Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ISP cut me off because of large amounts of mails sent


  • Please log in to reply
14 replies to this topic

#1 eshoxx

eshoxx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 02 May 2014 - 06:43 AM

Hi all,

 

My internet provider has shut down my connection. They say that large amounts of e-mails have been send using my mail-account. This is the account that I got from the provider. I never use that to send mail, but I did put a strong password on it.

 

I have scanned my pc with the following tools with no results:

Symantec endpoint protection

MBAM

Spybot S&D

Kaspersky antivirus

F-secure online scan tool

 

Also all my applications are up to date (win7 64bit), I have Online Armor firewall installed and windows firewall enabled.

 

They say that they can only reconnect me when I prove to them that I have found something (virus, trojan, ...) and that I have removed it.

 

My wifi network is also being used by another PC (which was not powered on at the time the e-mails were send according to my ISP), an iphone, a samsung phone, an ipad and a Synology NAS. All have up-to-date software. The NAS also has its firewall and antivirus enabled.

 

From my experience with computers and virus scanning from the last 20 years or so my opinion is that all hardware is clean.

However, my ISP says that there MUST be a virus or trojan somewhere.

 

Where to start investigating?

 

Hope you guys can help me.

 

Eshoxx



BC AdBot (Login to Remove)

 


m

#2 RedRay

RedRay

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 02 May 2014 - 08:44 AM

People can get you password by connecting to your internet and stealing your cookies using tools like cain and abel.  Cookies may contain your password so make sure that you trust anyone using your internet.



#3 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 May 2014 - 03:57 PM

Anyone with some real help? Should some or something?
Ran emsisoft, mbam, superantispyware, hitman pro, jrt, spyware terminator, etc and all came up clean...

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 03 May 2014 - 09:42 PM

Hello -

Please start Here with TCPView
Publisher: Microsoft
Platform: Windows | Category: Network Traffic Analyzers | Total Downloads: 15,061 | Downloads last week: 148
Added on September 20, 2012

TCPView is a handy little program that allows you to see the network activity on your computer.  When run, you will be able to see what remote devices or computers that your individual programs are communicating with as well as what programs are waiting for connections.

This has been the #1 tool for quite some time in seeing if a "Hacker" or other person is using your system without your permission. It will record IPs that access your system and keep a regular trace of your history.
Look for any regular outside attempts, or unknown IPs and we can try to track them.



#5 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 May 2014 - 06:01 AM

Hi Noknojon,

Thanks for your answer.

 

I ran TCPview and got the following log:

Since i no longer have an internet connection, nothing much is shown here.

 

I made another log when I reestablished my connection using my mobile phone (which I am using now to type this reply on my laptop.

 

First log:

