locked
Trapped in my own PC RRS feed

  • Question

  • I am running an older model Acer pc with XP SP3 and after picking up an Aleureon bootkit virus have found myself virtualized as a user with no way that I know of to take back control of my machine.  I tried to replace the hard drive, but the onboard lan support had installed the virtualization settings before I could re-install my XP home.  How can I go about getting rid of this?  I can't afford to replace the entire machine at the moment and have not found a way to clean things up on my own yet so any help would be greatly appreciated! :)

    Tuesday, October 18, 2011 9:53 PM

All replies

  • if you have the book and disk that came with your pc read book and follow it carfulee thats how i cot my emachine back up and runing it,s six years old and had 136 trogen,s in it thanks to my naybor. then only load updats and downloads from microsoft . lynn.s
    lynn selby
    Tuesday, October 18, 2011 11:16 PM
  • Thanks for your help Lynn, but my problem goes deeper than that, unfortunately.  The virus opened a back door for a hacker who has 'sandboxed' me and taken control of my machine, adding it to his online 'bot-server'.   As my machine's resources and my network connection are now shared with these extra accounts it's performance has gone severely downhill.  There's also the privacy concerns that go with having some unknown 'administrator' looking over my shoulder.  :(

    I've recently discovered that the NIC (a Yukon Gigabit Ethernet controller) has built in non-volatile memory which has been corrupted, leaving me with the problems of how to reset it, as well as how to clean up the hard drives that have the corrupted boot sectors without having them re-corrupt the NIC's memory.

    Wednesday, October 19, 2011 6:53 PM
  • what are the virtualization settings set up by your onboard lan support ??

    If you are very sure of backdoor being placed in your machine then do not connect to the internet. Which antivirus software have you been using ?


    Regards, h9ck3r.
    Thursday, October 20, 2011 6:02 AM
  • My apologies, I forgot to mention that the OS is 'home edition'.  The machine is (and always has been) a stand-alone home pc, and it was only a couple of days ago that I found out the nic (a Marvell Yukon Gigabit) had lan support. I have no idea how to access any settings, so if you could fill me in on how to check them I'd be happy to pass them along.

    As for antivirus, I used AVG and Avast free versions.  Neither one picked anything up so it wasn't until installing Microsoft Security Essentals that I got the warning on the aleureon. 

    At this point I've done well over a dozen 'clean installs', formatting the drives seperately with the XP disk, a Win98 boot disk, and slaved using the disk manager but I still keep finding a half dozen hidden network adapters in my device manager along with a long list of 'Non-Plug and Play Drivers' that I didn't install.  When trying to uninstall the hidden stuff I get a pop-up that says it's necessary to boot the system, and it won't go any further. 

    Saturday, October 22, 2011 3:36 AM
  • Mist3rD33- now since the whole operating system is corrupted, i suggest you to back up your important data in C drive and even other drives. Take a backup of the data in an external drive. Once you finish this, boot from the XP CD and format everything, i mean wipe out all the data on your hard disk (all the partitions). Once you do this re-partition the hardisks and install the windows XP, update your computer to latest updates. Install microsoft security essentials and run a scan on C drive. Once you do this, connect the storage where you had taken the backup and scan it with security essentials. If there are any viruses it will be cleaned. After that copy all the data from storage to your hard disk.

     

    Let me know if you didn't understand any of the steps which i have mentioned above.


    Regards, h9ck3r.
    Saturday, October 22, 2011 4:36 AM
  • Sorry for the delay, the used HP I bought to surf with crapped out on me and I haven't been online in a long while.  Thanks for your advice, but I'm long past that at this point.  I've re-formatted my disks in both FAT32 and NTFS and installed the OS so many times that I've almost memorized the 25 digit key. 

    On each 'clean install' my Event Viewer's system log shows a message that the system discovered a 'fifo' on serial ports 1 and 0 and when verifying them.  When checking the CMOS it shows the wrong model number for my machine.  It seems my problem lies in the EEPROM memory on my MB and that is something I have no idea of how to fix. 

    Sifting thru the registry on my machine has shown 2 'virtual hard drives' that I can't access, as they don't show up in the 'my computer section'. One of them seems to be the new %systemroot%, with the other set aside for 'Clients'.  The virus was only on the machine long enough to rewrite the EEPROMs so an anti-virus program isn't the answer here.

    Being on someones 'bot-server' has left me in a 'man in the middle' situation where I can no longer safely pay bills, check e-mail, or do anything else that requires a log-in.  It's now been at least 4 months and I just want to get it fixed so that I can return to what any other man with a brain tumor wants - enjoying life on the web. 

    As I'm more a 'mechanic' than a programmer, what I need is some sort of downloadable program that will give me access to these virtual drives so that I can erase them.  Any suggestions are greatly appreciated!

    Wednesday, November 16, 2011 5:46 PM
  • Hello

    I see you are quite the computer enthusiast; good job in finding out all this information.

    If I understand your problem correctly, you can use GParted (http://gparted.sourceforge.net/liveusb.php) in order to boot up in a Live Linux environment and delete any hidden hard drives.

    You can install GParted on a USB stick and boot from it in seconds; no need to actually install Linux on your machine.

    Good luck :)

     

    Konstantinos

     

    Thursday, November 17, 2011 10:58 AM
  • Thanks for the suggestion Konstantinos. As for being a "computer enthusiast", it's more a case of being an internet enthusiast. The technical part comes from a 14 year lan cabling/telecom career that ended due to health problems about 9 years ago. I could live with my 'sharing' situation if it weren't for the privacy issues and the risk of identity theft that are involved. I've been working on this problem for nearly four months now and my 'computer enthusiasm' is growing pretty thin. While GParted solved the problem of not being able to access the other 85% of my hard drive in XP, it didn't solve my 'sandbox' problem. I borrowed an Ubuntu disk from a friend to check out the whole package and found out some interesting things though. It seems that rather than being 'sandboxed' I've been 'scuzzied'. The logs in Ubuntu showed my hard drive as a SCSI drive with 8 devices and my system memory apparently has a good deal of 'reserved space' that the memory checker won't touch. At this point I'm getting far closer to the programming side of computing than I've had any experience with. I'm more a mechanic than an engineer, unfortunately. As far as I can tell the problem centers around a corrupt system kernel that resides somewhere on the motherboard, as completely cleaning my hard drive and rebuilding the partition table with Ubuntu running from the disk didn't fix it. At this point I'm almost ready to make my final 'hardware upgrade' with the carpenter's hammer in my tool box!
    Wednesday, November 23, 2011 8:03 AM
  • Hello again

    I understand your frustration and I'm sorry that you did not manage to fix your problem.

    Before you smash it to pieces though, you may want to file a complaint with IC3 (http://www.ic3.gov/complaint/default.aspx).

    They may ask you to provide your hard disk (or the entire computer) as evidence in order for them to figure out who is trying to control your machine.

    So, if you want to get some closure to this situation, you better keep it in one piece :)

    Good luck!

     

    Konstantinos

    Wednesday, November 23, 2011 1:28 PM