Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Remote Access Infections ... (why you should repave)

A Library of tips, tricks, and informative articles - Fixes are for use under your own supervision and at your own risk.

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 20th, 2012, 4:54 am

Remote Access Infections

If you are reading this, it's most probably because you have a Remote Access Infection (RAI) on your computer, and your helper has referred you to this topic.

It is IMPORTANT that you take time to read through all the posts in the order they are linked to below, which will explain why your helper has referred you here ....

  1. What is a Remote Access Infection (RAI) ?

  2. What should I do now I have a RAI on my computer ?

  3. How can I remove a RAI from my computer ?

    1. You can repave your computer

      1. My computer came with Windows Pre-Installed

      2. I installed Windows myself using a Genuine Windows Installation Disk

    2. We can assist with its removal

  4. What do I need to do to secure my computer once the RAI is removed ?

  5. Can I re-install my personal files once I've reformatted ?

  6. Additional Reading
User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 20th, 2012, 4:55 am

What is a Remote Access Infection (RAI) ?

A Remote Access Infection as its name suggests, is an infection that gives its creator remote access to your computer.

In other words it allows him to use your computer as if he was actually sitting in front of your keyboard. He can perform any task you can, view any information or data that you can, and he can modify your computer in any way he sees fit.

He may do any of the following ....

  • If you use your computer for online banking ... he will know your account numbers and passwords, and will be able to empty your accounts, and/or change your accounts so you no longer have access to them.

  • If you have used your computer for making online purchases or payments ... he will know your credit card details, and be able to make clones, or make online purchases in your name, and/or change your account details so you can no longer use your card.

  • Strip your computer of your personal details ... so that he can use them to usurp your identity, enabling him to open credit in your name, open charge accounts in your name, open bank accounts in your name, and a whole lot more. If you have used your computer to fill in tax or social security forms, either online or offline, he will also have those details as well.

  • Use you as a platform to infect your friends and family ... with the details in your Address book, he can send infected E-mails to your family and friends, who will be less likely to suspect them of being dangerous since they're coming from you.

  • Add your computer to a botnet ... by doing so, he can use the free space on your hard drive to ...

    • Host and distribute porn ... usually the more disreputable and/or illegal type.
    • Host and distribute spam ... a great deal of spam is delivered from computers whose owners are unaware that their machines are being used in this way.
    • Host and distribute illegal music and video downloads ... usually using P2P technology.
    • Take part in DDoS attacks on legitimate sites ... bot-herders often rent out their botnets to people who are demanding ransom from legitimate sites not to close them down.

    ... this article by F-Secure shows the distribution of just one botnet, created by the Zero Access infection, which is one we see a great deal of at this forum.

  • Modify the security on your computer ... your attacker will almost certainly modify the security on your computer, so that he can re-establish control over your machine if you manage to remove the current infection. Since your computer is a very large space (technologically speaking), there is no reliable way of knowing, or finding out what those modifications might be.

  • Anything else he cares to think of ... the creators of this kind of infection are an inventive and imaginative bunch, who have found all sorts of ways (mostly illegal) to make money out of your computer.

Identity theft is a particularly pernicious crime, and proving to the Police, or Credit Collection Agencies that you're not responsible for the child porn on your machine, or the $100,000 of credit that has been run up in your name, can be a long, distressing, and sometimes expensive experience, so you need to take action immediately.

User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 20th, 2012, 8:37 am

What should I do now I have a RAI on my computer ?

Having a Remote Access Infection on your computer is a serious matter, and it is important you do the following immediately ....

  • Disconnect your computer from the Internet and/or any Network it may be connected to.

    • If you are connected by cable, then unplug the cable from your computer.
    • If you are connected by wireless, there is often a key combination that can be used to disable the connection (on my computer it's Fn+F3), otherwise you may need to disable your Network Adapter (Windows Help and Support will tell you how to do this).

  • Contact your Bank, Credit Card company, and any financial institutions you are associated with, and inform them that you may be a victim of identity theft.

    • Ask them to put a watch on your accounts and/or change all your account numbers.

  • From a clean computer, change all your online passwords ...

    • For your e-mail accounts.
    • For your banks.
    • For any financial accounts.
    • For PayPal.
    • For eBay.
    • For any online companies or institutions.
    • For any online forums or groups you belong to.

