Ancient Clan - Worm Doombot Thing...

Written by Saiel

04-09-2006

Saiel

October 21st, 2005, 11:13 PM

So I kept getting these emails from the address of our administration at DePauw, so after enough of them saying "Your password has been successfully changed", and them continuously being from authentic email addresses, I made the HUGE mistake of opening one. It installed this Doombot worm on my computer which slowed everything down to a crawl, kept me from getting into Task Manager (to shut things down, etc), and all this...plus, on my security manager it said I had like 8 different IP addresses coming into my computer.

So, the deal is, I think I got a hold of the main part of this thing because now all those IPs aren't showing up and I can get back into Task Manager and all that...it took like an hour and a half of work, though. Do any of you know anything about these, like, should I be worried that personal information got out somehow? Or is there anyway to be sure I got rid of it all, or to see what damage might have been done...? This is my parents' computer, so I'd be extremely upset if something awful happened to them because of me...I'm really worried here...any advice would be appreciated.

DeathscytheX

October 21st, 2005, 11:47 PM

http://www.k7computing.com/virusInfo/WormDoombotB.htm

so thats where you went X_X

Sledgstone

October 22nd, 2005, 11:13 AM

if that computer has passwords saved on it like thru IE's "remember this password" then those might have been taken. but i doubt it. if anything it was all an automated process. the worm got on the computer, installed a bot, the bot contacted another ip#/bot which probably displayed all the open ports/etc. with that info another bot probably launched itself at the computer (8 ips, probably 8 bots) and they probably installed some more shit on your computer or scanned for misc folders/files that include paypal or something else predefined (like pcanywhere or irc programs).

this happens to hundreds of computers at once, those bots can also link up on a huge list of bots on some punk's screen and he then performs DDOS attacks on servers or runs his spam campaign.

if you have zonealarm firewall installed, check the red bar for outgoing traffic. if it is spiking continously then you probably have a bot on your computer which is still sending spam or attacking someone's server.

i recommend downloading avast antivirus, let it update its database, unplug your computer from the internet, restart and scan, possibly in safe mode if it will let you.

gokuDX7

October 23rd, 2005, 05:40 AM

ya its a bot or a malware infection. Just boot to safemode after you update all your security stuff (like viruse scanner, spam killer, firewall) then just scan your computer in safe mode.

To get to safe mode reboot your pc then press F8 a over and over again till you get a list of options. Then just pick boot to safe mode.

I used to get mail like that with my ISP's ip and e-mail. Come to find out my ISP's mail server was infected with a trojan that sent out crap to everyone. Gotta love Adelphia ^_^; .

render

November 10th, 2005, 03:00 PM

be warned if anything weird happens to your computer and goes away they seem to have found what they wanted and ran like mad!!!!1

Eli

November 10th, 2005, 06:04 PM

Heh, I had this a few weeks ago. Can you say HD wipe? *shudders* Wasn't fun.

Written by Saiel
04-09-2006
Saiel October 21st, 2005, 11:13 PM So I kept getting these emails from the address of our administration at DePauw, so after enough of them saying "Your password has been successfully changed", and them continuously being from authentic email addresses, I made the HUGE mistake of opening one. It installed this Doombot worm on my computer which slowed everything down to a crawl, kept me from getting into Task Manager (to shut things down, etc), and all this...plus, on my security manager it said I had like 8 different IP addresses coming into my computer. So, the deal is, I think I got a hold of the main part of this thing because now all those IPs aren't showing up and I can get back into Task Manager and all that...it took like an hour and a half of work, though. Do any of you know anything about these, like, should I be worried that personal information got out somehow? Or is there anyway to be sure I got rid of it all, or to see what damage might have been done...? This is my parents' computer, so I'd be extremely upset if something awful happened to them because of me...I'm really worried here...any advice would be appreciated. DeathscytheX October 21st, 2005, 11:47 PM http://www.k7computing.com/virusInfo/WormDoombotB.htm so thats where you went X_X Sledgstone October 22nd, 2005, 11:13 AM if that computer has passwords saved on it like thru IE's "remember this password" then those might have been taken. but i doubt it. if anything it was all an automated process. the worm got on the computer, installed a bot, the bot contacted another ip#/bot which probably displayed all the open ports/etc. with that info another bot probably launched itself at the computer (8 ips, probably 8 bots) and they probably installed some more shit on your computer or scanned for misc folders/files that include paypal or something else predefined (like pcanywhere or irc programs). this happens to hundreds of computers at once, those bots can also link up on a huge list of bots on some punk's screen and he then performs DDOS attacks on servers or runs his spam campaign. if you have zonealarm firewall installed, check the red bar for outgoing traffic. if it is spiking continously then you probably have a bot on your computer which is still sending spam or attacking someone's server. i recommend downloading avast antivirus, let it update its database, unplug your computer from the internet, restart and scan, possibly in safe mode if it will let you. gokuDX7 October 23rd, 2005, 05:40 AM ya its a bot or a malware infection. Just boot to safemode after you update all your security stuff (like viruse scanner, spam killer, firewall) then just scan your computer in safe mode. To get to safe mode reboot your pc then press F8 a over and over again till you get a list of options. Then just pick boot to safe mode. I used to get mail like that with my ISP's ip and e-mail. Come to find out my ISP's mail server was infected with a trojan that sent out crap to everyone. Gotta love Adelphia ^_^; . render November 10th, 2005, 03:00 PM be warned if anything weird happens to your computer and goes away they seem to have found what they wanted and ran like mad!!!!1 Eli November 10th, 2005, 06:04 PM Heh, I had this a few weeks ago. Can you say HD wipe? shudders Wasn't fun.