Cleaning a Compromised System and removing zedo .
So, you didn’t patch the system and it got hacked. What to do? Well, let’s see:
· You wont clean a compromised system by patching it. This only removes the vulnerability. Upon getting into your system, the hacker made sure he had other backdoors to get into your system.
· Removing backdoors wont clean your compromised system and also aren’t guaranteed that you cleaned allthe backdoors that the hacker left. . This also means that you are not the expert which Entails that you got hacked, so the guy hacking your computer probably knows more that you do about computers.
· Vulnerability removers don’t automatically clean your computer, they only remove one vulnerability, the hacker may have left 5 others behind. But say if your system was vulnerable to Blaster, it was also vulnerable to a number of other attacks which also means you cant guarantee against other attacks that may have been sent towards your computer.
· Virus scanners can be duped by hackers to tell them that a particular file is or isn’t present. So don’t rely on virus scanners unless you are sure that the particular virus has no backdoors associated with the virus. A simple example is when you have majority of email worms which rely on users clicking on an attachment where infection is only possible from the machine sending or machine opening the attachment. In the case of worm being available without user action then you cant guarantee that the worm is the only one with that vulnerability. Patching a computer wont necessarily proctect your system.
· Don’t trust data from a compromised system or computer. A hacker can install new data, so basically you would be making copies of copies of compromised data. Same as event logs cause the hacker can simply give you what he wants you to read.
· Don’t trust your latest backup, because simply hackers can just leave viruses in the backups, so you would be basically be leaving your backup with viruses.
- Simply this if you computer is affected by nasty virus, just flat out rebuild your system. That’s the only way to get a fully working computer.
1. Make sure you have all the critical updates for windows o.s and internet explorer. The first defense against viruses is a well patched operating system. Make sure you are running at least windows service pack 2. Here are a couple of links that will help with getting your computer ready for malware.
Getting your computer ready for windows xp service pack 2.
Get your windows updated here at windows update.
Click this line to make sure you have all the latest updates.
Its critical and important to understand the risk of not updating your computer.
Get yourself a list of free antivirus products. Here are links to a few
Avast home edition free antivirus
Avg Anti Virus
2. Get a fire wall. The best firewall to use on the net right now is none other than zone alarm superfirewall. Incase you don’t know a firewall is software or hardware that acts like a gate to help protect your computer against hackers and some computer viruses and worms that try to find unprotected computers that are connected to the Internet
Resources for checking up on how to deal with virus on the net.
hacker watch
Audit My Pc
Grc
Pc Flank.
Firewall leak tester
Personal firewall from comodo.
Also make sure that you Adjust Active X security settings
In IE, click Tools, Internet Options, Security. Click on the Internet cirlcle. Then select default level , then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
o Click OK and OK again.
.
All Programs Come With Free Trial
Check out Computer associates Anti virus with free trial. Only through our link Below.
Visit the CA Resource Center to download your FREE trial version of select CA products!
The zedo code produces pop ups from the several providers.
- xads.zedo.com
- upspiral.com
- searchlocal.ws
- aavalue.com
- url.cpvfeed.com
and even though you may have pop up blockers from google yahoo and whatever other toolbar that is out there nothing happens. Heres what you should do
Go to this program here online called
You are going to find this rootkit called Rootkit.Win32.Agent.EQ which infects the core.sys in the c:/windows/system32/driversdirectory. You should also find core.cache.dsk in the same directory okay heres how you remove the damn program.
How to remove The Core.sys
1.Boot in safe mode
2. Click on Start, Search, and choose All Files and Folders
3. In the all or part of file name box, type the following
core.sys
4. In the Look In box, choose local hard drives and click Search
5. When core.sys is found in the c:\windows\system32\drivers directory, right-click on it and choose Delete
6. Repeat steps 2-5 for the file core.cache.dsk
7. Close the Search box
8. Click on Start, Run and type REGEDIT and press Enter
9. Click on the Plus sign (+) next to HKEY_LOCAL_MACHINE
10. Click the plus next to SYSTEM
11. Click the plus next to CurrentControlSet
12. Click the plus next to Services
13. Find the folder called CORE and right-click on it and choose Delete
IF THE CORE FOLDER DOESNT EXIST DONT DO ANYTHING.
14. Close the Registry Editor by clicking on the X in the right-hand corner of the window
15. Reboot your computer in Normal mode
16. Once the computer is rebooted, open your web browser and go to Kaspersky Online Scanner by clicking on the link below.
kaspersky
Your computer should be free of any virus from there on.
P.s If none of this works try the methods outlined here.
