Help ...My friend says his comp is being hijacked

**bosstone74** · 05-18-2004, 11:06 PM

Hey...I have a serious computing problem to run by you. My computer is being hijacked. Someone is using it as a server or something, and I can't find the offending trojan. neither spybot nor AVG seem capable of unearthing it...

But on the computing side, my "packets sent" stands at 50,000 and rising while my received packets sits idly at 8,500.

this is what he wrote me...

**Q_gamelogic** · 05-18-2004, 11:09 PM

well .. are those scanning aps .. updated?? i mean .. with the latest definitions??

**bosstone74** · 05-18-2004, 11:10 PM

Originally Posted by Q_gamelogic

well .. are those scanning aps .. updated?? i mean .. with the latest definitions??

AVG is a virus
and spybot ...is a spyware remover

yes the are updated

**Q_gamelogic** · 05-18-2004, 11:22 PM

i know what they are ... and if avg cant "detect" anything ... and you say there must be .. then i say ... avg is CRAPPY ...

anyways ...

its a simple fix .. just donwload a firewall .. like zonealam ..(pretty good ) .. and it will ask for permission each time something wants to send and receive ... so lets say you open a IE window ... it will ask .. IE is trying to connect .. do you wish to allow .. ?? and you can check a box ,.. witch will always answer the same .. (permanent yes ... or no) ...

so then of course .. you then can know whats broadcasting ..

personnally /... i think its just a paranoid little thing as ... my packet sent is like 5 millon .. and packet reveice is like 2 millon ... so its no biggy ... i have this running for weeks now .....its normal that there might be a bit of traffic .. like ... if you have kazaa open or .... like me .. i have DC++ open ....or msn .... if somebody changes their nick ... thats data transfer righ there

**Rob Withey** · 05-19-2004, 02:48 AM

You could use something like ethereal (www.ethereal.com) to look at the packets and find out what they are.

**dieselBenz** · 05-19-2004, 03:03 AM

I've seen examples of trojans recently that couldn't be removed with any of the programs I tried. An idea might be to look at the list of running processes for strange-looking names. I ended up reinstalling, because each time I removed something, another process made sure it was restored... Sort of like a tag-team of spyware-progs.

**Confused** · 05-19-2004, 04:25 AM

Check this page and do everything listed. (Link fixed)

Garry

**Rob Withey** · 05-19-2004, 04:45 AM

Originally Posted by Confused

Check this page and do everything listed.

Garry

Broken link (comma instead of dot). http://www.tastats.com/spyware.php works.

**Ormo** · 05-19-2004, 06:10 AM

My dads PC had the same problem. Turned out he had the MSBlaster worm. AVG (the free version) woudln't detect it either as it was one of the spawned virii from msblaster and AVGs freeware DB seems to be a little behind sometimes. Ended up doing the removal that virtually every anti-virus site has posted on it.

Go here and run the scan:
http://housecall.trendmicro.com/

If you have one of these and are running on a 56k modem your connection will crawl. Also due to its outward scanning it will cause your sent packets to be much higher than your received packets...