Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About goscuter1

  • Rank
  1. I believe my reaction was both correct and socially responsible.
  2. This RedHat discussion seems to deal indirectly with the security issue I'm facing. I don't really understand it fully but 100% this is what's going on... https://bugzilla.red...g.cgi?id=526713 nb. my problem is that there are virtualisation management tools there in the first place. Virtualisation that I suspect these hidden drivers are related to? I unticked every single one of them except for the Realtek Lan controller and my system was running brilliantly. At least for a short while....they certainly were not 'default', let alone ESSENTIAL.
  3. I just don't know if you're levelling me or having a laugh. But literally what do you think I've been doing after hours of zero-filling? Just jumping straight on the network? for heaven's sake... GREAT..! HOW DO I GET IT ON MY SYSTEMS? Or am I supposed to secure hash in the corruption, you understand that's what's happening? The second the control order from the disc is launched, the PCI controllers launch into action and execute their preset commands. It's all there in the installation logs, thousands of them. No. It's not normal. That's utter nonsense. And I'm not going to accept anyone else claiming that 50 virtual terminals on a fresh install or BUILTIN Administrator being unable to do squat or really any of this crap from now on. You think it's normal? Fine, reproduce it. I'm sick of hearing that ridiculous line. It jumps around. Quite literally. There's a Q drive on my Dell I can't touch. Doesn't really matter much to me, LIKE IT REALLY DOESN'T CHANGE MUCH FOR ME.
  4. No. It's not paranoia when there are endless breaches. I'm sick right now, I'm just...I lost net connection for a half hour or so and my ISP said there wasn't any problem, so I went in to take a look. Sigh. http://codepad.org/V6M50C5D That explains the Broadcom drivers in my Autoruns. Oh, and if it wasn't obvious, I'm not using Linux at this point in time. But I've seen "squashfs" and "NFS" before, on my systems where I didn't install them. I don't know what this means now, I was about to burn everything under the belief my connection was secure. But, they're coming through NAT and a hardware firewall with a yawn? vomit... They're reactive also. It's incredibly creepy. After those PCI pics, I killed PlugNplay and RpcEptMapper and some other services on my laptop. My desktop crashed and I didn't bother zero-filling, I just formatted and installed Windows again, and they're reactive! I'm not sure what you thought I was doing or trying to do; but I assure you the above has been it for a very long time now. The installation logs of a system that has all networking functionality disabled in BIOS; I even took it down to the other end of my building and checked for Wifi with my phone and in a complete dead spot, installed after a zero-fill format...never been online, the installation logs aren't complex. Yes. I didn't run the processes. Yes, I was root. And unable to access them. Oh it always was. Until I'd lose it being too pesky trying to mount an unknown filesystem on my system. Somewhat rudely; as they were never my filesystems. Yeah you're not really getting it. I absolutely did not want to use AFS, But AFS was accessing my system, so I was attempting to query it. As root, you might note. . Oh good god. I've never run chmod or chown commands in my entire life. I barely do anything except query data until my systems crash. I'm tired of conversations like these; are you just wasting my time? . SO DOES WINDOWS!!! On Launchpad, I had a genius helping me out and he was mostly concerned about AFS accessing my system; more so than I was - I was all fretting over an unexplainable .local domain which was killing Avahi. But I'm using Windows for a few reasons currently, purely functional as I don't know my way around the Terminal yet. And don't have time to learn, because I keep getting pulled into ridiculous conversations proving what I've PROVEN 15 posts back. Or it might be what the evidence has been saying it is all along.