AppleMobileDeviceService.exe 2904 TCP mypc_PC_033 49156 localhost 5354 ESTABLISHED
mDNSResponder.exe 2968 TCP mypc_PC_033 5354 localhost 49156 ESTABLISHED
System 4 TCP mypc_PC_033 icslap localhost 50042 ESTABLISHED 2 6.021 1 233
svchost.exe 488 TCP mypc_PC_033 50042 localhost icslap ESTABLISHED 1 233 5 8.389
[System Process] 0 TCP mypc_PC_033 wsd localhost 50051 TIME_WAIT
AppleMobileDeviceService.exe 2904 TCP mypc_PC_033 27015 mypc_PC_033 0 LISTENING
lsass.exe 760 TCP mypc_PC_033 49153 mypc_PC_033 0 LISTENING
lsass.exe 760 TCPV6 mypc_pc_033 49153 mypc_pc_033 0 LISTENING
mDNSResponder.exe 2968 TCP mypc_PC_033 5354 mypc_PC_033 0 LISTENING
services.exe 748 TCP mypc_PC_033 49157 mypc_PC_033 0 LISTENING
services.exe 748 TCPV6 mypc_pc_033 49157 mypc_pc_033 0 LISTENING
spoolsv.exe 2376 TCP mypc_PC_033 49158 mypc_PC_033 0 LISTENING
spoolsv.exe 2376 TCPV6 mypc_pc_033 49158 mypc_pc_033 0 LISTENING
SpotifyWebHelper.exe 6356 TCP mypc_PC_033 4370 mypc_PC_033 0 LISTENING
SpotifyWebHelper.exe 6356 TCP mypc_PC_033 4380 mypc_PC_033 0 LISTENING
svchost.exe 572 TCP mypc_PC_033 epmap mypc_PC_033 0 LISTENING
svchost.exe 764 TCP mypc_PC_033 49154 mypc_PC_033 0 LISTENING
svchost.exe 1036 TCP mypc_PC_033 49155 mypc_PC_033 0 LISTENING
svchost.exe 4340 TCP mypc_PC_033 49159 mypc_PC_033 0 LISTENING
svchost.exe 572 TCPV6 mypc_pc_033 epmap mypc_pc_033 0 LISTENING
svchost.exe 764 TCPV6 mypc_pc_033 49154 mypc_pc_033 0 LISTENING
svchost.exe 1036 TCPV6 mypc_pc_033 49155 mypc_pc_033 0 LISTENING
svchost.exe 4340 TCPV6 mypc_pc_033 49159 mypc_pc_033 0 LISTENING
svchost.exe 7464 TCPV6 mypc_pc_033 3587 mypc_pc_033 0 LISTENING
System 4 TCP mypc_PC_033 microsoft-ds mypc_PC_033 0 LISTENING
System 4 TCP mypc_PC_033 icslap mypc_PC_033 0 LISTENING
System 4 TCP mypc_PC_033 wsd mypc_PC_033 0 LISTENING
System 4 TCP mypc_PC_033 10243 mypc_PC_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 microsoft-ds mypc_pc_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 icslap mypc_pc_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 wsd mypc_pc_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 10243 mypc_pc_033 0 LISTENING
System 4 TCP 192.168.178.13 netbios-ssn mypc_PC_033 0 LISTENING
wininit.exe 644 TCP mypc_PC_033 49152 mypc_PC_033 0 LISTENING
wininit.exe 644 TCPV6 mypc_pc_033 49152 mypc_pc_033 0 LISTENING
wmpnetwk.exe 4288 TCP mypc_PC_033 rtsp mypc_PC_033 0 LISTENING
wmpnetwk.exe 4288 TCPV6 mypc_pc_033 rtsp mypc_pc_033 0 LISTENING
[System Process] 0 TCP 192.168.178.13 icslap 192.168.178.70 51556 TIME_WAIT
svchost.exe 488 TCP 192.168.178.13 50050 192.168.178.18 6357 ESTABLISHED
