Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Desktop keeps rechecking itself


  • This topic is locked This topic is locked
3 replies to this topic

#1 thatoneguyyep101

thatoneguyyep101

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 24 April 2010 - 04:27 AM

I have already posted a topic of this profile at My Microsoft Answers Topic

The issue is that I go to control panel>system>remote and I UNCHECK the box that says "Allow users to remotely connect to this computer"
I restart my computer... just to find it rechecked.
Some people in my Microsoft Answers topic (link above) believe it to be a HelpAssistant virus.

I believe they could be right. I've read over a few topics on how to get rid of it, and I haven't had any success.

The HelpAssistant user account on my computer is disabled, and has been staying disabled.

In my windows firewall, and norton 360 premier edition firewall... I have not noticed any random ports..... What I have noticed are the following things....

There is a entry in both my norton 360 AND windows firewall that mentions an "Apache HTTP Server" I have tried deleting it, many times... but when I restart it just shows up again, without my consent. Under Norton it shows up as "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"

Under my task manager I also have some running process that I am unsure of.....

nvsvc32.exe user name system using 5,012 K

services.exe user name system using 6,140 K

winlogon.exe user name system using 976 K

Apache.exe user name system using 6,008 K

nSvcIp.exe user name system using 6,456 K

(yes another) Apache.exe user name system using 6,224 K

That's it for processes....

I also have a file on my C drive called ".rnd" which was created on Tuesday, April 20th, 2010 at 2:14am
It is 1kb in size. It was also modified on the same date and time mentioned above, down to the second even.

I have tried deleting the Apache HTTP Server from my windows and norton firewall, but when I restart it just reappears, along with the box to allow users to remotely connect to my computer. I have also tried ending the apache.exe processes... just to have them show back up pretty much immediately.

I have already tried the fixmbr thing, using my installation disc.... it successfully completed, but sadly did not fix this Apache thing.

Sometimes after I type my password to login to my computer, it shows my desktop, the icons, and the norton.... everything else sometimes takes forever to load (not normal) usually everything start just fine, and all services load one after the other, with no problems.... but lately there has been a "hang"

The first time I deleted the apache listings in my windows and norton firewall.... I went to restart my computer.... which freaked out... by popping up windows telling me that all of these services were having problems.... I had to click ok around 10 times just to get it to restart properly. I also noticed that Task Manager would not open..... because it ran into an error..... yes an error NOT that it was disabled by the administrator.

The only thing I have used remote desktop for was to have a symantec technician change some settings for my norton product... it kept telling me I needed to restart my computer to receive the latest updates, he told me this was normal.... and I had him change a scheduling setting so that my computer would stop doing the idle scans. He told me nothing was wrong with my computer or the product.

He had me download some .exe files called helpmenow or logmein or something like that.... and I had to use a number to allow him to connect to my computer. Before all of this my "allow users to connect remotely to this computer" box always stayed unchecked. I doubt the symantec thing has anything to do with it though.

Also the first time I remove the Apache listing from my computer... and was telling it to restart... my computer displayed the old login screen for a few seconds, then it turned off, had those 10 error windows where I had to click ok, it restarted, my login screen was normal, it logged in, and loaded everything fine. There was no delay, but yet the Apache.exe processes are still running, the remote desktop checkbox keeps rechecking itself, there's that whole .rnd file thing, and the apache http server keeps adding itself to my windows AND norton firewall.

Sometimes..... I have noticed my mouse will move 1-2 inches in the up direction of my monitor. I know it isn't my mouse because I have a laser mouse, which lights up on the scroll wheel when I'm using it. Also it's wireless, and when they keyboard or mouse have any activity the receiver sensor blinks.

So sometimes I'll be laying on my bed, and notice my mouse moving a little... I get up, and my mouse sensor isn't blinking, neither is my mouse.... therefore meaning that it's isn't my mouse having any issues.... someone must be moving it wirelessly, over the internet, perhaps through the remote desktop thing, or the apache thing... maybe both?

I have not noticed my files copying themself, or taking up massive amounts of hard drive space either. The helpassistant user is disabled on my computer, and has always stayed disabled.

Please help, I'm unsure as to what to do.... I feel someone is perhaps connecting to my computer, and it's unsafe..... I've read topics on the helpassistant thing, and saw the logs and tools people have used to get rid of it. But I realize those instructions are to only be used in their case.

So someone please help me on getting rid of whatever this virus thing or whatever it is... thank you.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:32 PM

Posted 24 April 2010 - 06:51 PM

Hello,

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 thatoneguyyep101

thatoneguyyep101
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 25 April 2010 - 06:19 AM

Thank you for your help Orange Blossom. I followed the directions given in the links, and have a new topic started. All of the logs were created without any problems. I'll just be patient and wait for more help, thanks again!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:32 PM

Posted 25 April 2010 - 11:35 AM

Excellent.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/312417/remote-desktop-keeps-rechecking-itself/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users