM 700
Hand Fed Coal Stove: Hitzer 503
Coal Size/Type: Pea Stoker/Bit, Pea or Nut Anthracite
Stove/Furnace Make: Hitzer/ EFM-Gentleman Janitor
Stove/Furnace Model: 503 Insert/ 700/GJ-62

Re: I have Bot's!

PostBy: Matthaus On: Sun Dec 16, 2007 10:25 pm

BK, sorry never ran into that and hope I never do. Maybe King Richard has a solution. Whatever you find out keep us posted, is kinda scary. :shock:
Matthaus
 
Stoker Coal Boiler: Leisure Line WL110 Dual Fuel
Hot Air Coal Stoker Stove: Leisure Line Lil' Heater (rental house)
Coal Size/Type: Rice and Buckwheat Anthracite

Re: I have Bot's!

PostBy: spc On: Sun Dec 16, 2007 10:32 pm

Try Windows Defender

http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en
This link is broken, either the page no longer exists or there is some other issue like a typo.

Also Google "remove bot" for info.
spc
 
Stove/Furnace Make: Leisure Line
Stove/Furnace Model: Pioneer


Re: I have Bot's!

PostBy: av8r On: Sun Dec 16, 2007 10:44 pm

Chances are very good you won't have to format....

Download Spybot S&D http://www.safer-networking.org/, install it, let it update and run it. When it's done, it will have a list of things it wants to kill. Kill them all. Reboot the machine and run it again. See if anything shows up again.

What you have is a program that was dropped on your machine that has made your machine a "zombie". Someone is controlling a "bot net" which is just a bunch of compromised machines and making them do their bidding, in your case, spamming people.

Once you have run spybot till it shows nothing left, run Windows Defender and see if it comes up with anything. I assume you have up to date antivirus? If so, run a complete system scan.

Let us know what you come up with and we'll go from there.
av8r
 
Hot Air Coal Stoker Furnace: Leisure Line Hearth with twin turbos (sounds like it)
Stove/Furnace Make: Leisure Line
Stove/Furnace Model: Hearth model with twin turbos

Re: I have Bot's!

PostBy: bksaun On: Sun Dec 16, 2007 10:48 pm

Downloading spy bot right now, work tomorrow,let you know something Tuesday.

Thanks
bksaun
 
Stoker Coal Boiler: Hybrid, Gentleman Janitor GJ-6RSU/ EFM 700
Hand Fed Coal Stove: Hitzer 503
Coal Size/Type: Pea Stoker/Bit, Pea or Nut Anthracite
Stove/Furnace Make: Hitzer/ EFM-Gentleman Janitor
Stove/Furnace Model: 503 Insert/ 700/GJ-62

Re: I have Bot's!

PostBy: av8r On: Sun Dec 16, 2007 11:14 pm

bksaun wrote:Downloading spy bot right now, work tomorrow,let you know something Tuesday.

Thanks

If you know how to boot into "safe mode", do that before you run the scans. To boot into safe mode, power the machine off, turn it back on and start pressing the F8 key until you see a menu asking you if you want to boot into safe mode. Once the scans are run, boot back into real mode.
av8r
 
Hot Air Coal Stoker Furnace: Leisure Line Hearth with twin turbos (sounds like it)
Stove/Furnace Make: Leisure Line
Stove/Furnace Model: Hearth model with twin turbos

Re: I have Bot's!

PostBy: Richard S. On: Mon Dec 17, 2007 2:27 am

bksaun wrote:I wonder if our spam visitor did this to me the other day?


I'm not going to say that's impossible but only because nothing is impossible where user generated content and web server is concerned. However the software this forum is run on has gone through an extensive independent security and my server has been hardened against attacks by people that know what they are doing (aka not me). There's many security precautions I have taken myself as well. Besides if there was a problem at least someone else would say the site is setting bells and whistles off especially on my own machine because mine is like fort knox.

You most likely picked it up installing something, through an email, exploit in program you are running etc. Do you have kids? That is most likely the source.

What type of security software are you running now and do you keep windows up to date?

You must keep your windows installation and other programs (acrobat, email client) that access the internet up to date. As an example there was an exploit in XP a few years ago that if you were not updated for could cause your machine to be infected simply by connecting to the internet.

You should be running a daily scan using a reliable daily updated anti-virus program. For that i would recommend AVG which is free. Note you should only be running one anti-virus program: http://free.avg.com/us-en/homepage

As suggested try Spybot S&D, once you've ran that use Ad-aware http://www.lavasoftusa.com/ Both are good programs, sometimes one will pick up what the other doesn't

-----------------------------

Probably the most important thing overlooked by people is a good software firewall, if you're behind a router this isn't necessary as much but it can't hurt. Zone alarm is free and works very well but may take a while to configure properly, This blocks all inbound and outbound traffic except those programs you allow. If something is trying to connect it will catch it alerting you to the problem. http://www.zonealarm.com/ Before installing this first disconnect from the internet, and disable the all but useless windows "firewall"

-----------------------------

Some other tips,

Disable Windows Restore. Nice feature but malware frequently will reside there, you get rid of it and it just comes back.