[System Process] 0 TCP 192.168.178.13 50039 192.168.178.17 5000 TIME_WAIT 1 622 1 1.023
AppleMobileDeviceService.exe 2904 UDP mypc_PC_033 49154 * *
AppleMobileDeviceService.exe 2904 UDP mypc_PC_033 49155 * *
mDNSResponder.exe 2968 UDP mypc_PC_033 49152 * *
mDNSResponder.exe 2968 UDPV6 mypc_pc_033 49153 * *
mDNSResponder.exe 2968 UDP 192.168.178.13 5353 * * 13 2.488 33 4.416
mDNSResponder.exe 2968 UDPV6 [0:0:0:0:0:0:0:1] 5353 * * 1 34
spoolsv.exe 2376 UDP mypc_PC_033 54656 * * 69 5.382 234 3
svchost.exe 1036 UDP mypc_PC_033 isakmp * *
svchost.exe 4736 UDP mypc_PC_033 ssdp * * 72 33.723 885 212.609
svchost.exe 488 UDP mypc_PC_033 ws-discovery * * 54 39.616
svchost.exe 4736 UDP mypc_PC_033 ws-discovery * * 10 12.310 86 78.336
svchost.exe 1036 UDP mypc_PC_033 ipsec-msft * *
svchost.exe 4736 UDP mypc_PC_033 55400 * * 28 27.776
svchost.exe 1036 UDPV6 mypc_pc_033 500 * *
svchost.exe 4736 UDPV6 [0:0:0:0:0:0:0:1] 1900 * * 1 146
svchost.exe 7464 UDPV6 mypc_pc_033 3540 * * 24 18.738
svchost.exe 488 UDPV6 mypc_pc_033 3702 * *
svchost.exe 4736 UDPV6 mypc_pc_033 3702 * *
svchost.exe 1036 UDPV6 mypc_pc_033 4500 * *
svchost.exe 4736 UDPV6 mypc_pc_033 55401 * *
svchost.exe 4736 UDPV6 [fe80:0:0:0:715e:68a9:cea2:bf64] 1900 * *
svchost.exe 1736 UDPV6 mypc_pc_033 5355 * * 162 4.604
svchost.exe 488 UDP mypc_PC_033 ntp * *
svchost.exe 4736 UDP 192.168.178.13 ssdp * *
svchost.exe 4736 UDP 192.168.178.13 59490 * * 67 8.747 93 30.235 316 1
svchost.exe 4736 UDP mypc_PC_033 59491 * * 67 8.747 5 2.064
svchost.exe 488 UDPV6 mypc_pc_033 123 * *
svchost.exe 4736 UDPV6 [fe80:0:0:0:715e:68a9:cea2:bf64] 59488 * *
svchost.exe 4736 UDPV6 [0:0:0:0:0:0:0:1] 59489 * * 166 61.378
svchost.exe 1736 UDP mypc_PC_033 llmnr * *
svchost.exe 488 UDP mypc_PC_033 ws-discovery * *
svchost.exe 488 UDP mypc_PC_033 52189 * * 4 2.496 3 3.675
svchost.exe 488 UDPV6 mypc_pc_033 3702 * *
svchost.exe 488 UDPV6 mypc_pc_033 52190 * *
svchost.exe 4736 UDP mypc_PC_033 ws-discovery * *
svchost.exe 488 UDPV6 mypc_pc_033 3702 * *
svchost.exe 488 UDP mypc_PC_033 59313 * * 4 2.624 2 2.470
svchost.exe 488 UDPV6 mypc_pc_033 59314 * *
System 4 UDP 192.168.178.13 netbios-ns * * 156 8.232 151 8.018
System 4 UDP 192.168.178.13 netbios-dgm * * 18 3.565 20 3.949
wmpnetwk.exe 4288 UDP mypc_PC_033 5004 * *
wmpnetwk.exe 4288 UDP mypc_PC_033 5005 * *
wmpnetwk.exe 4288 UDPV6 mypc_pc_033 5004 * *
wmpnetwk.exe 4288 UDPV6 mypc_pc_033 5005 * *
svchost.exe 1736 UDP mypc_PC_033 53783 * * 5 210 42 1
kss.exe 628 UDP mypc_PC_033 50681 * * 1 49
kss.exe 628 UDP mypc_PC_033 50682 * *
svchost.exe 1736 UDP mypc_PC_033 62387 * *
 
