Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System Security issue

24 Feb 2012   #21
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

I would think if you uninstalled all the software it would nullify the key for that machine allowing a reinstall without buying one again. that has been my experience with Corel and Photoshop, and they are very picky.


My System SpecsSystem Spec
.
24 Feb 2012   #22
Petey7

Windows 7 Professional SP1 64-bit
 
 

gigagiggles, thanks for the info on HijackThis. It is not a program I am the most familiar with.

Meezy, thats pretty bad actually. I can't tell you what to do and what not to do, but I would not continue trust a system that was so badly infected. Let's just hope that it is finally clean. I would recommend that you start making images of your harddisk so that when problems like this occur, you can restore your computer to exactly how it was before, with no chance of malware persisting.
My System SpecsSystem Spec
24 Feb 2012   #23
meezy

Windows 7 Home Premium 64bit
 
 

had back ups they were infected... too... and a good friend of mine tracked down the attacker that force fed me the packets... dude didn't even mask his real ip when he attacked me... though he tunneled the packets as microsoft updates... which is pretty clever considering my KIS didn't pick ip on it at first... cuz he actually sent me legit MS updates that had the infections binded inside them... and since he attacked me my friend kinda took it personal and re-directed all the infectious packets coming from this attacker back to him.... and i report the abuse to his isp... but im still feel like i cant trust this pc so i will reinstall sadly cant re obtain autocad they want to charge me for the license again... well i don;t know if its the license they wanna charge for i didn't let the lady finish she "said well sir we would have to charge a fee of...." and i said "wait wait your going to charge me for something i have already bought? well doesn't that defeat the purpose, how would you expect someone to pay for something that is already paid for... couldn't i just use the key in my email..." she said "our records show that the key that was initially assigned to you is used on over 10pc's which is more than the actual allowed amount of 3pc's so no you cannot use the original key." so i think all my product keys are compromised.... which is going to suck....

right now i am trying to avoid the reinstall
so i am rescanning and creating a KIS rescue disc.... to scan at boot up... maybe the infections are melted and set with persistence... see since im narrowing down what it is... i can deal with it...

Quote   Quote: Originally Posted by Britton30 View Post
I would think if you uninstalled all the software it would nullify the key for that machine allowing a reinstall without buying one again. that has been my experience with Corel and Photoshop, and they are very picky.
well this only works for the software that isn't hardware id signed... meaning isn't bound to specifics of your hardware... which i am not worried for these softwares cuz i can use these keys as many times needed.... but like autocad it is completely hardware identifier dependent... when i first registered and installed and went to payment it generated a hardware id for the specific installation it did it for each pc that it was installed.... the key is the same but the hardware id is not... e.g would be say you installed and payed you would receive the initial product id which is like 111-12121212 000D0 then after installation you ask for a request of activation this is generated dependent of your specific hardware which is similar to a windows product key like XXXXX-XXXXX-XXXXX-XXXXX then that is used for the company to generate your license for the product which is a alphanumeric code comprised of 5 digits times 16 fields to be filled.... its like this for a number of the programs that i use... its supposed to cut down on phishing and piracy of keys... but as long as someone gets the initial product id then they can use it to generate a new one off my account with that program.... so it costs me a hell of a lot of pain and trouble trying to fix all this... if this helps to explain my reluctance of reinstalling....
My System SpecsSystem Spec
.

24 Feb 2012   #24
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Quote   Quote: Originally Posted by Britton30 View Post
I would think if you uninstalled all the software it would nullify the key for that machine allowing a reinstall without buying one again. that has been my experience with Corel and Photoshop, and they are very picky.
This? Try it.
My System SpecsSystem Spec
24 Feb 2012   #25
meezy

Windows 7 Home Premium 64bit
 
 

before i do anything i am waiting for my friend to get done analyzing the Copy of my hdd that he made yesterday... he is a MIT pro... so hopefully he can find a resolution for this... he has already explained to me that i am not the cause of the infection that nothing i downloaded infected me... i was infected by the source of the infection... he said that it originated from the network attack i received prior to this... that the rat was just a distraction... it wasn't ever accessed... while i have be trying to cleanse the files affected by the rats injections... He said once i am able to disinfect the files affected by the rat it will slow what ever the true threat is... he is really interested in this case cuz he says it resembles some of the things he is studying... which is polymorphic encryptions said it was a very very complicated type of encryption... he also said that i may want to have my isp change my ip... as it seems it has been hijacked... so right now i am using a friends internet connection... so apparently i have been hit with something that is well orchestrated ....

i have currently isolated 30 different instances of the rat... i tracked to 3 programs poison ivy, cybergate, and DARKCOMET... i performed a port scan on my network and found 60 opened ports...
these ports are: 3330,3303,2290,666,333,1212,8081,2121,4444,5555,6666,1111, ect. none of these ports have associated services nor programs.... so what i think the purpose of all this which goes back to WOW is the script kiddy got mad when i defeated him an took everything he had... so he had the ip hack that shows everyones ip instead of names force fed me packets.... infected me to steal everything i have in real life.... which make him a total douche, a blackhat, which i don't like blackhats... which he made one mistake he left a digital fingerprint on everything he force fed me...
i have already tracked him to the A city less than a mile from me... i am taking all this really seriously... i don't like when people screw with the integrity of my system... nor when it has to do with a meaningless quarrel in a virtual world.... over a game... so i am going to pay him a visit once i trace his address.... cuz i fear at this point there is no choice but to re-install... but this time i'm going to create an os deployment on my network and use a 2tb section on my network for backup drive... also i am going to look in to some better security software... and make the douche pay for it all... i have entirely to much money tied into my systems to have to pay for everything again... i have already froze my pay-pals and alerted my banks of my security breach they are analyzing my records to make sure nothing was taken from any of the accounts... and are also going to try to help me in the situation of not having to pay for any of the programs that i have already purchased with my accounts....

