nar

3 questions: I assume the answer is because Chrome saves your browser history to your computer. Is this correct? Everyday after booting BEFORE connecting to internet (no wifi, ethernet connection only) I delete chrome browser history. Please google "chrome browser history can be deleted when not connected to internet." Do you get an answer? If there is a better site to post this issue please advise, I realize the question is not intrusion related or is it?

You recommended FDISK, is that compatible with Windows 7 ? https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/equivalent-of-fdisk-for-windows-7/33849dc7-52ff-4ee5-ad44-923b9127b2f7

Just now a random "Custom Definitions" folder popped up in a folder of documents. This has never happened before. None of the dates in Date Modified field are prior to machine being in the shop. Each file in this folder is a series of letters followed by .customdefinitions. What is it and what should be done about it? Thanks!

Recently discovered that Windows 99 was installed while laptop was in the shop. Have read that Windows 99 is a hacked or non-legit version of Window 98. Is Windows 99 safe to be running and where did they obtain it? Is this what they used SoldierX for? Advice?

1. Found attached files NPE in C:....app/data. It was not picked up on any of the scans we ran. This site says the .etl can be used for stealing bank info. Please advise Remove NPETRACESESSION.ETL | - PC Care & Solutions www.mypccaresolutions.com/2016/06/17/remove-npetracesession-etl/ Jun 17, 2016 - NPETRACESESSION.ETL is recognised as High Risk Trojan. It can used for stealing bank information and users passwords so as to make ... 2. How to avoid uploads to these posts from displaying in main body? thanks

If you check my posts you know a new hard drive was installed. 1. Can you tell me why I was advised that Microsoft actually "needs" the attached trojans and Hack Tools discovered in MSC scan after computer came back from the shop? Scan clearly shows the files are sourced from SoldierX not MS. Date of scan, and more importantly the date of SoldierX folder found in recycle bin, equals date in the shop. No one has explained why the computer needed a Soldier X folder. Can you? Further, no one has yet to explain what the Hacker files or Trojans actually do or why he would say they are "needed" by Microsoft. But according to this company that I was referred to, MS "needed" 4 files that were picked up by Microsoft's own AV and rated Severe. The recommended action on the scan?...."remove immediately." MS requires files that it's own AV says to remove immediately? Scan clearly states, This program is dangerous and executes commands from an attacker but I was told MS needs these files. You call this paranoia? Any reasonable person would find such advice highly suspect without a strong explanation to the contrary. As mentioned, the shop did not bring these files to my attention at pickup. The company was hired to replace the drive and clean the computer of malware, not install hacker tools and trojans. These are more than reasonable questions and concerns. Would you trust a company that installed SoldierX Hack Tools and Trojans on your machine without your knowledge or consent and gave you such explanation for their existence? 2. Will contact customer support for router about changing firmware if possible. With all due respect the kinds of invasion of privacy and data spying going on now really doesn't correlate to the state of things 20 years ago as many recent whistle blowers have pointed out. .

After reading an article describing the area as a "data convergence center" and that as a result, 3/4s of world-class hackers live here, it suggests that what is going on is bigger than some malware on a computer. Can you recommend or point in the right direction to: 1. a very secure router? Consumer Reports recently came out with security breaches in various Netgear models. Someone recommended an old Linksys WRT54G (very old) and the reviews are not good since Cisco took over. 2. Linux/Ubuntu companies? Thanks!

Speakers have been muted dozens of times in recent months, Also sound has been disabled in device manager and disabled in BIOS. The noise though faint always returns. This computer is not used for gaming.

1. No Threats Found after running TDSSKiller - (had checked all options in Advanced Parameters boxes) 2. I noticed in the TDSS Killer text file it says I'm running 6.1.7601 ServicePack: 1.0 for Windows 7 updates. From the list of update downloads previously sent me from this forum, which one should be downloaded first since no updates have downloaded for several months.

Re: Trojan siredef C See my two most recent posts ID 30 and ID 26 Wondering if this is the virus causing the flicker or shudder sound (for lack of better description) whenever sensitive sites or content are opened? It certainly has seemed that everything is being monitored and tracked. This has been going on at least six months.

