PHANTASM Posted August 14, 2010 Posted August 14, 2010 So, I (my wife actually) managed to infect our PC with a lovely trojan. It was called ciphck.dll (or something like that). I installed Norton SystemWorks because I noticed a slowdown on the computer and she said, yeah, she had clicked on a picture of a hairstyle she wanted (she is into makeup and jewelry and hairstyles etc) and a picture of the girl from the Exorcist popped up on the screen. She thought that was when we got hacked. I had a different antivirus on the computer but it failed to detect or stop anything. First I thought maybe it was just some normal program, and Norton was being paranoid (this happens a lot with Norton products). So I googled the file expecting to find that it was some obscure Windows service that was all fine and dandy. But a search of the file name on google showed no information - none - and google suggested other spellings as if I had typed it in incorrectly. I right clicked on the properties and it had been created on August 4th so I knew it was not from Windows. It was installed in WINDOWS/system32 where a lot of viruses get installed so they can pretend to be system files and be hidden from ordinary users. I tried to open it in Notepad but I could not access it. I tried to delete it but again access denied. I turned off all services in msconfig and rebooted it then tried to get rid of it but still access denied. So somebody had gone to a lot of trouble to keep it safe, which pretty much convinced me it was a virus. I then rebooted in Linux, found the file in the Windows directory, and deleted it easily. I rebooted back into Windows and rescanned with Norton and the file is gone, it did not recreate itself. Then I realized that I have my tax info on this computer. With our names, addresses, and SS #s. Now I am wondering if I should put a block on my credit and my wife's credit and our kids Social Security numbers. I probably should, just in case somebody found that file and has Turbo Tax and knows how to open it. Sometimes the internet really sucks. Quote
SickOne Posted August 14, 2010 Posted August 14, 2010 Ouch , Yeah you prolly do better by taking all necessary steps to be on the safe side . Includes a new setup of the comp of course . Quote
+Zippo+ Posted August 14, 2010 Posted August 14, 2010 Yes you should do that man for the time being! Better safe then sorry especially when your kids are involved! So sorry too hear that too about ur kids. If i recall correctly, a whole system reformated will wipe out the virus out, Or even a new one will definetly do the trick. Quote
Administrators daredevil Posted August 14, 2010 Administrators Posted August 14, 2010 Give me exact virus name. If it's trojan no need to stop all credit cards and such. If it's spyware stealing for your info then yes. Quote
PHANTASM Posted August 14, 2010 Author Posted August 14, 2010 Give me exact virus name. If it's trojan no need to stop all credit cards and such. If it's spyware stealing for your info then yes. Exact name was: ciphkrnl.dll Norton described it as a "Trojan.gen" It would be nice if I did not have to get new Social Security numbers and pay for ID theft protection, or put a block on our credit (maybe that would be a good thing lol). Quote
Administrators daredevil Posted August 14, 2010 Administrators Posted August 14, 2010 http://lmgtfy.com/?q=ciphkrnl.dll I don't see much info for that either. http://www.symantec.com/security_response/writeup.jsp?docid=2010-022501-5526-99&tabid=2 http://service1.symantec.com/support/nav.nsf/docid/1999041209131106 Try this and see u can find more files: http://www.malwarebytes.org/ I don't see need for blocking credit cards, etc. (If something goes bad don't blame me ) Also, it is always safe to .rar your files with password protection. So, even though if u pc gets hacked they will have a hell of a time to break the pass. Quote
*Kiba* Posted August 14, 2010 Posted August 14, 2010 http://www.prevx.com/filenames/X721963360371878582-X1/HBKRNL.DLL.html that should help you out the cip part is just a add in to make it look safe and if i was you i would do something about it i don't no want they where looking for but most keep a eye on your cards for 3 weeks don't us them of course if there not used in the next 3 weeks i would say there nothing to worrier about but as for the kids numbers i would say something about it but not sure who would be the right prose to talk to about that type of self very good with pcs i know my files and my virus Quote
PHANTASM Posted August 14, 2010 Author Posted August 14, 2010 It's already gone, I rebooted into Linux and found it and deleted it easily. Now I just wish I knew if someone went on a search of my computer, or if the trojan just got installed and did nothing else but slow it down. If it had been a legit program it would have had some google footprint, so I think it was just some random gibberish name to hide itself. I should have looked at the last "Date Accessed" on my TurboTax folder properties, but I already looked in there myself tonight. So it would have my own Date Accessed instead of any intruder. I looked in Computer Management/Event Viewer but I didn't see anything funny. Quote
*Kiba* Posted August 14, 2010 Posted August 14, 2010 ya most are like that just do want i said you should be okay even if they run up your card if you your safe have not used it in days then you have nothing to worrier about they can find out if you used the card o by the why online or offline they can find out where the card was last used at and where zip code is everything and ip or most like if the hacker is any good the isp would tell you ever thing you need to know and where to look for the prose sorry if my english is bad i am trying Quote
FinZeroX Posted August 15, 2010 Posted August 15, 2010 When it comes to trojans & other malware, I'd recommend having Malwarebytes on your computer. When you suspect an infection, unplug your connection cable and run Mbam. You can get the installer from here. Malwarebytes has the best rate of malware detection. And if interested, the PRO-version has malicious IP block that prevents those bastards from accesing your PC and data. Quote
AntiThought Posted August 15, 2010 Posted August 15, 2010 Sorry to hear Phantasm. Unfortunately you can only get a new SS# if someone is provably using your information illegally (simple posession of your # is not enough) according to the SSA http://www.ssa.gov/pubs/10064.html . You can put a 90 fraud alert on your credit reports but with a police report and evidence of theft you can extend that 90 days up to 7 years http://www.privacyrights.org/fs/fs10a-SSNFAQ.htm#6 . Unfortuneately theives often wait for a year or more before using a number to ensure they catch someone offguard and do maximum damage before detected. However in actuality there is only a small chance that they acquired your info. I would not worry anout it too much. Quote
*Kiba* Posted August 15, 2010 Posted August 15, 2010 ya what anti said it not that big of a deal even if they do something illegally with your info you can prove that it was not you lol you forget the world today is start to run ever thing with pcs and networks Quote
AntiThought Posted August 15, 2010 Posted August 15, 2010 I don't know if I would go that far Venom but the risk is still small. BTW Venom I just realized we live about 60 miles apart. Quote
General Posted August 17, 2010 Posted August 17, 2010 Idk what version of Norton u have, but my Norton sucked too. Then my dad got an upgrade of it or some crap and its not a very good system protector. Btw, CCleaner is a good program that deletes uses files/things Quote
FinZeroX Posted August 17, 2010 Posted August 17, 2010 I'd recommend a set of: Avast! Antivirus or Avira antivirus(Against viruses) Malwarebytes PRO (Against malware) SpywareBlaster (Browser security) CCleaner(Temp files etc.) Also if you need a very lite antivirus&antimalware, try Panda Cloud Antivirus Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.