Jump to content

1) shudder noises 2) soldierx files found


nar

Recommended Posts

1.  so are you saying that if remaining Soldier X files were still on machine, they would have been removed from the detection programs run to date?  If not, is there anything more to confirm computer is free from those files?

2.  what is Tracker Software that showed up in in Roaming folder?  Can it be deleted or is it needed for any pdf program?

3.  How to "curtail the use of Cortana" and what aspects of the use is actually curtailed?  This will be a deciding factor to go with Windows 10 or not?

Thanks!

Link to post
Share on other sites

  • Root Admin

Unless there is some very high level "new" State threat (you don't qualify for the Government spending thousands of dollars for special attack software) then yes anything left should have been detected by now.

Not sure what you mean by #2

You would have to go out and visit the sites out on the Internet that discuss and post about preventing Microsoft Telemetry, that is not something we are going to discuss or assist as that may potentially even be illegal depending on what or how it's done. Again, though, if you're even "thinking" of switching to Windows 10 then any work on Windows 7 at this point is a waste of time. FDISK (remove all partitions), Create a new partition, and install Windows 10 from scratch and there is not going to be any malware whatsoever on the computer, and it will run better too.

Thank you @nar

 

Link to post
Share on other sites

  • Root Admin

I'm not sure what the Tracker software you reference is. What do you see inside that folder? If you find executable files in there you can upload them to www.virustotal.com and have them scan them. By name alone I'm not familiar what that product or folder is for.

 

Just mean that some site discuss hacks that may violate Microsoft's Terms of Use and we won't discuss stuff like that. Microsoft does have a certain amount of built-in telemetry that you can turn off.

http://www.askvg.com/truth-behind-disallowing-telemetry-and-data-collection-trick-in-windows-10/

You can create local accounts, you don't have to create Microsoft cloud accounts, etc.

Microsoft collects quite a bit of telemetry data from Windows 7 and 8 as well. It's just that Windows 10 does offer a lot of differences under the hood and Microsoft thus tracks more but for marketing and making the product better.

 

Link to post
Share on other sites

MBAM found trojan.siredefc in Recycle Bin:  

"Folders: 1
Trojan.Siredef.C, C:\$RECYCLE.BIN\S-1-5-21-2436028494-3175407098-3088813171-1000\$R17RZKK\l, Quarantined, [3ea6f5f1c6d4ba7ce077649d09f755ab],"

Before the scan that found it, I was sending to recycle bin remnants of old programs from C: users appdata roaming folder. MBAM found the same virus in August.

1. Virustotal.com has no comments about trojan.siredef.c but a google search suggests it's a key capture virus.  Is this correct?
2.  Re:  ISPs.  One technician advised cable service is inferior because all users in the neighborhood run off the same line while DSL is dedicated.  Is this your understanding? Do you find cable, DSL or other ISP a better choice for securing networks (plus router)?

Link to post
Share on other sites

Re:  Trojan siredef C 

See my two most recent posts ID 30 and ID 26

Wondering if this is the virus causing the flicker or shudder sound (for lack of better description) whenever sensitive sites or content are opened?  It certainly has seemed that everything is being monitored and tracked. This has been going on at least six months.

Link to post
Share on other sites

  • Root Admin

It is in the trash and you simply have not emptied your trash. If you'd empty your trash it should be gone. But let's go ahead and run another tool designed for speicific infections.

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Link to post
Share on other sites

1. No Threats Found after running TDSSKiller - (had checked all options in Advanced Parameters boxes)

2.  I noticed in the TDSS Killer text file it says I'm running 6.1.7601 ServicePack: 1.0 for Windows 7 updates.  From the list of update downloads previously sent me from this forum, which one should be downloaded first since no updates have downloaded for several months.

Link to post
Share on other sites

  • Root Admin

Yes, with the remnants already removed the core infection should not be present anymore. 

Shouldn't really matter. It's not instantaneous but within ten minutes it should hopefully find and download some files and ask to reboot. If the first one does not work, reboot and try the 2nd one first.

Couple other things can be ran to try and get the updater working. Try that and let us know.

 

Link to post
Share on other sites

  • 2 weeks later...