 
Second log:
AppleMobileDeviceService.exe 2904 TCP mypc_PC_033 49156 localhost 5354 ESTABLISHED
mDNSResponder.exe 2968 TCP mypc_PC_033 5354 localhost 49156 ESTABLISHED
[System Process] 0 TCP mypc_PC_033 wsd localhost 50132 TIME_WAIT
wmpnetwk.exe 4288 TCP mypc_PC_033 50097 localhost icslap ESTABLISHED 1 189 5 7.983
System 4 TCP mypc_PC_033 icslap localhost 50097 ESTABLISHED 2 5.615 1 189
AppleMobileDeviceService.exe 2904 TCP mypc_PC_033 27015 mypc_PC_033 0 LISTENING
lsass.exe 760 TCP mypc_PC_033 49153 mypc_PC_033 0 LISTENING
lsass.exe 760 TCPV6 mypc_pc_033 49153 mypc_pc_033 0 LISTENING
mDNSResponder.exe 2968 TCP mypc_PC_033 5354 mypc_PC_033 0 LISTENING
services.exe 748 TCP mypc_PC_033 49157 mypc_PC_033 0 LISTENING
services.exe 748 TCPV6 mypc_pc_033 49157 mypc_pc_033 0 LISTENING
spoolsv.exe 2376 TCP mypc_PC_033 49158 mypc_PC_033 0 LISTENING
spoolsv.exe 2376 TCPV6 mypc_pc_033 49158 mypc_pc_033 0 LISTENING
SpotifyWebHelper.exe 6356 TCP mypc_PC_033 4370 mypc_PC_033 0 LISTENING
SpotifyWebHelper.exe 6356 TCP mypc_PC_033 4380 mypc_PC_033 0 LISTENING
svchost.exe 572 TCP mypc_PC_033 epmap mypc_PC_033 0 LISTENING
svchost.exe 764 TCP mypc_PC_033 49154 mypc_PC_033 0 LISTENING
svchost.exe 1036 TCP mypc_PC_033 49155 mypc_PC_033 0 LISTENING
svchost.exe 4340 TCP mypc_PC_033 49159 mypc_PC_033 0 LISTENING
svchost.exe 572 TCPV6 mypc_pc_033 epmap mypc_pc_033 0 LISTENING
svchost.exe 764 TCPV6 mypc_pc_033 49154 mypc_pc_033 0 LISTENING
svchost.exe 1036 TCPV6 mypc_pc_033 49155 mypc_pc_033 0 LISTENING
svchost.exe 4340 TCPV6 mypc_pc_033 49159 mypc_pc_033 0 LISTENING
System 4 TCP mypc_PC_033 microsoft-ds mypc_PC_033 0 LISTENING
System 4 TCP mypc_PC_033 icslap mypc_PC_033 0 LISTENING
System 4 TCP mypc_PC_033 wsd mypc_PC_033 0 LISTENING
System 4 TCP mypc_PC_033 10243 mypc_PC_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 microsoft-ds mypc_pc_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 icslap mypc_pc_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 wsd mypc_pc_033 0 LISTENING
System 4 TCPV6 mypc_pc_033 10243 mypc_pc_033 0 LISTENING
wininit.exe 644 TCP mypc_PC_033 49152 mypc_PC_033 0 LISTENING
wininit.exe 644 TCPV6 mypc_pc_033 49152 mypc_pc_033 0 LISTENING
wmpnetwk.exe 4288 TCP mypc_PC_033 rtsp mypc_PC_033 0 LISTENING
wmpnetwk.exe 4288 TCPV6 mypc_pc_033 rtsp mypc_pc_033 0 LISTENING
System 4 TCP mypc_pc_033 netbios-ssn mypc_PC_033 0 LISTENING
chrome.exe 4364 TCP mypc_pc_033 50100 ee-in-f103.1e100.net https ESTABLISHED 6 1.119 10 5.628
System 4 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 50131 ESTABLISHED 2 6.021 1 229
svchost.exe 488 TCPV6 [0:0:0:0:0:0:0:1] 50131 [0:0:0:0:0:0:0:1] icslap ESTABLISHED 1 229 5 8.309
[System Process] 0 TCP mypc_pc_033 50114 81.19.104.72 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50115 81.19.104.39 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50113 81.19.104.36 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50112 81.19.104.33 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50120 80.237.191.2 http TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50111 62.128.100.94 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50110 62.128.100.93 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50109 62.128.100.61 