Computer hijacked by spammers?

**ZombieFriedNuts** · 01-20-2007, 22:24

My mums computer has been hacked or has a bit of spyware that send out emails to everyone it seems, I cant remember how people do this or what its called and I am a long way from my mums computer so sorry for being so vague about it. I would like some suggestions for programs to get rid of it.

**drone** · 01-20-2007, 23:26

Much of what you will need to do depends on the infection and state of the computer. First off, do you know what version of Windows she is running (of course I am assuming Windows here, if it's a Mac or Linux box I will be both surprised and clueless to help)?

There are different grades of malware that you will need to clean. Your basic spyware can be detected by programs such as Ad-aware and SpyBotSD. For a virus or worm, you will need something like AVG anti-virus. If the box has been rootkitted, then you will need one of these tools:
http://www.informationweek.com/news/...leID=196901062

The links to some of the free security/spyware programs can be found in the Security section of the "The Freeware and Open Source Software Thread" thread:
https://forums.totalwar.org/vb/showthread.php?t=59901

My advice would be to download these tools, their latest signature updates, burn them onto a CD, and take them with you to her place to work. Disconnect her box from the outside world, and work offline.

Sometimes the best thing to do is re-install Windows. If she is running XP and does not have an install disc with SP2, download SP2, burn it, and take it with you. Don't reconnect to the net until it is installed, and do a windows update as soon as you are online.

**caravel** · 01-21-2007, 01:12

A rootkit is a possibility, or it could be a run of the mill malware. Try to eliminate the most obvious things first though, and follow drone's advice (don't forget to work disconnected from the net, and in safe mode if necessary). If nothing comes up, or even if it does, this info is from an old post I made some time ago, to save alot of retyping:

Originally Posted by Caravel

You'll probably need to download hijackthis, and post up a log here, this is time consuming.

First go to this post and download whichever of these programs that you don't already have and run full system scans with all programs, except SpywareBlaster which you don't need yet, and fix any problems found (AVG Antispy is more manual requiring you to set which problems you want to fix. Don't fix anything you're not sure about. Before you run any scans, go into all of your browsers and delete all of your temp files and cookies.

https://forums.totalwar.org/vb/showp...2&postcount=21

After this you'll need to download HijackThis from here (ignore the commerical ads on the site):

http://www.majorgeeks.com/download3155.html

Extract HijackThis.exe to C:\Hijackthisxyz\

Rename HijackThis.exe to Hijackthis1991.exe

Run HijackThis and do a full scan and save a log. Post up the full log here, don't do anything yet. Note: You can seriously mess up your system by deleting the wrong thing from HijackThis. HijackThis is not an anti-spyware scanner. Not everything in your log is spyware, some things are critical, so you need to be careful and not delete anything until it's been positively identified.

Follow that to the letter. Let us know how you get on.

**sapi** · 01-21-2007, 03:39

Just an addition - if you are forced to do what drone suggests and reinstall windows, then i suggest you get a program called 'autopatcher', which will apply all the windows updates without you having to connect to the internet.

**ZombieFriedNuts** · 01-21-2007, 20:04

Its windows 98
She’s been getting “unable to deliver mail” messages from the server and I found this which looks similar but to get the solution you have to pay so if any off you have accounts with them could you post the answer pleeeeeeease.

**caravel** · 01-22-2007, 00:39

You don't need to pay for the answer it's near the bottom. He links to this site: http://www.cert.org/tech_tips/email_spoofing.html

It's general infor about email spoofing and what you can do about it. Have a read of it.

If you'd described the issue better in the first place, we may have understood your problem more fully. How do you know the PC is sending these emails? Are you sure they're not just spoofed (masquerading as your address but not actually sent by you)? If they are spoofed they're nothing much to worry about. You may get the occasional n00b sending you a "stop sending me emails you ******* " message but that's it. Eventually it'll die down. Try running a webiste or board and see how much of this stuff bounces back to you from spambots spoofing your address.

**BDC** · 01-22-2007, 11:42

Originally Posted by ZombieFriedNuts

Its windows 98
She’s been getting “unable to deliver mail” messages from the server and I found this which looks similar but to get the solution you have to pay so if any off you have accounts with them could you post the answer pleeeeeeease.

Then cry.

98 is horribly old and exposed and generally not designed for the modern web.

**caravel** · 01-22-2007, 12:27

Originally Posted by BDC

Then cry.

98 is horribly old and exposed and generally not designed for the modern web.

That depends on how it's configured, what's installed on it and how it's used. Generally the most vulnerable software is usually the most popular. While Win9x, as you say, is pretty much an open door as far as security is concerned, it's rarely targeted these days. It's also a lot easier to remove spyware from, and most spyware out there today simply isn't written for it. XP has many more places for spyware to hide.

**drone** · 01-22-2007, 18:17

If she is running with a broadband connection, I would also suggest getting a hardware router/firewall. They don't cost that much, and will save you a lot of heartache in the end. Win98 should be OK behind one (once it is clean, that is).

**ZombieFriedNuts** · 01-22-2007, 20:59

Ye ok I think I’m an idiot on new information from mum it looks like it’s just a spammer who likes their email I know how to deal with that put I don’t think their computer can take another process

**TevashSzat** · 01-23-2007, 01:12

caravel is right thats is one of the main reasons that people use linux and macs since almost noone writes viruses and spyware for them.

**caravel** · 01-23-2007, 10:33

Originally Posted by Xdeathfire

caravel is right thats is one of the main reasons that people use linux and macs since almost noone writes viruses and spyware for them.

Linux boxes are great for relatives that know next to nothing about computers. It's odds on that they don't know a thing about windows anyway, so setting them up with KDE on something like Mandriva or Ubuntu is not a problem. The result is that you don't have to worry about malware or the tools involved with it's detection and removal. You don't have to arrive on the scene 2 months later to purge something nasty, only to see that the definitions are weeks out of date and there is a queue of windows updates waiting to start. The only issue with Linux is when they want to install something, that someone has told them about or given them and it doesn't work, because it's windows only.

Like drone said, a router is a good investment for anyone running any kind of Windows box, whether it be XP/2k or 9x. Of all the Ms Operating Systems I have found 2k to be most at risk when directly connected to the net, with XP a close second. Routers are very worthwhile for these OS's. Simply operating in the private address range is protection in itself, add a firewall to that, which most routers have these days, and it's better still.