My virus count is bigger than yours! NYAH! :P

I just got finished with a client's computer, a toshiba satellite pro
4300. Initially it was very flaky...million popups when IE would
load, IE crashing, etc.

The family didn't mind spending money, so I bought norton IS for them,
installed it (found/eliminated an unknown virus during bootup), and
downloaded LiveUpdate. I thought maybe I'd find a dozen spywares and
a backdoor or two....

The sucker had *488* viruses (including
adware/spyware/dialers/backdoors/trojans). It was a miracle this
thing still booted. The client initially gave it to me thinking it
would be a quick fix. I quickly told them it would be a little
more....involved

This was a true "fixer-upper"....running XP Pro on 128 megs of ram
The pagefile was over 300 megs large...the hard drive light never went
off until I "evicted" the 14 adware/spyware background processes and
added an extra 128mb SO-DIMM. The "spyware eviction notice" also
amazingly cleared up most of the IE problems, and I was able to get to
windowsupdate (previously blocked...would divert to porn sites).

Because porn was appearing on the system, the original owner had
attempted to install a "porn scanner" by 180solutions...this program
ITSELF was spyware...nothing like getting into it even more

As you can probably guess, there were no firewall, antivirus, or
windows updates installed...DCOM RPC, etc. vulnerabilities were ripe
for the taking. This thing was an open book (or an open NOTEbook,
heh).

Anyway, just want to express to the group one of my biggest success
stories After doing a dozen different things, from BIOS & win.
updates, to deleting the porn-saturated admin temp files, to adding a
content advisor password, the computer FINALLY felt safe to put back
on the Internet. Just wanted to share the experience with everyone

Dan

PS I was also wondering if anyone has had experience with hackers
using msmsgs.exe (microsoft messaging) to hack into a system. If
there's no password on the admin account, can they get into the system
via MS messaging?

 

Yes, if Msmsgs is not being filtered by a good firewall, is like having a
sign on your door that says "we're not home so feel free to rob us". Any
number of programs could be used to locate the open port msmsgs uses,
determine its current status and get through it and into the system.

 

My thoughts exactly, but you know sometimes the challengeis just to good to
pass up....
I'm guilty....

 

Thanks, I had a feeling this was the case...good thing I disabled it
(changed the filename from msmsgs.exe to msmsgs.ex_ ).

I was getting Internet activity even when nothing was running, so I
checked the firewall logs. The firewall kept allowing msmsgs.exe to
pass, and earlier I had accidently allowed a couple items to pass
through the firewall initially (I was trying to update Norton's
LiveUpdate and I got a million requests from programs trying to access
the internet through the firewall...most were denied, but I let a few
past by accident). I really enjoy the new "block all" feature on
norton firewall...gives me time to view the logs and make a decision.

A password was also added to the admin account. There wasn't any
originally, so I suppose it was free for the taking (thus alll the
porn storage in the temp files). I suppose some hedonophile out there
is pretty pissed off.

Thanks very much.
Dan

 

I am humbled...yeesh, that's nasty.

Did you happen to see a lot of the Beagle.M virus? That was the
primary one on this laptop.

Dan

 

Before I had my first major crash I did not virus scan my PC for over
5 years and had it connected to broadband with no firewal (ah days of
innocence) - whilst the virus scan I did only found a few types of
virus - it found over 12000 infected files. Needless to say the PC
ceased to function after that repair operation