Jump to content

DELL GONE MAD!


Recommended Posts

I posted all this at a forum called icronic, but they decided to be anal jerks,

hope someone here can help as well, just let me know what you need and ill get you the scans/logs/info

********************************************************************************

****

Preface:

I am a network administrator with a CS4 security clearance and work for one of the LARGEST privately held IT firms in the USA, and it took me TWO days to come here for help (call it foolish pride) but i am here and here is the details, if you can help i would appreciate it.

The machine affected is in my office in DC, and although its on a network tied to over 2000 pcs (on our subnet and off) this is the ONLY pc that was infiltrated. When i told my coworkers what happened they thought i was joking, my office (and home and any other) pcs are cleaner then the virgin mary, but somehow someway, well you know the rest!

It started with a hacker from isreal (i know this because i have a huge 66 inch wall tv in my office, its practically my home anyway) and while watching a movie the other night my buddy calls me and asks me why im wearing the suit after hours, immediately freaked i see that my webcam has turned on, which i DID NOT do, anyway we called a few favors and after hopping around a bit we found the ostrich lover in his little hideaway across the world, needless to say he wont be HACKING ANYONES pc for quite some time, funny thing about high level PC viruses targeted to low yield deployments, they fry a PC like it was a chicken in the microwave.

While i am sure he will be back, and we have locked the firewalls back down (we are still looking for the hole, scratching our heads) he left some calling cards.

the next day i noticed my firefox was redirecting my google searches to ad pages, i didnt really think much of it at the time, but i made a note, i ran your basic ad aware, hijack this, malware, spy this spy that, mumbo jumbo and cleaned a few things off,

the real fun started today, i reinstalled all my system files (after disconnecting from the central net) and then tried to reinstall my webcam (a logitech hd x, very high tech) everytime i tried to launch this driver it would ask me to reboot, once i did so the stop errors started, i am currently running memory tests on the 4gb in the dell, using a program we invented, i cant say the name as its not for public use but its light years ahead of anything out there, i have already passed the stress, WCMATS,WCMch, MATS, MarchB tests, and it is still scanning

FYI, when i did get back into my pc most of the malware that was placed was gone, but the firefox thing is still acting up, and no matter what i do it wont go away, dont want to reformat so i came here for some help, please anyone ill follow whatever steps you ask as long as they are safe and dont include formatting, it would take years to put all my security software (internal not scanning stuff) and all the md5 and stuff they make us have on these machines, hell i cant even login if i dont have my id badge inserted in the pcmia slot,

alas i remember when we just clicked the X in 98 to bypass a password prompt, those were the days....

oh BTW, i ran that goored thingy, and the combofix, no joy there either, also used something called spyware terminator (supposedly free but had ads in the GUI,) but whenever i launched my machine the resident shield on it crashed, so not a very stable program.

ok im going to sit back and see what the thinking caps of this great community have for me

Jay

ZTEKnologies

THanks again

Link to post
Share on other sites

  • Root Admin

Well my guess is your security clearance or certifications are on Unix / Linux and not on Windows.

Unless you do Combofix logs all the time you can easily miss what's there.

Please start a NEW post in the HJT Forum with a link to this post and the latest Combofix log file and someone will review it.

Goored, Yoog, Adsearch are a few of the current crop of these items to come along. Do you see this mis-guided search in Firefox alone or is it in IE as well?

Here is the typical canned message given to new users just so you're aware of how thing run here.

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Just wanted to let this forum know that this poster, Jay (Google: ZTEKnologies), is spamming forums all over the net with this very same message.

Please pass the word, if you can.

PLEASE NOTE: this person is on annoyances.org, is obviously on welfare (which means YOURS AND MY Tax dollars pay for their internet) and has not contributed to solving the issue i asked about. While it is true i have posted on many forums asking for HELP (seems people have forgotten forums are FOR THAT REASON) i do not know this person, nor would i ever want to, in fact if i do meet this person or find out who they are, them worrying about food stamps will be the LEAST of their insignificant lifes worries.

I asked for help here and other places, this person is a bottom feeder, please disregard anything they say (fyi their id on annoyances.org is ms eagle)

thanks and if you can help feel free!

Link to post
Share on other sites

thanks for the welcome, you are also advised someone is trying to spam your forum (see post above) and you should block that person)

Unix/linux is correct, most gov systems run that now and have for a long time

i appreciate the help and will link this post and post a log!

Edited by AdvancedSetup
Removed un-needed quoting
Link to post
Share on other sites

Just wanted to let this forum know that this poster, Jay (Google: ZTEKnologies), is spamming forums all over the net with this very same message.

Please pass the word, if you can.

There's plenty of other info. on this poster, and his so-called ZTEKnologies. See this older discussion.

http://forums.onforce.com/viewtopic.php?f=...f2b9770a#p84872

What they found out...

http://forums.onforce.com/viewtopic.php?f=...54&start=15

Link to post
Share on other sites

PLEASE NOTE: this person is on annoyances.org, is obviously on welfare (which means YOURS AND MY Tax dollars pay for their internet) and has not contributed to solving the issue i asked about. While it is true i have posted on many forums asking for HELP (seems people have forgotten forums are FOR THAT REASON) i do not know this person, nor would i ever want to, in fact if i do meet this person or find out who they are, them worrying about food stamps will be the LEAST of their insignificant lifes worries.

I asked for help here and other places, this person is a bottom feeder, please disregard anything they say (fyi their id on annoyances.org is ms eagle)

thanks and if you can help feel free!

It's obvious who the bottom feeder is here. Network admin indeed, and so professional sounding besides. :D

Btw, I'm a long time respected member of those forums, so you lose. I have a lot more credibility than you. You have NONE.

Link to post
Share on other sites

Well since you can't abide by my request this post will be closed.

Yes, this topic is a bit too much.

CLJ, please note that while we certainly appreciate it when people report spam, we will also try our best to help anyone who comes to us with a malware problem. As an anti-malware software vendor, we have to try to help these people, because in so doing they are helping us make our software better.

We have some pretty good volunteers here, and they will be sure to take action if they see something they don't like (which I'm sure you've already noticed, as this topic has been closed). In the future, please send such information to a moderator in a private message, and we will deal with it accordingly. Going back and forth with with another user in a topic they are trying to ask for help in just gets confusing, and is unproductive for everyone involved.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.