Shoutbox

If you want to be 100% safe I would format the drive and do a clean Windows installation with a good firewall/AV (Norton INternet Security is a good one).

quote:

---

Originally posted by alegator
If you want to be 100% safe I would format the drive and do a clean Windows installation with a good firewall/AV (Norton INternet Security is a good one).

---

No. Unnecessary hassle

The av would remove it perfectly fine. If you want to remove it manually just delete the exes and remove the registry settings, and the call made to the exe in the shell as mentioned in the link I gave earlier.


---
Would everyone please stop repeating everything already said too? Thanks.

quote:

---

Originally posted by Vimto
I had to go off from the internet, they started controlling my mouse and stuff like that, pissed me off! They've deleted loads of files
Everytime I tried to go onto a site to download a firewall and stuff they were closing the windows.
Nothings happened so far this morning, i ran a virus scan and found some trojan files and removed them.
I'm taking my laptop into a repair shop just in case though.
Thanks everyone

---

...well, did you close kerne1.exe? and they were still able to control your computer?


also, how do you know they deleted files?

quote:

---

Originally posted by ShawnZ

quote:

---

Originally posted by Vimto
I had to go off from the internet, they started controlling my mouse and stuff like that, pissed me off! They've deleted loads of files
Everytime I tried to go onto a site to download a firewall and stuff they were closing the windows.
Nothings happened so far this morning, i ran a virus scan and found some trojan files and removed them.
I'm taking my laptop into a repair shop just in case though.
Thanks everyone

---

...well, did you close kerne1.exe? and they were still able to control your computer?


also, how do you know they deleted files?

---

I'm guessing this is all being done by remote so he either watched him delete them or he went to open the file and it wasn't there.

Did you try logging into safemode? Can they control the window in that mode too?

quote:

---

Originally posted by vaccination
quote:

Originally posted by alegator
If you want to be 100% safe I would format the drive and do a clean Windows installation with a good firewall/AV (Norton INternet Security is a good one).

No. Unnecessary hassle

---

I don't know, when stuff like that happens, I always reformat, just to be sure everything's gone. If one thing passed by, another probably did as well, and although the cleaners usually do an ok job, you need the cleaner to detect it, which gets a little harder.

quote:

---

Originally posted by vaccination
No. Unnecessary hassle

---

Formatting is not "unnecessary" by any means here and definitely the best idea yet.

This is different from a regular malware infection because there obviously is an individual actively controlling the machine.  Who knows what other backdoors they have set up by now and what else they have installed that the virus/spyware scanners have no clue about.

Although it sounds like this might be the doing of someone Vimto knows (most random "hackers" wouldn't be interested in revealing they have control of the computer) and it is a personal computer, this is a full-blown security compromise and the only true and proven response to that is wipe and format.  She could physically disconnect the computer from the net long enough to back up non-executable data files, but format is the only way to be sure this machine will be trustworthy ever again.

quote:

---

Originally posted by Adeptus

quote:

---

Originally posted by vaccination
No. Unnecessary hassle

---

Formatting is not "unnecessary" by any means here and definitely the best idea yet.

This is different from a regular malware infection because there obviously is an individual actively controlling the machine.  Who knows what other backdoors they have set up by now and what else they have installed that the virus/spyware scanners have no clue about.

Although it sounds like this might be the doing of someone Vimto knows (most random "hackers" wouldn't be interested in revealing they have control of the computer) and it is a personal computer, this is a full-blown security compromise and the only true and proven response to that is wipe and format.  She could physically disconnect the computer from the net long enough to back up non-executable data files, but format is the only way to be sure this machine will be trustworthy ever again.

---

I highly doubt it's a pro 'hacker' though, more than likely just a ex-friend who found out about it and wants to scare/piss her off. Most hackers don't try and remote control all their victims and then talk to them =p

my advice, use a router

Just save your self all this trouble and format although you might be able to figure out what it is at the end of the day your pc has been infected. i know from expeirience , i know how these people hack and if this is what i think it is he has injected a single script or file that cannot simply be seen or removed. and your never gonna feel safe until you format. i always say once your pc is infected you can never totaly get rid of it.

also by cannot be removed i mean if he has injected this file into one of your critical system files you cant afford to delete it because it will cause windows not to run.

quote:

---

Originally posted by Adeptus
format is the only way to be sure this machine will be trustworthy ever again.

---

but what if they wrote malicious code to the bios!1