Next Generation Emulation banner

1 - 20 of 20 Posts

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #1
Some background on symptom #1:

As a safety mechanism, Spybot S&D prevents applications from automatically changing registry entries to prevent malicious software from embedding/installing itself unnoticed onto the system. A pop-up appears asking you whether or not you want to allow the change, if you do allow it, a small box appears saying:

Registry entry "HKEY......" has been changed
Reason: User request
But a few times, I've noticed that out of the blue, I get this same small box saying:

Registry entry "HKEY......" has been changed
Reason: LAASH Whitelist
(the words "LAASH Whitelist" appear in red)

But what the f*** is a LAASH whitelist anyway? I Googled it and.....wait for it.....got absolutely nothing! oO

It happens completely randomly while I'm browsing the net. And whenever it does happen, when I shut down the computer after the session, I get the "Explorer has encountered a problem and needs to close" error while doing so.


Another twist which has me even more worried is that sometimes when I try to shut down, it says "Other people are logged onto this PC, are you sure you want to shut-down?" But I only have 1 admin user account and nothing else, I also turned the guest account off, so what gives? And just today morning, when I started up Windows, it prompted me for a password before to log-on to the admin profile, but I hadn't put in place any password, so where did it come from? Even more funny was the fact that when I restarted the system, it no longer prompted for a password and logged on automatically like it always does. I'm connected to LAN, so this has me worried that someone is trying to break into the system or something. Either that, or my obese XP with over 100 apps is really starting to give way and I need to reinstall.

Any advice?

Thanks in advance :)

PS: I've deleted the registry key for Remote Assistance and also disabled all unneeded services from the CP to foil hacking attempts, plus I have Comodo Firewall on too, so how is someone managing to get through?
 

·
Banned
Joined
·
23,263 Posts
its a possibility you've been remove accessed, suggest a hardware firewal, and securing the accounts password.
 

·
troubleshooter
Joined
·
7,514 Posts
if you are on Lan and somebody is copying from your hdd then during shut down you will get the message saying other people are logged on or whetever
 

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #4
its a possibility you've been remove accessed, suggest a hardware firewal, and securing the accounts password.
Yeah I've set a password for the admin account now.

if you are on Lan and somebody is copying from your hdd then during shut down you will get the message saying other people are logged on or whetever
Nooooo!!! But how the f*** are they managing to get through! AFAIK, the only way script kiddies do it is by setting up a remote server, but I have deleted the Remote Assistance registry key + all other unnecessary services which hackers exploit.
 

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #6
lol That's the very 1st thing I did since I got connected to LAN. Apart from that, basically every security tweak here has been implemented:

TweakXP.com - Security Tweaks

+ many more!
 

·
Mhm.
Joined
·
2,134 Posts
try using your pc without lan or internet for a few days? see if u get he prob with it like that.
 

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #8
That's gonna be a problem....LAN is how I connect to the internet, its how my ISP gives service, so no LAN = no internet :(
 

·
Registered
Joined
·
3,611 Posts
whats your normal cpu usage....if its hovering around 100 percent then someone might have infected ur pc and brake into it....
also see for random hidden files on the hdd that are not yours...like u know some pictures,random exe files
install comodo or zone alaram asap....
 

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #14
Well.....haven't experienced any further trouble. It happens in stages, at times I experience a lot of this ****, but for periods in between, its relatively quiet.

@shafeen: Already have Comodo installed :p

I'm actually pretty amazed to see the ease with which one can access your "shared" files. ShareAlarm Pro has this "Network Neighborhood" tab, and you can just enter someone's IP address or computer name, and viola! You have a free ticket to access his PC! By default, all drives of your PC, including the root WINDOWS folder, is available for sharing! WTF was MS thinking when they did this.
 

·
Site Owner
Joined
·
14,909 Posts
Why have shared files if you DON'T want them shared oO
 

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #17 (Edited)
Why have shared files if you DON'T want them shared oO
My point exactly. Theres also a whole lot of other s*** which is easy as pie to exploit. Like the stupid service that allows any user with UNIX or POSIX to simply walk into your PC with commands. Also a whole bunch of other remote services you'd want to disable

nice to see everything fixed.....
Well....not really. On Rikki's advice, I installed A-Squared and ran a scan. It unearthed a bunch of keyloggers and a few worms. The reason why I'm particularly pissed of is that the keylogger was a stupid Ardamax. I'm still coming to terms as to how it got past Nod32 since practically EVERY AV in existence picks up Ardamax!

Currently running the full system scan and A-Squared has found 14 "high risk" objects including a bunch of trojans and some worms. Although only 5% of the scan is complete as of now, so I'm expecting a major clean-up ahead.
 

·
Registered Anime Hater
Joined
·
8,674 Posts
Discussion Starter #19
Pardon me, I have ESET Security Suite, so it has anti-spyware as well. Doesn't seem to be very good by the looks of it. I have Spybot as well (fully updated), but it too, has failed to detect these. I don't know how long all this crap has been locked away in my PC. Anyway, I'm glad A-Squared finally found it.
 

·
Registered
Joined
·
23 Posts
Dont trust a-squared always look uo if those things are actually viruses as I had a problem with it once and had to format after a scan... It always made a command prompt window pop up when ever I looged in.. be careful
 
1 - 20 of 20 Posts
Top