Windows 7 This is not technical...

Discussion in 'Windows Security' started by xrams, Oct 2, 2010.

  1. xrams

    xrams New Member

    Joined:
    Aug 20, 2009
    Messages:
    44
    Likes Received:
    0
    Hi folks….

    Well the time has come where the S**t hits the fan….. You guy have helped me big time with issues… I’ve hinted once or twice that my main problem has been a hacker targeting my PC over the past 2 or 3yrs running… as I learned and discovered how to combat the assailant… they intern make counter moves to keep one step ahead of a PC-layman such as myself… to make a long story short it’s come to the this:


    1) As I load my OS… they somehow use the info to make my PC a client (themselves the admin) and me a user..

    2) They control my PC as a Admin using trustedinstaller to add fake .dll’s and drives…

    The problem is now which herein is my question…:


    I would seem in order for the hacker to do what he is doing has made my New windows 7 license key invalid… in other words the hacker double exposed my OS to the web which caused Microsoft just this weekend to say call us on Monday b/c your OS is suspect…???
    I have no problem telling them what has occurred… moreover I’ve called them before complaining about this very issue…



    But I’d like to ask the braintrust on this site… this: I have proof of the hack in the form of xps viewer files… whom would I go too in order to have this resovled…???



    Please ask any question you folks have regarding this.. I really don't expect a (right) answer
    since as my subject states this isn't a tech issue... but, a privacy issue inwhich a lawyer will be required, however what to I tell Microsoft...??


    thanks




    x
     
    #1 xrams, Oct 2, 2010
    Last edited: Oct 2, 2010
  2. Mitchell_A

    Mitchell_A Excellent Member

    Joined:
    Feb 7, 2009
    Messages:
    5,068
    Likes Received:
    240
    Hello, :)

    Could you clarify this issue a little more? Provide us with system specifications, IP addresses, gateways and anything else we may find useful.
    This sounds like malware more than a hacker.

    Trustedinstaller.exe is an installer service similar to Windows Installer

    Your best bet off the back, sounds like a reinstall of Windows. Once reinstalled, use a good firewall to verify the problem was solved.
     
  3. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,788
    Likes Received:
    1,563
    So are you saying Microsoft has now marked your os as pirate material? Also if you think your computer has been compromised then unplug it from the net and run some security software. When your ready to reconnect make sure your machine is fully updated before using the net in a normal fashion.
     
  4. xrams

    xrams New Member

    Joined:
    Aug 20, 2009
    Messages:
    44
    Likes Received:
    0
    Hi Mitchell, thanks for coming back...

    I have a HP
    D5000t
    Processor: intel core 2 Quad cpu Q9450 @ 2.66GHz
    Ram: 6.00gb
    64bit
    Windows 7 ultimate...

    I also protect myself with lavasoft adware pro... and Kaspersky 2011 internet security.... plus Iolo systems mechanic 9.5...

    I asure you Mitchell this is not malware... I've gone through Windows Vista insideout as a guide now I use windows 7 pocket admin for help... When I said I was a layman.. it in comparison to this hacker him/her... how ever I will give you this... over the past 18mons I've used the windows snipping tool to take shots of this way this hack has gone on... these folks in order to hide there crime have disable the tool... I doubt a malicious code would react that way...

    here's a bit of evidence which shows I believe the way inwhich it was done... I'm still trying to understand this maybe you guys can help... here some background... I have tried to change the workgroup setting from ''workgroup'' to homePC... it keeps changing back...!! why is this....??? here is and taste of the eventlog:

    <Data Name="ProcessName">C:\Windows\System32\winlogon.exe</Data>

    <Data Name="IpAddress">127.0.0.1</Data>

    <Data Name="IpPort">0</Data>

    </EventData>


    - <RenderingInfo Culture="en-US">
    <Message>An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 345636753-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2112842334-3721048482-1451393168-1000 Account Name: 345636753 Account Domain: 345636753-PC Logon ID: 0x2a9ce Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x300 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: 345636753-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.</Message>





    I'm not great at understanding this... can someone help.....

    thanks
     
  5. Mitchell_A

    Mitchell_A Excellent Member

    Joined:
    Feb 7, 2009
    Messages:
    5,068
    Likes Received:
    240
    Have you tried blocking all ports except for web ports (try just 80) at your router level.
     

Share This Page

Loading...