    Do not change them using the infected computer or your attacker will get them.

Once that is done, you need to remove the Infection.


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 20th, 2012, 9:06 am

How can I remove a RAI from my computer ?

There are 2 ways in which an infection can be removed from your computer (click on the appropriate link for further information) ....

  • You can repave your computer ... (Reformat your hard drive and reinstall Windows) ... this is the only way you can be assured your computer will be secure once the infection is removed, and it is what we recommend you to do.

  • We can assist with its removal ... if you insist, we can help you remove the infection from your computer. However we strongly advise you against this course of action. Although we may remove all signs of infection that we can find, and restore your computer to an apparently usable condition, your computer will not be secure until you have Repaved it.


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 20th, 2012, 11:44 am

What do I need to do to secure my computer once the RAI is removed ?

  1. If you have repaved your computer ... then there are certain things that should be done before you connect to the Internet, and others that you should do as soon as you are connected. Your computer has been reverted to an earlier state, and your defenses will not be as they were before repaving.

    Before you connect ....

    • Uninstall any obsolete trial Anti-Virus programs that may be present after an OEM repave ... (out of date AV programs offer no protection, and will interfere with any up to date AV program that you will need to install)
    • Install an up to date Anti-Virus program.
    • Install an up to date Anti-Malware program.
    • Install a suitable 3rd party Firewall, or ensure that the Firewall that comes with Windows is switched on.

    There are links to free AV, AM and FWs .... HERE .... which can be downloaded on a clean computer and transferred to your newly repaved machine using a USB drive ... (install only one AV, AM and FW, multiple programs will conflict and offer less not more protection)

    As soon as you are connected ....

    • Install any Service Packs that are applicable to your computer.
    • Update your computer to the latest Security updates from Windows.
    • Update any other programs you might have installed.
    • Read the information in ... COMPUTER SECURITY - a short guide to staying safer online ... and install any additional security you think is appropriate.

  2. If we have assisted you to clean your computer ...



User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 21st, 2012, 4:23 am

You can Repave your computer

Repaving your computer is the best decision to make if your computer has been infected with a Remote Access Infection.

It is impossible to know all the modifications your attacker may have made to your computer while he has had access to it, so although it is possible to "clean" a computer of all the signs and symptoms of such an infection, no responsible helper would ever be able to tell you your computer was secure afterwards.

By reformatting your hard drive you will remove all content from the disk, and therefore all modifications your attacker may have made. It's then just a matter of re-installing Windows and any programs that were on your computer prior to the reformat. This will leave you with a secure machine.

Advantages of Repaving ....

  • It's fast (usually only takes a few hours)
  • It's relatively simple to do.
  • It leaves you with a clean, secure, computer.

Disadvantages of Repaving ....

  • You lose everything on your hard drive, so unless you have backups of your data from before you were infected, it's lost forever.

So how do I Repave my computer ....

The method you use will depend on what version of Windows you're using, and whether your computer came with Windows pre-installed, or you installed it yourself, using a Genuine Windows Installation Disk.



User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 21st, 2012, 5:04 am

We can assist with its removal

There may be reasons why Repaving is not the ideal choice for you, in which case "cleaning" your computer may be your preferred option. We are prepared to help you do this, but you must understand this will not leave you with a secure machine.

It is impossible for us to know all the modifications that your attacker may have made to your computer whilst he had access to it, so although we can probably restore functionality to your machine, we can never give you an assurance that it is secure.

This means that until you Repave your computer, you should never use it to perform any of the following activities ....

  • Online Banking.
  • Finances or credit of any kind.
  • Filling out your tax forms online or offline.
  • Filling out Social Security or Personal Insurance forms online or offline.
  • Making online purchases or payments of any type.
  • Anything involving the use of confidential data.

Remember, never is a very long time, and some months down the line, it's easy to forget that your computer is untrustworthy, when it appears to be functioning just as it did before you were infected, if you do not Repave, then even a single online purchase made in a moment of "weakness" could lead to any of the things we warned you about in ... what is a Remote Access Infection (RAI) ?

Advantages of "cleaning" your computer ....

  • You will not lose your data.
  • The "clean up" procedure can sometimes be quicker and simpler than a Repave.

