Is my problem bad enough to be taken to a service/repair shop?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by fosho14, Apr 21, 2012.

  1. fosho14

    fosho14 Private E-2

    My computer got severely hacked into by ppl with malicious and criminal intent. They shut down my antivirus program and changed my ip address (it's a very long story but basically I was a victim of a scam over the phone). Luckily I was able to remove the keyloggers and spyware/password savers that were detected by performing a full scan using malware bytes. After those were quarantined and deleted my computer was for the most part back to full working order with my antivirus program coming back to life. After further performing check ups through my vipre antivrus and tune up utilities software it appears as though my computer is fine on the surface, but I obviously want to have that piece of mind and security knowing that there are no hidden viruses/malware deep within the system that were not discovered.

    ****The reason I say this is because multiple different knowledgeable and savvy technicians and computer experts that I've talked to have said that there are all sorts of keylog/rootkit and other harmful forms of bugs and malware that cannot be detected by the average antivirus/malware removal program. However apparently when you take in your computer to a repair business the technicians are able to inspect and clean much deeper because they use a variety of different tools and sophisticated methods to search the computer for problems. Is this true? I would really like the piece of mind knowing that my computer is completely free of the garbage that infested it, so I should probably pay to get it professionally inspected right? I mean were talking about a lot of personal information at stake including banking details and everything!
     
    Last edited: Apr 21, 2012
  2. thisisu

    thisisu Malware Consultant

    Welcome to Major Geeks, fosho14 :)

    I would say this really depends on the intelligence of the technician working on your computer. They should know what to do but I cannot say that every computer technician will. Do you understand what I'm trying to say?

    None of our tools/scans we have you do here will reveal any type of financial information. We are strictly looking for malware and we're very good at it ;)

    Your call. You should feel comfortable and confident in the person working on your computer.

    Here is the malware removal guide at this site: READ & RUN ME FIRST Malware Removal Guide
     
  3. fosho14

    fosho14 Private E-2

    Thanks for the reply. Ya as I mentioned earlier on the surface, the computer looks and runs fine as I removed all the malware/spyware myself and ran antivirus scans. My question was more asking if you know of the techniques or resources that repair stores use or are they just trying to get my business by saying "we have the tools to remove hidden malware that you don't have" (when really they're just going to run similar removal programs). I'm wondering if it's worth the cost. With all my personal information already being infiltrated, I really don't want to take any chances but at the same time I hate paying for nothing!

    Any responses, opinions and thoughts are greatly appreciated!
     
    Last edited: Apr 21, 2012
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The tools we use here are at least if not more comprehensive as anything done in a repair ship. And in most cases, since we are really malware experts, we are better at finding things then computer repair shops. Our manual inspection of the information in the logs we collect, allows us to find things that commerical protection software typically miss.

    As thisisu stated about repair shops, it really depends on the personel and their training, however, they cannot afford to spend the amount of time that we do. They would have to charge you more than $400 to $500 to which most people would realize it is cheaper to purchase a new PC.

    If however you require a 100% guarantee that your computer is clean, then you have to delete everything on your computer including all partitions, and then format and reinstall from scratch. And in addition, you should not restore anything that you have made from backs. This is the only 100% way to know a PC is clean. Or you could purchase a new PC as mentioned above. And if you want it to stay this way, you should never connect it to the internet and you should never plug any external devices ( like USB drives ) into it that were used elsewhere. Now all this being said, it most cases, this extreme methodology is not required, but I hope you see my point in expanding upon the idea of saying a PC is 100% clean.
     
  5. fosho14

    fosho14 Private E-2

    Thanks for your input chaslang. Based on my situation what would you recommend without reformatting and reinstalling windows from scratch again. (I don't have an external hard drive and have over 500 gb of media that I would hate to lose). What is my best course of action?

    also keep in mind that malware bytes has been performed and cleaned everything, along with my anti-virus, so currently there are no problems visible. I'm wondering what I should do for the piece of mind, knowing that there aren't any hidden teardropped bugs that are still ingrained and deep-rooted in my system that just haven't been detected yet.

    Cheers
     
    Last edited: Apr 21, 2012
  6. fosho14

    fosho14 Private E-2

    The only reason I'm being this paranoid is because I know for a fact that these hackers got in. So even though I removed the malware for the most part it's not outside the realm of possibility that something was infected and installed deep and hidden that I can't get to with conventional malware/anti-virus software. I've changed all my banking cards and passwords and email passwords so I don't want to have gone through all that work for nothing, if some kind of password tracker or keylogger is still hiding deep within my system. This is why I want to be confident and rest assured that everything is safe before I start online banking with my new account numbers and passwords, because I obviously don't want all this new/changed information tracked as well.

    Hope that makes sense
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide
     
  8. fosho14

    fosho14 Private E-2

    ahhh showing the hidden files and folders before scanning is the only thing I haven't done, that's a very important tip. I will do that, and then scan again with malware bytes, and dl the other 2 programs you recommend in spyware doctor and superantispyware.

    Thanks
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! You did not do the most important thing and that is to attach the 5 logs we ask for. If you want us to verify your PC is clean, this is the most important information for us.

    Also Spyware Doctor is not one of the tools we ask you to use. In fact we don't really recommend it.
     
  10. fosho14

    fosho14 Private E-2

    My bad, my mistake, will attach the logs
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay. Just attach them as soon as you can and we will check them out.
     
