Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: This is a Security issue, but more!!!

01 Mar 2009   #1

 
This is a Security issue, but more!!!

OK..... I need some help!! My first born to be named after the individual who can exorcise the demons from my laptop.

I am pretty Windows savvy, my weakest points are controlling arcane environmental settings in the registry, and perhaps a few other things..... But other than that, I am solid. I never thought I would be posting to this board. However, due to the strangest security breach I have ever seen, coupled with my inability to rid my laptop of this breach (maybe a worm--although it is not autonomous, it is smart and is being controlled by some nefarious individual(s). I had no choice. Seek help, or throw out my laptop, or maybe I move to Hawaii (but that might not even help).

Ok, here is the best I can do in the way of a summary:

First my specs:
Dell HP Pavillion 2212
Dual Core 1.6GHz
2GB Ram
120 GB HD
500GB USB Western Digital My Book
Broadcom bcm43xx wireless adapter
NVIDIA HOST Controller as LAN Adapter
+++ this is new: a "loopback adapter" (<--- I know what one is, but it never showed up as an adapter choice prior to this problem.

Operating System: Windows 7 B7000.

About 6 weeks ago, I authenticated with a wireless network near my residence and used the internet for a bit. I did this again over the next few days, and then started noticing some very strange things ocuring. My task manager had a number of processes that I never recognized (even though I was using Windows 7 beta), and it seemed as if I had a lot of services that were server based.

After trying to look further into what was happening, I started getting "access denied" messages all over the place. I enabled my Administrator user, and logged in. Still no luck.... I was encountering "Access Denied" whenever I tried to look at either certain files in System32 or in the Registry.

Below, I am including my latest complete Remote Access Diagnostics dump (netsh interface ras), but before I get there, I would like to share my theory. Laugh if you must...almost everyone (in IT or not) has laughed at me as if I was some sort of conspiracy nut!!

I think because WIndows 7 and Windows Vista install with ipv6 adapters (ISATAP, TEREDO, etc) advertising from the get-go, I am being hijacked and I cannot find a way to rid my pc of this problem... I do not know how they are getting in... Even after I log in, I disable ALL adapters, and then set state disabled to netsh interface 6to4, ISATAP, TEREDO, etc. I reset ipv4 and ipv6, and reset Winsock (which is loaded with items). AND, the trick they are using is UDP... UDP in most cases can bypass NAT and firewalls, so its quick and they can find me in seconds---

FYI: I have reformated (slow not quick) my drive and reinstalled Windows 7 no less than 40 times.

Somehow this cretin is still finding access into my PC. I try to install Kapersky's Techinical Preview, but this intruder knows how to filter it rendering it mostly useless.

I know this is a weakness from Microsoft....I mean all I need is to find a room with lead-lined walls to reinstall Windows 7 in and I am good... Because I can go 5 miles from where the network was originally, and somehow, I am advertising some beacon which IDs me on the internet and creates a tunnel....

No matter where I go, I cannot escape this.... I am nearing insanity. Please, please help.... I have deleted all of the ipv6 addresses from ROUTE as well as my loopback adapter address.... But nothing works...

Here is my Netsh interface ras diagnostic dump. Given its length.... I have attached it as a .pdf

Please someone help this poor Windows 7 user. I just want to use my damn laptop!!!! Without its resources going to sustain some alien life or something.....





Attached Files
File Type: pdf Remote Access Diagnostic Re...pdf (162.3 KB, 167 views)
My System SpecsSystem Spec
.

02 Mar 2009   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's see if MBam picks anything up.

Download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.34

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
02 Mar 2009   #3

Windows 7 Ultimate SP1 32 bit/Windows 8.1 64bit
 
 

I know I'm probably way off base here but you mention it's a Dell and someone in another thread said their Internet problems were caused by a program called "Dell Remote Access"

Just thought I'd throw this idea in although it's probably nothing to do with your problems at all
My System SpecsSystem Spec
.


02 Mar 2009   #4
Joe

Windows 7 RC
 
 

Welcome to the Windows 7 Forums pjvex386

Your post was very well prepared and will provide everyone with the information to assist you.

