Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need some GOOD Advice......


  • Please log in to reply
12 replies to this topic

#1 rmshaffer

rmshaffer

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:11:47 PM

Posted 13 January 2013 - 06:05 AM

OK, it won. I had to ship my new laptop to HP today to be replaced after whatever it was finally destroyed my hard drive. I am not very computer "savvy" so I would really appreciate some advice before my new computer gets here.
Heres the problem since I cant get any logs or anything. I personally didn't realize this could happen........
I noticed my browser didnt look the same one morning is how it started. I know my computer was being remotely accessed, that they were running an "Emulator" to run windows vista and internet explorer 5. There were tons of powershell commands and i have never even opened that, let alone know what to do with it. There were alot of schemas, dlls with mui extensions, my registry was taken over as well as my group policy. I even found a blocked pages file which explains the weird 403 messages I got when trying to go to certain websites. From what info I gathered it seems to be connected to WebUi or something like that. My personal emails are non existent, I can only seem to accumulate the strangest junk mail, none of the certificates for secured sign ins are valid either. I.E: my yahoo email which I have had for almost 15 years. None of the security checks they have work. My facebook page seems to be "scripted" as well. I got rid of a year old desktop computer a few months ago for the same issues. I just thought it was something I did. Now I spent a great deal of $$ on a new HP Pavilion dv7-7121 laptop and when I finally find the problem or at least what i think it is, my computer died. Completely. It wont boot up at all. The repair disk doesn't work either.
I would love to know "Why" but I will settle for how to stop this grimy piece of
whatever from coming back. Can someone please give me some advice? My anti-virus is basically a pretty desktop icon that serves no purpose as it doesnt detect a single thing. Ever. I dont get updates, well I do but apparently they are redirected. My firewall is on but the policy has been rewritten. HELP!!! Please, any information I can give you just ask. I was running windows 7 64-bit pro version. Microsoft security essentials. I use my computer mostly just on weekends to stay in touch with my daughter who just got married and moved to florida, and to play games on a favorite site that I pay for.
Thanks for taking the time to read this, i sincerely hope someone can help.

BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:47 AM

Posted 13 January 2013 - 02:26 PM

Here's a good start: Paragraphs.:whistle: :P

>>>OK, it won. I had to ship my new laptop to HP today to be replaced after whatever it was finally destroyed my hard drive. I am not very computer "savvy" so I would really appreciate some advice before my new computer gets here.

Heres the problem since I cant get any logs or anything. I personally didn't realize this could happen........I noticed my browser didnt look the same one morning is how it started. I know my computer was being remotely accessed, that they were running an "Emulator" to run windows vista and internet explorer 5. There were tons of powershell commands and i have never even opened that, let alone know what to do with it. There were alot of schemas, dlls with mui extensions, my registry was taken over as well as my group policy. I even found a blocked pages file which explains the weird 403 messages I got when trying to go to certain websites.

From what info I gathered it seems to be connected to WebUi or something like that. My personal emails are non existent, I can only seem to accumulate the strangest junk mail, none of the certificates for secured sign ins are valid either. I.E: my yahoo email which I have had for almost 15 years. None of the security checks they have work. My facebook page seems to be "scripted" as well. I got rid of a year old desktop computer a few months ago for the same issues. I just thought it was something I did. Now I spent a great deal of $ on a new HP Pavilion dv7-7121 laptop and when I finally find the problem or at least what i think it is, my computer died. Completely. It wont boot up at all. The repair disk doesn't work either.

I would love to know "Why" but I will settle for how to stop this grimy piece of whatever from coming back. Can someone please give me some advice? My anti-virus is basically a pretty desktop icon that serves no purpose as it doesnt detect a single thing. Ever. I dont get updates, well I do but apparently they are redirected. My firewall is on but the policy has been rewritten. HELP!!! Please, any information I can give you just ask. I was running windows 7 64-bit pro version. Microsoft security essentials. I use my computer mostly just on weekends to stay in touch with my daughter who just got married and moved to florida, and to play games on a favorite site that I pay for.

Thanks for taking the time to read this, i sincerely hope someone can help. <<<

Edit to add: >>>they were running an "Emulator" to run windows vista and internet explorer 5.<<<
:blink: :huh: Posted Image

Edit again: Just saw your reply below, D'oh, my bad...Hope you're not offended :) Did you REALLY mean Internet Explorer 5??? That has to be a mistake...

Edited by Union_Thug, 13 January 2013 - 02:42 PM.


