Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running very strange, maybe infected?


  • Please log in to reply
1 reply to this topic

#1 ANONOMII

ANONOMII

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 April 2013 - 06:54 PM

Hey everyone, Let me first tell you the details of my computer:

 

  • Microsoft Windows 7 Professional Version 6.1.7601 Service Pack 1 Build 7601
  • Gateway NV54 x64 based PC * Pentium Dual-Core CPU T4400 @ 2.20GHz, 2200 Mhz, 2 core(s)
  • Phoenix Technologies LTD v1.30 BIOS Version/Date
  • SMBIOS Version 2.5 
  • Installed Physical memory (RAM) 4.00 GB
  • Total Physical Memory 3.93GB
  • Available Physical Memory 1.52GB
  • Total Virtual Memory 7.86GB
  • Available Virtual Memory 5.01GB
  • Page File Space 3.93 GB.
  • 321GB of hard drive space

 

Now, the problem I am having and it seems kind of strange to me. I had VMware on my PC and I uninstalled it because I didn't need it anymore but everything was working fine when it was on my PC. I also have a VPN on my computer and everything has been working fine until last night. I also tried to install a MAC Spoofer and that is when I realized I had a problem. The VPN gives me an error when I try to connect saying "Unable to connect to the service, please try again later." and whenever I save a file and then try installing it, I get an error saying that it was unable to connect. When I tried installing the Mac Spoofer, I downloaded it from CNET to give it a try and I have to use their personal downloader and when you download it, and try to install a program with it, it has to download it through the program. Well that software gave me an error saying 'Unable to connect, Connection is either down or firewalled." So i disabled my firewall and got the same problem. But what is really strange is, I downloaded and installed Java not to long ago and a couple other programs and they all work just fine. I also have a torrent program that is downloading stuff at this moment. I can download anything I need to in Internet Explorer, Firefox, TOR, etc. But can't connect unless it is running through a torrent or a browser.

 

Today, I installed Malwarebytes, and I re-installed McAfee Anti-Virus and scanned and it said I had 8 infections, and 3 of them were 'Hack-tools' so I cleaned the infections and everything is acting the same way. I also installed COMODO Firewall today and I ran into some things that got my attention, but I will get to that soon enough. Also, on my PC I have a program called Keyscrambler. Every once and a while it will reverse the action. So when I type Google rather than encrypting it in the program, it will do it reversed. So I will get 99fa#4 rather than Google, and then it goes right back to the correct way. My computer just seems to be running very slow lately and that was what got my attention.

 

I was looking at my startup entries and this is what was starting up. The one with the starts next to it is what got my attention, but if you see anything interesting let me know!

 

  • Microsoft Windows Operating System
  • Intel® Common User Interface
  • Intel® Common User Interface
  • Intel® Common User Interface
  • Microsoft Security Client
  • Microsoft SkyDrive
  • Brother Status Monitor Application
  • Java™ Platform SE Auto Updater
  • **WindowsError**
  • KeyScrambler

 

All of these seem to be normal besides the WindowsError. A little more on that entry:

  • Manufacturer: ABC
  • Command: C:\Windows\SysWOW64\MSNavgnt.exe
  • Location: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

 

MSNavgnt.exe was also a process that was running on my computer. It has never been there before. I stopped the process and deleted it form the SysWOW64 Folder. But I do not know where to find 'HKLM'.

 

Now, the other thing that caught my attention was when I installed COMODO Firewall. Within around 4 hours, it says 'Firewall has blocked 413 intrusion(s) so far. I had '128 outbound connections' and '5 inbound connection'. When I look at the intrusion detections I find this:

 

  • The application Windows Operating System
  • Source IP 192.168.05
  • Source Port 58050
  • Detination IP: 192.168.0.7(MYIP)
  • Destination IP 2869

There is a bunch from the Windows OS going from ports, and they all seem to be going to the 2869 port. Which I know is a port for hackers. There is also IPs from 77.30.144.23 going from source port 59612 to 16291 and the list goes on. I took exported them to a .html doc and uploaded it so you guys can see and maybe help me.

 

I have tried going to Internet Options and setting to automatically detect settings and that hasn't fixed anything, I deleted the MSNavgnt and that didn't help, I have also ran virus scans and that didn't help! I'm running out of ideas.

 

Here is the link to prove the file is safe, I know some people are worried about that. http://vscan.novirusthanks.org/analysis/265b63121c6d07d71840ff7bc78569eb/Zm91bmQtaHRt/

 

Any help would be appreciated!

I have posted this problem in 4 forums and no one is helping me!! Please help!


Edited by ANONOMII, 26 April 2013 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:04 PM

Posted 27 April 2013 - 05:25 AM

Hello and Welcome -

First - If you are posting at other forums, please stay with one and only reply to that one.

You mention "and I re-installed McAfee Anti-Virus", do you normally run an Antivirus program (free or paid version).

 

This program will just scan for Antivirus and similar installed security programs -
Download Security Check by Screen317 from Here
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* If the program seems to stall for a few seconds, it is just gathering information.
* A Notepad document should open automatically called checkup.txt; please Copy / Paste the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users