I will start looking at your services and processes and see if anything stands out. We have a great team of Windows 7 Guru's that will be assisting you as well.
My System SpecsSystem Spec
03 Mar 2009   #5

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

one thing i can recomend is to keep your install as clean as possible...
disable anything not needed
also did you download this from somewhere other than ms cause that the installer might have been bugged....
My System SpecsSystem Spec
03 Mar 2009   #6

Windows 8.1 Pro RTM x64
 
 

Hi pjvex386,

I know that this forum is for Windows 7, but can you try to install Vista to see if you get the same problem? If you do, we can probably think of looking at the physical setup of your laptop. One thing that does alarm me - according to the manuals, the wireless function is enabled at the factory and is set to ON by default - see the link below. In my opinion, this should be set to OFF and you should enable it yourself if you want to use this facility. When you install Windows 7 (or indeed any OS), you should ensure that ALL network devices are turned off or unplugged as until the OS is fully installed your system could be vulnerable.

http://h10032.www1.hp.com/ctg/Manual/c00820049.pdf
My System SpecsSystem Spec
03 Mar 2009   #7

 

OK, here is the deal - I found a lot of inconsistencies in your services list from my services list - some are easily explained, and some are not:

List of services you have running that I don't have started:
  • Acronis Scheduler2 Service (I don't have Acronis)
  • Application Host Helper Service (Not even listed in my set of services)
  • CNG Key Isolation - my setting - Manual, not started
  • Diagnostic System Host - my setting - Manual, not started
  • Extensible Authentication Protocol - my setting - Manual, not started
  • IKE and AuthIP IPsec Keying Modules - my setting - Manual, not started
  • IPsec Policy Agent - my setting - Manual, not started
  • Kaspersky Anti-Virus 8.0 (I don't have Kaspersky)
  • Multimedia Class Scheduler - my setting - Automatic, not started - this means I have not had anything interface with Windows for a multimedia file class at all as of yet - yours is normal, leave it alone.
  • QBCFMonitorService (Not even listed in my set of services) - meaning it could be from Kaspersky or Acronis, but it could be malicious
  • RIP Listener (Not even listed in my set of services) - meaning it could be from Kaspersky or Acronis, but it could be malicious
  • Software Protection - my setting - Automatic (Delayed start), not started
  • Telephony - my setting - Manual, not started
  • WLAN AutoConfig - my setting - Manual, not started

And now for services I have running that you do not (I am excluding any machine specific services on my end):
  • Application Information - my setting - Automatic, started
  • DNS Client - my setting - Automatic, started
  • Program Compatibility Assistant Service - my setting - Automatic, started

Now of the three I am running that you are not, that DNS one is going to be needed unless Kaspersky is also using a firewall and using its own DNS system - you'll have to contact them to find out. Also, that last one is pretty important as it is needed for automatically checking program compatibility with Windows 7 - and since this is a Beta OS, I highly recommend you leave it on so it can tell you before installation if a program may have issues.

Finally, take note - I see RIP listener, for example, but I remember that in the past you had to manually install that from Programs and Features, so my next set of questions are *critical* and need to be answered:

1) When you said you had installed Windows 7 locally 40 times, are you using the default ISO image from the download, or have you modified it using something like vLite? If not modifying it, are you adding some of these features manually?

2) If this is a generic Windows 7 CD, please do as mentioned above - turn off your wireless *manually* and the format and reinstall Windows 7 - ***and use a different user name and PW*** - then connect ***and do not use the network nearby in your neighborhood***.

3) Have you tried searching for a possible rootkit installation on your machine? Do you have access to spare HDs that you can temporarily replace your current one with and install Windows 7 and see if the problem persists?
My System SpecsSystem Spec
04 Mar 2009   #8

Windows 7 Ultimate 64bit
 
 

I'm assuming your wireless connection has a password and is encrypted, right? They might be gaining access from that to your laptop.

I would make sure both have passwords if not.
My System SpecsSystem Spec
04 Mar 2009   #9

Windows 8.1 Pro RTM x64
 
 

The following services are legitimate:

QBCFMonitorService - SystemLookup - QuickBooks Database Manager Service (QBCFMonitorService)

RIP Listener - Windows Vista Service Pack 1 Services Information - RIP Listener

This one, however, is suspicious because it is associated with both legitimate AND non-legitimate (malware) items:

Application Host Helper Service - SystemLookup - Global Search

Having said that, a further check of SystemLookup - An online database of what's good and bad on your computer reveals this could also be associated with Small Business Accounting Software | QuickBooks 2008 by Intuit which links with QBCFMonitorService mentioned above, but ONLY if you have QuickBooks installed.
My System SpecsSystem Spec
07 Mar 2009   #10

 

RIP Listener is a legit Windows System service - problem is that it is never installed by default - hence my note about it.

Thanks for the info on the other two.
My System SpecsSystem Spec
Closed Thread

 This is a Security issue, but more!!!




Thread Tools



Similar help and support threads for2: This is a Security issue, but more!!!
Thread Forum
HELP File Security Issue!!!!!!!! General Discussion
Security Issue System Security
Solved System Security issue System Security
Ad-Hoc Security Issue System Security
Security Setting issue System Security
Please help me! Security issue Network & Sharing
Urgent!!! security issue System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:24 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33