My computer is under siege.

Deadfall

I'm running Windows Vista Home Premium with Norton antivirus.

I am getting the following every ten to thirty minutes or so:

An intrusion attempt by 19js810300z.com was blocked. Application path /device/harddiskvolume1/windows/system32/svchost.exe

A quick google says it's a Russian source. Norton, Spybot and Malwarebytes are coming up with nothing. Thoughts?

Deadfall

System Restore could not complete because of an unspecified error, and now I'm getting "Host Process for Windows Services stopped working and was closed." My Vista desktop and all my tool bar icons and whatnot have reverted to a plain gray color and looks like an old XP theme or something.

Deadfall

Okay, I think I got it. Holy crap that was a tough bugger. I'm no security expert, but I'm decently savvy when it comes to protecting my computer, and that was driving me crazy.

Downloaded TDSS Rootkit Remover and it seems to have taken care of it.

Some further research told me I had a backdoor trojan of some sort, and the website was trying to access my system files, or something. I don't know. But it was preventing me from logging into my Windows Profile or do any system restores.

Thanks H/A. I suppose just being here helped me out.

TychoCelchuuu

In before the "Norton Antivirus means you're not decently savvy when it comes to protecting your computer," although frankly I think Norton does a fine job as long as you don't mind the crippling performance hit/stability hit that it can often bring along.

Deadfall

TychoCelchuuu wrote: »

In before the "Norton Antivirus means you're not decently savvy when it comes to protecting your computer," although frankly I think Norton does a fine job as long as you don't mind the crippling performance hit/stability hit that it can often bring along.

It came with Comcast for free, and it does the job well enough for what I use it for. I run it along with Malwarebytes and Spybot, and I consider myself a relatively safe user. I mostly just game on this machine. Like I said I'm far from an expert, but I know the basics.

JaysonFour

I'd still nuke it from orbit and re-install.

Problem with rootkits is you can't ever be sure you got all of it. You may still have stability issues, or you may have missed a chunk of the kit that is going to end up blue-screening your computer on occasion.

ronya

JaysonFour wrote: »

I'd still nuke it from orbit and re-install.

Problem with rootkits is you can't ever be sure you got all of it. You may still have stability issues, or you may have missed a chunk of the kit that is going to end up blue-screening your computer on occasion.

Also, change any passwords for sites you might have saved in your browser, and if you have any credit card information stored, consider canceling your card too.

Buttcleft

ronya wrote: »

JaysonFour wrote: »

I'd still nuke it from orbit and re-install.

Problem with rootkits is you can't ever be sure you got all of it. You may still have stability issues, or you may have missed a chunk of the kit that is going to end up blue-screening your computer on occasion.

Also, change any passwords for sites you might have saved in your browser, and if you have any credit card information stored, consider canceling your card too.

Seconding all this.

Nuke it from orbit with the big guns, change passwords, and monitor shit carefully to make sure nothing like credit card/checking was violated

3drage

Agreed with the previous three posts.

Deadfall

Fortunately for me I am very paranoid about my passwords and don't keep them stored in my browser. Same with card information. But looks like I'll be cleansing the hard drive with holy flame this weekend anyway.

Thank ya gents.

3drage

Deadfall wrote: »

Fortunately for me I am very paranoid about my passwords and don't keep them stored in my browser. Same with card information. But looks like I'll be cleansing the hard drive with holy flame this weekend anyway.

Thank ya gents.

If the trojan had a key logger, the passwords you entered while visiting sites have been compromised.

SkyGheNe

Deadfall wrote: »

Fortunately for me I am very paranoid about my passwords and don't keep them stored in my browser. Same with card information. But looks like I'll be cleansing the hard drive with holy flame this weekend anyway.

Thank ya gents.

Yeah I got hit by one of these one time and once discovered, I literally unplugged my internet cable, formatted right there and then, and then proceeded to change every password in existence on another computer.

Also - if you want a good, free and lightweight antivirus - try Microsoft internet security essentials. I love it and it hasn't let me down as far as detection goes, whereas I've had shit slip by NOD32, McAffee, and Norton.