Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Certificate Signature issues


  • This topic is locked This topic is locked
6 replies to this topic

#1 systematicdecline

systematicdecline

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 14 May 2012 - 07:53 PM

here is the link to the first thread. I still believe i am infected. but evidently my logs are clean. Most of my signatures are messed up, out of date etc. This computer is less than a year new. I believe my old room mate to has something to do with this.

Issues. all kind of weird things are going on, including weird NTUSER files in my c drive. hidden partitions i believe may have hacks on them etc. i may be wrong. and just need to learn how to use my computer. I am baffled.


http://www.bleepingcomputer.com/forums/topic452029.html/page__st__15

Edited by hamluis, 25 May 2012 - 07:55 AM.
Open MRL topic, closed this - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:37 AM

Posted 15 May 2012 - 02:22 AM

Hi -
I may as well be the first to ask a few questions -

What Antivirus and Firewall programs are you now running ? Are you aware that the M/soft Firewall in Windows7, is now about as good as most free versions ?
I have removed all defense except for M.S.E. Antivirus and M/soft Firewall, but I have Malwarebytes running active with them -

You were asked to cut back on your A/virus (did you), and I would just leave M/soft Firewall on for now, this may cut back on crossed virus hunting programs.
Your first logs also showed AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
Please run the Norton removal tool >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Now post a Security Check -

How is the system operating -

Thank You -

#3 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 15 May 2012 - 06:38 PM

Hi -
I may as well be the first to ask a few questions -

What Antivirus and Firewall programs are you now running ? Are you aware that the M/soft Firewall in Windows7, is now about as good as most free versions ?
I have removed all defense except for M.S.E. Antivirus and M/soft Firewall, but I have Malwarebytes running active with them -

You were asked to cut back on your A/virus (did you), and I would just leave M/soft Firewall on for now, this may cut back on crossed virus hunting programs.
Your first logs also showed AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
Please run the Norton removal tool >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Now post a Security Check -

How is the system operating -

Thank You -


I don't believe i was asked to cut down on them, but to disable them, but yes, as suggested i uninstalled as many as i could. my computer came with Norton, and i still have a account with them for another 30 days or so. but i have found Norton, even 360 4.0 i paid for, to not even able to catch black hat hackers. if you catch my drift.

i followed your link. and also looked for more programs to uninstalled, turned back on Microsoft firewall, and of course windows defender came on as well when i uninstalled a certain program. so i updated it. i downloaded AVG premium package for 30 day trial. if it works good i will keep it. i have tried Paid Avast before, i have also tried Paid Norton as i have said before. I uninstalled Microsoft Anti virus before downloading AVG.

It seems the only program that caught anything was Super-spyware, so i kept that. I will check out that other link now. but downloaded the Norton uninstaller and ran it.


this is a second generation I 5 with 8 gigs of some serious memory. my machine flys. its the internet redirection, and lack of information provided on the webbrowser, along with redirecting, i believe they are from bad files. i explained what i believe it may be in the last thread. but XML, DLL, and other system files with scripts running. a possible hidden partition, installing bad things when i reinstall with a fresh disk.

I have reported fraud to Microsoft as i believe my version windows has been tampered with. Drivers, certificates, attributes, Remote Access, etc. There are files i am denied access too. There is only 1 user on here. 1 admin with a password. The one thing i notice that may be a problem is the ROAMING file, NTUSER. Files on c drive, Intel's Wireless wlan. i posted a picture in the other thread of the files NTUSER. and LOGFILES~~ on my c drive.

computer runs great. i love this second generation I 5. i just think some things are not right, and i obviously have some things to learn myself.

#4 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 15 May 2012 - 06:43 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:37 AM

Posted 15 May 2012 - 07:25 PM

Norton ccSvcHst.exe
AVG avgwdsvc.exe
Windows Firewall Disabled!

This still shows that there are 2 installed Antivirus programs in processes, please use the Norton removal tool, even if it has some time to run.
Norton has a deal with many in the computer industry to install their A/virus free as promotional material, this is why a removal tool is available -
Removal Tool >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
You may need to first remove the item from Programs and Features, unless it has a program uninstaller, and then also run the Removal tool

Now just recheck that the Micrisoft Firewall is actually turned on also -

Your system seems to be a good one, as long as you keep the protection enabled and updated.
There are many good features in a new Windows7 system, and I do agree it takes time to find all the "bugs" in any new system

Good luck with finding your way around it - - :thumbup2:

#6 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 24 May 2012 - 01:30 AM

Ok, back,finally i got a virus name. Caught by bitdefender 2013.... Beta. :) wow what a hard mo fo to find. and research so this may be just a piece to the puzzle. im infected bad with some black hacker crap. Full control. I do believe my old roommate did it, and i would love to catch him in either d.e.p. system, or maybe through micrsoft 3.5 network tracer program. i dont know if you are familiar with this? Microsofts Port Scanner Program? Anyways here is a link, and the name.


Found during Auto Pilot of Bit Defender 2013 beta.
Gen:Trojan.Heur.P@J4@fyt8kHbi

https://www.google.com/#hl=en&gs_nf=1&tok=_vRQpyuU97EvGWQBVvscxA&cp=29&gs_id=5z&xhr=t&q=Gen%3ATrojan.Heur.P%40J4%40fyt8kHbi&pf=p&sclient=psy-ab&oq=Gen:Trojan.Heur.P%40J4%40fyt8kHbi&aq=f&aqi=&aql=&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.,cf.osb&fp=43ca00f83d9a1a7e&biw=741&bih=710

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,280 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:37 PM

Posted 25 May 2012 - 07:54 AM

Reference: You have an open malware topic at http://www.bleepingcomputer.com/forums/topic452029.html/page__st__30 .

Please...respond to that topic until it is complete.

Now that your malware topic is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users