Big Freaking Problem.

Welcome to RCTalk

Come join other RC enthusiasts! You'll be able to discuss, share and private message with other members of our community.

Register Log in
This site may earn a commission from merchant affiliate
links, including eBay, Amazon, and others.
Tweak

Tweak

RCTalk Addict
Messages
1,193
Reaction score
0
Location
Fort Worth
RC Driving Style
Ok, I will make this as painless as possible.

We got a new computer recently, Desktop. built it from hand myself with preinstaled drivers and utilities. it has worked fine up until yesterday evening. Now get a load of this- I have an Ex girlfriend named Mercedes. I met her right after I graduated naval bootcamp and was with her for a year and a half. Mercedes and I ended up being not so compatible, so we split up...on extremly rough terms.

Present day: I am married. Haven't heard from Mercedes in a year. The other night I get a call from her telling me she is in Texas from her home (Chicago il.) and wants to know if she can come visit me. Long story short she came out, met my wife, stayed for a couple nights and went on her mery way.


Now, I have an extreme problem with my computer. I know it is spyware related, not a virus. I know the name and actions of the spyware that has been installed, and I know the exact peramiters it operates on. The only problem I have is that the damn thing is VERY well hidden and the regular tools cannot even get close to removal of the threat. the reason I told you what I told you above is to get to this point. mercedes used my computer several times during the duration of her stay and I think she might have introduced the malicious code. Don't get me wrong, she is a dumbass...she has no idea how to do anything like this, but she did vist some rather unsavory sites while she was here. I know the spyware was introduced during this timeperiod, and I am almost sure of the site that did it.

Now onto the specifics.
the spyware allows access to my computer from a remote location, utilizing a flaw in the windows "remote assistance" program. It will literally open my run bar and I can see whoever is doing this TYPING in it. Yes, I can see them type. I can even see when they misspell something and hit backspace. i can catch it in time to close it when I am on, and I am turning my computer off the rest of the time. In most casses I would try a clean install of the entire windows system but I do not have the disks (preinstalled on the HD I got from a vendor.

Does any one know anyhting about this badass little guy? I can give you the name and where it hosts the code, I am just curious if anyone has had the same problems with thier computer. If anyone has any special tweaks for windows that could let me find this thing it would be greatly appreciated.

I have hand picked thru every single entry in the registry, no refrences whatsoever. I have scanned all windows folders to no avail.

SOMEONE PLEASE HELP!
 
If you received a pre-installed OS the vendor MUST supply you with either an OS disk or a restore disk and activation code. If he didn't, the OS is considered bootleg.

If all else fails contact the builder and DEMAND the disk and activation code.
 
I have the activation code on the tower, inside by where the HD slave drive is installed. I just don't have the disks.

BTW, I also got a bit more information on the little bugger. It is more commonly known as a"Hijacker" and can be very difficult to remove in some cases.
 
let me get this straight......


your old girlfriend came and stayed with you and your new wife?? How was that??? Sorry its off topic but whooaa...
 
That would go over like a turd in the punch bowl at the FastEddy household.
Two cats in a bag!
 
Have you used "Hijack This"? If I remember correctly, it's free for download and you can sent your report log to them and they'll try to pick what's wrong. I'm not sure if there's a fee for it or not, but it might help to look into it.
 
firewall? try "hijackthis" and see if you find anything, do you have norton or equvilant?

what cd you need? i can hook you up.. you got the code, all you need is a cd.
 
I use BlackIce for a firewall, no Hijack this, had em before tho.

And yes, My Ex Fiance (Who got pregnant by a good [thought at least] friend and took off) And my wife stayed in the same house for THREE days. They even went clothes shopping. All they did was talk poop about me. :(

I found the little bugger and jacked with the files a bit, disabling it but it is still refrenced. I found the registry entry, but I don't want to mess with it until I know for sure if i found the right one.
 
I removed a hijacker from my bosses computer recently. I googled it and found some very detailed removal instructions and very detailed information on removing it from the registry. One other thing it had you do was turn off system restore during the whole process.

Man wife and ex-girlfriend together in the same house, as Eddy said that wouldn't go well here either.
 
I sent you a PM with a helpful program to use to clean your system of that and other threats
 
A quick fix in the interim; have you tried turning off remote assistance? Unplug the PC from the 'net, and go into your control panel, system, remote assistance, and uncheck both checkboxes. That should cut it off. Also, if you have a router, block port 3389. That'll shut it down COLD. From there, you should be safe to uninstall that nasty little trojan.
 
Last edited:
Thanks to Bruce and a nifty little util the little monster is gone. turned out to be something the Ex picked up from somewere called www.okcupid.com (BEWARE)

It took a lot of trouble and time but it's gone. Thanks for all the help people, it is greatly appreciated!
 
check the registry at

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

There shouldn't be any unidentifiable processes launched at startup.

If you're unsure as to what "unidentifiable" is, download process explorer from

http://www.sysinternals.com/utilities/processexplorer.html

This app is similar to task manager only it's much more informative. It tells you where all your process handles originate.

check:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

You might want to try this in safe mode.

Some of these little bitches are an absolute whore to get rid of. You can delete their key from the registry and the active process will put it right back in and you can't delete the *.exe because it's in use. Starting in safe mode will bypass normal startup protocol and allow you to enter the registry to delete that bullshit.

Don't forget to search out the referenced dll's and *.exe's and delete those too while you're still in safe mode.

[edit]

guess I should have read your last post, Tweak...

Hope you're up and runnin'.
 
Last edited:

Similar threads

Tunedfrog
NUAD Very very cool.
Replies
3
Views
362
DavidB1126
DavidB1126
Nenecrane
DR10 sleeper car???
Replies
6
Views
1K
TRAT
TRAT
Xraycer
Back on the Axe!
2
Replies
30
Views
1K
Xraycer
Xraycer
CJSRCLIFE
My Arrma Outcast 8s EXB V1 Build Thread
Replies
14
Views
800
CJSRCLIFE
CJSRCLIFE
Xraycer
If You Didn't Do Anything RC Related, What Did You Do, Today?
37 38 39
Replies
777
Views
16K
Doom!
Doom!
Back
Top