After reading an article describing the area as a "data convergence center" and that as a result, 3/4s of world-class hackers live here, it suggests that what is going on is bigger than some malware on a computer.

Can you recommend or point in the right direction to:

1. a very secure router?  Consumer Reports recently came out with security breaches in various Netgear models.  Someone recommended an old Linksys WRT54G (very old) and the reviews are not good since Cisco took over.

2.  Linux/Ubuntu companies?

Thanks!

 

Link to post
Share on other sites

  • Root Admin

I'm sorry, but you're being way too paranoid. There are now over 8 billion people on the planet. Over 4 billion computers connected to the Internet, plus phones and other devices. Malware is a common threat and it is fully automated to try to either steal information or encrypt for ransom. No one has the time to single handly target someone on a one-on-one basis without there being an extreme financial reward or government target. I find it very unlikely you're worth millions of dollars or have a government targeting you to threaten your data. Many easier, faster, ways to get your data if the Government were after you.

If you're that worried then update the firmware or change the OS firmware on your router and give it a strong password. The same for your computer. If needed or paranoid, buy a new hard drive. Install Windows 10 from DVD and ensure you have good antivirus protection before loading anything else.

There is simply no way you're going to have some remote person on your system if you follow that advice. Don't forget about phones though and online email. Someone could have previously compromised your email. Get what data you need and delete the rest and get a new email address and ensure you use a strong password and change it regularly. 

Use a program like http://keepass.info to store your passwords. Make them strong and difficult. Don't share them with anyone. Change them on a regular basis.

Been doing computer support now for over 20 years and on many systems have no real protection to speak of and those systems have not been compromised. Most threats and attacks you see now days are often due to users clicking on things they shouldn't or installing free software that comes bundled with junk that is borderline malware. Stay away from that sort of thing. Keep good solid backups of your data too.

Backup Software


Don't believe every article you read as though it's happening to millions of people and that hacking your computer is easy. Properly setup and protected, and you as the user not running things to circumvent that security, the computer is pretty safe.

 

Link to post
Share on other sites

If you check my posts you know a new hard drive was installed.  

1.  Can you tell me why I was advised that Microsoft actually "needs" the attached trojans and Hack Tools discovered in MSC scan after computer came back from the shop?  Scan clearly shows the files are sourced from SoldierX not MS.  Date of scan, and more importantly the date of SoldierX folder found in recycle bin, equals date in the shop. No one has explained why the computer needed a Soldier X folder.   Can you?

Further, no one has yet to explain what the Hacker files or Trojans actually do or why he would say they are "needed" by Microsoft.   But according to this company that I was referred to, MS "needed" 4 files that were picked up by Microsoft's own AV and rated Severe.  The recommended action on the scan?...."remove immediately."  MS requires files that it's own AV says to remove immediately?   Scan clearly states, This program is dangerous and executes commands from an attacker but I was told MS needs these files.  You call this paranoia?  Any reasonable person would find such advice highly suspect without a strong explanation to the contrary.  As mentioned, the shop did not bring these files to my attention at pickup.  The company was hired to replace the drive and clean the computer of malware, not install hacker tools and trojans.

These are more than reasonable questions and concerns.  Would you trust a company that installed SoldierX Hack Tools and Trojans on your machine without your knowledge or consent and gave you such explanation for their existence?

2.  Will contact customer support for router about changing firmware if possible.

With all due respect the kinds of invasion of privacy and data spying going on now really doesn't correlate to the state of things 20 years ago as many recent whistle blowers have pointed out.  

Oct 14 scan 2 trojans 2 hack tools.png.

Link to post
Share on other sites

  • Root Admin
14 hours ago, nar said:

If you check my posts you know a new hard drive was installed.  

Yes, I know. But you didn't do it yourself, and apparently the people you had do it are not very trustworthy.

1.  Can you tell me why I was advised that Microsoft actually "needs" the attached trojans and Hack Tools discovered in MSC scan after computer came back from the shop?  Scan clearly shows the files are sourced from SoldierX not MS.  Date of scan, and more importantly the date of SoldierX folder found in recycle bin, equals date in the shop. No one has explained why the computer needed a Soldier X folder.   Can you?

Nope, cannot explain. They are not files from Microsoft. They are from a site that deals in hacking.