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50108 62.128.100.59 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50107 62.128.100.43 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50116 62.128.100.37 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50105 62.128.100.35 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50103 62.128.100.163 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50102 62.128.100.161 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50101 62.128.100.109 https TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50121 195.122.169.15 http TIME_WAIT
[System Process] 0 TCP mypc_pc_033 50126 195.122.169.15 http TIME_WAIT
chrome.exe 4364 TCP mypc_pc_033 50130 192.168.178.17 5000 SYN_SENT
chrome.exe 4364 TCP mypc_pc_033 50133 173.194.41.100 https ESTABLISHED 30 3.804 159 202.343 3.581 197.174 29 156
chrome.exe 4364 TCP mypc_pc_033 50134 173.194.41.100 https ESTABLISHED
AppleMobileDeviceService.exe 2904 UDP mypc_PC_033 49154 * *
AppleMobileDeviceService.exe 2904 UDP mypc_PC_033 49155 * *
mDNSResponder.exe 2968 UDP mypc_PC_033 49152 * *
mDNSResponder.exe 2968 UDPV6 mypc_pc_033 49153 * *
mDNSResponder.exe 2968 UDPV6 [0:0:0:0:0:0:0:1] 5353 * * 16 2.612 38 4.949
spoolsv.exe 2376 UDP mypc_PC_033 54656 * * 198 15.444
svchost.exe 1036 UDP mypc_PC_033 isakmp * *
svchost.exe 4736 UDP mypc_PC_033 ssdp * * 212 99.708 2.810 701.400 392 1
svchost.exe 488 UDP mypc_PC_033 ws-discovery * * 88 65.696
svchost.exe 4736 UDP mypc_PC_033 ws-discovery * * 16 19.700 160 147.584
svchost.exe 1036 UDP mypc_PC_033 ipsec-msft * *
svchost.exe 4736 UDP mypc_PC_033 55400 * * 58 57.536
svchost.exe 1036 UDPV6 mypc_pc_033 500 * *
svchost.exe 4736 UDPV6 [0:0:0:0:0:0:0:1] 1900 * * 1 146
svchost.exe 7464 UDPV6 mypc_pc_033 3540 * * 224 174.888
svchost.exe 488 UDPV6 mypc_pc_033 3702 * *
svchost.exe 4736 UDPV6 mypc_pc_033 3702 * *
svchost.exe 1036 UDPV6 mypc_pc_033 4500 * *
svchost.exe 4736 UDPV6 mypc_pc_033 55401 * *
svchost.exe 4736 UDPV6 [fe80:0:0:0:715e:68a9:cea2:bf64] 1900 * *
svchost.exe 488 UDP mypc_PC_033 ntp * *
svchost.exe 488 UDPV6 mypc_pc_033 123 * *
wmpnetwk.exe 4288 UDP mypc_PC_033 5004 * *
wmpnetwk.exe 4288 UDP mypc_PC_033 5005 * *
wmpnetwk.exe 4288 UDPV6 mypc_pc_033 5004 * *
wmpnetwk.exe 4288 UDPV6 mypc_pc_033 5005 * *
System 4 UDP mypc_pc_033 netbios-ns * * 195 10.128 159 8.328 150 100 3 2
System 4 UDP mypc_pc_033 netbios-dgm * * 16 3.134 16 3.134
svchost.exe 4736 UDP mypc_pc_033 ssdp * *
svchost.exe 4736 UDP mypc_pc_033 53342 * * 41 5.289
svchost.exe 4736 UDP mypc_PC_033 53343 * * 41 5.289 5 2.064 392 1
svchost.exe 4736 UDPV6 [fe80:0:0:0:715e:68a9:cea2:bf64] 53340 * *
svchost.exe 4736 UDPV6 [0:0:0:0:0:0:0:1] 53341 * * 10 4.056
mDNSResponder.exe 2968 UDP mypc_pc_033 5353 * *
svchost.exe 1736 UDP mypc_PC_033 llmnr * * 98 2.732
svchost.exe 1736 UDPV6 mypc_pc_033 5355 * *
svchost.exe 1036 UDP mypc_pc_033 51656 * * 5 305
svchost.exe 1036 UDP mypc_PC_033 teredo * *
svchost.exe 488 UDP mypc_PC_033 ws-discovery * *
svchost.exe 488 UDP mypc_PC_033 63483 * * 4 2.496 2 2.450
svchost.exe 4736 UDPV6 mypc_pc_033 3702 * *
svchost.exe 488 UDPV6 mypc_pc_033 63484 * *
svchost.exe 488 UDP mypc_PC_033 ws-discovery * *
svchost.exe 4736 UDPV6 mypc_pc_033 3702 * *
svchost.exe 1736 UDP mypc_PC_033 50586 * *
 

