invasion of the computer snatchers

[TwinOaks]

Hi all,

Quick questions for our gurus with mad computer skills:

I found some search history info on things that neither I nor my wife went looking for. This was in the browser history. I'm thinking we had some computer to computer access- after all, I'm only using the preinstalled windows firewall. No, the kids didn't do the search, and I don't think anyone has been in the house on my laptop.(99.9% sure).

We did have a new person move into a camper next door (I'm way out in the county), and I've previously had to forcibly boot an unauthorized user from the router... and that was kinda fun:)

I'm using AVG free version, and Spybot (free) to prevent the kids from downloading stuff from some of the websites they visit (games, kids' shows, etc.), and the previously mentioned windows firewall- which I'm thinking is inadequate now.

Suggestions for tracking/finding/blocking my mystery guest? Specific progs? Also, any suggestions on how it was done?

We appreciate any info,

M

Edited January 18, 2009 by TwinOaks

[Admin]

Mike- you need to lock down your router, Flip it over and there will be a website to log in and change the settings.

Computer browser history is retained on the local computer. Someone with access to your PC created the history. If you were Googling, be aware that Google will now suggest all sorts of things when you begin to type. If you didn't click, it won't be in the history, though.

HTH

Johanna

[TwinOaks]

Thanks for the quick response. I've got the router and modem completely locked down, and consulted a local friend on this, too. Apparently my mystery guest is a downloader. I guess that's what I get for turning off the auto-updates. Silly ol' Mike, the dang antivirus was only 3 months out of date! So, a thorough scrubbing with lots of water followed by a good spraying of Lysol should get rid of the virus....if I can just get this computer case open.

[dickf]

The chances of you being remotely hacked and the user gaining explicit control over your machine without you knowing aren't very good. It sounds to me like a piece of adware/spyware with a double-click agent. You type something in Google, and it redirects you to other sites. Whenever it takes a hop (even if you don't see the page), the page creates a cookie in your cache, thus appearing like you've gone several places, even though you haven't. This kind of stuff is pretty common, and since you say you're using Spybot, I would also advise acquiring a copy of AdAware and running it when you run Spybot S&D (AdAware: http://www.lavasoft.com/single/trialpay.php (click the green FREE bttn)).

[MADMAX22]

I use the lavasoft programs and the spy bot searcha nd destroy and they work pretty darn good. I also use windows firewall.

I also use this program called ccleaner http://www.ccleaner.com/help/?v=2.10.618&l=1033

Run it and have it clean out all the cookies and such on your computer everyonce in a while. Now be advised if you have webpages with autologon setup like this forum if you have it clicked to remember your computer you will have to retype your name and password because it cleans up all the cookies.

Another thing when you turn on your computer hit F8 repeatedly and this should give you a option to boot into safe mode. Boot into safe mode which will allow only the programs necessary to run your computer (it will look odd because you wont have any video drivers running), now in safe mode do all your scans, do the avg scan, SB, and Ccleaner, then reboot and log in normally.

[Johanna]

If you need to run ccleaner (formerly "crapcleaner") be advised it's a powerful tool and you can break things if you use it incorrectly. If you think you are having problems with malware, spyware or any infections, go to http://geekstogo.com and post in the forums there for expert assistance. Tell them Johanna sent you. The malware team on the other side is outstanding. The malware removal specialists go through special training in an online university, and they will hold your hand and give you explicit directions and guidance the whole way until your computer is pronounced squeaky clean. You have to register to post, but all the technical help is 100% free. If I sound like a commercial for them, it's because I am in awe of the enormous jobs they do, ridding the world of malware, one computer at a time. (plus I work there, but on the tech side of the board, not the malware removal. I'm the mod named (surprise!) "Johanna".)

AdAware and Spybot are only as good as their updates. Make sure you allow them to call home and get updates. You can clear cookies and temp files safely on your own, through Tools> Internet Options>General Tab in Internet Explorer. I prefer to use a third party firewall on any computer I have to share, but that's because the prevention is easier than the cure. YMMV

Johanna

[TwinOaks]

Thanks for all the replies. I routinely clear out the cookies, off site data, etc. from the cache (usually every day or two). Despite the plaintive whining of the OP, I actually do know a little about 'puters. I've narrowed the issue down to a few sites that we've visited- we went on a "Transporter/2/3" viewing binge the other weekend, as well as some other action movies. Since I actively allowed access on the computer (thereby bypassing all the lovely security) I think I effectively shot myself in the hard disk. Yeah, I was enjoying the free movie sites, so I guess it's all my fault.....ahem....chinese website...... Anyone care to give me a virtual head-bop? At least I'm paranoid enough that I don't keep any 'protected' information on the laptop. All that's stored on the dead computer on the desk.I think I got it covered; I'll be investing in some 3rd party software (for prevention) and changing which sites we view free movies.

[TwinOaks]

Oh, and does anyone have a recommendation for a trustable bot remover?

[dickf]

If you need to run ccleaner (formerly "crapcleaner") be advised it's a powerful tool and you can break things if you use it incorrectly.

Love the Crapcleaner - swear by it. But heed Johanna's warning - if you can't regedit manually, you have no business poking around in the registry.

[Go2Tex]

Does anyone here know if any of these malware, spyware, etc programs will show up on the processes window of the task manager? It would be really handy to identify a virus if you could spot right there. At least you'd know you had it.

Also, what is a router? You talking about the box on the side of your house?

Edited January 22, 2009 by Go2Tex