  5. Hardware. Sigh, I just don't know what all these controllers are, but I'm pretty sure they're suspect. This is for my desktop: After a 10 hour DBAN, I don't understand these because this BIOS is flashed. What are all these PCI Unknowns - do you think they're the culprit? This is just more of the scan which starts above. 10 screens of PCI controllers that are too complicated for me to make sense of. I don't really like all the Unknowns. Far too many Unknowns, in this industry... http://i.imgur.com/1uEW5.jpg http://i.imgur.com/9lHFJl.jpg http://i.imgur.com/qrs8Kl.jpg http://i.imgur.com/LTqD4l.jpg http://i.imgur.com/Wbx05.jpg http://i.imgur.com/2Cbt3.jpg http://i.imgur.com/J2Y3a.jpg http://i.imgur.com/Exo9D.jpg I dunno; after a 10 hour DBAN, seeing that just makes my stomach churn and god I hope it's the culprit because I have no other suspects now that my modem / router are looking annoyingly innocent. No DBAN, no you did not. I'm not sure if this meant anything as I think X: is used as the virtual drive for Recovery but I know corrupt files are being pulled from a repository, so the fact that I can't delete them struck me as annoying:
  6. ubuntu 10.4, 10.10 and 11.04 and Mint 10.10. The crashing isn't the concern, crashing is merely a side-effect of being hacked. Very similar problems to Windows but not as rapidly destructive (huge directories and sub-directories of folders /files no one could really explain; all inaccessible with sudo of course; some recursion which slowed my systems down but wasn't really a problem, it just reflected all the virtual terminals that I couldn't access, which were a problem; a lot of permission denied messages logged in as root or with sudo, trying to access SSH connections and services that I didn't install, were certainly not default, and which couldn't be killed by sudo, and even losing sudo altogether trying to uninstall a Samba service which was never installed - the huge directories of samba-related files I couldn't access certainly weren't default - which gave me flashbacks of how this all started with TrustedInstaller over-riding INBUILT Administrator permissions). The rootkit evidence is pretty overwhelming with every OTL, ComboFix, Gmer, HijackThis etc scan I've ever run (*when they run* or *when the options aren't all greyed out*). But I only just realised I've been stupidly distracted by it all the endless side-effects and not getting at the core issue, which is the deployments being recorded in my cbs.log and windowsupdate.log files. Even they aren't the core issue of course; the core issue is hardware hijacking - which is why my endless zero-filling has just been a complete waste of time. I agree it's hardware defects, intentionally created, initially by a rootkit or the criminal Dell service technician they're refusing to take responsibility for. I just don't understand enough (or anything) about the hardware. So I get all distracted by the deployed Microsoft-signed patches screwing up Win7 and the entire hard drive's contents. Microsoft are the WORST. But getting at the root of the problem has forced me back to Window, because of course it's very hard to convince a Linux user that the problems are real - I mean, they're not having them! (this is literally their logic sigh). In Windows, the side-effects are a lot more...overwhelming. Stuff like patched MSSE versions and non-default programs like WinMail being deployed; which all come up as "patched" on Secunia's PSI joke program - no doubt they are patched, but it's a joke program that gives non-default unauthorised installations like WinMail a green 100% thumbs up. They censored my thread politely enquiring about it, of course. Wonderful ethics.). All these drivers were installed and showing as autoruns in SysInternal's handy app: - I just unclicked them all after realising every single one of them seemed unnecessary and a vulnerability - this system is running a lot better now, but all these things are side-effects. I need to secure my system from the network administrators who are using FEP and DISM to deploy all the crap onto my systems. And they're getting access via the hardware. I have a stack of pics of all the controllers and whatnot, which I'll post shortly as I think they're the key...once I get over the fear of destroying my brand new HTC Desire HD (literally everything gets destroyed, my Nokia N97mini is currently RIP). Ah okay. I'm the kind of guy who jumps to conclusions that a program called Process monitor, would be listing processes. But events, processes, it's all semantics to me I'm afraid...I'm quite certain 1,000,000 *events* per minute is not normal. Neither is 7000 cbs.log entries in 41 seconds for a single MSSE patch which MSSE already downloaded 6 hrs earlier. It's just side effects, Edwin. In an case, I can see what's corrupting them, it's all being recorded in the logs. I need to focus on blocking the deployments, and I think the answer is either: figuring out how to clean what DBAN and BIOS flashing and CMOS flushing and MBR fixing cannot; or figuring out how to be 100% certain my Internet is secure, then just make a bonfire out of the electronics in my apartment. Either would be fine. I've had 10 weeks of this. That's enough for me. Christ Microsoft are filthy.