Edited by eshoxx, 04 May 2014 - 06:03 AM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 04 May 2014 - 07:13 PM

Hi -

Very hard to pick items from a phone "combined connection" like you have posted.

 

If you had a decent ISP they would have helped you to secure the connection, rather than just throw you out.

Can you call the ISP, or had your contract expired with them when this happened ??

 

Most ISP's will try to help you and make sure you are safe while on-line to promote their business (mine did last week).

 

Can you log the computer on to any network and keep it there for a while to see if there is still any problem.

Are you about to log onto any new ISP in the near future, as this is the best way to get a full log ??



#7 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 08 May 2014 - 04:06 AM

I found a trojan in a file that is not being used anymore (on a second HD). I have deleted this file.

Also I have found some port scan logs and fragmented IP packets being send to me. This was in the routers firewall log.

I have set the security higher and blocked port 25 to prevent all SMTP traffic since I do not need this.

At the time of disconnection I was running Tixati as a torrent client.

 

Could this have been the source of my problems? That Tixati was being used by others to get into my network and send mails from my account?

And how can I prevent this in the future?

Any ideas?

 

Best regards.


Edited by eshoxx, 08 May 2014 - 04:07 AM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 08 May 2014 - 07:57 AM

I found a trojan in a file that is not being used anymore (on a second HD). I have deleted this file.

And how can I prevent this in the future?

Do you have any record of this infection ??
 

Was it caught by your normal Antivirus,, or was it in an Antimalware scan (like Malwarebytes) ??

 

Is your router set with a strong password, and not just Admin and Admin like some are ??

 

I needed to reset my second password again, even though I still use Admin as my first login, then a bigger password after that.

Can you run this for me and Copy / Paste the result ?

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.


Edited by noknojon, 08 May 2014 - 08:00 AM.


#9 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 08 May 2014 - 08:12 AM

I do: I made a screen shot of it. It was found by Superantispyware.

Password change was the first thing I did. Also changed the SSID to something that does not have the vendor name in it.

I will run the SecurityCheck tonight and post the results.


Edited by eshoxx, 08 May 2014 - 08:19 AM.


#10 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 08 May 2014 - 01:38 PM

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spyware Terminator 2012   
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Tall Emu Online Armor OAcat.exe 
 Tall Emu Online Armor oasrv.exe 
 Tall Emu Online Armor oaui.exe 
 Tall Emu Online Armor OAhlp.exe 
 Emsisoft Anti-Malware a2service.exe   
 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE 
 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe 
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

Edited by eshoxx, 08 May 2014 - 03:50 PM.


#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 08 May 2014 - 06:44 PM

Hi -

I am concerned about a few items -

First is that often a full version of Symantec Endpoint Protection will also include a Firewall with the Antivirus program.

Second is if this is true then your Tall Emu Online Armor will be in total conflict with it.

And Third is that you still have Kaspersky Security Scan 2.0 installed, and at times it can be Active unless removed.
That extra active Antivirus program can cancel out your main program and also all protection.

 

Is there any Torrent or P2P Program listed in your Programs ?? Bit torrent ,uTorrent etc, etc,

This (or a combination of these) may explain why they have been able to access your system and relay the information onwards.

 

Finally, Spybot - Search & Destroy can be removed and replaced with Malwarebytes Anti-Malware Free new version.

Install the program, Check for Updates,  and run a Scan for any threats -

 

QUICK EDIT - You said the scan was with SUPERAntiSpyware, but it is not listed in installed security programs ??


Edited by noknojon, 08 May 2014 - 06:48 PM.


#12 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 09 May 2014 - 03:35 AM

I have uninstalled Kaspersky.

Symantec indeed has a firewall built in, but my opinion is that this firewall is not sufficient and not very configurable. That's why I installed Online Armor.

Do you think I should disable the Symantec firewall and only keep the antivirus on?

 

About Spybot and MBAM: MBAM free edition does not provide active protection, that's why I kept Spybot.

 

Superantispyware free edition has the same problem: no active protection and the program does not start itself each time the computer starts (EDIT: ehm, I fixed this now, option wasn't flagged). I think that's also the reason that it did not appear in the log.

 

Isn't it a risk using these free editions that do not start itself and do not update automatically?

 

The torrent client that I use is Tixati. This client was also in use at the time the ISP cut me off.


Edited by eshoxx, 09 May 2014 - 04:59 AM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 09 May 2014 - 07:46 AM

Hi -
Several problems are slowly now showing up -

 

Kaspersky Security Scan 2.0 is only an Online Scanner, "but" you still have this installed, and it can be configured to run Online scans on a "regular basis", so it is better to remove it once you have done the scan ((Was there any results ??)) Uninstall this

 

So we need to run through your programs -

Spybot - Search & Destroy ........ Current Quote from their site - Spybot - Search & Destroy® is still free for private use but now we also have more advanced products for our home users that include active anti virus protection

Spyware Terminator is an adware and spyware scanner with real-time protection that can detect and remove or quarantine spyware, adware, home page hijackers and other malware threats. In addition to real-time protection,

 

Spyware Terminator also offers customizable settings. Other features include automatic updates, scheduled malware scans, Host Intrusion Prevention System (HIPS), scan reports and more. This is an Active tool that should not be used with other Active Antispyware programs...

 

If your Symantec includes a Firewall, and is Updated, there is No Need to add another program, as this can cause problems.

 

Malwarebytes Anti-Malware - Either install the Free or Paid version as it is better than those above, and scan Daily with it.

SUPERAntiSpyware - Install the Free version and scan at least weekly with this -

 

>> The torrent client that I use is Tixati. << This is known for spreading infections as it is not controlled by any central office, and is a free open area to plant infections and follow any person who is logged in.

 

 

After you run the scans from Symantec / MBAM / and SAS you should either keep the reports for posting on forums like this, or empty the Temp Files / Cache with a tool like Temp File Cleaner by Old Timer

Download TFC to your desktop
 • Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.

• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it could automatically reboot your machine,
• if it doesn't, please manually reboot to ensure a complete clean



#14 eshoxx

eshoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 12 May 2014 - 03:12 AM

Hi,

I have uninstalled Kaspersky.

And I ran the TFC utility and rebooted.

I have deleted Spybot.

So now I have:
Malwarebytes anti malware free
Superantispyware free
Symantec endpoint protection
Online armor firewall

Would you advice to just uninstall online armor and only use symantec endpoint, since this is also my standard anti virus program?
Or is is better to go for online armor (as a firewall only)?

Or maybe disable the symantec firewall and just use the antivirus from them and use the online armor firewall?

I have stopped using Tixati. Any suggestions for a secure alternative?

Thanks!

#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:35 AM

Posted 12 May 2014 - 07:41 AM

I have stopped using Tixati. Any suggestions for a secure alternative?

Up to now, I have never found a "Secure" Torrent site, as they are all cross accessed by almost anyone at any time.

 

With the other programs, I feel that it is better for you to decide if you would prefer on how to set these up........

Not being a fan of "Suites", I prefer 1 Antivirus, 1 Firewall, (if pro versions 1 Antimalware) or 2 Antimalware scanners that are not active but Updated on a regular basis and Used on a very regular basis.

These should be the type of program that you trust and you Fully understand how they work.

 

We are always happy to guide you and leave links to specific programs, but if I say that you Must use a specific program ONLY, then this is not what we are here for. I will always say what I think you should not use, but you need to be happy with that also.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users