Official GIGABYTE Forum

FCGIGABYTE GA K8NMF - 9 - Please Help!

absic

  • *
  • 5815
  • 529
  • Never give up; Never surrender!
    • Bandcamp
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #15 on: August 03, 2010, 04:29:20 pm »
You need to remove the virus that has infected your PC.

Check my earlier post for details of Microsoft tool to try and do this.
Remember, when all else fails a cup of tea and a good swear will often help! It won't solve the problem but it will make you feel better.

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #16 on: August 03, 2010, 04:32:11 pm »
How far away from the pc does my mobile need to be, in order to be used as means of wireless connection by an outsider?

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #17 on: August 03, 2010, 04:33:00 pm »
How far away does my mobile need to be from the pc for someone to use it as a means of wireless connection?

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #18 on: August 03, 2010, 04:33:43 pm »
Well firstly I would report it to the police. Now they are not very good when it comes to computer crime but if you make enough noise they will do something in the end. It is a breach of privacy as well as theft plus maybe other crimes as well from what you say.

As far as the computer goes do you know or have a friend who knows anything about the inside of a computer? Also get an up to date( I know that you don't have an internet connection) anti virus and sort out the infection. You may have to connect to the internet to do this but use a wire even if it is the old fashioned dial up with a modem.
« Last Edit: August 03, 2010, 04:34:57 pm by Dark Mantis »
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #19 on: August 03, 2010, 04:34:33 pm »
You need to remove the virus that has infected your PC.

Check my earlier post for details of Microsoft tool to try and do this.

I will definately do that but, it's only a matter of time before they figure out a way for me to get it again. Is there any other way to stop this?

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #20 on: August 03, 2010, 04:35:43 pm »
You need to remove the virus that has infected your PC.

Check my earlier post for details of Microsoft tool to try and do this.

I will definately do that but, it's only a matter of time before they figure out a way for me to get it again. Is there any other way to stop this?
What makes you think that it is these people that are doing it?
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #21 on: August 03, 2010, 04:37:16 pm »
Well firstly I would report it to the police. Now they are not very good when it comes to computer crime but if you make enough noise they will do something in the end. It is a breach of privacy as well as theft plus maybe other crimes as well from what you say.

As far as the computer goes do you know or have a friend who knows anything about the inside of a computer? Also get an up to date( I know that you don't have an internet connection) anti virus and sort out the infection. You may have to connect to the internet to do this but use a wire even if it is the old fashioned dial up with a modem.

Contacting the police is something I have been trying to do and I am willing to make all the noise it will take. Finding someone to help me is a tough one. Can you help me a little more on how my mobile contributes to all this?

I have heard them talk about it and they laugh everytime something goes wrong or make sure we can see them to make us feel hopeless. I know it sounds crazy but someone has been helping them and they don't feel threatened, although I have mentioned going to the police.
« Last Edit: August 03, 2010, 04:39:27 pm by Lia »

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #22 on: August 03, 2010, 04:41:50 pm »
Well unless they have managed to place a device in your computer(usually attached to one of the ports) then it would only be possible when your phone was attached. This you can stop by disabling Bluetooth on your phone. That is the most likely access point. It doesn't matter how close the phone is unless it can make a connection, either wired or wireless(bluetooth or WiFi).
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #23 on: August 03, 2010, 04:48:36 pm »
Then there is a device on my pc and I can not see it, as I don't know much. Here is some extra information:

- The RPC Remote Process Control is working like crazy.
- When I used Windows XP, during shut down, it mentioned that it was terminating the Internet connections. Is that normal? What was it terminating as I had no connections to the internet.

- Once, I saw my firewall block a command/file called ping. I checked it on the Internet and I found that it checks out if you are on line. Why did the command start running out of nowhere? I am not part of a Network. I do not have an internet connection.

- Most or all of the programs I use, even simple arcade games, try to perform actiong through Iscvhost.exe-irpcss and RPC (Remote process control).

- DHCP, DNS, SMB, NAStatus UI, LP Remote, I will not pretend I know what these thing are, but they have run on a daily basis. Once my firewall blocked a java script.

- I had a problem with svchost files, Local Network. One or two of its proccesses and one of the SYSTEM as well, were causing my CPU use reach 100%. This started when I tried to install a firewall program "On line Armor". I had to terminate these proccesses to finish the installation. My pc kept running without any problems despite terminating these proccesses.

- All the programs running on my desktop keep trying to access and modify my registry. Even paintbrush. Additionally, all programs try to control my firewall! Not the other way around! I can see it as a notification by the firewall. Even paintbrusth. The programs perform these actions through DNS resolver/RPC!

- Once a program was trying to connect to the Network using DNS resolver/RPC through svchost. It was referring to a recursive type of connection.

- My screen turned blue a few days after that as soon as Windows started and I had to reinstall Vista. I don't know what caused this.

- Power Bios server with the server RPC CONTROL\OLEEE8087F002824DC6A2060115E55A and svchost as a port was trying to control a network enebled connection using OLE.

- There is a Local connection but it says that the wire is disconnected. It uses Web client, my firewall driver,QoS, shares (files, printers), TCP Ipv6, TCP Ipv4, I/O and something like answering detectionplace of connection, level.

- There are incidents like: system,workgroup, 0*3e7, process 0*26c, services.exe, advapi, negotiate,
And another that says: null sid, 0x0, type 3, anonymous logon, NT Authority, 0x60920, GUID (00000000-0000-0000-0000-000000000000), 0x0, NTLMssp, NTLM. What's that?

- I ran the commant ipconfig show helpers. It was full of details like proxy server, RPC, DNS ....

- the service of Telephony is running on my PC. What equipment do I have for this to happen?

- I tried to install a firewall program some days ago and since it required an internet connection, it opened Internet Explorer and the adress I was to connect to was "LocalHost 6060 server something...." It even required a password and username. At first I thought it was the program, but now I am thinking that it could be that I need the password to connect to the Web. I read that in reverse connection the adress of the attacker is saved on the pc in this format so that everytime I open my PC, I connect to their router/server. Could it be that the program showed me by default the fastest or the only way to connect to the Internet? Meaning that it showed me how they connect?

I read a magazine article lately which explained that you can access a pc just through its network card. That a series of programs like Web client, DNS, IPV6, και 4, Ι/Ο e.t.c collaborate for this to happen. All these programs run on my pc like crazy, I get notifications from the firewall. The article said that to do this you need a hacking tool and that the rest is done by a worm. It is called "conficker/Kido". That the worm creates a cory of the svchost file and takes control of the system. It even starts procedures, like the ones of Local Network I had to terminate due to CPU reaching 100%. My ad-aware Pro antivirus had once detected Kido/conficker. I kept removing it and adding it to the quarantine but everytime a ran a new scan, it was there. I finally never saw it again.
If I have anderstood the procedure. On reverse connection the Web Client opens a port and then they can connect using their router. That they use the Outbound connections created by the firewall.
I think that something like this is what is happening here.

These are my Web adopters (if I am saying it right), in Managing devices:
How can they be there since, as far as I know, I don't have a wireless card? And does them being there proove that I have one?
WAN MINOPORT (IP)
WAN MINOPORT (IP) COMODO FIREWALL MINOPORT
WAN MINOPORT (IP) PC TOOL DRIVER
WAN MINOPORT (IPv6)
WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT
WAN MINOPORT (IPv6) PC TOOL DRIVER
WAN MINOPORT (L2TP)
WAN MINOPORT (PPPOE)
WAN MINOPORT (PPTP)
Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)
Host Controller Nvidia nForce PC TOOL DRIVER
Host Controller Nvidia nForce 2 PC TOOL DRIVER

In Mobile Devices: There is a Windows Mobile Device (Since reinstalling Windows, it has been trying to download its drivers)

I am willing to attatch any data you will need, from my pc. I have many screenshots.

Technitians say I should perform a format but I know they will be in my system before I even start the Windows. I have already tried this option. It does not shut them off.

PLEASE, I know it’s a lot of work.

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #24 on: August 03, 2010, 05:01:16 pm »
Quote
Contacting the police is something I have been trying to do and I am willing to make all the noise it will take. Finding someone to help me is a tough one.

Well I notice you are in Greece so that rules out any physical help from this forum but maybe there is someone nearer to hand that you could call on to look at your PC.
Are you British citizens? If so go to the British Consulate and tell them. It is one of the things they are there for, protection of their citizens.
I would agree with the technicians that a full format of the drive and then running an up to date anti virus would be the safest thing for you to do. Bare in mind however that any drive or CD/DVD or anything else with data on it can be harbouring the virus as well as your hard drive. So even if you get rid of the infection off the hard disk you will then need to disinfect everything else.
« Last Edit: August 03, 2010, 05:02:37 pm by Dark Mantis »
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #25 on: August 03, 2010, 05:03:29 pm »
I am sorry for the extention of my previous message. I noticed that there is something like a tiny silver box behind a port, It has these numbers on it: 00148533EA25 and 001485328274. It is like to pieces together. Do you know what that may be?

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #26 on: August 03, 2010, 05:06:17 pm »
I am sorry for the extention of my previous message. I noticed that there is something like a tiny silver box behind a port, It has these numbers on it: 00148533EA25 and 001485328274. It is like to pieces together. Do you know what that may be?

Right now I wish I were British, guys. Any idea comming from the information I have added? Removing the virus is possible but I need to figure out how they do it, or else it will be useless.

Dark Mantis

  • *
  • 18405
  • 414
  • 10typesofpeopleoneswhoknow binaryandoneswhodont
    • Dark Mantis
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #27 on: August 03, 2010, 05:06:48 pm »
It doesn't sound familiar but is it possible that you could take a photo and attach it here? It does sound suspicious.
Gigabyte X58A-UD7
i7 920
Dominators 1600 x6 12GB
6970 2GB
HX850
256GB SSD, Sam 1TB, WDB320GB
Blu-Ray
HAF 932

Gigabyte Z68X-UD5-B3
i7 3770K
Vengeance 1600 16GB
6950 2GB
HCP1200W
Revo Drive x2, 1.5TB WDB RAID0
16x DLRW
StrikeX S7
Full water cooling
3 x 27" Iiy

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #28 on: August 03, 2010, 05:09:48 pm »
I will try to do that as soon as possible. Have you seen the WAN adopters described in devices? Doesn't that prove that there is wireless equipment? And why is the service of telephony running?
These are my Web adopters (if I am saying it right), in Managing devices:
How can they be there since, as far as I know, I don't have a wireless card? And does them being there proove that I have one?
WAN MINOPORT (IP)
WAN MINOPORT (IP) COMODO FIREWALL MINOPORT
WAN MINOPORT (IP) PC TOOL DRIVER
WAN MINOPORT (IPv6)
WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT
WAN MINOPORT (IPv6) PC TOOL DRIVER
WAN MINOPORT (L2TP)
WAN MINOPORT (PPPOE)
WAN MINOPORT (PPTP)
Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)
Host Controller Nvidia nForce PC TOOL DRIVER
Host Controller Nvidia nForce 2 PC TOOL DRIVER

« Last Edit: August 03, 2010, 05:11:52 pm by Lia »

Lia

  • 40
  • 0
Re: FCGIGABYTE GA K8NMF - 9 - Please Help!
« Reply #29 on: August 03, 2010, 05:13:05 pm »
I can't possibly thank you enough for your help. Please don't give up on me!