This is a Security issue, but more!!!

Page 4 of 13 FirstFirst ... 23456 ... LastLast

  1. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #31

    The CSV\v2.06 is most likely okay, because it's also on my computer


    It's a *Command line compiler* for Microsoft C# it gets installed with the .NET SDK

    I can't find anything on DXP\Task ....
    It could be a backdoor Trojan
    Troj/VB-DXP Trojan - Sophos security analysis

    In which case I would suggest that you go to a known 'clean' computer and change all your passwords. Don't try to do this on a suspected, infected machine.

    Next, download HostsXpert 4.3 - Hosts File Manager.
    • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


    Now, flush your DNS Cache:
    Sometimes a bad DNS entry will be cached and you will need to either flush the DNS cache to get rid of it, or wait up to 24 hours for it to be dropped from the cache automatically.

    Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe
    enter ipconfig /flushdns press 'enter'

    You might see if Kaspersky online Virus scanner will run now.
      My Computer

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #32

    Ah Ha! I found DXP on my machine too ... looks to be safe :)
    DXP - Device Experience Platform Microsoft Corporation c:\windows\system32\dxp.dll
      My Computer

  4. pjvex386
    Posts : 57
    Windows 7
    Thread Starter
       New #33

    No. And I am not (to my knowledge) using any proxies. Which address was did that resolve from? Was it ipv6?

    I have always been ready to admit I was wrong in this. But I am still left with countless questions as to why so many things starting happening all at the same time, and virtually all in response to a defense of my actions which were either investigatory (no deletion or changing of files or the registry), and why it seemed to behave in this way with so many outbound UDP packets (according to Kaspersky) to the same address. And why would any OS feature, reach out and change permissions in accessing peripheral drives (the WD 500GB drive, flash drives,etc.) which not even the esteemed, invoke-only-as-needed "Administrator" user would be able to access or change on a stand-alone workstation (or more accurately, my laptop), unless they were doing something which from all perspectives I can envision seem furtive, possessing element of concealment, agression, and even a very real sense that at times, the OS was taking steps simply for punitive purposes??? And why after using Slackware (from a persistent changes, 4GB Flash drive) for a year, would my switching to a conventional HD installation of Ubuntu soon after all of these problems started cause a different but stable and highly regarded OS such as Ubuntu Linux to have adapter problems and odd environmental events such as the sudden disappearance of my ability to use iwconfig, or have ipconfig output look radically different than to what I am accustomed. I mean bash is bash pretty much and ubuntu worked fine for about an hour, then it was like my Luddite ghost had returned to wreak havoc on my life.....?????

    Jacee
    attached is the MBAM log.... All clear!!!


    Attached for
    This is a Security issue, but more!!! Attached Files
      My Computer

  6. pjvex386
    Posts : 57
    Windows 7
    Thread Starter
       New #34

    article that may be enlightening


    FIrst, attached I included a HijackThis! log. I know there are many things that should not be there... I have deleted them before, and I just stopped even trying a few weeks ago...

    But, on a stronger note, the following link is to an article that gives me a little comfort as to why I see many things I see....

    Security in Windows 7: Firewall and Networking - Reviews by PC Magazine



    Paul
      My Computer

  7. pjvex386
    Posts : 57
    Windows 7
    Thread Starter
       New #35

    Oh, and thank you Jacee for the helpful info...I feel relieved that there are other competent and skilled individuals who may not recognize some items as typical windows components. I will take all the steps you outline--I want to research this a bit more to know what kind of trojan this may be. Also, when you say a clean machine, you mean head on over to Kinkos or something right???? And by passwords, you mean any web app passwords, correct???

    In connection with my last post and the link contained therein, what is everyone's take on having a third party commercial firewall? Do I need one???

    Thanks as always
      My Computer

  8. pjvex386
    Posts : 57
    Windows 7
    Thread Starter
       New #36

    This is just to confirm the HijackThis log made it through the upload... Didn't see it when I refreshed...

    Oh see the problem now....I forgot about those file extension limitations on uploads....
    This is a Security issue, but more!!! Attached Files
      My Computer

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #37

    Stop/disable this in services:
    Service: NZNEQPXT

    Upload to jotti's:
    http://virusscan.jotti.org/

    and have this file scanned:
    C:\Users\Tyler\AppData\Local\Temp\NZNEQPXT.exe

    If jotti's is too busy then try VirSCAN.org - The Multi-Engine Virus Scanner v1.02, Supports 37 AntiVirus Engines!

