Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: This is a Security issue, but more!!!

19 May 2009   #121

 

Quote:
Nonetheless, as of this moment, more than anytime in the past 3.5 weeks since I found myself left with nothing else except bluetooth as a means of penetration (since I had exhausted my options to fix or block I would say 99% of every other possible means), I stand behind this postulation with firm conviction. Yes, it was a theory originally. But in the past month, after paying a bit more attention to my problem, reading about the Windows services I did not recognize, exploring certain corners of Windows I had not investigated before (like environment variables), and now, after spending an aggregate of approximately 8 hours reading MSDN, covering what I could in that time pertaining to .NET, Bluetooth, and the finer points of various MS Mobile platform implementations and their related APIs and the functionality among them, I stand firmer than ever of the concept. Bluetooth, at least as a initial means, is accessing my laptop from an AP, the signal originating from who knows where

Bluetooth has a fairly short range and for remote computer communication you do need Line-of-Sight for a fairly stable communication, especially if you where trying to hack someone.

Class 1 devices do not reach over 30 meters in real life because of the amount of interference and obstructions

Class 1
100 mW (20 dBm)
100 meters

Class 2
2.5 mW (4 dBm)
10 meters

Class 3
1 mW (0 dBm)
1 meter

Quote:
, and because I do not want it there restricting me as I have never been restricted before in windows (I never really investigated RPCsvc before Dmex, but in an earlier post, I asked which services of the ones I was prohibited from altering were already hardened in Windows, like grpsvc is), I take steps to change the situation, and that results in more reactions by my opponent, and then, of course still further actions, by me. There is a client-server relationship. There is synchronization taking place,
I think that's where some problems have started, Microsoft changed the majority of system configuration like Services and when you've attempted changing these settings its resulted in other complications that you've then attributed to being caused by malicious software. Services dont really need reconfiguring or modifying from their defaults considering they are now dynamically loaded and secure in their default state. Security Watch: Services Hardening in Windows Vista

Security and safety features new to Windows Vista - Wikipedia, the free encyclopedia

Quote:
there are dialog boxes at random times popping up in IE8 (when I happen to be in there) stating "Unsigned ActiveX scripts are not that harmful. Would you like to enable them?"
I dont recommend anyone install/enable ActiveX and Scripting while using Internet Explorer, That decision is (doomed) yours to make but Firefox is much more capable when it comes to security, especially Scripting and ActiveX

Quote:
I have existed with Vista and no gadgets/sidebar for a year on a laptop after deciding I did not want Sidebar to startup with Windows. Never had a problem after that. Now, everytime I restart, there is that Sidebar again. Why? Why the Windows Sidebar? Is this only coincidental that it also happens to be a mobile platform that could potentially enable or assist through scripting, a larger and more significant breach of my laptop?
There might be a startup entry your missing somewhere that is causing the Sidebar to continue launching, You also cant exactly get infected via gadgets because the Sidebar.exe application runs under a low user privledge and prevents gadgets from accessing secure system areas.

Quote:
Why is Cyberlink Power2Go (nothing but audio related apps) installed on my system when I checked the web and determined that HP did not bundle that with the laptop. Is it just coincidental that audio drivers, or the Tablet service are both used with Bluetooth and Windows Mobile PC? Is it coincidence that Remote Differential Compression and RIP listener, again both potentially used with Mobile PC and Bluetooth, turned on as a Windows feature? Coincidence? How many coincidences before they start becoming possibilities?
Cyberlink Power2Go was probably bundled by the shop where you purchased the laptop and its not used for hacking.

Remote Differential Compression is enabled by default on all Vista and Windows 7 systems, It allows Windows to transfer files over your LAN using compression making the transfer faster.

RIP listener is not enabled by default but its default configuration is secure.

Quote:
The only thing I will say is that when you look at these screenshots, keep in mind that every application, or service or component in windows that you can spot in these pictures--aside from a very few items--either came with a native Vista installation (or with the HP programs bundled with the laptop) or someone else put them there. Someone other than MS, HP, or myself.

Thank you for your understanding.

