I have already posted a topic of this profile at My Microsoft Answers Topic
The issue is that I go to control panel>system>remote and I UNCHECK the box that says "Allow users to remotely connect to this computer"
I restart my computer... just to find it rechecked.
Some people in my Microsoft Answers topic (link above) believe it to be a HelpAssistant virus.
I believe they could be right. I've read over a few topics on how to get rid of it, and I haven't had any success.
The HelpAssistant user account on my computer is disabled, and has been staying disabled.
In my windows firewall, and norton 360 premier edition firewall... I have not noticed any random ports..... What I have noticed are the following things....
There is a entry in both my norton 360 AND windows firewall that mentions an "Apache HTTP Server" I have tried deleting it, many times... but when I restart it just shows up again, without my consent. Under Norton it shows up as "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"
Under my task manager I also have some running process that I am unsure of.....
nvsvc32.exe user name system using 5,012 K
services.exe user name system using 6,140 K
winlogon.exe user name system using 976 K
Apache.exe user name system using 6,008 K
nSvcIp.exe user name system using 6,456 K
(yes another) Apache.exe user name system using 6,224 K
That's it for processes....
I also have a file on my C drive called ".rnd" which was created on Tuesday, April 20th, 2010 at 2:14am
It is 1kb in size. It was also modified on the same date and time mentioned above, down to the second even.
I have tried deleting the Apache HTTP Server from my windows and norton firewall, but when I restart it just reappears, along with the box to allow users to remotely connect to my computer. I have also tried ending the apache.exe processes... just to have them show back up pretty much immediately.
I have already tried the fixmbr thing, using my installation disc.... it successfully completed, but sadly did not fix this Apache thing.
Sometimes after I type my password to login to my computer, it shows my desktop, the icons, and the norton.... everything else sometimes takes forever to load (not normal) usually everything start just fine, and all services load one after the other, with no problems.... but lately there has been a "hang"
The first time I deleted the apache listings in my windows and norton firewall.... I went to restart my computer.... which freaked out... by popping up windows telling me that all of these services were having problems.... I had to click ok around 10 times just to get it to restart properly. I also noticed that Task Manager would not open..... because it ran into an error..... yes an error NOT that it was disabled by the administrator.
The only thing I have used remote desktop for was to have a symantec technician change some settings for my norton product... it kept telling me I needed to restart my computer to receive the latest updates, he told me this was normal.... and I had him change a scheduling setting so that my computer would stop doing the idle scans. He told me nothing was wrong with my computer or the product.
He had me download some .exe files called helpmenow or logmein or something like that.... and I had to use a number to allow him to connect to my computer. Before all of this my "allow users to connect remotely to this computer" box always stayed unchecked. I doubt the symantec thing has anything to do with it though.
Also the first time I remove the Apache listing from my computer... and was telling it to restart... my computer displayed the old login screen for a few seconds, then it turned off, had those 10 error windows where I had to click ok, it restarted, my login screen was normal, it logged in, and loaded everything fine. There was no delay, but yet the Apache.exe processes are still running, the remote desktop checkbox keeps rechecking itself, there's that whole .rnd file thing, and the apache http server keeps adding itself to my windows AND norton firewall.
Sometimes..... I have noticed my mouse will move 1-2 inches in the up direction of my monitor. I know it isn't my mouse because I have a laser mouse, which lights up on the scroll wheel when I'm using it. Also it's wireless, and when they keyboard or mouse have any activity the receiver sensor blinks.
So sometimes I'll be laying on my bed, and notice my mouse moving a little... I get up, and my mouse sensor isn't blinking, neither is my mouse.... therefore meaning that it's isn't my mouse having any issues.... someone must be moving it wirelessly, over the internet, perhaps through the remote desktop thing, or the apache thing... maybe both?
I have not noticed my files copying themself, or taking up massive amounts of hard drive space either. The helpassistant user is disabled on my computer, and has always stayed disabled.
Please help, I'm unsure as to what to do.... I feel someone is perhaps connecting to my computer, and it's unsafe..... I've read topics on the helpassistant thing, and saw the logs and tools people have used to get rid of it. But I realize those instructions are to only be used in their case.
So someone please help me on getting rid of whatever this virus thing or whatever it is... thank you.