  7. Hi Edwin, I installed Win7 Ultimate again after the issues were crashing my Linux distributions as well. And I remembered this post, so I ran Procmon and immediately hit sfc /scannow but..in the mere minutes it took to verify, over 8,000,000 (8 million) processes were recorded by Procmon. And to top it off, I hadn't waited long enough for the files to be corrupted again lol, and it's been quite a few hours since the last corruption, the results of which I have logged of course (over 3000 cbs.log entries for the single sfc /scannow a few hours ago). It filled 8 procmon log files in the 10 minutes or so that it took to run the scan which didn't find any violations. To get two sfc /scannow outputs, with the silent process replacing all the files in between, we're talking hundreds of millions of processes! I assume that kind of output is of no use? As I was writing that out, I thought "oh that can't be right, it must have been 800,000 or something" - so I just ran it again. In 7 minutes, 7 million processes monitored. This is non-stop.
  8. Hi Edwin, thanks for your response. Apologies for not checking back, but my frustrations with the silences across a range of forums, and every expert I hired continuing to charge me without solving anything except the question of their competence...was wearing me down. I can't say with any certainty that they were the same files as I've moved to Linux ubuntu, awaiting the Chrome OS. I think Windows is dead, and Microsoft is finished. But I am unable to know if considerations of justice are clouding my objectivity. But I'm pretty sure the files were the same corrupted replacements. Because WFP is flawed beyond belief. It treats the deployed silent unattended installation as the 'correct' one, so I was effectively corrupting my OS with my Genuine Advantage discs and with SFC /scannow. I've got some records lying around, if you're interested (and god knows no one else is): This is simply one batch of silent corrupted files, then my SFC /scannow replacing them all. This is just one round. I did maybe 40 rounds lolz. http://justpaste.it/98y But who the hell knows really, when SFC command lines don't work: http://i.imgur.com/0vYYA.png Oh they were. At least at my end. Not sure what my System Administrator (aka hacker) was doing, but who am I to question his actions. After all, I was trying to hack into my own systems. Quite literally, thanks to Microsoft.
  9. ? I can only assume anyone reading this is studying up on the threats I've brought to light. Oh lol, apologies, I momentarily forgot where I was posting. In 3 weeks, I feel I know more than most AV 'experts'. Children can run an AV scan. And professionals, if they're AV-industry professionals. Unfortunately, that appears to be the extent of it. I've had 30 conversations like this with paid professionals in the last month. Every forum, everyone goes silent. That's fine, not understanding something is fine, but I would have assumed professionals in this industry were problem solvers. In 3 weeks, from near computer illiteracy, I've come very close to learning enough to solve this myself - I would think it should take a literate computer expert mere minutes to study up, even if they knew nothing about it. I guess I thought wrong, by the number of threads on forums I find, where people are having very similar problems.... ...and the SILENCE, is deafening. lol. Tight industry.
  10. Ah thanks Orlando, I successfully downloaded from the new link and ran the scan. It took a couple seconds and ended so I assume none of the signatures matched...
  11. Cool, zip worked. Immunet_Support_Tool_2011_03_12_06_53_38.zip I was running a Full Scan and just woke up and it seems like it might have updated, the Yellow circle is now Green and says "Up To Date" - the scan is still going though, 10 hours and counting....seems long... Yes. Every time I run sfc /scannow, 5 minutes later a process silently corrupts the files again, uploading from an offline registry hive. I ran Security Check and it says my Java is out of date (it's not), but when I try to d/l Java again, it gives this error message: Googling the 1606 Error took me to Application Data (I forget why) but it says "Access is Denied" for my own folders. I'm logged in as Administrator but I cannot take control of some of the Windows Image folders/files that are being used to make my life hell... My systems are crawling. My desktop will be completely powered down and then it'll just switch on automatically, it really creeps me out. It's all a huge mess. Well I thought so. But reading now, it seems like things weren't that simple. Stupid program.