Paul
The screenshot where you attempted running rstrui from a command prompt failed because you didnt use an Elevated Administrative Command prompt.

Im not sure why you would be getting that other message preventing you from uninstalling applications, Its possible one of the registry cleaners you used reset the configuration of the Local Securoty Policy, It can be revered by resetting that setting but I cant remember where you would find it in the registry

Steven

My System SpecsSystem Spec
.

19 May 2009   #122

Windows 7 Ultimate x64, Mint 9
 
 

Quote   Quote: Originally Posted by lokiundergod View Post
If you read through the thread carefully, you'll see that a new hd was already purchased to replace the original.
I couldn't get past the fourth page.... got sick of it. That and too much laughing.

~Lordbob
My System SpecsSystem Spec
19 May 2009   #123

Windows 7 64-bit
 
 

Quote   Quote: Originally Posted by Lordbob75 View Post
I couldn't get past the fourth page.... got sick of it. That and too much laughing.

~Lordbob
Fair enough
My System SpecsSystem Spec
.


19 May 2009   #124

Windows 7 Ultimate x64, Mint 9
 
 

Quote   Quote: Originally Posted by lokiundergod View Post
Fair enough


~Lordbob
My System SpecsSystem Spec
20 May 2009   #125

 

Just checking in....

Lokiundergod...thank you for your post—it is very helpful. You must have been writing that as I submitted my last post, because I did not see it before. In any event, I will print that post and try those things-- because I cannot control whatever kind of wireless connection I have...

Also, Loki, I had mentioned earlier in my thread (maybe two months ago), I took the Wireless NIC out of my laptop, reinstalled WIN 7 (I cannot remember if I reformatted my HD though), and when I finally logged into windows, I did notice a difference... but unfortunately it was mostly in speed of the spread of the infection. The processes in task manager which I think (and others may disagree) have something to do with the virus/worm/RNAV showed up more slowly. My system was not as slow. But by this point it had been about two months since I became infected, so I did have some familiarity with how it affected my system.

To Dmex, Jacee, Dark and everyone else, I got some sleep and I am not as sensitive today... So I still forging ahead losing money with every hour I spend on this. [But it seems when I do chip away at it, new and hopefully more revealing things take place.]

For most of the day (about 14 hours I think), I have been reading or engaging with my operating system in a adversarial way.... But earlier today I did some things which made me think that I had almost stopped it. It was really peaceful for awhile. Essentially, I went in to the Vista install I had and went to the default programs and uninstalled everything that I did not remember installing--namely (and in particular) the media/audio applications. This didn't go very smoothly, but everything seemed to uninstall. I then went to services, and --out of the ones I am able to change (all but 5 or so), I stopped and disabled (whether running at first or not), several services which I know have nothing to do with a stand alone computer (and early on I learned the hard way which of these services sound like they would pertain only to a networked configuration, but in actuality, are essential to windows in all situations). After this, I went to Devices, which seems like a nightmare, because I have so many and I do not know if the number of devices (when unhidden) is normal or not. But, here I disabled or uninstalled all that seemed like they would have something to do with RF, bluetooth, wireless, anything of that nature, and anything that seemed to involve networking (and these too were not just guesses, I knew to a large degree which ones were going to kill the system or disable my mouse or whatever... The 5 devices that were already disabled (4 called BASE DEVICE, and one UNKNOWN DEVICE), I just left alone, because if I uninstalled them, they would immediately reinstall (no need to wait for a reboot or a "scan for hardware changes" as I would normally expect ), and then they would actually be ENabled, so I always just keep them disabled..

When I finished all this, it felt like a storm had passed..... my system was lightening fast and there were no strange window movements or unnatural windows behaviors. Of course I realize that I disabled services, devices and uninstalled apps, so my system would have to be quicker anyway, but it was like the laptop was mine again. No more 'access denied's, or strange files appearing for a second then disappearing, or absurdly worded dialogue boxes asking me if I "would like to just leave my money on the keyboard and leave the room". [OK that was a joke, but I have seen some dialogue boxes asking me if I would enable or disable something, or informing me of errors, and they seemed so... I do not know how to say it. I am usually not at a loss for words, but they were just out of place and something windows would not ask. and if it did, windows would not ask/inform me in the way these dialogue boxes did.]

