 | |
| |
| 01 Mar 2009 | #1 |
| | This is a Security issue, but more!!! OK..... I need some help!! My first born to be named after the individual who can exorcise the demons from my laptop. I am pretty Windows savvy, my weakest points are controlling arcane environmental settings in the registry, and perhaps a few other things..... But other than that, I am solid. I never thought I would be posting to this board. However, due to the strangest security breach I have ever seen, coupled with my inability to rid my laptop of this breach (maybe a worm--although it is not autonomous, it is smart and is being controlled by some nefarious individual(s). I had no choice. Seek help, or throw out my laptop, or maybe I move to Hawaii (but that might not even help). Ok, here is the best I can do in the way of a summary: First my specs: Dell HP Pavillion 2212 Dual Core 1.6GHz 2GB Ram 120 GB HD 500GB USB Western Digital My Book Broadcom bcm43xx wireless adapter NVIDIA HOST Controller as LAN Adapter +++ this is new: a "loopback adapter" (<--- I know what one is, but it never showed up as an adapter choice prior to this problem. Operating System: Windows 7 B7000. About 6 weeks ago, I authenticated with a wireless network near my residence and used the internet for a bit. I did this again over the next few days, and then started noticing some very strange things ocuring. My task manager had a number of processes that I never recognized (even though I was using Windows 7 beta), and it seemed as if I had a lot of services that were server based. After trying to look further into what was happening, I started getting "access denied" messages all over the place. I enabled my Administrator user, and logged in. Still no luck.... I was encountering "Access Denied" whenever I tried to look at either certain files in System32 or in the Registry. Below, I am including my latest complete Remote Access Diagnostics dump (netsh interface ras), but before I get there, I would like to share my theory. Laugh if you must...almost everyone (in IT or not) has laughed at me as if I was some sort of conspiracy nut!! I think because WIndows 7 and Windows Vista install with ipv6 adapters (ISATAP, TEREDO, etc) advertising from the get-go, I am being hijacked and I cannot find a way to rid my pc of this problem... I do not know how they are getting in... Even after I log in, I disable ALL adapters, and then set state disabled to netsh interface 6to4, ISATAP, TEREDO, etc. I reset ipv4 and ipv6, and reset Winsock (which is loaded with items). AND, the trick they are using is UDP... UDP in most cases can bypass NAT and firewalls, so its quick and they can find me in seconds--- FYI: I have reformated (slow not quick) my drive and reinstalled Windows 7 no less than 40 times. Somehow this cretin is still finding access into my PC. I try to install Kapersky's Techinical Preview, but this intruder knows how to filter it rendering it mostly useless. I know this is a weakness from Microsoft....I mean all I need is to find a room with lead-lined walls to reinstall Windows 7 in and I am good... Because I can go 5 miles from where the network was originally, and somehow, I am advertising some beacon which IDs me on the internet and creates a tunnel.... No matter where I go, I cannot escape this.... I am nearing insanity. Please, please help.... I have deleted all of the ipv6 addresses from ROUTE as well as my loopback adapter address.... But nothing works... Here is my Netsh interface ras diagnostic dump. Given its length.... I have attached it as a .pdf Please someone help this poor Windows 7 user. I just want to use my damn laptop!!!! Without its resources going to sustain some alien life or something..... |
My System Specs | |
| 02 Mar 2009 | #2 |
| | Let's see if MBam picks anything up. Download Malwarebytes' Anti-Malware to your desktop |MG| Malwarebytes Anti-Malware 1.34 * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply. |
| My System Specs |
| 02 Mar 2009 | #3 |
| | I know I'm probably way off base here but you mention it's a Dell and someone in another thread said their Internet problems were caused by a program called "Dell Remote Access" Just thought I'd throw this idea in although it's probably nothing to do with your problems at all  |
| My System Specs |
| . |
| |
| 02 Mar 2009 | #4 |
| | Welcome to the Windows 7 Forums pjvex386  Your post was very well prepared and will provide everyone with the information to assist you. I will start looking at your services and processes and see if anything stands out. We have a great team of Windows 7 Guru's that will be assisting you as well. |
