I think my computer is bugged

bubba · #1 (**permalink**) 20/03/06, 19:36

I would like to know if somebody puts something on my computer like webwatcher http://www.awarenesstech.com/general/index-o72v31.html
that cannot be detected by me or spyware, how do you know it is on there and how do you get it off??

Jon · #2 (**permalink**) 20/03/06, 19:50

Use HJT. Try Google, and enter HJT. Download it, and post it. Usually it'll tell.

bubba · #3 (**permalink**) 20/03/06, 20:11

jon

but if it says" It is completely invisible
Designed to meet the exacting standards of intelligence agencies engaged in the war on terror, WebWatcher is completely invisible. Whether you are trying to monitor your computer savvy spouse or the head of your tech department, you won’t be detected. WebWatcher doesn’t appear in the Registry, the Process List, the System Tray, the Task Manager, on the Desktop, or in Add/Remove programs. There aren’t even any visible files that can be detected!

How will it be detected then???

**Ash** · #4 (**permalink**) 21/03/06, 15:05

If you are worried your PC is bugged, I would back up important data and then reformat - then, you can put a password lock on booting up.
You can also install a firewall that logs where data comes from and goes from - you could then find where it is going and block it.
If it isn't a computer you can reformat, then if it has a CD drive you can run a different OS - I found this article:

Quote:

Originally Posted by http://www.wired.com/news/technology/0,70017-0.html

holy grail -- a totally anonymous and secure computer so easy to use you can hand it to your grandmother and send her off on her own to the local Starbucks.

That was the guiding principle for the members of kaos.theory security research when they set out to put a secure crypto-heavy operating systems on a bootable CD: a disc that would offer the masses the same level of privacy available to security professionals, but with an easy user interface.

"If Granny's into trannies, and doesn't want her grandkids to know, she should be able to download without fear," says Taylor Banks, project leader.

It's a difficult problem, entailing a great deal of attention to both security details and usability issues. The group finally unveiled their finished product at the Shmoo Con hacker conference here Saturday, with mixed results.

Titled Anonym.OS, the system is a type of disc called a "live CD" -- meaning it's a complete solution for using a computer without touching the hard drive. Developers say Anonym.OS is likely the first live CD based on the security-heavy OpenBSD operating system.

OpenBSD running in secure mode is relatively rare among desktop users. So to keep from standing out, Anonym.OS leaves a deceptive network fingerprint. In everything from the way it actively reports itself to other computers, to matters of technical minutia such as TCP packet length, the system is designed to look like Windows XP SP1. "We considered part of what makes a system anonymous is looking like what is most popular, so you blend in with the crowd," explains project developer Adam Bregenzer of Super Light Industry.

Booting the CD, you are presented with a text based wizard-style list of questions to answer, one at a time, with defaults that will work for most users. Within a few moments, a fairly naive user can be up and running and connected to an open Wi-Fi point, if one is available.

Once you're running, you have a broad range of anonymity-protecting applications at your disposal.

But actually using the system can be a slow experience. Anonym.OS makes extensive use of Tor, the onion routing network that relies on an array of servers passing encrypted traffic to permit untraceable surfing. Sadly, Tor has recently suffered from user-base growth far outpacing the number of servers available to those users -- at last count there were only 419 servers worldwide. So Tor lags badly at times of heavy use.

Between Tor's problems, and some nagging performance issues on the disc itself, Banks concedes that the CD is not yet ready for the wide audience he hopes to someday serve. "Is Grandma really going to be able to use it today? I don't know. If she already uses the internet, yes."

Experts also say Anonym.OS may not solve the internet's most pressing issues, such as the notorious China problem: repressive governments that monitor their population's net access, and censor or jail citizens who speak out against the government.

Ethan Zuckerman, fellow with Harvard's Berkman Center for Internet and Society, works extensively with international bloggers and journalists, many of whom live under constant threat from their own governments. He see Anonym.OS as a blessing for some -- but not for those at the greatest risk.

"I think it's going to be tremendously useful for fairly sophisticated users when they are traveling, but where it may not be as effective as people would hope is in counties where the government is really seriously about locking down the net, constraining internet access," Zuckerman says.

Because most people in the developing world use the internet from shared desktop environments, services for them have to consider workplace and cyber cafe-based computer situations. "Rebooting isn't often an option," explains Zuckerman, who would like to see anonymity solutions move toward minimally invasive strategies like the TorPark, a USB key that allows access to a Tor-enabled browser without rebooting, and private proxies matched up one by one with dissidents.

But kaos.theory members say Anonym.OS is just the first step in making anonymity widely available. Future versions, they say, may run on a USB keychain. Additionally, they plan to implement Enigmail to allow encrypted e-mail for Thunderbird and Gaim Off-the-Record, which allows users to use instant messaging without their logs being tied to them.

David Del Torto, chief security officer of the nonprofit CryptoRights group, says projects like Anonym.OS are heading in the right direction, but thinks the project overreaches by trying to be useful to everyone. "Grandmas are not the ones that need this right now.... My instincts tell me that it's a very small number of people (that can use Anonym.OS). You can't really solve this problem by simplifying the interface. It's almost impossible to anticipate everything a user can do to hurt themselves."

bubba · #5 (**permalink**) 31/03/06, 12:22

Here is HJT log..............

