Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I think I'm being watched

  • Please log in to reply
No replies to this topic

#1 BuffDrinkLots


  • Members
  • 3 posts
  • Local time:01:35 PM

Posted 29 April 2011 - 11:28 PM

Going to try and type this as fast as possible since I don't know what the hell is going on at the moment, and I don't want to be connected to the internet for very long.

I came back to the pc after lounging and find that comodo's Defense+Events had Access COM Interface entry: LocalAuthority.SystemTime, followed by a Create Process system32\shell32.dll entry, and then another Create Process mshta.exe.

Jumped to the event viewer>security and I see some unsettling audits, examples: account logon \logoff when I didn't, one of the event properties lists and authentication package to authenticate logon attemps under the package name Kerberos (kerberos.dll)
Another package name "scecli", was loaded by the security account manager.

Any of the entries I can't really understand, only that I wasn't at my machine when they took place, and my firewall(comodo) crashed for no apparent reason.

Maybe I'm overrating but I recently had to get a new hd because of a serious rootkit\virus problem. If someone could help me I'd be extremely grateful.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users