Hi. I just posted something and it was instantly deleted. I am being constantly hacked by a persistent hacker it seems, I guess this will be deleted as well but I will try again...
anyway, I have been messing around with windows xp again on one of my slower comps having downgraded it from win7. I have reformatted several times and I believe I need to flash my bios as it seems likely I may have a brutal firmware virus because strange symptoms always return.
woah... as I am writing this I happened to have malwarebytes open (I don't keep it open) and it just said ''successfully blocked connection to 'incoming' suspicious site''. geez... I guess I am infected? Maybe I should leave it up permenantly. heh. Another bizarre thing I noticed was in task manager I had this filename b4523-43532b-512234g-7hbh34-43g.com running. I looked where it was and it was located in super anti spyware's directory. I don't think this is a normal SAS file is it? I closed it and deleted it and SAS still seems to work. What the heck was that?
Anyway, the PRIMARY symptom I notice is that occasionally I get these hard drive sounding shut down/restarts. Maybe it's a cpu fan shut down/re-activate, I'm not sure. What happens is the pc fan will entirely stop for several seconds, then I will hear a winding whine type noise and it will reactivate. During this point the os temporarily freezes (even the touchpad) and It sometimes happens repeatedly over and over and over and then will not happen for hours. Does this sound like suspicious activity? I have run many many scanners and anti-rootkit scanners and adware malware scanners. One thing to note is when I run mbar, it halts at desktop.ini and seems to get stuck there.
JRT found some ie type things which it deleted. nothing else really reports anything. Is there a scanner which will scan the chipset/bios/hardware? I guess this can't exist but I have read that a virus can attach itself to the firmware of even a videocard or hard drive (in addition to bios).
Thanks for help getting me started... wow, mbam just said it successfully blocked access to a potentially suspicious site (AGAIN)... and this is popping up every few minutes now. I haven't been doing anything else while writing this article and it is the only web page up. I guess I will leave mbam up permenantly, heh. it is blocking both 'incoming' and 'outgoing' accessing, and the ip's seem to be different every time.
Sorry for the length of this message but there are alot of strange behaviours as you can see... thanks
Edited by effingmalware, 25 August 2013 - 01:22 PM.