REMOVE HWCLOCK.EXE |
||||||
|
||||||
Hwclock is a unix and linux command and it stands for Hardware Clock.
Hwclock should not be confused with hwclock.exe which is a trojan that
attacks Windows 32 systems. Malware is often named something that sounds legitimate (such as sysclock64.exe)
so that it is harder to detect. The registered name for hwclock.exe is
W32.Hwbot-A Trojan. It is
a
trojan
that allows an attacker to access your system and possibly steal passwords
and personal data. Tell tale signs of any malware on a system is sluggish resources. This
means your computer seems slower, your network connection doesn't seem
as fast and of course system instability. There are tools that you can use to see if your system has the HWCLOCK.EXE
Trojan. TASK MANAGER: Use Ctrl + ALT + Delete and select "Task Manager" or Ctrl
+ Shift + Esc on an XP machine From the Task Manager go to the "Processes" tab. Locate the
hwclock.exe. Normally you would be able to select the offending process
and click the "End Process" button to stop it, but hwclock.exe
is viewed as system file so you won't be able to kill it that way. NETSTAT Go to Start | Run | type "cmd" This will bring up a DOS Command prompt. Type "netstat" You will see a list of your network activity HWCLOCK.EXE will try and attack other systems from your
computer. So you will see a constant stream of traffic going from your
system to other systems using your ISP. This can get you in
some trouble. If your ISP detects this they can shut you down until
the trojan is removed. Netstat is good at showing the flow of traffic on the network but fport
will actually give what applications and which ports are being used. fport fport is
a creation of foundstone. For
information on how to download it go to the tools to Intrusion detection
page. Once fport is downloaded, go to the command prompt and type "fport" Look for hwclock.exe. If you have the W32.Hwbot-A Trojan
you won't have any trouble finding it with fport because it will be the
one probing your ISPs users one by one to find one it can exploit. To get rid of HWCLOCK.EXE you'll have to go into Safe Mode. Getting into
Safe Mode on any flavor of window is simple. You just reboot and hit the "F8" key
like a mad man until you are prompted to select different mode in which
to boot. Select "Safe Mode." For more on Safe Mode, PCHELL has
a great tutorial on getting into Safe Mode. You will want to Show All files and System files: With this step make sure you uncheck "Hide Operating System files" if
you are on an 2k/XP system Windows 95 • Click OK. Your next step is to locate and delete the HWCLOCK.EXE file while
in Safe Mode. It should be in your System32 folder. Do a search for HWCLOCK.EXE by
going to Start | Search | type in Hwclock.exe. If you can not find the
offending trojan but you know it is running, make SURE you are "Showing
all files." Once you find it, delete it. Trojans and other malware get on your system variety of ways. The biggest problem is that people are ignorant as to how bad the problem
is. There are currently so many "bots" constantly polling the Internet
for systems
with no security that you can literally be compromised within SECONDS
of plugging
into the Internet with no protection. I got the Hwclock.exe while I
was testing out my new DSL connection. It only took a few minutes. I imagine
it found me the same way it was trying to find other exposed systems
on my ISP once it infiltrated my system. If you want to protect yourself do the following: Get yourself some broadband Internet Security Either Secure your Internet Explorer browser or use FireFox and secure
that one (either way secure your browser) with pop-ups stoppers and delete
cookies and temp files periodically. Use some sort of Anti-Virus software Use Intrusion detection tools every now and then to see if you've been
compromised.
|
||||||
