invasion of the computer snatchers

[TwinOaks]

Hi all,

Quick questions for our gurus with mad computer skills:

I found some search history info on things that neither I nor my wife went looking for. This was in the browser history. I'm thinking we had some computer to computer access- after all, I'm only using the preinstalled windows firewall. No, the kids didn't do the search, and I don't think anyone has been in the house on my laptop.(99.9% sure).

We did have a new person move into a camper next door (I'm way out in the county), and I've previously had to forcibly boot an unauthorized user from the router... and that was kinda fun:)

I'm using AVG free version, and Spybot (free) to prevent the kids from downloading stuff from some of the websites they visit (games, kids' shows, etc.), and the previously mentioned windows firewall- which I'm thinking is inadequate now.

Suggestions for tracking/finding/blocking my mystery guest? Specific progs? Also, any suggestions on how it was done?

We appreciate any info,

M

Edited January 18, 2009 by TwinOaks

[Admin]

Mike- you need to lock down your router, Flip it over and there will be a website to log in and change the settings.

Computer browser history is retained on the local computer. Someone with access to your PC created the history. If you were Googling, be aware that Google will now suggest all sorts of things when you begin to type. If you didn't click, it won't be in the history, though.

HTH

Johanna

[TwinOaks]

Thanks for the quick response. I've got the router and modem completely locked down, and consulted a local friend on this, too. Apparently my mystery guest is a downloader. I guess that's what I get for turning off the auto-updates. Silly ol' Mike, the dang antivirus was only 3 months out of date! So, a thorough scrubbing with lots of water followed by a good spraying of Lysol should get rid of the virus....if I can just get this computer case open.

[dickf]

The chances of you being remotely hacked and the user gaining explicit control over your machine without you knowing aren't very good. It sounds to me like a piece of adware/spyware with a double-click agent. You type something in Google, and it redirects you to other sites. Whenever it takes a hop (even if you don't see the page), the page creates a cookie in your cache, thus appearing like you've gone several places, even though you haven't. This kind of stuff is pretty common, and since you say you're using Spybot, I would also advise acquiring a copy of AdAware and running it when you run Spybot S&D (AdAware: http://www.lavasoft.com/single/trialpay.php (click the green FREE bttn)).

[MADMAX22]

I use the lavasoft programs and the spy bot searcha nd destroy and they work pretty darn good. I also use windows firewall.

I also use this program called ccleaner http://www.ccleaner.com/help/?v=2.10.618&l=1033

Run it and have it clean out all the cookies and such on your computer everyonce in a while. Now be advised if you have webpages with autologon setup like this forum if you have it clicked to remember your computer you will have to retype your name and password because it cleans up all the cookies.

Another thing when you turn on your computer hit F8 repeatedly and this should give you a option to boot into safe mode. Boot into safe mode which will allow only the programs necessary to run your computer (it will look odd because you wont have any video drivers running), now in safe mode do all your scans, do the avg scan, SB, and Ccleaner, then reboot and log in normally.

[Johanna]

If you need to run ccleaner (formerly "crapcleaner") be advised it's a powerful tool and you can break things if you use it incorrectly. If you think you are having problems with malware, spyware or any infections, go to http://geekstogo.com and post in the forums there for expert assistance. Tell them Johanna sent you. The malware team on the other side is outstanding. The malware removal specialists go through special training in an online university, and they will hold your hand and give you explicit directions and guidance the whole way until your computer is pronounced squeaky clean. You have to register to post, but all the technical help is 100% free. If I sound like a commercial for them, it's because I am in awe of the enormous jobs they do, ridding the world of malware, one computer at a time. (plus I work there, but on the tech side of the board, not the malware removal. I'm the mod named (surprise!) "Johanna".)

AdAware and Spybot are only as good as their updates. Make sure you allow them to call home and get updates. You can clear cookies and temp files safely on your own, through Tools> Internet Options>General Tab in Internet Explorer. I prefer to use a third party firewall on any computer I have to share, but that's because the prevention is easier than the cure. YMMV

Johanna

[TwinOaks]

Thanks for all the replies. I routinely clear out the cookies, off site data, etc. from the cache (usually every day or two). Despite the plaintive whining of the OP, I actually do know a little about 'puters. I've narrowed the issue down to a few sites that we've visited- we went on a "Transporter/2/3" viewing binge the other weekend, as well as some other action movies. Since I actively allowed access on the computer (thereby bypassing all the lovely security) I think I effectively shot myself in the hard disk. Yeah, I was enjoying the free movie sites, so I guess it's all my fault.....ahem....chinese website...... Anyone care to give me a virtual head-bop? At least I'm paranoid enough that I don't keep any 'protected' information on the laptop. All that's stored on the dead computer on the desk.I think I got it covered; I'll be investing in some 3rd party software (for prevention) and changing which sites we view free movies.

[TwinOaks]

Oh, and does anyone have a recommendation for a trustable bot remover?

[dickf]

If you need to run ccleaner (formerly "crapcleaner") be advised it's a powerful tool and you can break things if you use it incorrectly.