#3 rmshaffer

rmshaffer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:11:47 PM

Posted 13 January 2013 - 02:35 PM

Sorry for the "sentence structure", I was typing this on my phone :(

#4 rmshaffer

rmshaffer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:11:47 PM

Posted 13 January 2013 - 03:09 PM

No, I really meant it. Every IE file said "IE 5". Could it be a "version" instead?
I didn't have Mozilla firefox downloaded but it was there too. My biggest concern is will I get it again? Obviously this thing is following me.
And no offense taken :P I promise I really did get an "edumacation"!

#5 rmshaffer

rmshaffer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:11:47 PM

Posted 14 January 2013 - 01:23 AM

I should also tell you not only was windows update diverted but system restore never had any restore points available even though I created them.

#6 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:47 AM

Posted 14 January 2013 - 06:11 AM

No, I really meant it. Every IE file said "IE 5". Could it be a "version" instead? ...


Ahh, I see. You're seeing "Content IE5" files/folders which are valid Temp file directories/sub-directories. When a user surfs the Net using Internet ExPLODEr all the cache files are stored in his/her own profile, i.e.

C:\Documents and Settings\[USERNAME]\Local Settings\Temporary Internet Files\Content.IE5\


I have 6 such folders on my Windows 7 system.

Posted Image

If I were in your shoes I'd start a topic in the Am I infected? What do I do? forum where you'll get more/more specialized attention as what you're describing--a seemingly heavily infected system--is way beyond my pay grade/ability lol.

Good Luck!

Edited by Union_Thug, 14 January 2013 - 11:14 AM.


#7 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:47 AM

Posted 14 January 2013 - 11:25 AM

Just saw your topic from May 2012, Boopme (Global Moderator) instructed you to post in the Virus, Trojan, Spyware, and Malware Removal Logs forum back then...

Dunno why you seem reluctant to do so?

#8 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:47 AM

Posted 14 January 2013 - 12:11 PM

If I were in your shoes I'd start a topic in the Am I infected? What do I do? forum where you'll get more/more specialized attention as what you're describing--a seemingly heavily infected system--is way beyond my pay grade/ability lol.

Good Luck!



As was mentioned in the first post

I had to ship my new laptop to HP today to be replaced after whatever it was finally destroyed my hard drive.

I cant get any logs or anything


Seems to me that since rmshaffer does NOT have the laptop it would be impossible to run tools and post logs.

At this point she is wanting to know how to prevent such issues in the future.

Regarding the topic from May in AII

I am running windows xp pro right now on a dell computer


This topic concerns an HP.

However, someone could have helped get rid of the infections on the Dell and the HP in Am I Infected or Malware Removal Logs.

Edited by Queen-Evie, 14 January 2013 - 12:22 PM.


#9 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:47 AM

Posted 14 January 2013 - 04:29 PM

Good advice time: DO NOT LET THE BOYFRIEND ANYWHERE NEAR YOUR COMPUTER if you haven't kicked him to the curb. The sites you mentioned in your AII topic can be a source of infection. And if he is a jerk and is half-way smart he can hack into your computer and cause it to do weird things.

#10 rmshaffer

rmshaffer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:11:47 PM

Posted 14 January 2013 - 07:42 PM

Right after I posted last year THAT computer crashed. Thats why I didn't do anything. I am looking for good prevention, I think!!! I just don't want this to happen again. I can open a post in the other section when I get my computer back though. Does anyone know why my "certificates" for yahoo and google are showing up "untrusted" even on my phone?
The whole boyfriend thing needs an entirely different forum!!!!
Thanks for all the advice :)

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:47 PM

Posted 14 January 2013 - 08:00 PM

My anti-virus is basically a pretty desktop icon that serves no purpose as it doesnt detect a single thing

From your Post#1 -
Time to try and remember what Antivirus and Antimalware programs are installed -
Do you now have the computer back or what is the current situation with it ??

A quick way once you have the computer in your hands is this ......................................

Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and copy / paste the result (Result.txt).

From there we can see any protection installed, and if you require extra -

Regards -

#12 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:03:47 AM

Posted 14 January 2013 - 08:05 PM

Good advice time: DO NOT LET THE BOYFRIEND ANYWHERE NEAR YOUR COMPUTER if you haven't kicked him to the curb. The sites you mentioned in your AII topic can be a source of infection. And if he is a jerk and is half-way smart he can hack into your computer and cause it to do weird things.


Best. Post. EVER! :P

#13 rmshaffer

rmshaffer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:11:47 PM

Posted 15 January 2013 - 12:27 AM

I don't have it back yet :( Waiting patiently......
Boyfriends are like Slinky's - absolutely good for nothing but it sure is fun to push 'em down the stairs:p




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users