the explanation is lengthy, starts paragraph 4

deviantphish said:
The below quotes are not originally posted by, instead they are ABOUT the indicated entities...

I originally posted in crashed and debugging as I don't think this is a virus persay. I think its someone who has managed to demonstrate their skills in a local network, but not necessarily a local area network, i.e. the home network.

My thoughts are its some kind of iSCSI file transfering going on, because the files are remniscent of what I've done with my disc in the passed, for instance using encryption or linux (see below). Although, the integration of the "symptoms" into programs which should be unrelated by default (but to an expereinced user are only a few bytes distance apart or between) sugests some real tampering or serious bugs...

I have some screen shots, and a shoddy explanation of the issue as my windows experience is not the best, and my programming experience is worse! as in none-what-so-ever.

Microsoft said:
post update, microsoft services attempt to access the internet via other
microsoft services despite all instances of updates being completely downloaded
and reported as installed. updates also download to the software distribution directory in
an encrypted format
previously, windows update downloaded a file 200mb in size. at the same time
temporary files 2gb in size were found in the temporary folder but not necessarily
reported as related to windows update.
unsolicited files have saved themselves to my external drive without being told to,
or apparently installed themselves as files seem installation related, ie eulas, dlls, batch files
etc. this is on using microsoft windows update and installing visual express
studio software.
internet explorer, on selecting the "prompt for all cookies first/third" option in privacy
under internet explorer prompts for most cookies although websites such
as youtube might be able to save cookies on playing a video file (this was
discovered via an internet proxy service which refused the playing of several movies
on finding googleadservices or ad-g.google.com cookies attempting to save
themselves to the pc without any prompt from internet explorer.
after initially selecting to show hidden operating system files in files and folders, the hosts lists is now
permanently visible. as much, kis2010 reported a vulnerability in hosts lists. not being able to reproduce the error
forces me to state it non-verbatim as per the alert: hosts-virus.vulnerability or something to this effect.
MS % Blizz said:
MS & the Blizz
perhaps a glitch of the innate language features and syllable recognition of windows indexing on vista and 7, windows is making its own
words up...for instance, if i type vista forums in the search bar, it may sometimes enter visit forums. its an odd variation of
autocompletion, much like you might see when using an online dictionary or word processor dictionary. i presume it has something to do
with suggested sites as i can see itself manifesting in the desktop search box, but not the internet searchbox, let alone the wow chat box.
this glitch has manifested in the first and last instances of these areas, the internet search bar and wow chat box.
Blizzard or WoW said:
BLIZZARD
wow installer post download and installation, on saving installation files
in order not to have to download again, presented a 30% incompletion size
in the files for wow on trying to reinstall.
the download files were "appended" although not growth in file size of the local copies
seemed to occur for that 30% incompletino size. although a third installation is being performed from the already downloaded
files, wow is still occupying 100% of my internet connections 19 tcp out
connections.
if interrupted, blizzard installer will:
a) not resume installation in the same temporary location although
it will proceed in the same absolute directory. installation will proceed
from the expected point, i.e. 10%,13%,and so on if installation is done
by downloading and installing wow simultaneously
b) if not downloading and installing wow simultaneously wow installer will not proceed
from an interrupted point and will install to the same directory, but in a second
temporary location.'
d)despite having "fully downloaded --as per above" installation files, wow installer
may connect to the internet at a speed of 1000 bytes per second while installing from
a local directory.
c)wow installer may report that the completely downloaded files either in initial
or appended size contain no data, and abort installation if not downloading from
the internet and installing simultaneously.
the following hp programs have been reported as malicious or suspicious
by both kis and cis: hp remote solution, advisor, various hp games and the
wild tangent service/platform for hp games. (hp farm game removed both
from the pc and cleansed from the quarantine on discovery as well as all other
instances of hp games)
blizzard suddenly decided to install files of a name in an encrypted format, on taking a screen capture all file names resumed a normal
format of azuremyst_003.whatever; etc.
3RD PARTY said:
3RD PARTY WEBSITES
a download from the lenovo website for drivers for the g550 was reported as
suspicious with a filename.root as the suspicion. this file is no longer in
the cis quarantine and doesn't appear to have ever been, despite having been
quarantined on discovery.
3RD PARTY SOFTWARE
internet download manager reported as suspicious heur (heuristic). this is
supposing it proxies its download connection or finds multiple instances of
a file in order to compile them into one setup executable and remains
simply suspicious, and not necessarily malicious. although an obvious threat to
security in this fashion. idman removed of the pc.
numerous programs including gom player, adobe flash player, and others have
made connections to the internet where there was no ready cause, for instance
on executing local files or while flash media not in use. gom player and adobe
flash have been removed from the computer (adobe seemed to reconcile itself on using
a patch provided by secunia PSI).
3RD PARTY HARDWARE
a file or program with the name ub3mon was reported as suspicious, similar
to my usb 3.0 driver and monitor application for nec electronics usb 3.0 usb3mon,
despite the application not being installed at this time.
HP --my PC OEM manufacturer said:
HEWLETT-PACKARD
hp updating of the advisor software from vista x64 on results in an inability to place shortcuts
on the advisor dock. this is irremedial without technical knowledge or assistance. likewise if these
updates are not performed from vista to 7, and a windows 7 upgrade is performed of the operating
system itself, advisor dock will hang up most of the time at system start, and be forced to be closed
at that time, or removed from the startup menu entries list to prevent
the recurrance of the bug.
hp has not digitally signed integral files that maintain installation or deinstallation of products/services by hp and as such
while deinstallation isn't made impossible, it is made a nuissance.
apparently despite restoring the computer to a factory state with hp recovery discs, the mbr is not removed and as such
i am randomly presented with the grub prompt for linux installations, although why this should happen randomly as opposed
to all of the time if it is a matter of the gru bootloader remaining on the mbr doesn't make sense to me whatsoever.
hewlett-packard/wild tangent games are repeatedly reported as malicious by numerous anti-virus software products like KIS2010 and CIS
 
Last edited:

My Computer

screen shots
 

Attachments

  • ....jpg
    ....jpg
    156.9 KB · Views: 22
  • 5456456.jpg
    5456456.jpg
    206.4 KB · Views: 37
  • boo.jpg
    boo.jpg
    210.8 KB · Views: 254
  • boo2.jpg
    boo2.jpg
    209.5 KB · Views: 52
  • sdfsdf.jpg
    sdfsdf.jpg
    169.3 KB · Views: 69
  • Untitled.jpg
    Untitled.jpg
    180 KB · Views: 25
  • Untitledghjghjg.jpg
    Untitledghjghjg.jpg
    158.3 KB · Views: 21

My Computer

NOTE: there is no indication in registry settings that it is a local issue either. I use Crap Cleaner to look at my registry and guage what it says is erroneous or invalid next to what activities have taken place on the PC. Aside from a constantly annoying and persistent .dvr extension in the registry (for windows mediac center apparently), nothing is out of the norm. all registry fixes pertain to activities made on the PC prior to the issue beginning shortly after the fresh installation was completed.

this being the first time in a while i've fresh installed and forgotten to immediately remove remote services and iscsi or device hosting prior to connecting to the internet is all the more suspicious.
 

My Computer

Back
Top