Whoa
4 posts
• Page 1 of 1
- Mr. Slayer
-
- Posts: 1161
- Joined: Wed Mar 24, 2004 6:42 pm
- Location: Phoenix, AZ
Whoa
by Mr. Slayer » Tue Mar 06, 2007 2:11 am
Wow I was having some comp problems and I was totally stumped so I was like "I know where to figure out whats wrong" and so I go and type in ecgn.com and nothing comes up, now I see a mass change has happened wow...
Well this is my problem and any help is appreciated cough cough chacal cough cough
I go to remove some things from system start up is "msconfig" and once I have made the changes and either press "apply" or "ok" an "access denied" error pops up but the changes are still made!
My computer has been very slow though lately but I just re-formatted it so I do not understand what is going on... I had Norton Anti- Virus on before I was connected to the internet, and the first thing I did was Live Update... so I don't think it's a virus..
Help, help old friends!!!
Slayer
Well this is my problem and any help is appreciated cough cough chacal cough cough
I go to remove some things from system start up is "msconfig" and once I have made the changes and either press "apply" or "ok" an "access denied" error pops up but the changes are still made!
My computer has been very slow though lately but I just re-formatted it so I do not understand what is going on... I had Norton Anti- Virus on before I was connected to the internet, and the first thing I did was Live Update... so I don't think it's a virus..
Help, help old friends!!!
Slayer
Mr. Slayer
Re: Whoa
by smikey » Tue Mar 06, 2007 5:23 pm
try defrag,and try cleaning the registry."ccleaner" is a registry maintanance tool:ar15: 
SHOW NO MERCY-TAKE NO PRISONERS AND LEAVE NO ONE BEHIND
smikey-THE CRYPT KEEPER
http://www.shoot2killgaming.com/index.php
smikey-THE CRYPT KEEPER
http://www.shoot2killgaming.com/index.php
- [ecgn] btt
-
- Posts: 1654
- Joined: Wed Feb 23, 2005 5:19 pm
- Location: A damn yankee in N. Carolina
Re: Whoa
by [ecgn] btt » Tue Mar 06, 2007 6:35 pm
Sounds like a hijacker. Not a virus or spyware. Something even more evil. I had one once. Was a rough time and blocked most of it out. Not sure how I fixed it. Here I googled it. Scary read.
http://www.spywareinfo.com/newsletter/archives/2005/june10.php
form the link
Today's hijackers are extremely sophisticated. They exploit various flaws in Windows or try to trick people into agreeing to ActiveX installers. Some of them will install what is basically a rootkit for Windows. This is software that runs at a very low level, either utilizing the Windows API or by infecting the Windows kernel. They can filter out references to themselves which otherwise would go to software looking for them, which makes it extremely difficult to find the payload files on the hard drive. This is what I ran into during my little experiment.
Another trick being used now is to load as a Windows service. Services load before anything else does, even before a user logs into his or her account on the computer. These services load a number of other files into memory, the sole purpose of which is to resist all efforts at removing the hijack. Two or three files will be in memory, watching each other and watching the registry and hard drive. If you delete a file or registry entry belonging to the hijack, the memory processes reinstall it immediately. If you boot a file out of memory, its companions reload it. Even booting the computer into safe mode doesn't guarantee that the hijacker won't be loaded.
We still can kill these hijackers. It just takes much longer to investigate them and find out just how they are performing their magic tricks. It takes a significant effort to figure out a new hijacker these days.
http://www.spywareinfo.com/newsletter/archives/2005/june10.php
form the link
Today's hijackers are extremely sophisticated. They exploit various flaws in Windows or try to trick people into agreeing to ActiveX installers. Some of them will install what is basically a rootkit for Windows. This is software that runs at a very low level, either utilizing the Windows API or by infecting the Windows kernel. They can filter out references to themselves which otherwise would go to software looking for them, which makes it extremely difficult to find the payload files on the hard drive. This is what I ran into during my little experiment.
Another trick being used now is to load as a Windows service. Services load before anything else does, even before a user logs into his or her account on the computer. These services load a number of other files into memory, the sole purpose of which is to resist all efforts at removing the hijack. Two or three files will be in memory, watching each other and watching the registry and hard drive. If you delete a file or registry entry belonging to the hijack, the memory processes reinstall it immediately. If you boot a file out of memory, its companions reload it. Even booting the computer into safe mode doesn't guarantee that the hijacker won't be loaded.
We still can kill these hijackers. It just takes much longer to investigate them and find out just how they are performing their magic tricks. It takes a significant effort to figure out a new hijacker these days.
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests