This is a Security issue, but more!!!

Page 1 of 13 12311 ... LastLast

  1. Posts : 57
    Windows 7
       #1

    This is a Security issue, but more!!!


    OK..... I need some help!! My first born to be named after the individual who can exorcise the demons from my laptop.

    I am pretty Windows savvy, my weakest points are controlling arcane environmental settings in the registry, and perhaps a few other things..... But other than that, I am solid. I never thought I would be posting to this board. However, due to the strangest security breach I have ever seen, coupled with my inability to rid my laptop of this breach (maybe a worm--although it is not autonomous, it is smart and is being controlled by some nefarious individual(s). I had no choice. Seek help, or throw out my laptop, or maybe I move to Hawaii (but that might not even help).

    Ok, here is the best I can do in the way of a summary:

    First my specs:
    Dell HP Pavillion 2212
    Dual Core 1.6GHz
    2GB Ram
    120 GB HD
    500GB USB Western Digital My Book
    Broadcom bcm43xx wireless adapter
    NVIDIA HOST Controller as LAN Adapter
    +++ this is new: a "loopback adapter" (<--- I know what one is, but it never showed up as an adapter choice prior to this problem.

    Operating System: Windows 7 B7000.

    About 6 weeks ago, I authenticated with a wireless network near my residence and used the internet for a bit. I did this again over the next few days, and then started noticing some very strange things ocuring. My task manager had a number of processes that I never recognized (even though I was using Windows 7 beta), and it seemed as if I had a lot of services that were server based.

    After trying to look further into what was happening, I started getting "access denied" messages all over the place. I enabled my Administrator user, and logged in. Still no luck.... I was encountering "Access Denied" whenever I tried to look at either certain files in System32 or in the Registry.

    Below, I am including my latest complete Remote Access Diagnostics dump (netsh interface ras), but before I get there, I would like to share my theory. Laugh if you must...almost everyone (in IT or not) has laughed at me as if I was some sort of conspiracy nut!!

    I think because WIndows 7 and Windows Vista install with ipv6 adapters (ISATAP, TEREDO, etc) advertising from the get-go, I am being hijacked and I cannot find a way to rid my pc of this problem... I do not know how they are getting in... Even after I log in, I disable ALL adapters, and then set state disabled to netsh interface 6to4, ISATAP, TEREDO, etc. I reset ipv4 and ipv6, and reset Winsock (which is loaded with items). AND, the trick they are using is UDP... UDP in most cases can bypass NAT and firewalls, so its quick and they can find me in seconds---

    FYI: I have reformated (slow not quick) my drive and reinstalled Windows 7 no less than 40 times.

    Somehow this cretin is still finding access into my PC. I try to install Kapersky's Techinical Preview, but this intruder knows how to filter it rendering it mostly useless.

    I know this is a weakness from Microsoft....I mean all I need is to find a room with lead-lined walls to reinstall Windows 7 in and I am good... Because I can go 5 miles from where the network was originally, and somehow, I am advertising some beacon which IDs me on the internet and creates a tunnel....

    No matter where I go, I cannot escape this.... I am nearing insanity. Please, please help.... I have deleted all of the ipv6 addresses from ROUTE as well as my loopback adapter address.... But nothing works...

    Here is my Netsh interface ras diagnostic dump. Given its length.... I have attached it as a .pdf

    Please someone help this poor Windows 7 user. I just want to use my damn laptop!!!! Without its resources going to sustain some alien life or something.....
    This is a Security issue, but more!!! Attached Files
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Let's see if MBam picks anything up.

    Download Malwarebytes' Anti-Malware to your desktop
    |MG| Malwarebytes Anti-Malware 1.34

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
      My Computer


  3. Posts : 7,538
    Windows 10 64bit/Windows 10 64bit/Windows 10 64bit
       #3

    I know I'm probably way off base here but you mention it's a Dell and someone in another thread said their Internet problems were caused by a program called "Dell Remote Access"

    Just thought I'd throw this idea in although it's probably nothing to do with your problems at all
      My Computer


  4. Joe
    Posts : 236
    Windows 7 RC
       #4

    Welcome to the Se7en Forums pjvex386

    Your post was very well prepared and will provide everyone with the information to assist you.