Logfile of HijackThis v1.99.1
Scan saved at 4:38:29 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.exe
C

rogram FilesSpyware Doctorswdoctor.exe
C

rogram FilesInternet Exploreriexplore.exe
C

ocuments and Settingscarolyn woodsLocal SettingsTemporary Internet FilesContent.IE5TV0FCRZ5HijackThis[1].exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://education.dellnet.com/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.iwon.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://education.dellnet.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://education.dellnet.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C

rogram FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:WINDOWSSystem32Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C

rogram FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C

rogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C

rogram FilesMyWebSearchbar1.binMWSBAR.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C

ROGRA~1SPYWAR~1toolsiesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C

ROGRA~1SPYWAR~1toolsiesdpb.dll
O3 - Toolbar: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [DVDSentry] C:WINDOWSSystem32DSentry.exe
O4 - HKLM..Run: [MMTray] C

rogram FilesMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe
O4 - HKLM..Run: [MCAgentExe] c

ROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] c

ROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [AdaptecDirectCD] "C

rogram FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [VirusScan Online] C

rogram FilesMcAfee.comVSOmcvsshld.exe
O4 - HKLM..Run: [Microsoft Works Update Detection] C

rogram FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [QuickTime Task] "C

rogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [VSOCheckTask] "C

ROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [BJCFD] C

rogram FilesBroadJumpClient FoundationCFD.exe
O4 - HKLM..Run: [tgcmd] "C

rogram FilesSupport.combintgcmd.exe" /server /nosystray /deaf
O4 - HKLM..Run: [TkBellExe] "C

rogram FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [Windows Registry Repair Pro] C

rogram Files3B SoftwareWindows Registry Repair ProWindows Registry Repair Pro.exe -X
O4 - HKLM..Run: [hflhwg] c:windowssystem32fsgowh.exe
O4 - HKLM..Run: [DatalodeAgent] C

rogram FilesOrbitz Deal Detectororbitz.exe
O4 - HKLM..Run: [mqwqwdk] c:windowssystem32kuujpmw.exe r
O4 - HKLM..Run: [OASClnt] C

rogram FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MyWebSearch Email Plugin] C

ROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - HKLM..Run: [ImInstaller_IncrediMail] C

OCUME~1CAROLY~1LOCALS~1TempImInstallerIncrediMa ilincredimail_install[1].exe -startup -product IncrediMail -skip_dialog language -skip_dialog info
O4 - HKCU..Run: [MSMSGS] "C

rogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Bug Eliminator] C

rogram FilesBug EliminatorBug_Elim.exe /tray
O4 - HKCU..Run: [DellSupport] "C

rogram FilesDell SupportDSAgnt.exe" /startup
O4 - HKCU..Run: [MyWebSearch Email Plugin] C

ROGRA~1MYWEBS~1bar1.binmwsoemon.exe
O4 - HKCU..Run: [RealPlayer] "C

rogram FilesRealRealPlayerrealplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU..Run: [Spyware Doctor] "C

rogram FilesSpyware Doctorswdoctor.exe" /Q
O4 - Startup: Medic.lnk = C

rogram FilesRoad RunnerMedicRRMedic.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C

rogram FilesMyWebSearchbar1.binMWSOEMON.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C

rogram FilesMyWebSearchbar1.binMWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: &Translate English Word - res://c:program filesgoogleGoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C

ROGRA~1SPYWAR~1toolsiesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C

rogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C

rogram FilesMessengermsmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/BEL/Bug%20Eliminator.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hihiltonhead.com/AxisCamControl.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab?rand=2003336
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak02.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.9.0.0.2.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4319/mcfscan.cab
O23 - Service: Iomega App Services - Iomega Corporation - C

ROGRA~1IomegaSystem32AppServices.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c

ROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c

ROGRA~1mcafee.comagentmctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C

ROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:WINDOWSSystem32NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C

rogram FilesSpyware Doctorsdhelp.exe

**Ash** · #6 (**permalink**) 31/03/06, 15:11

Well, I think that software won't show up in Hijack This, but I ran your log through the Hijack This log analyser, and it seems that you do have some nasty stuff on your computer.

Run your log through http://www.hijackthis.de/ and it will tell you what to remove.

But if you think your PC is bugged, I suggest you save all your files onto CD/DVD, then reformat it. Then, put a password lock on the computer to prevent people from being able to access it to install the bugging software.

But, this software is only mainly used in schools, colleges, work places, goverment buildings, etc. Also, unless your computer is accessible to someone with a fairly good knowledge of computers, you should be safe. It would be handy, however, if you let us know a bit more about where the computer is located, if it's on a network, etc.

bubba · #7 (**permalink**) 31/03/06, 15:13

What kind of nasty stuff??? I have a computer in our computer room and my husband has one. they are connected to road runner.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Welcome to CompuForums!
We are a friendly computer forum where you can come to get help with your computer problems, talk about computers and the internet and meet like-minded people. Whether you are a beginner or an expert, everybody is welcome and equal here. Would you like to start posting on these forums today? Just register below, it only takes a minute! Username: Password: Confirm Password: E-Mail: Confirm E-Mail: Agree to forum rules

Welcome to CompuForums!