General discussion

Please help with a possible virus I can't find..

Hi ya'll! I'm going crazy trying to figure out if this is a virus or if this can happen because of some tech-related problem. I'm a member of a public forum and I share a computer with my sister so obviously there are two different screen names.

About 2 ot 3 times this has been happening to me: I don't logg off the account (comp stays on) and I leave the site. When I come back say an hour or so later, another account is signed on. Now I know my sis hasn't signed on because i was there the whole time!

It's kind of freaking me out because I'm thinking someone is messingn with my head and if it's a virus it's a security risk?

So please anyone have a clue?? I've done virus scans and nothign comes up so it's even creepier. Thanks in advance.

Im running windows 98, internet exlorer 6

Discussion is locked

Follow
Reply to: Please help with a possible virus I can't find..
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Please help with a possible virus I can't find..
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Have you also done spyware scans?

Which virus scans have you done? Here are a few applications that are free for spyware and adware and also some online scanners for viruses.

Spybot S&D (download, check for updates, read the tutorial and scan often, it also does some blocking)
http://www.safer-networking.org/en/home/index.html

SpywareBlaster (a blocker only, download it, check for updates, enable it and leave it alone except for checking for updates occasionally)
http://www.javacoolsoftware.com/spywareblaster.html


SpywareGuard (similiar to SpywareBlaster but works in a different way and does not update as often for that reason.
http://www.javacoolsoftware.com/spywareguard.html

Ad-Aware SE (a scanner, download, check for updates, read the directions and scan.
http://www.lavasoftusa.com/

cwshredder (stand alone unit)(another small scanner for certain things, ALL other windows should be closed)
http://www.intermute.com/spysubtract/cwshredder_download.html

Also do an online scan at one or all of these.
On the first one, make sure you checkmark the box that says "autoclean"

Housecall (using IE with Active-X)
http://housecall.trendmicro.com/housecall/start_corp.asp

Housecall (all browsers using java)
http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php

PandaActivescan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

- Collapse -
thanx

I ran spybot S&D, Adaware, Norton, McAfee online, Pandasoftware,and trenmicro. They all showed nothing! Thatis why Im really confused. Maybe it is a technical problem then??

Thanx

- Collapse -
Very possible that

it is a technical problem , try David's suggestions under my post.

- Collapse -
are you using a wireless router?

that is one way someone can 'surf' on your internet connection.

you should also do a Trojan scan. Public forums have had problems with devices being planted on a PC.

have a look here at this 30 day free eval- shareware.

http://www.moosoft.com/

d/l and scan.

if nothing and you are behind a wireless router you need to contact them and they will show you how to set up so just one person is allowed to surf.

- Collapse -
I scanned with The Cleaner

and nothing! Sheesh I'd been glad if it showed something at least! Happy

I'm totally lame when it comes to tech-talk but I'm not sure what's a wireless router so I'll explain what i have: I haver dsl with wireless capabilities on the modem, although my comp doens't have a wirelss card but i installed an ethernet card with a network neighborhood. Am I makng sense. So most likely it appears that this problem i'm having could just be a bug on the forum??

Thanks guys.

- Collapse -
precisely what I was referring to in my post............
'I haver dsl with wireless capabilities on the modem, although my comp doens't have a wirelss card but i installed an ethernet card with a network neighborhood. Am I makng sense. So most likely it appears that this problem i'm having could just be a bug on the forum??

the wireless capability allows anyone within a certain range, usually between 700'-1000' feet to 'surf' on your wireless DSL modem.

you do not have to have a wireless PCMCIA card per se.

you are in effect providing a 'free' service to someone else.

a simple way to stop that would be to buy a router, generally around $50.00 and place it between your DSL and your PC.

the connection would be, DSL Source> DSL Modem > Router> Your PC.

that will stop the freebie surfers who, when trying to connect using your DSL will come up against your firewall and thus, be unable to access the interent and show as someone using your PC.

the router is also known as a hardware firewall and when configured, will stop intrusion.
- Collapse -
Wow! Thank You Very Much!

So does this mean that my security was also compromised and someone was snooping in my personal records? Basically I'm concerned more with the idea of someone having complete control of my computer; is this happening or are the signals somehow crossing between two computers sharing the same dsl??
It's very strange because when I did a scan with Ad-Aware earlier today, it came out fine, I just did one now and 3 critical objects were found:
Rootkey : HKEY_USERS
Object : .DEFAULT\batfile\shell\open\command

Rootkey : HKEY_USERS
Object : .DEFAULT\comfile\shell\open\command

Rootkey : HKEY_USERS
Object : .DEFAULT\exefile\shell\open\command
Until I go out and buy that router, should I just turnoff the modem when not in use to safeguard my privacy.

Thank you once again I think i can sleep atleast 3 hours tonite! Happy

- Collapse -
judging from your Ad Aware report

it found a *.bat [batch] file and an *.exe [executable] as well as a command file.

while these are not Trojans in the strict meaning of the word, they are 'data miners' or spyware and I hope you have them deleted.

While i do not believe based on what you have posted, that someone is actually reading the contents of your hard drive, I know they are using free internet, courtesy of you.

I would also reccommend a 'rule based' software firewall and use Kerio v.2.1.5 myself.

although this particular version of Kerio has been discontinued in favor of newer, it is free and you will be warned of instrusion attempts.

