[G_thompson]

A week ago I found that my system had been infected with the backdoor.sd virus transmitted through irc clients. The virus allows a hacker to manipulate the hackee's files and programs.

I started noticing the infection when the computer would hang for a good two minutes during the "saving system settings" process of shutting down. (also some system files were mysteriously being shared on kazaa despite repeated unsharing by me)

Anyway I cleaned my HD and re-installed w2k but the system still hangs on shutting down. Nothing else is happening to indicate that the virus is still in the computer and I made sure by installing norton internet security.

(a side note: whoever hacked me initially must have distributed my ip or something because I have been getting daily intrusion attempts from ip's all over north america)

So I guess my question would be: is it possible that a virus could cause damage permanent enough to withstand re-partitioning or could it be a more subtle virus that somehow slips by norton or could the problem be completely unrelated to the hack altogether?

 

[TheTechIsIn]

Its very unlikely that a virus could withstand a re-partition and formating,
hackers capable of creating viruses of this caliber do not infect random
machines.

As for your subtle virus question: Its possible that a virus can slip by a
virus scanner if your virus definitions are out of date or if the virus has not
been seen in the wild yet. However for the most part AV programs heuristic
scanning will catch this.

If your worried about it being a hack try running "netstat -a" from the command
line and see if any connections on any ports are established that shouldn't be.

(anything above port 30,000 is very suspect.) :bandit:

 

[G_thompson]

Thanks for the command tip that will be useful for sure.

If the virus is as complex as you say it is then I dont know why a hacker would go to the trouble for my computer, I dont have anything of value on it or even any personal information. I guess I must have really pissed somebody off in an irc channel.

There wasnt anything suspicous so that probably means there is just some small settings conflict. I read on another forum that there was a file that could be deleted if the system settings became corrupt that would reset everything but it didnt go into detail. If anybody knows anything more about it I would appreciate it.

 

[roosta21]

I got the same ****. I had to reformatte my hard drives. I would recommend downloading zonealarm. It is a free firewall that works pretty good.:brush: