Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Rick

Pages: [1] 2 3 ... 54
1
Computer Help / Re: Level 7 malware in keyboard
« on: July 06, 2018, 11:04:38 AM »
Boggin

Maybe you'd have more time helping people with real issues if MSFT worked out the kinks long ago, don't you think so?

JMO

2
Computer Help / Level 7 malware in keyboard
« on: July 05, 2018, 08:57:22 AM »
Windows boots up, Great, but why my keyboard stopped working?
Cause someone deleted the keyboard in device manager and it wouldn't restart

Dear MSFT, I consider this a level 7 security risk to your systems

Incidence happened in China

needed to install unsafe drivers;
Please see to fix this in your update

No, I won't tell how I solved the matter;
Clue It didn't solve in safe mode nor last known boot mode

thanks in advance

4
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc]
@=""
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,\
  00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,\
  00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,\
  65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,\
  00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
  50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
  63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
  00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,\
  6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,00,00
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
  6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,\
  00,73,00,6f,00,66,00,74,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
  79,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,5c,00,4d,00,73,00,4d,00,70,\
  00,45,00,6e,00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="Microsoft Antimalware Service"
"Group"="COM Infrastructure"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="@c:\\Program Files\\Microsoft Security Client\\MpAsDesc.dll,-240"
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
  00,03,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00
"FailureCommand"="C:\\windows\\system32\\mrt.exe /EHB /ServiceFailure \"CAMP=4.10.209.0;approximate-> Engine=1.1.14500.5;AVSIG=1.261.1581.0;ASSIG=1.261.1581.0\" /StartService  /q"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc\Security]
"Security"=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
  14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,\
  00,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,\
  57,00,77,6e,c0,02,64,87,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,\
  00,00,00,3a,3f,54,17,c7,6d,22,66,67,bc,fc,c9,ee,26,9d,63,c9,b0,cf,b1,00,00,\
  28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,6c,5d,d9,28,cc,d7,59,\
  85,5a,0f,5a,55,be,f2,ab,71,4e,43,51,91,01,01,00,00,00,00,00,05,12,00,00,00,\
  01,01,00,00,00,00,00,05,12,00,00,00


5
MSE Services is grayed out


6
Did find that;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1"=hex(b):19,0d,da,5d,3f,04,ca,01
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

7
Don't need invent problems


8
Yes, it was necessary run combofix;

downloaded this tool;
http://www.thewindowsclub.com/repair-microsoft-security-essentials-with-fix-mse-utility
after re-installing MSE,  this program says MSE is not installed;




9
Already uninstalled, reinstalled
Combofix
Malware bytes

Image attached

10
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 27, 2018, 10:58:22 PM »
Yes,

MWB caught the infection in administrator mode;
BEta testing it for several days to make sure it don't come back

I provide the THE .REG files as some of the sites said to remove the program through normal channels, yet it didn't appear their and .REG keys were locked, could not delete them in ADM mode...

It's time to start the AI reduction act next;

11
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 27, 2018, 10:03:23 AM »
Everyone knows ad companies looking for ways to avoid being blocked...

They tried with the best, they will fail with the rest!

FYI, .reg files needed to help companies enable clean fixes, including my favorite tweaking site!

Nice day

12
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 27, 2018, 05:43:01 AM »
Yes,

Will have a try; have a question;

Whats differences between https://toolslib.net/downloads/viewdownload/83-unhackme and "MWB"

"Seems to be hidden in Firefox"
Using Ublock origins, will remove this program to see the effect! "no effect".
Its extremely dangerous as it could capture the password file in firefox!

https://greatis.com/blog/how-to/cut-off-netutils2016-exe-virus.htm
Seems has a new name and can not delete registry values too...

{"ext":"http://jackhopes.com/ext/zl.sild.js","black_list":["google.com","facebook.com","jackhopes.com","ww-searchings.com"],"include_process_list":["spark.exe","chrome.exe","iexplore.exe","MicrosoftEdgeCP.exe","MicrosoftEdgeCP.ex","MicrosoftEdgeCP.e","MicrosoftEdgeCP.","MicrosoftEdgeCP","MicrosoftEdgeC","MicrosoftEdge","firefox.exe","citrio.exe","launcher.exe","crossbrowse.exe","torch.exe","opera.exe","bobrowser.exe","maxthon.exe","browser.exe","ucbrowser.exe","safari.exe","avant.exe","360se.exe","360chrome.exe"],"log":{"inj":false},"locker":{"enable":false,"url":"http://ww-searchings.com/?r=[UID]","target":{"spark.exe":"","chrome.exe":"","iexplore.exe":"","launchwinapp.exe":"","360se.exe":"","MicrosoftEdgeCP.exe":""}},"hosts":{"match":["v9.com","*.v9.com"],"target":"47.89.13.118"},"redirect":{"match":["www-searching.com/*"],"sig":"dir","target":"http://ww-searchings.com/?sig=dir&r=[UID]&f=[URL]"}}

"Note Zip file .reg keys"

Deleted it using "sysinternals" returned the file too;

Can send to MWB or offer solution

TIA

13
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 26, 2018, 12:39:11 PM »
Clicking on any web page anywhere brings me to other websites...




15
Is there a way people can kill these services?

https://www.yahoo.com/news/facebook-listen-microphone-track-youre-logged-facts-120451355.html

Poor facebook caught giving foreign countries the upper hand;

How can one sure to delete any facebook services from the registey?


Pages: [1] 2 3 ... 54
anything