kaspersky is going to re-issue me a commercial key... microsoft is analyzing my product key to make sure it isn't being used by other systems.... all the other programs i can re-install with previous keys except autocad have to convince them to re issue a key... also i have to contact all my game companies to see if i can still used the same keys... i know i can with most but my alice madness returns may be an issue....along with a few others... this really sucks i hope that he didn't get all of my product keys... so far it seems he has only take the expensive ones... like autocad...
My System SpecsSystem Spec
26 Feb 2012   #26
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Belarc Advisor will show your programs and their keys. Print out the report so you always have it!
BELARC PRODUCTS
My System SpecsSystem Spec
27 Feb 2012   #27
meezy

Windows 7 Home Premium 64bit
 
 

so after a few days of searching my pc i finally was able to fix my issue... my friend and i found the true threat which was a uniquely reassembled sqlservr.exe and sqlwriter.exe and force fed to my pc spoofed as a microsoft update... the designer was able to replicate the exact files to a tee... all hashes matched digital sig matched also... everything matched except mem level executions my friend was able to analyze mem level access for all processes running on my system and in the two files listed found references to the rats that took countless hours to completely remove... after trial and error we finally disinfected my pc and remove the compromises, i had to complete remove sql and visual studio 2010... remove all updates that i had received after that the rats were able to successfully be removed... then i setup a block on the attackers ip ranges and re-installed windows update service as a precaution in case it had been compromised... after that was able to receive the real MS updates and my pc boots up in 10sec flat and shuts down in 15sec... all my programs respond at acceptable speeds and do not become unresponsive they are able to be closed with task manager and close instantly instead of hanging for 10-20min and needing to me flood with taskkill commands... thank you all for you help and recommended progs they came in handy and are still being used....
My System SpecsSystem Spec
27 Feb 2012   #28
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Good to hear meezy. Now get the rat, draw, quarter and report him.
My System SpecsSystem Spec
27 Feb 2012   #29
meezy

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Britton30 View Post
Good to hear meezy. Now get the rat, draw, quarter and report him.
Already Did lol... like i said before he didn't bother to mask his ip he went through a whole lot to infect me but didn't bother to hide himself and yes it is a male... i tracked him down to a city around a quarter mile from my location... he didn't use an agent to attack me... he did it from his pc... didn't use any proxies or anything to protect him from being discovered... i flooded his network and dos attacked him to keep him busy while i probed and probed til i found his exact address... took the authorities to his house directly... though i didn't press any charges... i figured i show a little compassion but he almost crapped his pants when i showed up with the police... i made him remove all servers that he had compromised on all systems in front of me... i sat there while he uninstalled what looked like at least 6months of hard work.... i had the police stay out side... i had a conversation with him for like an hour and he apologized and explained him self... and it was what i thought he did it over losing all of his stuff on WOW... i asked what he took from me... he said he couldn't find what he wanted... cuz he wasn't aiming for anything but my wow account... he was trying to steal it to take everything i had... i searched his whole pc to find anything with my Product keys found a whole slue of peoples keys on his system i deleted them to make sure he couldn't get everything back i deleted his backup drive... literally formatted it and deleted the partition ... i also removed all his hack tools.... scripts and anything else that he was using to compromise systems with... and i made him watch as i did this... he started crying and when i was done i said to him "this is the only way i will not press charges on you, it was this or have your pc confiscated and face even higher criminal charges... next time i won't be so compassionate. you damn near destroyed my network and nearly my pc... so i just destroyed everything you had stolen, see i could have just fried your system with the industrial strength magnet i have in my car, which was my intentions... but since you are just a kid i figured this would justify me.. maybe you should use your talents for good and not for destruction.."
My System SpecsSystem Spec
27 Feb 2012   #30
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Just curious as to how you made the 'police' stay outside?!
My System SpecsSystem Spec
Reply

 System Security issue




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Security issue: IE10 Security message when opening MSN
I normally use MSN as my home page when I browse with IE10 as my default browser. This morning when I checked my email I had a message that purported to be from Microsoft that stated thew following: Microsoft account Security alert We think that someone else might have accessed the...
Browsers & Mail
Control Panel\System and Security\System BIOS Version\Model?
Since I have a clean installation of Windows 7, it no longer shows me my Acer specs in Control Panel\System and Security\System, can I get it back some how? Something to do with my drivers not being signed? Or something?
General Discussion
Security Issue
Hi golden i have MWB as well and thought of myself as pretty secure however i let my parents get ahold of the comp and theres trojans and text files and crazy shiz neway i follow the path provided to where one of the virus's resided and low and behold i couldnt get to the dang cookies neway i...
System Security
Ad-Hoc Security Issue
Ok I hope you can help me out here. I'm convinced this is a security issue. From time to time my laptop drops wireless signal & when I try to re-connect to my router, I notice there's this available ad-hoc network to connect to called hp.nomodel etc... I of course have never connected to this...
System Security
Please help me! Security issue
Hi all.. sorry about the uppercase title but Im desperate.. I have a sony vaio windows 7, since Im 20 and my mom wanted to use my laptop at times I HAD to make her an independent account and manage my sharing and security settings, so I denied her account all permissions etc.. but now I cant...
Network & Sharing
This is a Security issue, but more!!!
OK..... I need some help!! My first born to be named after the individual who can exorcise the demons from my laptop. I am pretty Windows savvy, my weakest points are controlling arcane environmental settings in the registry, and perhaps a few other things..... But other than that, I am solid....
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:33.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App