Immunet Vs Targeted Intrusion

[TeranceH]

I have 2 days left with my Trial, unfortunately I will not be buying the program. I would recommend it, however the intrusion onto my computer is a targeted intrusion (see other post)It has been unable to run properly and consistently.

 

The program has aided in revealing the files involved in the intrusion.

Immunet revealed and quarantined 21 Rootkits, and detected the same files when they reappeared days later.

Immunet repeatedly indicated that the Computer had not been scanned.

The updates were checked daily, however after the first few days they seemed to have been removed or lost. Checking again often brought the same updates.

 

To fix my computer, I would need programs which can do the following:

1. Detect, remove and prevent reinstallation of a Rootkit which loads on a Virtual Disk into Virtual memory.

2. Repair the Security for every level as the Group Policy and other policies have been circumvented.

3. Audit and Repair the Certificates.

4. Secure and prevent holes in Computer Management and Event reports.

5. SFC does not complete, it gets to 48% and fails. There are issues with the usual suspect programs, where the code has been added to existing .dll's.

6. A method to harden the Registry and prevent hidden entries, and encoded entries which redirect browsers and obstruct Search Engines.

7. A way to audit to assure that all Updates are installed properly and HAVE NOT BEEN COMPROMISED.

8. A way to prevent ANY remote access to the computer through stealth shells or terminal programs.

9. A way to prevent ANY hidden Virtual Drives from being created.

10. A way to repair the MBR, without their failsafe program requiring a reinstallation using the original backup discs which have been compromised. Any cd or dvd which has ever been placed in any of my computers has been compromised - they reinstall the triggers for the intrusion to reinstall. (This has backfired because they no longer can remove themselves from the situation, and hide and deny deny deny. Their intrusion reinstalls itself. Try as they might to cover up their crime, their persistent programming just won't allow it.

 

The program which was initially ILLEGALLY installed on my computers was WebWatcher by Awareness Technologies. That installation took place in February 2007. Since then the program has been improved based on the actions I have taken to expose and circumvent it. After countless rebuilds of my computers, I have had no choice but to accept the intrusion as a part of regular computing. There is no escaping a targeted intrusion. In all liklihood the current intrusion is through a different program from a different companty.

 

I'll say this for the IMMUNET program, it functioned better and longer than the other major AVAS programs. Like Kaspersky, it showed the activity but was unable to prevent reinstallation... at some point those Activity Notices start to feel like taunts and it is no longer necessary.

 

A surprise was that they did not attempt to Juntion or Symbolic Link the program into a loop which would not finish and alolow quarantine. This had been the downfall of each Kaspersky installation.

 

For some reason, the information about the Anti-Spyware Coalition, ATMOST and NSS suddenly became available. I am still trying to read up on what happened to the organization/s because Awareness Technologies was a part of the ASC. When they packaged the virus into the first version of WebWatcher, they were given a free pass from the AVAS programs affiliated with ASC. In light of my experience that enabled my terror and harassment to continue unchecked and unaided, and gave the intruders the ability to obsfuscate, redirect, block, and fully remote control my computers and my life. (See the damage: http://www.work2bdone.com/live)

 

My THANKS to Immunet for the program and the information it provided.

[ritchie58]

Hi Terance, sorry to hear that Immunet was unable to provide any long term protection for you. I bet the support/development personal would like to take a look at how Immunet's defenses were circumvented. Could you please send in a SDT Report to support@immunet.com if you are planing to uninstall Immunet and you haven't already? Maybe some valuable data can be gleaned from this. Regards, Ritchie...

[TeranceH]

My thoughts exactly. It's why I put the email together. I have neglected to provide this type of list in the past as it also serves the R&D of those behind the intrusion. Thanks for the pointer to the right folks. I'll gladly offer anything I can to improve the program.

 

Do you know of any way I can get reports of my experience. Print screens are so frustrating... And I have to wonder WHY IS IT THAT THE SCREENS WHICH SHOW THE DETECTED/AFFECTED FILES IS NOT SCALABLE/PRINTABLE/USABLE? It makes manual troubleshooting almost painful to have to write everything down... and all the more frustrating because it is providing the time to my observers to act on what I an doing. AND it seems all of the AVAS programs lack in this area.

 

I have to wonder if this type of speed bump to resolution was suggested/designed/recommended by the Anti-Spyware Coalition which apparently believed that surveillance/remote control/obfuscation programs should be permitted to remain in hiding on every computer and to go undetected by the AVAS software. This is something which actually angers me, because it is such an obvious open door to abuse. Consider that ASC was obsessed with child pornography to the point where they were even fearful of discussing it among themselves at meetings and that this program provides the tools to enable the user to invisibly and inexplicably plant evidence on the target machine. Consider that Alex Eckelberry of SunBelt Software, who was in a lead position at ASC, caused my identity theft by posting my personal financial information on his Asian blog. I was happy to recently discover that ASC seems to be gone... and I am researching their replacement and the rift between factions which split the organization into 2 groups with an apparently strong dislike for each other.

[TeranceH]

In case it seemed a bit egocentric to think that in the time it takes to review affected file information the 'intruder' could be made aware of my actions. I do not believe that someone is sitting in front of a screen watching me realtime. The WebWatcher software included a keyword alert which would notify the user of the use of keywords on the targeted system. It would send a txt message, email,... whenever the keyword was used alerting the user to check their activity reports.

 

My first confirmed experience with THIS was in July 2007, when within minuted of me emailing my attorney with the information she needed regarding custody, my wife arrived and removed my son from the home. I haven't seen my son outside of a courtroom since. That email was also the first email exchanged with my just hired lawyers. It likely had every custody/divorce buzzword in it.

 

There have also been attemptsd to convince me that this program does not exist. (Silly, I know) The surveillance access and information has been used again and again to deter the legal battle... ie, killing the BIOS while responding to a 60 page petition,... a judge recusing for no reason out of the clear blue as I was finishing a 25 page document which listed years of ethical and procedural violations,... My document had been edited down from 125 pages to 25 when the system could not save or print for days, until a letter arrived from the judge indicating he planned to recuse in 2 weeks time.

 

There have even been private investigators in the area advertising their ethical hacking as a necessity in the legal profession.

 

I know there may be excuses which could suggest this is not a targeted situation. It is only when the big picture is viewed that the TARGETED situation is obvious. And realistically, they have the ability to make it appear that the intrusion is not as it appears. They have full control of the system.

[TeranceH]

I have attempted to email the report created but 'coincidentally' email is no longer responding.

C:\Users\Terance\Desktop\Immunet_Support_Tool_2012_05_31_15_45_20.7z is too large to upload.

[ritchie58]

Your email client must be screwed up! That 7zip file is not a huge file to upload as an attachment. If you can find a alternate way to send that report to support@immunet.com would be greatly appreciated. There must be some way to do it. I was thinking that if you uploaded the file to a USB device and used a different computer. Then again you run the risk of infecting that computer with the now infected jump drive. We do have a way to upload malicious files to submit@samples.immunet.com. More information can be found at this FAQ topic. Click here.