  12. I've been reading up on DISM all day, and I don't think I installed any OS installations on my Dell in the last month. I think I triggered 20 deployments... I have a sinking feeling dban doesn't zero out virtual drives ;( - I didn't realise I had any...
  13. Thanks for your lightning quick response and assistance Edwin - I really appreciate it! I think it has to be the 'patched' or corrupted MSSE, right? I've never had a problem uninstalling MSSE before, and I'm certain MSSE doesn't have a service which is simply impossible to disable. Sigh. I spent an hour bashing my thick head against a wall trying to launch the ISO image from a virtual drive as I've run out of writable discs. And then I remembered you posted 2 links lol - 30 seconds later, I was booting from a USB. I only did one pass, as that took a pretty long time by itself, I'm hoping that's sufficient? The report was that everything was fine, no memory errors. I was certain dban obliterated everything, even the BIOS. After the low-level format, when I turned on the laptop, there was just a black empty screen. I could only boot with the Win7 genuine advantage disc, and there was just the single partition when it installed (I believe it automatically creates a 2nd system reserved partition if user doesn't). Hmm - what's the best way to post the logs? I had uninstalled Immunet and was trying to get Kaspersky installed but was unsuccessful, Kaspersky kept saying I had to get rid of clamav 1.0.26 and literally nothing I could think of was working. I was just about to reinstall Immunet and try uninstalling it again, when I noticed your response. So I'm not sure if the logs will have full history or just the last hour's... I've run the failing Updater for the logs.
  14. Mostly out of boredom, I tried a ComboFix scan again. After the malware blocked it a few times saying it wasn't compatible with Vista or 7, I tried it in Safe Mode and it ran through it's 70 stages or w/e and delivered a logfile - anything of value/interest in this huge log? ComboFix didn't actually fix anything I don't think, as I then tried to install Kaspersky AV 2011 and nup.
  15. Hi, the symptoms of the malware are extensive and varied. It presented 3 weeks ago a day after a Dell service technician replaced my laptop hard drive with a brand new one, and then installed non-existent firmware on it. Dell are refusing to comment aside from offering to refund my laptop's purchase price. Upon noticing how fast my laptop was running after the Dell scum left, I formatted my desktop and another laptop's hard drives, and installed Win7 from a flash drive I created on the Dell. The next day, everything went to sh.t. The first peculiar thing I noticed was some applications on my desktop refusing to run when I double-clicked on them. Messages would pop up saying I didn't have permissions and to contact my Administrator (I am always logged in as Administrator). I tried to uninstall / delete but unable to. I tried d/l'ing Revo Uninstaller and the .exe file was deleted immediately upon install. The same thing happened with most AV 'solutions' and malware scan utilities. I had been running MS Security Essentials and iObit 360 and both were running through full scans saying everything was peachy. I uninstalled oBit's software fine, but MS Security Essentials was impossible to get rid of. I noticed a Windows Service for MS Security Essentials but I could not Stop or Disable it as everything was greyed out. Trying to manually delete files, I noticed most of my desktop's applications had strange permissions added. To start with, Trusted Installer had become the owner for most of them, and I was unable to reclaim ownership as Administrator as Trusted Installer had also taken over Audit and Special Permissions for my C: drive as Creator Owner. There were also a lot of listed Permissions for User S-1-21-xxx (long hash code) etc, on almost every executable file. I formatted using the Win7 Ultimate genuine discs and installed Trend Micro Titanium, which was immediately patched and I had similar problems getting rid of that to try other AV 'solutions'. Webroot went the same way. ESET was even worse, running through Full scans saying everything was fine, whilst Firewall rules were being added to let in the hacker-world-at-large. Forum 'experts' have proved painfully slow, utterly clueless, surprisingly