After you have donwloaded and executed, start all of the programs you run.

In each instance you will get a screen from Kerio telling you that your PC is attempting to connect with whatever program you have executed.

what you do is 'create rule' and 'permit'.

this will allow Kerio to write a rule and follow it everytime you go to that program.

Conversely if you get a screen that says 'someone' from such and such is trying to connect you can 'deny' and 'create rule'.

the link is below.

http://www.dslextreme.com/users/surferslim/tpf.html

or you can go here
http://forum.avast.com/index.php?board=1;action=display;threadid=3171

scroll down to the post by mina cross which contains the d/l link to v 2.1.5

good luck.

if you need additional information my email addy is in my profile.

please feel free to contact me about Kerio rule sets etc.

- Collapse -
Knowing your problem is half the solution...

I have McAfee Personal Firewall Plus - that isn't sufficient? Also should I unplug the dsl modem from the phone jack when I'm not using my computer; at least this way I can limit this thief's freebie internet! Happy

Thankx for the feeling of a little sense of security, but it still worries me how my sister's account got signed on and mine got signed off? Sad

Again thanx.

- Collapse -
that is sufficient insofar as firewalls.............

I feel that the surfing needs to be looked at and you now have the information.

- Collapse -
Today a strange thing happened...

Due to time constraints I haven't purchased the router dawillie mentioned and the problems are still persisting. Anyway, today a network pop-up appeared on my screen,
"Enter Network Password"
site: roni.altervista.org
realm: area_riservata
username:
Password:

I've never heard of this website. I'm not sure now that it's a router problem, maybe it's a virus, trojan and i'm worried about my internet security. How is it possible for me to receive this direct link to this website; could it be from the webpage i was on?

Now i'm awfully scared and I will definitely make the time to purchase that router. Sad

- Collapse -
I Googled for that

and it appears to be porn related. You could try a free trial of one of these trojan scanners and see if they find anything. I believe you said you aready scanned for viruses/spyware/adware. Download one of these, check for updates and scan with it.

The Cleaner Pro 30 days trial - http://www.moosoft.com

TrojanHunter - http://www.misec.net/ (trial)

- Collapse -
I've scanned with those and nothing!

Scan results: Error: Directory not found: D:\
No trojan files found

Now the pop-up network window is no longer appearing although it did all this morning! The weird thing is I googled it and the website is in the same foreign language of the site I was on at the time this network window came up!

I tried another computer (my neighbor's) and visited the same site, and nothing like that network window poppped up; so I'm assuming that this is something that is affecting this particular computer and not related to that particular website. Sad

I'm sorry if I'm being such a clueless pest, but this is sooooo weird since all scans come up negative! How can it be possible?

thanx.

- Collapse -
Without going through

this entire thread again because i have not had time to read the whole thing, what exactly have you scanned with for this now besides the trojan removers?

- Collapse -
I've tried just about every one recommended to me...

The Cleaner Pro 30 days trial - http://www.moosoft.com
TrojanHunter - http://www.misec.net/ (trial)
McAfee, Norton AV, Panda ActiveScan, Trendmicro, Spybot S&D, Adaware!!! That is why it's weird!

I don't know what else to do, I checked start up items and I didnt' see anything suspicious either! Unless it's some stealth trojan that's not detected via these scans adn only a professional can manually locate it.

- Collapse -
I have one more suggestion

You could post a HijackThis log in one of the HJT Expert forums and that way they can SEE what is going on in your computer. Click on this link and read the first 3 posts which will tell you where to get HJT, how to make a log and where to post it. Please be patient with whoever you bring it to, they are very busy and I'd like to hear how you make out so please post back when your results if you can, Good luck.
http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=27234&messageID=306550

- Collapse -
My Log is clean.....

I posted my log at Gladiator-Antivirus.com and I was told that it's clean!

It appears I've exausted all resources and I'm going to have to take the scan results and hijackthis log as proof-positive that I'm not infected; it appears I don't have a choice. Happy

Anyways, thank you all for your help!.

P.S. CBurgRose, I used virusscan and it came out negative. Happy

- Collapse -
I suppose that is a good thing that you

are not infected but the whole thing is still pretty baffling. I think maybe David's suggestion of buying a router might be the best way to go in your case. Glad you came out clean though. You're welcome from all of us and you know where to find us if you need further assistance and hopefully the next time we can suppy you with an answer sooner.

- Collapse -
Update....

Roddy32 - I just found out that that message pop-up is happening to alot of people who are visiting that particular page - so it turns out that it's related to that site! What an annoyance and headache but I'm glad my comp is secure - thanx to u guys!

- Collapse -
(NT) (NT) Great news, You're welcome, glad we could help.
- Collapse -
Possible virus

Have you ever tried doing the free scan with Panda? If you use their free scan, it will find any viruses, etc., that are on your computer, and give you a chance to either quarantine it, remove it, etc. It will definitely remove it if you choose that option, but it will not keep it from coming back. This can only happen with the purchased version, which costs $29.95. Oh, if Panda free virus scan finds anything on your computer, it will list what it is and where it is from. It's up to you what you want to do with it. Hope this helps. I just did mine and Panda found a Trojan, which I told it to remove, and it did.

CNET Forums

Forum Info