Further, no one has yet to explain what the Hacker files or Trojans actually do or why he would say they are "needed" by Microsoft.   But according to this company that I was referred to, MS "needed" 4 files that were picked up by Microsoft's own AV and rated Severe.  The recommended action on the scan?...."remove immediately."  MS requires files that it's own AV says to remove immediately?   Scan clearly states, This program is dangerous and executes commands from an attacker but I was told MS needs these files.  You call this paranoia?  Any reasonable person would find such advice highly suspect without a strong explanation to the contrary.  As mentioned, the shop did not bring these files to my attention at pickup.  The company was hired to replace the drive and clean the computer of malware, not install hacker tools and trojans.

These are more than reasonable questions and concerns.  Would you trust a company that installed SoldierX Hack Tools and Trojans on your machine without your knowledge or consent and gave you such explanation for their existence?

No, I wouldn't, but since I am very experienced I wouldn't be taking my computer in for anyone to work on. In your case, if you're unable to do the work on your own I'd look for another more trustworthy business to help you.

2.  Will contact customer support for router about changing firmware if possible.

No company that I'm aware of is going to help you replace firmware on a router. That is normally done on your own or by a 3rd party. If your firmware is out of date, they might help you to update it, but not replace it with an unsupported firmware, which is more so what I'm talking about.

With all due respect the kinds of invasion of privacy and data spying going on now really doesn't correlate to the state of things 20 years ago as many recent whistle blowers have pointed out.  

Oct 14 scan 2 trojans 2 hack tools.png.

Has nothing to do with whistle blowers, etc. That really was not "news" to most security people. It's just that when mainstream media picks up on it and starts posting it like a propaganda war is when it took traction. Completely agree that the malware scene has changed drastically from 20 years ago, but that doesn't change the fact that only a small number of the 4 billion computers out there are ever attacked. Typically almost always due to outdated software, or unpatched systems from the vendor updates, etc. or in some cases where users are purposefully running stuff like Peer2Peer software to steal stuff and often get infected. A clean system that is maintained is actually very difficult to remotely attack.

 

 

 

Here is some information for you to read up on to help you better understand how infections happen and how to prevent.

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it, you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor to the point you may never be infected again.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

1. Found attached files NPE in C:....app/data.  It was not picked up on any of the scans we ran.  This site says the .etl can be used for stealing bank info.  

Please advise

Remove NPETRACESESSION.ETL | - PC Care & Solutions

www.mypccaresolutions.com/2016/06/17/remove-npetracesession-etl/
  1.  
Jun 17, 2016 - NPETRACESESSION.ETL is recognised as High Risk Trojan. It can used for stealing bank information and users passwords so as to make ...

2.  How to avoid uploads to these posts from displaying in main body?

thanks

NPE folder C appdata.jpg

Link to post
Share on other sites

  • 2 weeks later...

Recently discovered that Windows 99 was installed while laptop was in the shop.  Have read that Windows 99 is a hacked or non-legit version of Window 98. 

Is Windows 99 safe to be running and where did they obtain it?  Is this what they used SoldierX for?

Advice?

Link to post
Share on other sites

Just now a random "Custom Definitions" folder popped up in a folder of documents.  This has never happened before.  None of the dates in Date Modified field are prior to machine being in the shop.

Each file in this folder is a series of letters followed by .customdefinitions.

What is it and what should be done about it?

Thanks!

Link to post
Share on other sites

  • Root Admin

I'm sorry @nar

shop and looks to have installed illegal software or other programs on the system. I would highly suggest taking the computer to another shop that has verifiable proof of good trustworthy integrity and FDISK, Format, and reinstall Windows from scratch again. 

Unfortunately, there is nothing more that I can really do for you from my end as I don't have physical access to the system to help you, and no, there is no legal version ever of one called Windows 99

http://www.computerhope.com/jargon/w/win99.htm

 

 

Link to post
Share on other sites

  • Root Admin

FDISK is just a generic term, meaning that you should remove all the partitions of the drive and create new ones. Formatting the drive alone is not good enough as there are some malware threats that can survive a format and continue to infect the computer. Removing and recreating new partitions removes all your data, including any type of infection.

Unless there is something else I can help you with, we're about done here and I'll be closing your topic soon.

Thank you again

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.