Press and hold ctrl alt delete , click the process tab. You can search the internet for the processes running, this is hit and miss. Some malware will even masquerde as a legitimate process.

----------------------------


If you still can't find anything there's a distinct possibility it's running as a root kit which really becomes complicated because none of those programs will detect it. for that you need a root kit detector and will most likely need professional help for removal, http://free.avg.com/us-en/free-antivirus-download

----------------------------

Go here they will be able to give better advice: http://forums.techguy.org/54-virus-othe ... e-removal/

----------------------------

FYI the only warnings you should be getting from anything for this site is for the pop-up for PM's if it's the first time. There should be no other pop-ups, if you get any other pop-ups here your computer is infected with malware. The other one I'm aware of is if you click the link for multi page threads to jump to a page "Page 1 of 3 " That's a link that uses javascript to jump to any page in the thread that is useful if it's very long, you'll only get this warning in Internet Explorer. It doesn't affect other browsers. It's just IE being a little overzealous in it's warnings. ;)

While on the topic if at any point in time anyone gets warnings or other problems while viewing pages here contact me immediately, even if you think it may be a problem on your end.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: I have Bot's!

PostBy: Wood'nCoal On: Mon Dec 17, 2007 9:55 am

Richard, I'm glad you mentioned Ad-Aware, I've been using that for years and I can say it works well. Also regarding teenagers using the PC on the Internet, On my other PC I had constant problems with the computer running slow, etc. I would run Ad-Aware scans on a regular basis to clean it up.
As soon as she got her IBook and stopped using the PC the problems stopped. Teenagers tend to go to web sites geared towards them (obviously) and those sites tend to be loaded with this junk.
Wood'nCoal
 
Stoker Coal Boiler: 1959 EFM 350
Hand Fed Coal Stove: Harman Magnafire Mark I
Coal Size/Type: Rice and Chestnut
Other Heating: Fisher Fireplace Insert

Re: I have Bot's!

PostBy: WNY On: Mon Dec 17, 2007 10:22 am

Yes, I keep my AdWare, Spybot and everything else updated, run checks at least once a week and delete almost all my cookies (except for a few sites I know), etc.....these things can be very problematic.....

Also, YOu may want to put some type of firewall (Zonealarm) on your computer too. I added a router with built in firewall and it has helped with the remote access, I very seldom get any alerts that someone is trying to get thru my router. I used to get 20-50 a day!!
WNY
 
Hot Air Coal Stoker Stove: Keystoker 90K, Leisure Line Hyfire I
Coal Size/Type: Rice
Stove/Furnace Make: Keystoker, LL & CoalTrol
Stove/Furnace Model: 90K, Hyfire I, VF3000 Soon

Re: I have Bot's!

PostBy: av8r On: Mon Dec 17, 2007 10:47 am

Adaware (lavasoft) has undergone come changes recently which caused us to stop using it. They've moved to a paid model with a free version, which in and of itself is fine, but we've noticed that the free version no longer works like it used to. It misses a lot more than it used to. We maintain somewhere around 18,000 windowz machines on campus with some 15,000 of those being student machines. We installed a network access system a few years ago that requires every machine have up to date anti virus and all critical updates. That alone has reduced the number of problems on student machines by at least 90%. Turning on the windows firewall is OK, but unless you're going to turn of things like http (web), smtp (mail) etc, you're not going to get any real benefit. The malware writers have used common vectors like web and mail ports for years now because they're nearly always open even if someone is running a firewall. Many of the newer variants of malware actually have port scanners built into them to find an open port and use it so a firewall is useless. Something like ZoneAlarm that reports what is happening usually just confuses folks. Unless you know enough about the port or protocol or service that ZA is alarming on, you can't make a good decision on whether to let it pass or not. What we see is that folks get tired of the alerts and not knowing what they mean and either allow all or uninstall it altogether. YMMV

If, after doing what has been suggested here, you still encounter problems. Download hijackthis! run it and post the report here to us to look at. You can also use something like Activeports to see what is running and trying to use what ports.
Last edited by Richard S. on Tue Nov 26, 2013 11:45 pm, edited 1 time in total.
Reason: <removed dead link>
av8r
 
Hot Air Coal Stoker Furnace: Leisure Line Hearth with twin turbos (sounds like it)
Stove/Furnace Make: Leisure Line
Stove/Furnace Model: Hearth model with twin turbos