If your data is essential to you, and you do not have it backed up, and cannot afford to lose it, then this may be an overriding reason for you to ask us to clean your computer. However we do feel obligated to say that if your data was so crucial to you, then why didn't you have the foresight to have a robust backup system in place.

Disadvantages of "cleaning" your computer ....

  • You are not left with a secure computer.
  • The "clean up" procedure can often be slower and more complex than a Repave.
  • There is no guarantee we can "clean" your computer, and you may end up having to Repave after all.

Some variants of these Remote Access Infections are very destructive, and the damage is not always repairable. Also your attacker may have made modifications to your computer that would render your system unstable and impossible to repair.

If after reading this post, you still feel that "cleaning" your computer is your preferred option, then please let your helper know, and he/she will help you as well as they are able to.


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 21st, 2012, 8:26 am

My computer came with Windows Pre-Installed

If your computer came with Windows Pre-Installed, it's most probably because you have an OEM (Original Equipment Manufacturer) computer. These are mass produced computers made by one of the major computer manufacturers like Toshiba, Sony, Dell, Hewlett-Packard, etc. etc.

Generally speaking these computers come with a Recovery Partition and/or a set of Recovery Disks, which allow you to perform a number of recovery options, including a Restore to Factory Default. It is this option that you need to use to Repave your computer.

Recovery Disks are the better option, since it is conceivable (but not too likely), that your attacker may have corrupted or modified any Recovery Partition. Machines with Recovery Partitions usually include the provision to create a set of Recovery Disks, and you would have been well advised to have done so, but most people have not usually taken the trouble to create a set, so you will either have to accept the small risk that your Recovery Partition may have been modified, or purchase a set of Recovery Disks from the manufacturer of your computer. They're usually available at a reasonable cost.

A Restore to Factory Default will usually do the following ....

  • Reformat your hard drive.
  • Re-install Windows (as it came from the factory).
  • Install any additional programs that might have been included with the original factory installation.

Needless to say, the different manufacturers access these recovery options in different ways, and use different terminology, so to aid you, we've included links to as many of the major manufacturers as we were able to find. If you can't find the information you need, please let us know, and we will try our best to provide it for you.

In many cases, recovery disks for Windows XP Pro are no longer available, due to legal agreements between the OEM and Microsoft.

Manufacturers Links ....

Researched and supplied by ... askey127

Acer

Asus

Dell

E-Machines

EI Systems
  • General Laptop Recovery ...
    • Press the F10 key when you first turn on your computer.
    • Tap F10 repeatedly until you see Starting System Recovery
    • From there you can choose to do a Format or a Non-destructive recovery.

Fujitsu

Gateway

Hewlett Packard and Compaq

Lenovo and IBM

NEC
  • General Laptop Recovery ... http://www.nec-computers.com/support/ ... (scripts need to be enabled on your browser)
    • Use the Search button and your Model Number for available items ... (the Select Your NEC Product button only gives technical specs).
    • User manuals are in .zip format ... extract the files and open Main.htm
    • Search for RECOVERY ... Example (for model M5210) ... Once the NEC logo appears, press the F11 key.

Packard Bell
  • Support for all machines ... http://www.packardbell.com/support/ ... (select your country by clicking on its flag)
  • Download page ... http://www.packardbell.co.uk/pb/en/GB/content/download ... (this one is for the UK there are others)
  • General Recovery Instructions ...
    • From Recovery Partition ...
      • At boot up press Alt+F10
      • Packard Bell Recovery Management will open.
      • Click on Restore system to factory default
      • Follow on screen prompts till recovery is complete
    • From Recovery Disks ...
      • Turn on computer and insert 1st Recovery Disk.
      • Restart the computer.
      • At Boot up press F12 to open boot menu
      • Select to boot from CDROM/DVD press Enter
      • When prompted Insert 2nd Recovery Disk
      • Follow on screen prompts till recovery is complete

Panasonic

Samsung

Sony

Toshiba


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 22nd, 2012, 6:20 am

I installed Windows myself using a Genuine Windows Installation Disk

If your computer did not come with Windows pre-installed, and you had to install Windows yourself using a Genuine Windows Installation Disk or Disks, then the procedure for recovering your machine is a little more involved and time consuming than recovering an OEM computer.

Below are links to tutorials for performing a clean install for the various Windows versions ....

