Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown,unremoveable infection.


  • This topic is locked This topic is locked
10 replies to this topic

#1 As65

As65

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 25 August 2015 - 09:03 AM

hello i'm new to this site but have been trying to keep my p.c. clean from same infections for ages...infection NEVER shows up with ESET SMART SECURITY 8, kaspersky pure. Norton, Malwarebytes.etc..it ALWAYS targets my router making it not able to reset...suspect that they use router as ZOMBIE router as have had ROUTERS attacked with THC-HYDRA previously...i started using a vpn...to keep my internet traffic safe...and because of this i had to use another router as my isp's router didn't work very well with the vpn (so i put isp's router in modem mode) and used my new router. now because of this hackers could NOT get to pc from router...so they HACKED MY FACEBOOK ACCOUNT. implanting unknown infected page into my account (which infects pc,which lets them get access to my router).as this WAS THE ONLY TIME,EVER!! that my anti-virus (eset smart security 8) picked up their activity...now my i.s.p uses dynamic i.p addresses and when my router gets hacked the router is unable to be reset properly...and the dynamic i.p. address which is supposed to change EVERY WEEK becomes stuck to same i.p address.now i have had 3 routers in the last month or so and keep being BREACHED. not sure if hijack this can pick it up,but i suspect that another MARK of the infection is a file C:/Users / ASUS/AppData/Local/Microsoft/Windows/Notifications/WPNPRMRY.tmp.....now this file is usually deleted when i use Revo uninstaller's junk file cleaner.  But when my router is infected this file starts saying "in use by windows or another program".. ahh now i just had a look with REVO and for the first time...the file WPNPRMRY.tmp has vanished from  the junk files cleaner list.THAT file never shows up in the junk files cleaner when pc is CLEAN...only after i log into facebook...then file shows up and is undeleteable...if i re-installed windows and use new router and don't use facebook for let's say 2 weeks that file(WPNPRMRY.tmp)  does not show up in REVO JUNK FILES CLEANER. but when my router starts playing up, its there and i'm unable to delete..might be coincedence that it does this,maybe not but i can't tell which program this file is linked with. well im in double figures with routers i've had to junk..and can't find out how they keep getting to my new routers (with new i.p addresses) unless it's through something that i do frequently,like email or facebook logins or downloading my old photo's from facebook.any help would be very appreciated. THANKS.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 30 August 2015 - 09:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/587978 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 As65

As65
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 30 August 2015 - 10:04 AM

yes i indeed still need your help...have been having issues with network breeches..my routers have been hacked using a program called THC-HYDRA..amongst other things..the reason i know it was this program is because when i did internet searches..normal webpages had hydras all over them for example facebook login page...so i started using a vpn to keep my internet traffic PRIVATE...but as my isp's router does not work well with vpn's i put it in MODEM mode and used a secondary router. (my isp uses dynamic ip addresses).now because of secondary router they hacked my FACEBOOK account inserting a malicious page (VIRUS)..this in turn infected my secondary router...a symptom of the infection is that my dynamic ip (which changed every week,WITHOUT FAIL) is now stuck in same ip address..now i removed secondary router..and used isp's router and only twice did it change ip address over more than 6MONTHS!!! all the while the router was extremely difficult to reset to factory default.i NEVER USE WI-FI..so wi-fi lights are always OFF. but when i reset router...they never turn themselves on!  i can try 6 or 7 attempts to FULLY RESET router but only the password changes back to default..everything else stays the same,like network lease etc etc.now i have changed HARD DISK on pc,installed widows from 8 up to 10 received new router from isp but router has started doing it again,this has been going on for numerous YEARS..with different isp's and differebt pc's and maybe at least DOZEN ROUTERS!!! had 3 in the last month or so.now i know FOR CERTAIN this is deliberate attacks on my network and not hardware failure.now with the last few routers my ip address has changed several times (which seems only way to change my ip,to change router) but this keeps happening.with the last router the LEASE for the ip address was for A WEEK (i checked) but within 30 MINUTES it had changed..and is now stuck with that address..BASICALLY i think either they KNOW ALL the ip addresses that my routers change to, OR a virus continually infects my pc which in turn infects my routers or sends address to hacker which they then use to mess up my router.i can keep changing routers but seems only a matter of time before the get to them!. so i have to somehow identify a way to stop this or identify the virus (which none of my anti-virus' have done)  NORTON,KASPERSKY PURE,ESET SMART SECURITY,COMODO,ZONE ALARM. you name them i probably tried them..only time EVER was ESET SMART SECURITY. logging the FACEBOOK hack.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:40 PM

Posted 01 September 2015 - 09:10 AM

Greetings Andrew and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. The only thing I will be able to address is the state of your computer and whether or not it is clean.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 As65

As65
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 September 2015 - 11:19 AM

i have been trying to copy and paste the logs since yesterday..but have been unable to do so.SUSPECT it's because of HACK..as many time before i have tried to discuss this subject with websites similar to yourselves and ALWAYS experience INTERFERENCE  while doing so..BECAUSE if it IS THE ROUTER then they control my internet traffic. tried to pm 

Machiavelli  several times with my logs because i could not post them.have tried at least 6 times to post these logs. I CAN ATTACH THEM BUT REALISE THIS IS RISKY due to possible infection.EVEN had to change my dns just to get this FAR. the logs kept saying "saving post" but never actually posted them..I suspect that is because you are ABLE TO HELP ME WITH THIS PROBLEM, that's why i'm not being allowed to post.


Edited by As65, 01 September 2015 - 11:24 AM.


#6 As65

As65
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 September 2015 - 11:25 AM

is it possible that i could attach these files and you could view them VIRTUALLY? 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:40 PM

Posted 01 September 2015 - 12:44 PM

Please attach the files to your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:40 PM

Posted 01 September 2015 - 12:52 PM

Please do not send Personal Messages to me or anyone else unless it is in response to one sent to you.

Post all information on this Topic either by means of copy and paste, or attached if requested or the only way you can post information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 As65

As65
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 01 September 2015 - 01:00 PM

Attached File  FRST_30-08-2015_15-29-42.txt   790.71KB   2 downloads  Attached File  Addition_30-08-2015_15-29-42.txt   31.88KB   2 downloadsAttached File  Summary.zip   57.71KB   2 downloads   sorry for PM was the only way i could post logs..but have attached them here...can only attach the files...my computer will not allow me to post them...even using other browser..


Edited by As65, 01 September 2015 - 01:01 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:40 PM

Posted 01 September 2015 - 01:55 PM

Thank you for the information.

Your computer is clean. However, there are errors related to SettingSyncHost that may or may not indicate a permissions problem and may be related to Firewall issues. Because of this I think you should post a Topic in the Windows 10 Forum for starters. They can address the possible Permissions issue. There is also the Firewall Software and Hardware Forum that may be able to provide assistance with the numerous Firewalls you have on your system.

Sorry I am unable to help you here but since there isn't any evidence of malware on your computer this is not the appropriate Forum to address your difficulties.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:40 PM

Posted 01 September 2015 - 07:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users