Love the Crapcleaner - swear by it. But heed Johanna's warning - if you can't regedit manually, you have no business poking around in the registry.

[Go2Tex]

Does anyone here know if any of these malware, spyware, etc programs will show up on the processes window of the task manager? It would be really handy to identify a virus if you could spot right there. At least you'd know you had it.

Also, what is a router? You talking about the box on the side of your house?

Edited January 22, 2009 by Go2Tex

[Johanna]

Some of the older viruses will show in task manager, but the newer infections are much more sophisticated. Best advice is to:

1. Click responsibly (no P2P filesharing etc)

2. Use a reputable security program, let it update and never never turn it off

3. If you have your doubts about whether a process in task manager is legit- Google it.

4. If you think your computer is infected, go to geekstogo and get help.

5. Set up limited accounts for guests on your computer.

Prevention is always easier than the cure. But when you buy a new computer, INSIST that you get a recovery cd or dvd because if you really trash your computer, that's the only foolproof (and the fastest) way to make things right.

Johanna

[Go2Tex]

We've had a wierd thing happen lately. The PC just reboots itself as if we had the power blink off and on, and we got one of those blue window fatal crash error messages when I booted up today.

[ferret]

We've had a wierd thing happen lately. The PC just reboots itself as if we had the power blink off and on, and we got one of those blue window fatal crash error messages when I booted up today.

I had that happen a few times just before my hard drive crashed. May just be coincedence but it would be a good idea to make a backup of important stuff just in case.

[dickf]

I had that happen a few times just before my hard drive crashed. May just be coincedence but it would be a good idea to make a backup of important stuff just in case.

Yeah, it sounds like a hardware failure. I'd backup the hard disk, and also consider the power supply (which can cause irregular reboots).

[Go2Tex]

I've been doing all the Windows Defender updates when the pop-up alerts me. But I still get the pop-up when I boot up that says I need a virus protection program. What the heck is Windows Defender if not a virus protection program??? So, anyone have any suggestions? Just a simple, cheap, reliable no nonsense deal.

[rdb]

Johanna's advice is good. Take advantage of it.

As far as a free virus program....I've been using AVAST. I used to use AVG, but new versions cost, and the old free one is hobbled. Avast runs updates on the base files, and the virus list. It has found things the old avg didn't (but that's the same with any virus program you use).

You can't blame the kids necessarily nowadays....there are websites that you accidently visit, or are led to, that will infect just by visiting...use a router with firewall , good PC firewall, a virus protection, a malware protection, firefox (to ward against phishing), etc. Bundle Up!!! Use protection, and keep your USB stick in your pants...lol

[Go2Tex]

Is the Windows firewall that came with Windows XP not enough? If I get another one, will they conflict?

[rdb]

Windows firewall is okay for a home user who doesn't understand the complexities of a real firewall. No other firewalls will not conflict, but act as added, and better prevention. I recommend Comodo. Others will have their own recs, I'm sure.

[dickf]

Windows Defender: http://www.microsoft.com/windows/products/...er/default.mspx

Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer.

AVG is still free and they still maintain it.

http://free.avg.com/

I used to use Black Ice for a firewall, but go other routes now.

Tex, you may have more problems afoot than getting some software configured. Methinks you have a hardware issue that should be addressed.

[Go2Tex]

Windows Defender: http://www.microsoft.com/windows/products/...er/default.mspx

AVG is still free and they still maintain it.

http://free.avg.com/

I used to use Black Ice for a firewall, but go other routes now.

Tex, you may have more problems afoot than getting some software configured. Methinks you have a hardware issue that should be addressed.

You could be right. We installed a new DVD recorder a while back and, who knows, there could be a slight wierdness there. It works great, though, and other than that one day when the power blinked, it hasn't occured again.

I do know that we are getting several suspicious emails everyday, all day, phishing type stuff. so, I know the scumbags are out there trying.

[Johanna]

I get about a thousand junk emails a day. I'm lucky my ISP has a good filter.

A router is a device that allows you to split your broadband service to different areas, either with a wired connection, or wirelessly. If you have one of these, flip it over and "log in" to your router and secure your network, if you haven't already done so. On the bottom there is usually a sticker with the default user name and password, and a web address to log in and set it. If you don't secure the router, the neighbor may use your connection to do something illegal, and the law will want to talk to you.

You can turn off the automatic reboot in XP & Vista by going to Control Panel> System> Start Up and Recovery Options and untick the automatically reboot. This will result in the computer getting a "blue screen of death" which has a helpful code number that lets you start to guess or Google where the problem is, but if that is your only computer, and it won't reboot, well, that could be a problem. A lot of times errors like this are caused by incompatible drivers (like getting a new DVD unit) or power surges (hardware failure) or a bad update...sometimes Windows recovers and carries on, and sometimes it just coughs and dies. (Life is often mysterious just like that, too!)

I would do BACK UPS of anything of value to you on that computer, just because you don't know how sick the patient is. It might be nothing, and never do it again, or it might be the start of a headache. Computers are like that. Gotta love 'em. But, thanks to computers, I've met some really neat leatherworkers from all over the planet...

Johanna