| My System Specs |
| 03 Mar 2009 | #5 |
| Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM) In a ∞ Portal | one thing i can recomend is to keep your install as clean as possible... disable anything not needed also did you download this from somewhere other than ms cause that the installer might have been bugged.... |
| My System Specs |
| 03 Mar 2009 | #6 |
| | Hi pjvex386, I know that this forum is for Windows 7, but can you try to install Vista to see if you get the same problem? If you do, we can probably think of looking at the physical setup of your laptop. One thing that does alarm me - according to the manuals, the wireless function is enabled at the factory and is set to ON by default - see the link below. In my opinion, this should be set to OFF and you should enable it yourself if you want to use this facility. When you install Windows 7 (or indeed any OS), you should ensure that ALL network devices are turned off or unplugged as until the OS is fully installed your system could be vulnerable. http://h10032.www1.hp.com/ctg/Manual/c00820049.pdf |
| My System Specs |
| 03 Mar 2009 | #7 |
| | OK, here is the deal - I found a lot of inconsistencies in your services list from my services list - some are easily explained, and some are not: List of services you have running that I don't have started:
And now for services I have running that you do not (I am excluding any machine specific services on my end):
Now of the three I am running that you are not, that DNS one is going to be needed unless Kaspersky is also using a firewall and using its own DNS system - you'll have to contact them to find out. Also, that last one is pretty important as it is needed for automatically checking program compatibility with Windows 7 - and since this is a Beta OS, I highly recommend you leave it on so it can tell you before installation if a program may have issues. Finally, take note - I see RIP listener, for example, but I remember that in the past you had to manually install that from Programs and Features, so my next set of questions are *critical* and need to be answered: 1) When you said you had installed Windows 7 locally 40 times, are you using the default ISO image from the download, or have you modified it using something like vLite? If not modifying it, are you adding some of these features manually? 2) If this is a generic Windows 7 CD, please do as mentioned above - turn off your wireless *manually* and the format and reinstall Windows 7 - ***and use a different user name and PW*** - then connect ***and do not use the network nearby in your neighborhood***. 3) Have you tried searching for a possible rootkit installation on your machine? Do you have access to spare HDs that you can temporarily replace your current one with and install Windows 7 and see if the problem persists? |
| My System Specs |
| 04 Mar 2009 | #8 |
| | I'm assuming your wireless connection has a password and is encrypted, right? They might be gaining access from that to your laptop. I would make sure both have passwords if not. |
| My System Specs |
| 04 Mar 2009 | #9 |
| | The following services are legitimate: QBCFMonitorService - SystemLookup - QuickBooks Database Manager Service (QBCFMonitorService) RIP Listener - Windows Vista Service Pack 1 Services Information - RIP Listener This one, however, is suspicious because it is associated with both legitimate AND non-legitimate (malware) items: Application Host Helper Service - SystemLookup - Global Search Having said that, a further check of SystemLookup - An online database of what's good and bad on your computer reveals this could also be associated with Small Business Accounting Software | QuickBooks 2008 by Intuit which links with QBCFMonitorService mentioned above, but ONLY if you have QuickBooks installed. |
| My System Specs |
| 07 Mar 2009 | #10 |
| | RIP Listener is a legit Windows System service - problem is that it is never installed by default - hence my note about it. Thanks for the info on the other two. |
| My System Specs |
 |
This is a Security issue, but more!!! problems?
| Thread Tools | |
| Similar help and support threads for: This is a Security issue, but more!!! | ||||
| Thread | Forum | |||
| Security Issue | System Security | |||
 System Security issue | System Security | |||
| Ad-Hoc Security Issue | System Security | |||
| Please help me! Security issue | Network & Sharing | |||
| Urgent!!! security issue | System Security | |||
All times are GMT -5. The time now is 06:06 PM.