    I will start looking at your services and processes and see if anything stands out. We have a great team of Windows 7 Guru's that will be assisting you as well.
      My Computer


  5. Posts : 2,899
    Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
       #5

    one thing i can recomend is to keep your install as clean as possible...
    disable anything not needed
    also did you download this from somewhere other than ms cause that the installer might have been bugged....
      My Computer


  6. Posts : 9,582
    Windows 8.1 Pro RTM x64
       #6

    Hi pjvex386,

    I know that this forum is for W7, but can you try to install Vista to see if you get the same problem? If you do, we can probably think of looking at the physical setup of your laptop. One thing that does alarm me - according to the manuals, the wireless function is enabled at the factory and is set to ON by default - see the link below. In my opinion, this should be set to OFF and you should enable it yourself if you want to use this facility. When you install W7 (or indeed any OS), you should ensure that ALL network devices are turned off or unplugged as until the OS is fully installed your system could be vulnerable.

    http://h10032.www1.hp.com/ctg/Manual/c00820049.pdf
      My Computer


  7. Posts : 4,364
    Windows 11 21H2 Current build
       #7

    OK, here is the deal - I found a lot of inconsistencies in your services list from my services list - some are easily explained, and some are not:

    List of services you have running that I don't have started:
    • Acronis Scheduler2 Service (I don't have Acronis)
    • Application Host Helper Service (Not even listed in my set of services)
    • CNG Key Isolation - my setting - Manual, not started
    • Diagnostic System Host - my setting - Manual, not started
    • Extensible Authentication Protocol - my setting - Manual, not started
    • IKE and AuthIP IPsec Keying Modules - my setting - Manual, not started
    • IPsec Policy Agent - my setting - Manual, not started
    • Kaspersky Anti-Virus 8.0 (I don't have Kaspersky)
    • Multimedia Class Scheduler - my setting - Automatic, not started - this means I have not had anything interface with Windows for a multimedia file class at all as of yet - yours is normal, leave it alone.
    • QBCFMonitorService (Not even listed in my set of services) - meaning it could be from Kaspersky or Acronis, but it could be malicious
    • RIP Listener (Not even listed in my set of services) - meaning it could be from Kaspersky or Acronis, but it could be malicious
    • Software Protection - my setting - Automatic (Delayed start), not started
    • Telephony - my setting - Manual, not started
    • WLAN AutoConfig - my setting - Manual, not started


    And now for services I have running that you do not (I am excluding any machine specific services on my end):

    • Application Information - my setting - Automatic, started
    • DNS Client - my setting - Automatic, started
    • Program Compatibility Assistant Service - my setting - Automatic, started


    Now of the three I am running that you are not, that DNS one is going to be needed unless Kaspersky is also using a firewall and using its own DNS system - you'll have to contact them to find out. Also, that last one is pretty important as it is needed for automatically checking program compatibility with W7 - and since this is a Beta OS, I highly recommend you leave it on so it can tell you before installation if a program may have issues.

    Finally, take note - I see RIP listener, for example, but I remember that in the past you had to manually install that from Programs and Features, so my next set of questions are *critical* and need to be answered:

    1) When you said you had installed W7 locally 40 times, are you using the default ISO image from the download, or have you modified it using something like vLite? If not modifying it, are you adding some of these features manually?

    2) If this is a generic Windows 7 CD, please do as mentioned above - turn off your wireless *manually* and the format and reinstall W7 - ***and use a different user name and PW*** - then connect ***and do not use the network nearby in your neighborhood***.

    3) Have you tried searching for a possible rootkit installation on your machine? Do you have access to spare HDs that you can temporarily replace your current one with and install W7 and see if the problem persists?
      My Computer


  8. Posts : 202
    Windows 7 Ultimate 64bit
       #8

    I'm assuming your wireless connection has a password and is encrypted, right? They might be gaining access from that to your laptop.

    I would make sure both have passwords if not.
      My Computer


  9. Posts : 9,582
    Windows 8.1 Pro RTM x64
       #9

    The following services are legitimate:

    QBCFMonitorService - SystemLookup - QuickBooks Database Manager Service (QBCFMonitorService)

    RIP Listener - Windows Vista Service Pack 1 Services Information - RIP Listener

    This one, however, is suspicious because it is associated with both legitimate AND non-legitimate (malware) items:

    Application Host Helper Service - SystemLookup - Global Search

    Having said that, a further check of SystemLookup - An online database of what's good and bad on your computer reveals this could also be associated with Small Business Accounting Software | QuickBooks 2008 by Intuit which links with QBCFMonitorService mentioned above, but ONLY if you have QuickBooks installed.
      My Computer


  10. Posts : 4,364
    Windows 11 21H2 Current build
       #10

    RIP Listener is a legit Windows System service - problem is that it is never installed by default - hence my note about it.

    Thanks for the info on the other two.
      My Computer


 
Page 1 of 13 12311 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:20.
Find Us