Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need a Pro to help with my battle to expose these constant attackers


  • This topic is locked This topic is locked
6 replies to this topic

#1 BInarybaited

BInarybaited

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 03 March 2014 - 01:47 AM

Hey guys .i am in a constant battle with very intelligent hackers,i have an idea who they are ,ive managed to stay ahead of the constant trip wires i dont know how i seen them but have managed to avoid an alll out attack ,thanx to the people in this forum along with the awesome software i was recommended to use..so if your up for some excitement let me know. ,ASAP before i get locked off line again.by their tactics to keep me from gaining important info against them.

 

I have collected a huge amount of info ,obviously they can follow me what ever im doing online ,,in the last  3 or 4 days i had found  the hook.dll  hidden in my browser files ,a  large saved http adress file i collected that looks like it has the advapi.exe attached to it. they have altered my registry to do sneaky little minor things most would miss only caught by me because of certain odd things happening in those priceless error logs..just today a boot metrics error pops up seems the value was changed in the registry to a 5 hour difference in sync time..the boot  was altered to a false positive ....they got me on that one..only  cause i was really tired. and managed to set up more little tricks to keep an eye on me.

my browsers got hijacked and i found a real player  directory in the registry only  with a huge amount

of  data listed under a user that tries to logon with advapi with the same profile S-1-5-21 3045057641.

there are 2 of these in the registry both different .

 

Ive done traces of alll  types ,and im finding all kinds of things after ive done the trace to hide their trails..but they always leave a trail of open folders being in a hurry to exit..as of now i am trying to find my diagnostic services  services client  policy to get rid of this ALL APPLICATIONS PACKAGE  that has attached itself to pretty well everything...i feel a complete failure of windows coming from this one..how can i get this name out of the security group.win 8   this user came up attached to my browser and the all appps pack..S-1-15-2-1 the app i found it in has zip files in my norton  antivirus 

folder ..it looks like it could be attached to my ATI folder  and asus  as welll...

 

i disabled the z7  zip files as they looked active and ready to deploy .the folder with my net connections had a restriction i had to remove in order to get back online..only because i used the power shell to remove it .i have the netdevil 12dll trojan  and malware that wasnt stated also im sure i have  a rootkit .i am up against a game developer who doesnt want his mistakes made public..

from an old  full sql server using old M.S software that caused a system crash of millions leading to major computer problems for the newer systems.mostly dells.,,a continous  looping reboot caused by memmory  leaks.  .Are you up for a battle..maybe you might be able to cash in ..thanx  



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 08 March 2014 - 01:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/526319 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 BInarybaited

BInarybaited
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 08 March 2014 - 05:44 AM

I am having problems just trying to stay online ..I tried the dds,com  I shut all my antivirus programs off

and all the internet explorer settings .I even tried to install in dos mode.i keep getting error ,this program cant run in compatibility

mode I sent I few emails and I see none have made it here ,so im thinking email is toast ,I got a warning message from Microsoft to change my email log in to a user name with a code.im running  win 8.1 I just upgraded yesterday and I got this weird looking folder

called  $B.T WINDOWS $ I  cut it and pasted it in a safe drive.along with an asus folder that gave me trouble that came from an update , I looked for that weird folder today and its completely gone and the asus folder as well

my bitdefender and win defender programs settings were changed and can only be changed by a password.  the internet setting

suddenly quit. .I had to redo that as well.  these guys want in  bad ..but im runnin out of ideas.



#4 BInarybaited

BInarybaited
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 08 March 2014 - 05:48 AM

ON my laptop computer .a friend uses ,it  was totally changed from when I set it up justa few days earlier.the

connection came from the user folder shortcut to desktop connections.services turned off and almost a bridged connection to my  system.. which is what they were trying for.



#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:11 AM

Posted 14 March 2014 - 06:48 PM

Hello Binarybaited, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:11 AM

Posted 17 March 2014 - 04:37 PM

Do you still need help?


Best Regards,
oneof4.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:11 AM

Posted 20 March 2014 - 04:39 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users