- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
What do I do if I suspect someone is controlling my PC? When my IP address has been changed without my knowledge? My boot-up
process is getting harder unless I unplug the Ethernet cable and the CPU is at 100% every time I open any program. There is
also a new connection to the Internet that is between my connection and the net I know was not there a month ago. When I try
to register my e-mail address the programs say it's invalid and does not match whatever it has to compare it to.
-- Teresa Hurst.
It sounds like some spyware or other unwelcome software has gotten installed on your computer. You need to do some process of elimination to see where the problem is. I would recommend that you start the computer without the Ethernet cable being connected and to start up the operating system on your computer in "safe" mode to minimize what is getting automatically started.
If you are comfortable with using a network sniffer such as Wireshark or one of the commercially available packages, try putting a hub (not switch) between the infected computer and your internet connection and let Wireshark tell you what it is finding. This could help in identifying the exact cause of the problem and serve as a good learning experience in terms of doing some detective work on finding the cause of a problem.
On a different computer, download several different anti-spyware utilities such as Spybot and Ad-Aware. There are several very good packages out there to choose from. The main thing is to run at least two different packages, preferably three, because no single app will remove all the spyware in the wild these days.
Burn these apps onto a CD and then install them onto the computer you have booted into safe mode. Since you are running without a network connection for the time being, you will also need a way to download any signature or other updates and install those before running the software for the first time. After you have run each of the spyware detection programs once, run them at least one more time apiece until you have a clean report from each. This may sound like extra work, but I have seen where one spyware removal program will remove a particular package allowing the same or different spyware removal package to see another piece of spyware/adware that went previously undetected.
Rss FeedRss Feed
Discover the capabilities your file integrity monitoring solution should have to effectively secure...
6 Simple Steps to Disaster Recovery PlanningDiscover the six simple steps you can take today to create - or bolster - your disaster recovery...
The Trend from UNIX to Linux in SAP(r) Data CentersThrough our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
Increasingly popular technologies such as virtualization, wireless networking and data center...
How to lower software costs, complexityDiscover how Software as a Service is the economical alternative to expensive on-site software,...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Company Description
Emerson Network Power and its Liebert power and cooling technologies increase IT system flexibility and availability, while lowering the total cost of ownership.
Power and Cooling Guidelines
Learn how to optimize power and cooling in network access rooms to keep equipment operating at peak performance and proactively monitor changes.
Download this white paper
Business-Critical Continuity
Read about Sequent and how they implemented a new data center to meet current requirements while easily scaling to support projected growth.
Download this case study
Cutting Energy Costs
Reduce cooling system energy costs by 30 to 45 percent through five data center efficiency strategies.
Download this white paper
Comments (6)
Return to known good but analyzeBy Anonymous on April 9, 2008, 7:26 pmIf you suspect that your system has been compromised, regardless of the INITIAL or APPARENT vector, you should be starting from a known good state. You need to...
Reply | Read entire comment
An Even Better Idea...By AWTroxell on April 8, 2008, 9:40 amFor corporate environments, create a Norton Ghost (or open-source alternative) image of a clean system. Update it periodically with patches and new apps. Once...
Reply | Read entire comment
I disagree with the necessity of flatten & rebuild until effortsBy Scunnerous on April 5, 2008, 5:59 amI disagree with the necessity of flatten & rebuild until efforts to clean have been tried. There are plenty of tools to help out there, like IceSword & RootKitRevealer. One...
Reply | Read entire comment
Sometimes that's just quickerBy Fred Evil on April 4, 2008, 3:12 pmNot to mention at least then you're SURE there is nothing left from an infestation. From a corporate standpoint, once the system is compromised, it's hard to trust,...
Reply | Read entire comment
check running services also........By mayur on April 3, 2008, 1:18 amrun msconfig and check the currently active services. Any suspicious item seen go to that source and remove it.also keep ur Temp Files clean.
Reply | Read entire comment
View all comments