Jump to content

AndriaD

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

1 Neutral

About AndriaD

  • Rank
    Newbie
  1. Thanks again... I did delete it last night, after searching my registry and finding only my own search for the pertinent filename. So then I rebooted and ran another full scan of the C drive where it had been hding in the System Volume Information directory, and it turned up nothing -- which would not have been the case if the thing had embedded itself in my registry to "resurrect" itself after a reboot -- had a real nasty one that did that, a couple years ago, but this one seems to have been dealt with effectively. The passwords weren't really a big deal, just the cPanel pw and a couple of sites; I had unfortunately used the same pw for one of those sites that I was using for cPanel, and I think that was the security hole through which the hacker was able to gain access to my cPanel -- but no longer! This also prompted me to set up more than just the default weekly "Flash scan"; I also setup weekly scans of my Documents and Settings folder, the main folder in which I work on my websites, and the entire Windows directory and subtree -- those areas seemed more vulnerable than the other 600,000+ files which took 16 and a half hours to scan. That nasty one from a couple years ago set up housekeeping in my Windows/system32 directory, and I almost could not get my computer back to a functional state, after that one exploded. But all seems safe now... (fingers crossed!!!) Thanks very much! Andria
  2. Alright; thank you very much for the reply and explanation. I have the free version of Immunet and it seems to have found things that nothing else found -- just like the ClamAV that came before it! When I click on the entry in the quarantine area, it gives me the path of the file; I'll use either Glary, AutoRuns, or HiJack This to try and find if it's hiding in the registry anywhere. I haven't seen any suspicious activity on this computer, but when my cPanel got hacked, a friend explained to me how difficult brute-forcing a long alphanumeric password could be, so it seemed possible that my computer was hacked to get that password. Now, I'd have to say that it seems unlikely, so I have to trust that changing all my cPanel and site admin passwords will keep them safe. Thx much, Andria
  3. Hi -- I'm new around here, as you'll probably be able to tell from the pure cluelessness of my question. But what does all this mean? Because I'm currently running a system-wide scan due to having some of my websites hacked last week, and a friend suggesting that perhaps my actual computer has been hacked somehow, hence my website login info being hacked -- specifically, my cPanel password. In the course of this system-wide scan, I have a little popup that says it has detected W32.SPERO.Cosmu.07.06.11, and quarantine was successful. But I don't have a clue what this means; I can't find any real info about this infection, whatever it is, and I need to know what further steps I may need to take to get rid of it -- quarantine sounds awfully temporary. I have no earthly idea about these "trees," or "engines," or "convictions," or any of the other jargon above, I just did a search here for this particular name (SPERO.Cosmu) and came to this forum. Can someone please enlighten me? Thx much, Andria
×
×
  • Create New...