From your site here is the link to dealing with the Trojan.SiredefC (see last post). Should all of the instructions in this sequence be followed?

MBAM found trojan.siredefc in Recycle Bin: "Folders: 1 Trojan.Siredef.C, C:\$RECYCLE.BIN\S-1-5-21-2436028494-3175407098-3088813171-1000\$R17RZKK\l, Quarantined, [3ea6f5f1c6d4ba7ce077649d09f755ab]," Before the scan that found it, I was sending to recycle bin remnants of old programs from C: users appdata roaming folder. MBAM found the same virus in August. 1. Virustotal.com has no comments about trojan.siredef.c but a google search suggests it's a key capture virus. Is this correct? 2. Re: ISPs. One technician advised cable service is inferior because all users in the neighborhood run off the same line while DSL is dedicated. Is this your understanding? Do you find cable, DSL or other ISP a better choice for securing networks (plus router)?

Question 2 refers to a folder on C: users owners appdata roaming called Tracker Software. Is it needed? Not sure how customizing a computer to user preferences could be considered illegal?

1. so are you saying that if remaining Soldier X files were still on machine, they would have been removed from the detection programs run to date? If not, is there anything more to confirm computer is free from those files? 2. what is Tracker Software that showed up in in Roaming folder? Can it be deleted or is it needed for any pdf program? 3. How to "curtail the use of Cortana" and what aspects of the use is actually curtailed? This will be a deciding factor to go with Windows 10 or not? Thanks!

Could those trojans and hacktools have been stored elsewhere on computer such that replacing hardware did not remove them? I would think that after installing MSE if he found that level of malware, he would have brought that to my attention since cleaning the system was part of the reason for hiring him. Leaving that malware on the computer for customer to find accidentally was quite shocking let alone claiming the files should be kept as they are needed by MS. I have no doubt any reasonable person would have these same questions. I want to proceed with the questions as submitted yesterday to ensure computer is clean and safe. Thanks!

Ron, Back to an original question on this chain regarding two Trojan:Win32/Rundas!plock files and two HackTools from SoldierX (attachment 2) found by Microsoft Security Essentials during scan after hard drive replacement in shop in Oct. (The shop installed MSE for the first time, I was not running it prior to replacing hard drive. ) Attachment 1, Recycle Bin, shows that a SoldierX folder, the source of the trojans and hack tools, had been created on new hard drive! When device was picked up, nothing was said about the trojans or hacktools or why the folder was created. I found the history scan several days later. These specific trojans steal users’ personal data by allowing remote control as per below. The shop tech claims the files labeled by MSE as Trojans and Hack Tools are NOT malware but that MS treats them as such. He also advised these "trojans and hack tools" ARE actually MS files. His advice clearly contradicts MSE and below removal instructions. If these tools were used to hack my machine, they had 4 days to steal data. Can you address the following: 1. Is there any legitimate reason for installing a SoldierX folder containing trojans and hack tools with described purpose of stealing personal data? Is there anyway his advice makes sense to you?? 2. Why would a MS security product, MSE, declare their own files to be Trojans and Hack Tools, rate as "Severe" and display their source as SoldierX, a site that claims to be the Largest Hacker Database in the world? Obviously SoldierX is not an MS approved provider. 3. What recourse is available when files of malicious intent are installed by someone trust to repair and protect your computer? 4. Can you confirm that http://blog.removevirusnow.org/trojan-win32-rundas-plock-removal/ is a legit site for instructions to completely remove these files? Or other recommendations specific to complete removal which appears to require more than scan tools? I am very concerned. This Trojan did reappear in Oct after deleting and rescanning with MSE. It is not appearing now. 5. I am considering a new machine but do not like Cortana on Windows 10. It continues to record after disabling. Is there a way to stop, prevent, mutilate all Cortana functionality? 6. I am still trying to get Windows Update to resume downloads. 7. Shudder sounds are not from cd drive. Shudder can also go off while reading screen with no keyboard use. Shudder has gone off several times while composing this mail. When computer, phone and reader were hacked, two other family members were hacked and my employer (small business) was also. Additionally I found that a perpetrator using my phone had posted a scam craigslist page which craigslist removed at my request. Based on U.K.'s November "Snoopers Charter" and U.S.'s Rule 41 (now in effect) the personal data being collected does not necessarily require malware. Is this correct? So how to prevent this loss of personal data? 8. What do you recommend regarding encrypting computer files? 9. btw, what is use for spoiler icon in Edit menu on this page? Thanks!