But in order to have this state, I disabled all networking, so I had no web access--so this was not a cure by any means. Further, I was a little hesitant to shut windows down, as I didn't know if it would restart (whether due to my changing some setting, or the infection not responding well and wanting a new install). I finally shut down, restarted, and windows came back up. It was a mess when the desktop appeared.

Before I continue, I wanted to mention that in the course of more reading yesterday, I found some material on rootkits. I had read about rootkits many times before but I guess I had forgotten the typical causes, effects, and purposes behind them by those who spread them...because I would have to say out of every word I have used to describe this thing... the definition I see for Rootkit is by far the most accurate if I had to describe my situation. I know a rootkit is basically a trojan with a less violent or more methodical agenda, but usually that is because their use involves people participating in the ongoing intrusion that the rootkits allow.

OK, when I logged on and got to the desktop, it was not like before... like a kid, I felt like the monster was back. First, the screen went to about 50% brightness (after I got to the desktop), and my aero effects then disappeared about 10 seconds later (I got a polite dialog box about that however...polite, but offering no reason as to why my graphics capabilities were being reduced). I went to Devices to see if anything changed, and it was also crazy. Some of the devices I had uninstalled had come back, and maybe 6 or 7 new devices appeared -- these new devices all had the same name as devices I had earlier just disabled. It was very unsettling because it was so many at one time.

I had seen this "new device" phenomena happen over maybe a 2 week period with the ISATAP adapter (which is in XP, Vista, and Win 7 I think)--I had disabled it initially, and then I guess I saw it up and running again a few days later so I disabled it not really paying attention. One day I go Devices for some unrelated purpose, and I see ISATAP #4, running, with #2 and #3 below it and one without a number (the original ISATAP I imagine), all ones I had disabled but had not caught that they were new. How does software know it is disabled but having the desire to live to be so great within them, they create another version of themselves actively functioning, and no different than the original except that it adds a number??

I am micromorphasizing a bit there, but my real question is if someone is intruding, why can't they just enable the old one? I have not spent a lot of time using VPN, SSH, or using any remote desktop, so I do not know how your rights are different. By the way, one thing I shut off before I did the restart was in Advanced Properties in the System Properties box (one way you get this is when you go to the left-click menu on "Computer", and click properties). There is a "Remote Access" selection in Advanced properties. Not only was it checked (meaning "ON"), but under the redundant "Advanced" button in the same box, it showed that my PC could give out invitations to be remotely accessed—and below that it specified that the invitations could be active for no longer than 6 hours at a time. I am sure that most of you know this already, but Remote Access is different than Remote Assistance, and from how I understand it, this is a little scarier. When I went to this Remote Access box after restart, the Remote Access box was checked, and the whole box was grayed out, I could not even access the additional "Advanced" button which had originally stated my laptop could invite access for no longer than 6 hours. Now dmex, I know you have not seen this spectacle I am describing with your own eyes, but presuming I am not lying, can you explain this away with something other than a "software bug"? I mean even if Microsoft fought hard in court and won the right to mandate that you, the Windows user, must advertise invitations to others across the globe to access your pc, except however, there will be a stipulation that it only be for 6 hours and no longer, for any instance--but I do not think Windows the OS, which is not connected to the internet to the user's knowledge, would then detect that you disabled it, and in response, be programmatically forced to punitively act by graying out the whole box because you did so....

It went on for a long time after that. Me trying to get to a state where I was before. But it never worked. I finally shut it down. Then, when I restarted it....it acted like it did yesterday. I would get to a black screen after the BIOS screen, and sat there hung. I couldn't use function keys to try to enter safe mode unless I went into BIOS each time I restarted and reloaded default settings. And when I would be in BIOS, no settings had actually changed....although the boot order had the CD/DVD ahead of the HD, my CD would not boot (until I loaded default settings).