dull and creepily pathetic, in their nauseating refusal to address pointed queries and their shameful willingness to simply declare anything they don't understand is 'fine', whilst they ignore detected rootkits which haven't been cleaned on my system but simply no longer show on scans. They have pronounced my systems clean on the basis of a Malwarebytes clean scan (which has said everything is fine, on every scan from the start), ignoring the fact that Gmer's first ever scan result was unaddressed... ...or the tens of thousands of Errors/Warnings being logged... ComboFix and RKill result in BSODs pretty much every time: Microsoft tech support are either hilariously incompetent or just simply vile. They receive the evidence I send them, then claim they didn't. They've accused me of imagining it all, and advised me to quickly report it to the "Cyber Police". They're idiots (and that's really being diplomatic). Frustrated and out of ideas, with one hard drive destroyed (admitted possibly by frustrated uninstalls of hidden non-plug&play drivers I did en masse one day), I purchased a new hard drive and low-level formatted (dban) my laptop's hard drive. I flashed the BIOS on each hard drive, and with all network adapters deactivated, I then installed Win7 Ultimate onto the 'clean' hard drives with the same Win7 genuine advantage disc. Before going online, I installed McAfee Total Protection, and then individually took each system online to download the latest of Microsoft's endless security patches for the thousands of exploitabilities in their retarded OS. With everything more or less stable for 3-4 days following the huge effort, I breathed a sigh of relief. Which turned into a furious scream yesterday, when I realised Windows Update was refusing to...Update. Critical security patches were deemed unnecessary, and I have to manually download and install them. They patch nothing, which isn't surprising. Every time I do a command line scan with System File Checker, corrupted system files are found and replaced. Hours later, they're all corrupted again and sfc /scannow 'fixes' them all again. Back and forth. I think I've finally worked out what's corrupting them, but I don't have a clue how to address it. Somehow the 8 hour low-level format I conducted (prior to flashing the BIOS) on my Latitude didn't affect the cbs.log as it's showing logs from a fortnight before the low-level format. I thought that was impossible? In each cbs.log, I have endless repetitions of activity which are highly suspect. I don't know 100% which sections are or aren't logs of legitimate activity (and I would wager a lot neither do Microsoft, which explains why they are useless / refuse to assist). But I'm pretty sure I can finger some parts which are *not* legit. In my desktop cbs.log, the only "clients" which initialize sessions are: SPP (a few times) WindowsUpdateAgent (00's or 000's of times) In my laptop cbs.log, the following "clients" initialize sessions: DISM Package Manager Provider (x 2) lpksetup (x 20) WindowsUpdateAgent (x 00's or 000's) Software Explorer (x 20) SPP (x 7) I think the lpksetup client sessions are highly suspect. Although I'm basing that primarily on this thread below and because I can't think of a legitimate reason for silent language pack operations to be occurring. http://seclists.org/fulldisclosure/2010/Oct/374 My cbs.log files are many tens of thousands of lines / pages from only the last 3 weeks. But after a sfc /scannow clean, I turned on my laptop the next day and stuff started happening silently pretty much instantly without any prompt or signal whatsoever. I then ran another sfc scan and it replaced all the corrupted system files. The cbs.log excerpt for those two events only (20 min apart) are here: http://justpaste.it/98y 10 min after SFC replaced all the corrupted files in the excerpt above, the silent process kicked into gear again, uploading corrupted replacements from the offline registry hive. I ran SFC again, even more corrupted files cleaned and replaced. Around and around we go...switched-off computers are waking up on their own accord, and it creeps me out. MBAM / SAS couldn't find a prostitute in a brothel. I seriously think they're both redundant and worthless. Immunet isn't really working at the moment, screenshot: Immunet Rootkit Scan The requested HijackThis log is below:
  • Create New...