S
svin
I have to keep changing my senders email from
(e-mail address removed) to (e-mail address removed).
all of you out there please check to see where your email
is listing as coming from.
my system was built by me earlier this year with all
brand new "clean" hardware from the manufacturer. Nothing
was used or supposed to be used. everything was box or
one OEM item which is the microsoft OEM windows xp home
edition.
I noticed that hidsrv and some other was constantly
trying to get out onto my cable broadband internet
connection. I was using Zonealarm pro to block those
things I didnt think I needed getting out. my system
seemed to work fine until oct 15th about when my entire
world turned upside down. well computer world, my other
rl world was already there! I noticed that my boot.ini
had changed and my computer was suddenly running a dual
bootup. I was watching the event logger and other things
to see if I could tell what was going on. several
accounts were being made and I noticed that
someone/something was constantly trying to change my
administrator password. Then I suddenly got a message
that I was screwed now... my administrator logon from the
welcome screen disappeared, lots of my icons suddenly
disappeared or was set so nothing would happen if I tried
to open them.
I noticed several new logs. One from "france" the guy
bragged about changes he made to my system and complained
about problems he was having due to some other things in
my system (I kept manually blocking him as I saw him
making changes in my event logger - he thought it was
mdac and other things like that) He has me locked out of
the root of my own system, I have been able to get into
that root 2 times but there is something called protected
storage, the only way I could see the tree was through a
command prompt that allowed me in to actually see that my
dvd was actually set as a part of the hard drive
partition. This program or whatever it is, it learns from
what you do to block it and uses those things against
you. I changed page file to only allow it so much room to
work with. it switched places with my end so the xp
system that I am allowed on is only given so much room.
now I cant disable pagefile. It has a root system that is
running windows nt 4 with sp4 and only allows others
running that system in to change things. It allows a
hacker in to take control and make changes. It only
allows xp to install once and run once... It stops xp
from running after a count of 2000 or something like
that. It blocks several of xp drivers and has some sort
of fake NT dll that xp uses to load items. Microsoft
keeps telling me this is impossible when I read the logs
or whats in some of the dll's, they just do not want to
hear it and cut me short. I paid for phone support and am
going to continue to call them until this problem is
fixed.
Im going to keep posting here with logs that I find or
portions of dlls that I find, hoping none of them will
harm or infect any others. That is when I find the
perfect spot to post all these logs. the system takes
control when I mention one of the dll or the system file
it is using. I have to then submit and hope it gets
posted. reboot and try to gain control again. It changes
the registry to block me completely from the machine
section of the registry keys. I go in and manually change
this. It appears that my OEM cd is infected but without
microsoft checking this, I cant prove anything. I say
this because through the tree I see that the cd is
actually under the d: .* the root starts there and it
appears to have 500k or something that is protected. then
there is another (c or e drive which is my hard drive)
tree that starts with [drive letter] .* that lists a lot
of things too. I had full access to this finally and was
talking to microsoft phone tech who insisted that nothing
was wrong because instalation appeared to be ok. It isnt,
I can sometimes get verify to stay on and report the
files it can not replace which include and are not
limited to cyycoins.chm, cyzcoins.chm, digiras.chm,
dmutil.dll, driver.cab and dvdplay.exe... the list goes
on Im sure. It will use files that are close when
replacing others that I have destroyed. If I change my
boot.ini to be how it should be, I get two OS at the safe
startup, one is missing a hal.dll that will not load,
that is system number 2 and the first one is missing a
lot of hard drive space, I end up working in a very small
space that includes a virtual memory that I get tossed
into a lot. the only way to get my message out is by
leaving all intact and hoping someone can help me.
The only way microsoft has helped is by claiming time
after time that my system is fine, nothing is wrong with
my os and it is working as it should be. The microsoft
techs tell me what I am reading to them from the log
files cant happen, its impossible. Then they claim I have
the blaster virus. I tell them a person left a log that
claimed to have removed the threat of some virus but left
some sort of traps in place. my windows xp home edition
has been changed into a full fledged server with the
workgroup MSHOME and workstation of lanmanserver and
lanman workstation. I know a bit more about servers but
not enough to fix this and I do not have the resources to
fix it. it needs to be done from the outside in. someone
has to develope some sort of tool that will search and
destroy this from outside. well set the changes back to
what they should be. I believe it all comes from the OEM
cd, I see a lot of posts with little things that I can
relate to posted all over the place here and the same
senders email that I notice is given to me also. I change
my senders email to reflect my real email. If you are
interested in looking into this and seeing what you can
do to maybe help a lot of computers, please read the
replies that I will leave under my posts. I will be
copying and pasting a lot of the log files and other
files that I hope will not cause any problems or infect
others. please set up your scans to scan everything. one
thing to note, I found some log file that said in
part "when we say no, it means yes" Im still looking for
where that log file is, I know it keeps reappearing and
hope I did not delete it. It has info from the actual
setup of the base system in it. I can only get to it
after several attempts to get into the root system
folder.
I hope someone has an answer, none others appear to have
any.
(e-mail address removed) to (e-mail address removed).
all of you out there please check to see where your email
is listing as coming from.
my system was built by me earlier this year with all
brand new "clean" hardware from the manufacturer. Nothing
was used or supposed to be used. everything was box or
one OEM item which is the microsoft OEM windows xp home
edition.
I noticed that hidsrv and some other was constantly
trying to get out onto my cable broadband internet
connection. I was using Zonealarm pro to block those
things I didnt think I needed getting out. my system
seemed to work fine until oct 15th about when my entire
world turned upside down. well computer world, my other
rl world was already there! I noticed that my boot.ini
had changed and my computer was suddenly running a dual
bootup. I was watching the event logger and other things
to see if I could tell what was going on. several
accounts were being made and I noticed that
someone/something was constantly trying to change my
administrator password. Then I suddenly got a message
that I was screwed now... my administrator logon from the
welcome screen disappeared, lots of my icons suddenly
disappeared or was set so nothing would happen if I tried
to open them.
I noticed several new logs. One from "france" the guy
bragged about changes he made to my system and complained
about problems he was having due to some other things in
my system (I kept manually blocking him as I saw him
making changes in my event logger - he thought it was
mdac and other things like that) He has me locked out of
the root of my own system, I have been able to get into
that root 2 times but there is something called protected
storage, the only way I could see the tree was through a
command prompt that allowed me in to actually see that my
dvd was actually set as a part of the hard drive
partition. This program or whatever it is, it learns from
what you do to block it and uses those things against
you. I changed page file to only allow it so much room to
work with. it switched places with my end so the xp
system that I am allowed on is only given so much room.
now I cant disable pagefile. It has a root system that is
running windows nt 4 with sp4 and only allows others
running that system in to change things. It allows a
hacker in to take control and make changes. It only
allows xp to install once and run once... It stops xp
from running after a count of 2000 or something like
that. It blocks several of xp drivers and has some sort
of fake NT dll that xp uses to load items. Microsoft
keeps telling me this is impossible when I read the logs
or whats in some of the dll's, they just do not want to
hear it and cut me short. I paid for phone support and am
going to continue to call them until this problem is
fixed.
Im going to keep posting here with logs that I find or
portions of dlls that I find, hoping none of them will
harm or infect any others. That is when I find the
perfect spot to post all these logs. the system takes
control when I mention one of the dll or the system file
it is using. I have to then submit and hope it gets
posted. reboot and try to gain control again. It changes
the registry to block me completely from the machine
section of the registry keys. I go in and manually change
this. It appears that my OEM cd is infected but without
microsoft checking this, I cant prove anything. I say
this because through the tree I see that the cd is
actually under the d: .* the root starts there and it
appears to have 500k or something that is protected. then
there is another (c or e drive which is my hard drive)
tree that starts with [drive letter] .* that lists a lot
of things too. I had full access to this finally and was
talking to microsoft phone tech who insisted that nothing
was wrong because instalation appeared to be ok. It isnt,
I can sometimes get verify to stay on and report the
files it can not replace which include and are not
limited to cyycoins.chm, cyzcoins.chm, digiras.chm,
dmutil.dll, driver.cab and dvdplay.exe... the list goes
on Im sure. It will use files that are close when
replacing others that I have destroyed. If I change my
boot.ini to be how it should be, I get two OS at the safe
startup, one is missing a hal.dll that will not load,
that is system number 2 and the first one is missing a
lot of hard drive space, I end up working in a very small
space that includes a virtual memory that I get tossed
into a lot. the only way to get my message out is by
leaving all intact and hoping someone can help me.
The only way microsoft has helped is by claiming time
after time that my system is fine, nothing is wrong with
my os and it is working as it should be. The microsoft
techs tell me what I am reading to them from the log
files cant happen, its impossible. Then they claim I have
the blaster virus. I tell them a person left a log that
claimed to have removed the threat of some virus but left
some sort of traps in place. my windows xp home edition
has been changed into a full fledged server with the
workgroup MSHOME and workstation of lanmanserver and
lanman workstation. I know a bit more about servers but
not enough to fix this and I do not have the resources to
fix it. it needs to be done from the outside in. someone
has to develope some sort of tool that will search and
destroy this from outside. well set the changes back to
what they should be. I believe it all comes from the OEM
cd, I see a lot of posts with little things that I can
relate to posted all over the place here and the same
senders email that I notice is given to me also. I change
my senders email to reflect my real email. If you are
interested in looking into this and seeing what you can
do to maybe help a lot of computers, please read the
replies that I will leave under my posts. I will be
copying and pasting a lot of the log files and other
files that I hope will not cause any problems or infect
others. please set up your scans to scan everything. one
thing to note, I found some log file that said in
part "when we say no, it means yes" Im still looking for
where that log file is, I know it keeps reappearing and
hope I did not delete it. It has info from the actual
setup of the base system in it. I can only get to it
after several attempts to get into the root system
folder.
I hope someone has an answer, none others appear to have
any.