I finally went to Linux, and read for awhile... but even in there it was pissed off. Not until I stopped fighting and did 5 restarts (I was using my same Mint Linux LIVE CD) did it stopped changing my environment in an adverse way . On my first start-up, the screen brightened up to normal, which was a huge relief. But when I got into Linux, my keyboard--for the first time ever (after using this distro on the same CD maybe 200 times before) was not functioning. I had to restart. Upon the next restart, I went to a terminal, saw that the keyboard worked, and typed "ps Ae" which provides ample information to me that I am not alone (I discovered this command combo yesterday). I tried to copy the text from the terminal, paste it into a text document and save it to my flash drive (because for the past 2-3 weeks or so, no Linux distro that I own gives me access to my hard drive), but once again we have another first...and its on the 5th restart (and the 3rd and 4th restarts were 60-second cold restarts): angry, but not at all surprised since I am so used to this presence, I sat and watched Linux tell me it could not (or would not) save the text document I just created! Each time I tried to save it, I would get a white dialogue box with a lined out red circle saying "No Support For This Function On the Back End" whatever the f*ck that means. Germ, code, teenager, or Turing's ghost, whatever it is, it needs to do a little anger management.

One last thing. To demx or anyone, I have a few questions regarding my windows setup. I do not want to jump to any conclusions (putting the effort in), but while I know Vista Home Premium (the version I am currently running) does not have the ability to join a domain, does MS still keep the files one would use to be part of a domain on the installation disk and the PC? Because I managed to find one switch for attrib that I had not used, and I was able to unhide directories not just the files. So last night, I could see every hidden file and folder on my pc (at least I think so). When I looked through my directories, it looked like Vista Enterprise or something similar... I am attaching a C:\tree. If someone could just scan it and let me know if they see anything unusual. I have not had experience as a Vista server admin, so I wouldn't know if the files belong there or not...

Also I am attaching screenshots from Windows that cover most of the things I bring up in this post. Also, for those who know Linux, I have a few pages of "ps Ae", which oddly, show two words I have mixed feelings about at this point: SSH and Bluetooth. I am fairly inflexible on my position after what I have seen in Windows and Linux and the past four months, that there is, in fact, somone accesing my pc. Whether bluetooth is involved or not though I will back off a square from my stance of yesterday.


Attached Thumbnails
This is a Security issue, but more!!!-cant-access-advanced-settings.png   This is a Security issue, but more!!!-more-modem-devices.png   This is a Security issue, but more!!!-newdevice.png   This is a Security issue, but more!!!-pnpcannotuninstall.png   This is a Security issue, but more!!!-required-actions.png  

This is a Security issue, but more!!!-launch.jpg   This is a Security issue, but more!!!-ownerasalways.jpg   This is a Security issue, but more!!!-prog.jpg   This is a Security issue, but more!!!-remote.jpg   This is a Security issue, but more!!!-vpn.jpg  

My System SpecsSystem Spec
20 May 2009   #126

 

I just a long post from Linux, and though I can go about the web as I please, I could not upload it or any screenshots.

I understand everyone's responses. To those who feel I have not followed their instructions, it is either because yes, I did miss their post, I have on laptop, it has a problem which at the very minimum (at least when all I had was wireless) prevented or made difficult access to the web from either Windows or Linux.

Somebody just look at this attachment--need linux knowledge.


Attached Files
File Type: txt proc.txt (43.5 KB, 49 views)
My System SpecsSystem Spec
20 May 2009   #127

 

This has gone far enough.

You are paying no attention to advice given, so I'm going to save anybody else wasting their time.

Thread closed.
My System SpecsSystem Spec
Closed Thread

 This is a Security issue, but more!!!




Thread Tools



Similar help and support threads for2: This is a Security issue, but more!!!
Thread Forum
HELP File Security Issue!!!!!!!! General Discussion
Security Issue System Security
Solved System Security issue System Security
Ad-Hoc Security Issue System Security
Security Setting issue System Security
Please help me! Security issue Network & Sharing
Urgent!!! security issue System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:21 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33