    Copy and paste the findings log back here.
      My Computer

  11. pjvex386
    Posts : 57
    Windows 7
    Thread Starter
       New #38

    Strange... but though the file NZNEQPXT shows as active in HijackThis, it does not look quite the same in services.... see screenshot attached...

    Also, I cannot enable the Administrator (which always happens when I cannot open a prompt "As an administrator"....

    THe task manager no longer has the "Run this task as Administrator" checkbox (I have seen this before). My "RUN" in the start menu (which is a fight as it is to enable in the start menu properties) no longer has the "Run as Administrator" checkbox option... and "Runas" at the command prompt gives me some weird error like "class is not installed"....

    I feel like Bruce Willis in Die Hard when he says to the all the police and SWAT on the ground below "welcome to the party!!" . This is only a fracion of the same stuff I have been seing for weeks on end despite wipes, reformats and reinstalls from a Microsoft download.... I know the installation disk is clean.....

    So...at this point (if I did not otherwise have the internet up and running as I do now), I would usually reformat and reinstall.

    As I responded above (mostly to Darkassassin who said my reformatting 40 times was excessive, and to which I agree) I believe I have tried most other recovery methods that do not involve a full re-installation.... but as I said in the post a few back, I am working from Administrator books for Vista, so if you have some idea.... let me know...

    GIven all that I have said, if this is a trojan or a worm, could it be in protected storage????

    Paul
    Attached Thumbnails Attached Thumbnails This is a Security issue, but more!!!-services.jpg  
      My Computer

  12. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #39

    Right click on the service again and choose properties. Click on the dropdown box and set it to disabled. Click 'stop', apply and ok your way out.
    Please see if you can get C:\Users\Tyler\AppData\Local\Temp\NZNEQPXT.exe
    scanned by one or both links supplied above.

    Next,
    go to this link and download whoamI?
    wng's blog: WhoAmI
    This is a small script that will be a notepad .txt file on your desktop. Post it.

    Mine looks like this because I have not turned UAC off:
    WhoAmI by wng_z3r0
    3/20/2009
    9:22 PM
    ******************
    Operating system:
    Microsoft Windows 7 Ultimate
    Ram: 3325 mb
    Accounts on this computer:
    Administrator
    Guest
    Jacee
    Current User: Jacee
    User is not an admin
    End of file
      My Computer

  13. pjvex386
    Posts : 57
    Windows 7
    Thread Starter
       New #40

    So I did this. See screenshot...
    Attached Thumbnails Attached Thumbnails This is a Security issue, but more!!!-services.jpg  
      My Computer

 
Page 4 of 13 FirstFirst ... 23456 ... LastLast

  Related Discussions
I normally use MSN as my home page when I browse with IE10 as my default browser. This morning when I checked my email I had a message that purported to be from Microsoft that stated thew following: Microsoft account Security alert We think that someone else might have accessed the...
Security Issue
in System Security

Hi golden i have MWB as well and thought of myself as pretty secure however i let my parents get ahold of the comp and theres trojans and text files and crazy shiz neway i follow the path provided to where one of the virus's resided and low and behold i couldnt get to the dang cookies neway i...
Ad-Hoc Security Issue
in System Security

Ok I hope you can help me out here. I'm convinced this is a security issue. From time to time my laptop drops wireless signal & when I try to re-connect to my router, I notice there's this available ad-hoc network to connect to called hp.nomodel etc... I of course have never connected to this...
Please help me! Security issue
in Network & Sharing

Hi all.. sorry about the uppercase title but Im desperate.. I have a sony vaio windows 7, since Im 20 and my mom wanted to use my laptop at times I HAD to make her an independent account and manage my sharing and security settings, so I denied her account all permissions etc.. but now I cant...
Urgent!!! security issue
in System Security

I apologise if i am posting this in the wrong place but this is quite urgent. 2 of my accounts have just been hacked,, and it seems my windows live account had a hack attempt on it. I am trying to reset my passwords, but i beleive there is either a keylogger on the pc or smth wrong with windows...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:54.
Find Us