This goes out to guys from the underground hacking arena. I need some serious help.
My friend's laptop has been reinstalled 100 times, but this keeps happening.
Each and every moment he uses his laptop, data gets sent to "somewhere"
All anti-viruses has been tried, but nothing was found. Even rootkit detectors has been tried.
Like, for example, he turns his computer on.
Infected Computer: Every possible software which might use the internet connection is shutted down. So, in theory, there should be almost no inbound and outbound connections.
Test Computer:The same setup(same programs installed, same win 7 cd, etc). All programs is shut down completely.
Infected Computer: When the mouse is moved, a few hundred bytes gets sent to somewhere
Test Computer: When the mouse in moved, no changes in data transmission.
Infected computer: Logs into My Computer and system properties. Data gets transmitted to "somewhere"
Test Computer: Logs into My Computer and system properties. No data transmission.
It looks like the movements in the computer is being monitored remotely from somewhere. I've tried all kinds of IP tracing tools(to find the IP of the server that the data gets transmitted to) on the infected computer, and nothing was found.
It looks like the infected computer has something in it which just sends the data to "somewhere".
THe internet connection that he uses has download rates 5X of the upload rates. When he downloads large files from the internet, the download rates would be much higher than the upload rate.
Leaving the computer idle for a few hours, the upload rate would suddenly equal the download rate.
Does anyone here know what's going on?
Any idea to try to remove/trace this shit(reinstalling and reformatting the drive never worked).
My friend's laptop has been reinstalled 100 times, but this keeps happening.
Each and every moment he uses his laptop, data gets sent to "somewhere"
All anti-viruses has been tried, but nothing was found. Even rootkit detectors has been tried.
Like, for example, he turns his computer on.
Infected Computer: Every possible software which might use the internet connection is shutted down. So, in theory, there should be almost no inbound and outbound connections.
Test Computer:The same setup(same programs installed, same win 7 cd, etc). All programs is shut down completely.
Infected Computer: When the mouse is moved, a few hundred bytes gets sent to somewhere
Test Computer: When the mouse in moved, no changes in data transmission.
Infected computer: Logs into My Computer and system properties. Data gets transmitted to "somewhere"
Test Computer: Logs into My Computer and system properties. No data transmission.
It looks like the movements in the computer is being monitored remotely from somewhere. I've tried all kinds of IP tracing tools(to find the IP of the server that the data gets transmitted to) on the infected computer, and nothing was found.
It looks like the infected computer has something in it which just sends the data to "somewhere".
THe internet connection that he uses has download rates 5X of the upload rates. When he downloads large files from the internet, the download rates would be much higher than the upload rate.
Leaving the computer idle for a few hours, the upload rate would suddenly equal the download rate.
Does anyone here know what's going on?
Any idea to try to remove/trace this shit(reinstalling and reformatting the drive never worked).
Last edited: