I have all of these networking apps on my laptop that I am sure werent always
there. One is Citrix...that wouldn't be a pre installed software,right? I'm
more than certain that I am part of some host SQL mess. I
reformatted...twice...and I still have all of this stuff (ntuser files,
database files, files that are encrypted and remote access enabled and not by
me. Also, two other computers were networked with this laptop which uses a D
link wireless router. They too have mystery apps. They have all been
disconnected from the router prior to the laptop reformat. Considering that I
have reformatted, will the steps, I've seen listed to get rid of
adware/malware be effective? I know that I sound paranoid, but I swear these
things are on my restore CD. It didn't come automatically, the store made it
after I pd. extra for it. Would that disk be write protected? It tells me
that I can add files, so it isn't, right? Thanks for your help

missyevans wrote:
> I have all of these networking apps on my laptop that I am sure
> werent always there. One is Citrix...that wouldn't be a pre installed
> software,right?

No, but if its the Citrix that I'm thinking of, it isn't your typical
malware either. Is this computer used at home or on a corporate network?
What exactly does your computer say is installed?

> I'm more than certain that I am part of some host
> SQL mess.

What makes you think so? SQL server can be installed by many legitimate
apps. There are several versions running on this machine right now, one way
or another, though admittedly I'm not a "typical" user.

> I reformatted...twice...and I still have all of this stuff
> (ntuser files,

NTUser.dat? In each account area in c:\documents and settings? Legit file if
that is where you find it, elsewhere we need to talk more details on where
exactly.

> database files,

Where and what?

> files that are encrypted

That seems unusual. Examples?

> and remote
> access enabled and not by me.

That also seems unusual. How have you established that it is enabled?

> Also, two other computers were
> networked with this laptop which uses a D link wireless router. They
> too have mystery apps.

The same mystery apps?

> They have all been disconnected from the
> router prior to the laptop reformat. Considering that I have
> reformatted, will the steps, I've seen listed to get rid of
> adware/malware be effective? I know that I sound paranoid, but I
> swear these things are on my restore CD. It didn't come
> automatically, the store made it after I pd. extra for it. Would that
> disk be write protected? It tells me that I can add files, so it
> isn't, right? Thanks for your help

Without knowing what the store did, its impossible to say much really. Could
be nothing, could be a store whose employees have made a mistake, could be
any number of things. Could be the cause of all your problems, could be a
red herring. Have all the "infected" machines on your network used this
restore disk you got made by the store?

Backing up a little, you obviously feel your computer has a malware problem.
What made you think so in the first place? I've seen brand new laptops fresh
from the factory that were groaning under the weight of extra apps and all
kinds of nonsense which wasn't strictly speaking malware per se but which
wasn't doing anything to help the actual owner. Maybe you've got one of
these?


--
--
Rob Moir, MS MVP
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
I'm always surprised at "professionals" who STILL have to be asked "Have you
checked (event viewer / syslog)".

"Robert Moir" wrote:

> missyevans wrote:
> > I have all of these networking apps on my laptop that I am sure
> > werent always there. One is Citrix...that wouldn't be a pre installed
> > software,right?
>
> No, but if its the Citrix that I'm thinking of, it isn't your typical
> malware either. Is this computer used at home or on a corporate network?
> What exactly does your computer say is installed?
>
> > I'm more than certain that I am part of some host
> > SQL mess.
>
> What makes you think so? SQL server can be installed by many legitimate
> apps. There are several versions running on this machine right now, one way
> or another, though admittedly I'm not a "typical" user.
>
> > I reformatted...twice...and I still have all of this stuff
> > (ntuser files,
>
> NTUser.dat? In each account area in c:\documents and settings? Legit file if
> that is where you find it, elsewhere we need to talk more details on where
> exactly.
>
> > database files,
>
> Where and what?
>
> > files that are encrypted
>
> That seems unusual. Examples?
>
> > and remote
> > access enabled and not by me.
>
> That also seems unusual. How have you established that it is enabled?
>
> > Also, two other computers were
> > networked with this laptop which uses a D link wireless router. They
> > too have mystery apps.
>
> The same mystery apps?
>
> > They have all been disconnected from the
> > router prior to the laptop reformat. Considering that I have
> > reformatted, will the steps, I've seen listed to get rid of
> > adware/malware be effective? I know that I sound paranoid, but I
> > swear these things are on my restore CD. It didn't come
> > automatically, the store made it after I pd. extra for it. Would that
> > disk be write protected? It tells me that I can add files, so it
> > isn't, right? Thanks for your help
>
> Without knowing what the store did, its impossible to say much really. Could
> be nothing, could be a store whose employees have made a mistake, could be
> any number of things. Could be the cause of all your problems, could be a
> red herring. Have all the "infected" machines on your network used this
> restore disk you got made by the store?
>
> Backing up a little, you obviously feel your computer has a malware problem.
> What made you think so in the first place? I've seen brand new laptops fresh
> from the factory that were groaning under the weight of extra apps and all
> kinds of nonsense which wasn't strictly speaking malware per se but which
> wasn't doing anything to help the actual owner. Maybe you've got one of
> these?
>
>
> --
> --
> Rob Moir, MS MVP
> Blog Site - http://www.robertmoir.com
> Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
> I'm always surprised at "professionals" who STILL have to be asked "Have you
> checked (event viewer / syslog)".
>
>
>

My laptop is only a home use computer. As to the citrix, I couldn't find it
now. BUT the ntuser.dat and ntuser.dat text files are in C:\WINDOWS\repair
and system32\config\systemprofile, as well as all doc-settings. The 2
desktops have the same file configuration.

Database files, OBCINST for one. All computers have 2 CatRoot files. I don't
think we had any before. IME- some sort of asian keyboard. MUI who knows but
related to whatever is going on.

I am pretty much completely locked out of any files of significance on my
desktop. That is since Friday when I did some thorough of all files. The SQL
files I ran across at that time. Plus there were log files related to setting
all of these things out and passwords and when to use them, all sorts of
stuff. Also, in computer mgmt. I found additional users with admin
privileges.

As far as what started my concerns, I thought it was like 10 days ago after
falling asleep watching TV and having left my laptop on overnight. Now
though, I realize that on the 2 desktops, I had been puzzled by these
anomalies. I've been so busy lately that I guess I didn't put 2 and 2 together

Not to sound like a total lunatic, but I am going to end this now, although
I'm not finished. Screwy things are going on with the cursor as I type and I
want to be sure you see this much at least.

Thanks,
Missy

"Robert Moir" wrote:

> missyevans wrote:
> > I have all of these networking apps on my laptop that I am sure
> > werent always there. One is Citrix...that wouldn't be a pre installed
> > software,right?
>
> No, but if its the Citrix that I'm thinking of, it isn't your typical
> malware either. Is this computer used at home or on a corporate network?
> What exactly does your computer say is installed?
>
> > I'm more than certain that I am part of some host
> > SQL mess.
>
> What makes you think so? SQL server can be installed by many legitimate
> apps. There are several versions running on this machine right now, one way
> or another, though admittedly I'm not a "typical" user.
>
> > I reformatted...twice...and I still have all of this stuff
> > (ntuser files,
>
> NTUser.dat? In each account area in c:\documents and settings? Legit file if
> that is where you find it, elsewhere we need to talk more details on where
> exactly.
>
> > database files,
>
> Where and what?
>
> > files that are encrypted
>
> That seems unusual. Examples?
>
> > and remote
> > access enabled and not by me.
>
> That also seems unusual. How have you established that it is enabled?
>
> > Also, two other computers were
> > networked with this laptop which uses a D link wireless router. They
> > too have mystery apps.
>
> The same mystery apps?
>
> > They have all been disconnected from the
> > router prior to the laptop reformat. Considering that I have
> > reformatted, will the steps, I've seen listed to get rid of
> > adware/malware be effective? I know that I sound paranoid, but I
> > swear these things are on my restore CD. It didn't come
> > automatically, the store made it after I pd. extra for it. Would that
> > disk be write protected? It tells me that I can add files, so it
> > isn't, right? Thanks for your help
>
> Without knowing what the store did, its impossible to say much really. Could
> be nothing, could be a store whose employees have made a mistake, could be
> any number of things. Could be the cause of all your problems, could be a
> red herring. Have all the "infected" machines on your network used this
> restore disk you got made by the store?
>
> Backing up a little, you obviously feel your computer has a malware problem.
> What made you think so in the first place? I've seen brand new laptops fresh
> from the factory that were groaning under the weight of extra apps and all
> kinds of nonsense which wasn't strictly speaking malware per se but which
> wasn't doing anything to help the actual owner. Maybe you've got one of
> these?
>
>
> --
> --
> Rob Moir, MS MVP
> Blog Site - http://www.robertmoir.com
> Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
> I'm always surprised at "professionals" who STILL have to be asked "Have you
> checked (event viewer / syslog)".
>
>
>