  12. fosho14

    fosho14 Private E-2

    The rootrepeal program refused to run or start, it just kept giving me error messages.

    I have attached the error messages/dialogue boxes that popped up when I tried to run the rootrepeal exe here.

    As for the rest of the tests, I was able to complete them all, so as soon as I can find away to get the rootrepeal to run then I will send you the logs for all the tests/scans that have been performed (as outlined in the directions and procedure)

    It's too bad that rootrepeal is refusing to run. After reading about the program it sounded like an effective and important tool for a variety of different problems.
     

    Attached Files:

  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The below is a quote from the first instructions in the READ & RUN ME
    Thus you need to keep going! ;)
     
  14. fosho14

    fosho14 Private E-2

    I understand, and I did keep going. I completed everything else. the instructions said to attach any error reports if something doesnt run which is why I just attached it. I will be attaching the logs soon.

    Thanks
     
  15. fosho14

    fosho14 Private E-2

    attached logs:
     

    Attached Files:

  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach the requested log for MGtools. The log requested is C:\MGlogs.zip

    It is not in the MGtools folder.
     
  17. fosho14

    fosho14 Private E-2

    oops I'm so sorry
     

    Attached Files:

  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are all clean but let's run two more scans just to cover a couple other areas.


    Goto the below link and follow the instructions for running TDSSKiller from Kaspersky
    • Be sure to attach your log from TDSSKiller
    Now please also download MBRCheck to your desktop.

    See the download links under this icon [​IMG]
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
  19. fosho14

    fosho14 Private E-2

    Thanks for taking the time to decode these logs for me I sincerely do appreciate it!

    So I ran the final 2 tests that you suggested.

    here are the logs:
     

    Attached Files:

  20. fosho14

    fosho14 Private E-2

    A professional technician at a repair/service store probably wouldn't be able to do any further cleaning other than reformatting the hard drive right? Have we gone as deep as we can go? Should I start doing my online banking again?

    Thanks for all your help
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your TDSSKiller log shows a couple left overs from a TDL infection. Run it again and this time if the below two lines show, Delete them or Quarantine ( which ever is allowed)
    Code:
    23:56:37.0172 6052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    23:56:37.0172 6052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
    Then reboot your PC and run TDSSKiller again and attach this new log so we can be sure they were fixed.

    Do you think we are not professsionals? ;) We are much more highly proficient in malware removal then most technicians in PC repair shops. It all depends on how long they have been doing this and many of them actually learn what to do by reading what we do on malware removal forums.
     
  22. fosho14

    fosho14 Private E-2

    I definitely don't doubt your skills, and can clearly see that you are a trained specialist in this area. Just strikes me as ironic that you are doing this for free and are more knowledgeable than the ppl who are charging money who are less knowledgeable. Can't thank you enough though it is very upstanding of you to be doing this. Will attach the logs soon :)
     
  23. fosho14

    fosho14 Private E-2

    Here is the log after deleting the \Device\Harddisk0\DR0

    The 2 other medium risk threats that it picked up that you will see in the log are not harmful to my system and are actually necessary which is why I did not remove them.

    The KM service is the activator I use for microsoft office and the sony service is for my e-reader.

    Something I hadn't yet mentioned which I believe is extremely important, is the fact that several "important" windows security updates failed to complete. I get error code "80248007" for updates KB2656368 KB2679255 and KB890830

    and error code "8024000B" for update KB2675157


    That is probably the most concerning thing at this point. How do you think the security of my pc is looking right now?

    Cheers
     

    Attached Files:

  24. fosho14

    fosho14 Private E-2

    Is it reasonably safe for me to start online banking again with the changed account information?

    Thanks again for all your help so far
     
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This may be a topic for the Software Forum but give the below a try first.


    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now open Repair_Windows.exe
    • Go to Start Repairs tab.
    • Choose "Custom Mode" and press "Start".
    • Create a System Restore point if prompted.
    • In the Custom Mode window, select the following repair options:
      • Reset Registry Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.
    It looks fine and should be safe to use. You may want to consider changing all passwords anyway just to be on the safe side.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
  26. fosho14

    fosho14 Private E-2

    Thanks, thats good to hear, I will start using my pc again. I just noticed on my tune up utilities program that there was a suggestion to disable administrative shares, because otherwise hackers can gain network access. Do you think it's a good idea to disable administrative shares?
     
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not if you really need them? And if you need them, just make sure that they are password protected to make it more difficult on hackers. Shared folders or drives should not use the same passwords as for your user accounts too.

    But you need to realize something significant, if you are logging into your PC with a user account that has administrator priviledges and you get hacked, they already have full permissions and can change passwords and permissions to anything they want. This is a reason why one security method commonly recommended is not to use an admin type account to do any surfing. Only use Restricted User Accounts. Obviously this has some down sides too but it is more secure.
     
  28. fosho14

    fosho14 Private E-2

    Shit, I have been using an account with administrative privileges this entire time from the beginning :O I'm sure it's not very safe for me to be using this computer but at this point and after everything ive been through, I'll take the risk (I have bills to pay and transactions that must be processed). It's a fairly expensive computer that a family friend built part by part so im not gonna just buy a new one and i don't really want to buy an external hard drive to wipe it clean and re-load. Thanks for all your help hopefully things work out okay for me based on the scans that we performed together. The amount of time you donated to me was very much appreciated.

    Cheers :)
     
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds