Product Guides- Three ways a Twitter hack can hurt you
- Outlook '09
- IBM employees buzzing about layoff rumors
- Microsoft layoff rumors continue their swirl
- Salary calculator
What do I do if I suspect someone is controlling my PC? When my IP address has been changed without my knowledge? My boot-up
process is getting harder unless I unplug the Ethernet cable and the CPU is at 100% every time I open any program. There is
also a new connection to the Internet that is between my connection and the net I know was not there a month ago. When I try
to register my e-mail address the programs say it's invalid and does not match whatever it has to compare it to.
-- Teresa Hurst.
It sounds like some spyware or other unwelcome software has gotten installed on your computer. You need to do some process of elimination to see where the problem is. I would recommend that you start the computer without the Ethernet cable being connected and to start up the operating system on your computer in "safe" mode to minimize what is getting automatically started.
If you are comfortable with using a network sniffer such as Wireshark or one of the commercially available packages, try putting a hub (not switch) between the infected computer and your internet connection and let Wireshark tell you what it is finding. This could help in identifying the exact cause of the problem and serve as a good learning experience in terms of doing some detective work on finding the cause of a problem.
On a different computer, download several different anti-spyware utilities such as Spybot and Ad-Aware. There are several very good packages out there to choose from. The main thing is to run at least two different packages, preferably three, because no single app will remove all the spyware in the wild these days.
Burn these apps onto a CD and then install them onto the computer you have booted into safe mode. Since you are running without a network connection for the time being, you will also need a way to download any signature or other updates and install those before running the software for the first time. After you have run each of the spyware detection programs once, run them at least one more time apiece until you have a clean report from each. This may sound like extra work, but I have seen where one spyware removal program will remove a particular package allowing the same or different spyware removal package to see another piece of spyware/adware that went previously undetected.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comments (6)
Return to known good but analyzeBy Anonymous on April 9, 2008, 7:26 pmIf you suspect that your system has been compromised, regardless of the INITIAL or APPARENT vector, you should be starting from a known good state. You need to...
Reply | Read entire comment
An Even Better Idea...By AWTroxell on April 8, 2008, 9:40 amFor corporate environments, create a Norton Ghost (or open-source alternative) image of a clean system. Update it periodically with patches and new apps. Once...
Reply | Read entire comment
I disagree with the necessity of flatten & rebuild until effortsBy Scunnerous on April 5, 2008, 5:59 amI disagree with the necessity of flatten & rebuild until efforts to clean have been tried. There are plenty of tools to help out there, like IceSword & RootKitRevealer. One...
Reply | Read entire comment
Sometimes that's just quickerBy Fred Evil on April 4, 2008, 3:12 pmNot to mention at least then you're SURE there is nothing left from an infestation. From a corporate standpoint, once the system is compromised, it's hard to trust,...
Reply | Read entire comment
check running services also........By mayur on April 3, 2008, 1:18 amrun msconfig and check the currently active services. Any suspicious item seen go to that source and remove it.also keep ur Temp Files clean.
Reply | Read entire comment
View all comments