Also, what browser do you like in place of Chrome? I wonder if the shudder sound is part of the google tracking process. So weird that it started at the time everything was hacked. I had the computer 4 years before this started, thought the new hard drive would solve it. Will try removing the side as suggested.

Ron, definitely want to get the Updates running again so great if we can move forward. It hung up trying to install the first KB file in the instructions.

1) Are you talking about disabling CD Player in Device Manager or something else to pull the power. Keep in mind that hard drive and Windows were replaced last month at the shop after which the 4 soldierX files were picked up by MS Security Essentials. So a clean install was done less than 30 days ago. 2) Chrome and Windows Updates are separate issues. Yes, connected to internet for downloading and installing updates but as mentioned it just hung up "looking for updates." What can be done to get beyond this so Update actually installs?

1) Downloaded KB3020369 as per above instructions however it continues to run msg "searching for updates on this computer." When the hard drive was replaced along with Windows 7 last month, apparently no updates were downloaded or they would show in the Update History correct? In light of this should there be another starting point rather than KB3020369? Would it help to run Updates in Safe Mode? 2) Attached is prtscrn BEFORE connecting to internet. On opening Chrome it displayed this page complete with bookmarks (some deleted by me before sending) though I was not connected to internet. Does Chrome recognize user even without internet? Since the problems started with computer and network, I am using router as firewall only, not wi-fi, and connecting on ethernet. 3) The concern is the shudder sounds continue: it occurs first after booting before connecting to internet, then whenever sensitive content is opened both online or stored on computer. I have used this same computer for several years, a user knows when computer acts differently. It started when going online from a different location. The computer, phone and reader were all hacked about the same time with this odd shudder sound or flash when opening sites in the case of the cell, when turning pages in case of the reader and as described when using computer. I found an unsupported file on the reader that flashed when deleted. Also, a business site went down and my employer was hacked. Coincidence? Seems like too many coincidences. Neither employer or self have ever had issues like this. I hired two IT experts, the network router was redone twice and replaced once. The KB3020369 installer is still looking for updates.

Chrome and IE have been reset. I noted before resetting that 19 tabs were "open" in chrome though everything was closed. Chrome did not delete bookmarks. 1) Could that be caused by forced shut down when programs are still running in background? 2) Should the last Farbar tool be run? 3) Any thoughts on restoring Windows Updates. It remains in "checking" mode for hours. 4) One of the tools removed "tracing keys." Were those malware?

1 IE installed last month in the shop, should still be reset? can save bookmarks? 2 will chrom reset also reset the android phone?

Attached are MBAM, JRT and AdwCleaner text files. Ran into glitch on Sophos: Windows pop-up: "computer low on memory, please close and restart computer." 2nd pop-up: "open programs" It hung up at C:Windows\System32\en-US it had run for about 1 1/2 hrs. I selected Help, got chrome.exe application error: 0xc000012d. "The application was unable to start correctly. Do other AV need to be shut down when running Sophos? What to do to resume Sophos? JRT scan Nov 9.txt AdwCleaner[C0] scan Nov 9.txt mbam scan Nov 9.txt

for Step 1 MBAM, should existing all MBAM programs be uninstalled first? I'm running MBAM and MBAM anti-exploit.

PS to Combo Fix 1) The shudder noise went off while Combo Fix in progress. It went off again while writing the mail. 2) Windows Update displays msg that Updates are off though I turn on every time that occurs. After reboot msg again displays Updates are off.