If you are in any doubt about your ability to perform a Repave using the information supplied in these tutorials, most repair stores will usually perform this service for you at a reasonable cost.



Unfortunately this forum does not have the resources for a helper to personally walk you through a Repave, the helpers here specialise in Malware removal, not resolving installation problems, so should you run into difficulties we may not be able to help you with them, and may have to direct you to a forum that specialises in such matters.


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Remote Access Infections ... (why you should repave)

Unread postby Gary R » August 27th, 2012, 4:46 am

Additional Reading

Below are links to a few additional articles that you may find informative.

The first two are by Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I, former Security Program Manager for Microsoft, and author, a man with considerable experience in dealing with computer security at all levels ...

http://technet.microsoft.com/library/cc512587.aspx
http://technet.microsoft.com/library/cc512595.aspx

The next is a little old and dated, since most infections are now created by organised crime gangs rather than by malicious individuals, but we feel it illustrates the kind of motivations someone might have for infecting your machine, and wanting to retain remote "ownership" of it ...

http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html

The next set of articles describe what a remote access infection (trojan) is, and how freely available and capable they are ...

http://en.wikipedia.org/wiki/Remote_administration_software
http://securitywatch.pcmag.com/none/299196-remote-access-trojan-for-sale-cheap
http://blog.malwarebytes.org/intelligen ... darkcomet/
http://blog.malwarebytes.org/intelligen ... hades-net/

This last set of articles describe what a botnet is, and the kind of things that are done with them. The final article describes just how difficult it is to take a botnet down, and how it involves international cooperation at quite a high level to be effective ...

http://en.wikipedia.org/wiki/Botnet
http://www.shadowserver.org/wiki/pmwiki.php/Information/Botnets#toc
http://antivirus.about.com/od/virusdescriptions/a/botnet.htm
http://www.bbc.co.uk/news/technology-16001304
http://www.bbc.co.uk/news/technology-18898971


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Remote Access Infections ... (why you should repave)

Unread postby Gary R » October 9th, 2013, 4:16 am

Can I re-install my personal files once I've reformatted ?

So you've re-formatted your hard drive, re-installed Windows, and installed the programs necessary to secure it.

If you have backed up your personal files prior to repaving your machine, or are sensible enough to have kept regular backups that you can restore to, you may wish to know ... is it safe for me to re-install these files on my machine, or is it possible that some of them may contain an infection ?

To be honest, there is no 100% certain way to be sure, but we can talk about some of the risks here, so you can make an informed choice as to whether you want to do so or not.

Certain types of files pose more risk than others, and it is important that you understand the distinction between the different file types so you can understand which ones are likely to be risky to re-install, and which ones are less likely to pose a risk.

  • Executable Files ... Examples ... (.exe, .com, .dll) ... are files used to execute code, and are therefore the type of file that are most likely to carry infection. We do not recommend that you re-install backups of any executable files to your newly repaved machine.

  • Data Files ... Examples ... (.txt, .jpg, .mpg) ... are files like text, picture, video and audio files, which contain nothing but data. Since these files do not contain executable code, they are unlikely to re-infect your computer if you re-install them. There have been some "proof of concept" experiments with jpg files, to get them to execute code, but we have not seen any "real life" examples of these files, so the risk of re-introducing an infection from jpg files is probably extremely low.

  • Macro capable files ... Examples ... (.docm, .dotm, .xlm) ... are files that may contain macros, which are used to execute code within applications like Word, and Excel, and other such programs. Because of this they can conceivably be used to re-infect your computer, and therefore pose some risk, though since they can only be launched within the "host" program, they are not as high a risk as executable files.

CAUTION ! ... before re-installing files of any type, we strongly advise that you scan them first with an Anti-Virus and an Anti-Malware program.

Obviously there are an awful lot more file types than the ones we've covered here, and in a short article like this it's impossible for us to cover them all, so we've limited discussion to the types that experience has shown us that most people seem to have backed up.

With any other type, you'll need to research it yourself, and try to find out the all important question ... can it execute code ... if the answer is yes then it's a risk, if it's no then it's probably safe to re-install.

An index of a large number of file types can be accessed ... HERE


User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Malware Removal Library - Tips, Tricks, and Information



Who is online

Users browsing this forum: No registered users and 1 guest

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware