I got this computer for about a year from my cousin, I have limited knowledge of what is installed in the computer. Few weeks ago, I lent the computer to one of my classmate sitting next to me for about 30 minutes. During this period, I paid much of the attention to the class, and did not really notice anything strange what he is doing (Note: there cant be major physical hacking going on, as the guy is not computer savy and there is no particular noise in typing). After I got my computer back, I checked to see the browser history and the tab history - nothing strange. HOWEVER, what bothers me is the constantly appearing logs in the event viewer (event id 1042) in the C:\Users\user\AppData\Local\Temp\Rarsfx0\installer_msi_win.msi , just 3 hours after lending the computer to him, and 48 hours later installing the asktoolbar into my computer. I do not know what is rarsfx0 is, and Rarsfx1 starts appearing after two weeks or so. I got so paranoid to a point that I decided to use various tools to find out the root (I even did not study for my final exams!) (WILL POST THE LOGS LATER!):
- With event viewer - after uninstall the Akamai Netsession interface, rarsfx1 and rarsfx0 have gone. It seems the app is either corrupted or hacked
- With malwarebytes - asl.a, BProtector, vuzeremoteTB.A, conduit and conduit.A in adwcleaner, riskwaretool.ck, and oneclickdownloader in google chrome
- With avast - caught installrex and onclickdownloader (1click seem to be reappearing, as I have caught it in 2 occasions)
- With roguekiller - there are three partition tables, one being HIDDEN! disableregistrytools (0), HOST file - %SystemRoot%\System32\drivers\etc\hosts, [BSP] Windows Vista MBR code (I am using WINDOWS 7 !!!)
- With Gmer - Bsod appeared!
It comes to my mind that the Vuze downloader (or what ever the name is) might be the origin of the problem. I originally have no knowledge what a P2P is, until I saw some reports relating to P2P hacking posted 5 years ago. I therefore want it to be remove completely, but I do not know how to resolve the problem. I have some question I would like to ask: What information can the hacker obtain when hijacking the web browsers? What can hackers do when remote hacking via P2p? Does a BSOD after running the GMER scan indicates the existance of rootkits? I have invested a lot of time to find out the issues, I hope I could get a helping hand.
Edited by msecrets911, 03 June 2014 - 08:03 AM.