Major virus, trojan, worm, hack whatever...please help

What company makes your BIOS?

You could use Moo0 SystemMonitor as an alternative to Resource Monitor.

 

If a format does not fix it. Sell that computer and build a new one, there you have an excuse

 

Do not use images just the source (DVD first, manufacturer websites only), do NOT overload the system with software, keep it simple as already indicated. Your "virus" may be just the result of conflicts between software. Don't panic, don't be paranoid otherwise the "virus" will spread to your mind too as it seems now. Also provide concrete evidence on how you have assessed you have been infected. Logs, screenshots... etc. Otherwise this seems just a bad dream. Flashing BIOS? it was reported already been flashed... there is something phishy here as most of the posts of this kind, back history of your posts at wilders (privacy, VPN, etc..) also do not help

 

Yes, I think this is a possibility

but you might need to reset your cmos which will return your bios settings to unconfigured
http://www.youtube.com/watch?v=up9dSobkgf8


also

check your motherboard battery

change it to another good battery that is exacty the same

 

The image was created "after" the first possible trap I fell into, meaning I had the very first initial problem and had to rebuild and after I found Wilders over a month ago now. But it was done "after" I Dban'd the drive, flashed bios, and installed new off clean install disks. So the image was Dban, flash bios, Win install of original disk, office off original disk, not while connected to internet at all, connected to internet, all updates made to both win and office, disconnected from internet, Reflect added, imaged.

When I say "first possible trap..." I am not convinced that I am not dealing with two separate problems. The first problem, and then picked up a new one since during all these rebuilds. Although this I am not sure of either, and now that I think about it, something is telling me this could all still stem from the original problem and never really truly went away. Nothing else makes sense.

Also, since I started this thread and did the last restore the image I described above, and added a few things, I have not had the problem as of yet.

Last night, I went to MS update, and I have still yet to put mouse drivers on, so when I was making sure no new updates, I thought let me try MS' mouse driver instead. A lot of my problems seem to be centered around a specific file associated with Logitech dll from their site, I thought I would try adding MS logitech basic driver from the update instead of the one that I suspect might be a target for the attack that gets installed from Logitech directly. I noticed in OA keylogger and Zemana, this dll from logitech kept going off and I blocked it. When I looked in OA history, this dll was trying to access things every couple of seconds but I had it blocked. It should be pointed out that Zemana or OA keylogger never detected a problem with this DLL any time before these problems started and it was the same driver software on the system prior to it going off like crazy so why all the sudden post problems I thought? The file name was klwtblfs.exe

So I took the MS driver for Logitech last night and I keep getting messages in Comodo trying to access stuff for internet connections in the registry, open udp port, and DNS. I am assuming that it is only trying to connect to internet and probably safe. Before I allow anything to go through Comodo firewall though, I look it up on the net first. When I look up LogiLDA.DLL, most of the stuff that comes up all points to Trojan keylogger. I thought if this was such a normal file and update, why so many references towards trojan keylogger and not more info as to this being a safe file. I have blocked all instances of it for now until I check with you all to allow it to go any further. The other thing that keeps getting pointed to this DLL is "ComboFix" but it warns that it is a very complex program and can do more harm then good. However, it does talk about how ComboFix will catch stuff that most programs won't.

Since I am still running good (and quiet) from what I can tell, I thought I would check with you guys before letting this through my firewall. Thoughts? Should I try ComboFix since everything else failed to detect anything anyway?

Sorry I am very spacey with details on things that were happening "while" the fire was raging, but when you have adrenaline racing through your veins, you are not thinking clearly and only trying to react, rather than think through the problem. Here on out, I will have more specific details as they pop up. Half the time if I have a major problem, I just blow away drive and start over without worrying about consequences. I have never had something keep coming back for me to worry about documenting enough, nor had to seek help before. Lesson learned.

 

I truly wish this was an option but it is not. Not to mention, how fair of it would I be if all I did is passed along my problem to some other honest Joe who doesn't deserve it. Golden rule.

 

There is nothing fishy at all. I do a lot of research work, and often look at things (nothing illegal) that people don't like being looked at. Some times this research leads me down dead end paths or "traps" you can call them. Some of these folks will go to great lengths to create distractions to pull one away from truth. Some of these folks are really freaking good at their job, and nothing you can wrap your mind around.

Curiosity killed the cat. I don't want to end up a dead kitty. Sometimes you just have to run like an Antelope out of control...LOL

I can promise you in your wildest imagination, you wouldn't even be half close.

But please do continue on letting your imagination run away with you. My history, my posts, are my concern...you just focus on your imagination It's more fun that way. This has nothing to do with kiddie porn, hacking, P2P's, piracy, or no other monsters in the closet which most imaginations will run away with. There are monsters in the closet, but you don't have a clue about them yet. Believe it or not, there are some of us "good guys" out there that have our reasons. There is absolutely nothing I do that is against the law in my country or any other country out there.

There is nothing that I am saying that they don't know, and I don't know. No surprises here. This is just about getting things fixed, educated, learning how to deal with these problems as they come up, and getting back to work, which I have been away from for a month now.

What doesn't add up is why you would question it at all and just focus on being helpful. Curiosity killed the cat.

 

I see .... indeed ... all make sense now... LOL

 

Go to one of the Help forum and explain everything should help you out in case of 0day

 

Thread Title by The Oracle = Major virus, trojan, worm, hack whatever...please help

<<Snip>>hack whatever...<<Snip>>

[/QUOTE=The Oracle]
<<Snip>>...please help
[/TITLE QUOTE]

Is it possible that your reasearch lead you down another 'dead end path' trapped by your own dialog?

The help that you request can not be found here, we are unable to wrap our minds around the truth, not even in
our wildest imaginations, we have no clue, yet to our knowledge, of the monsters in the closet,
we are not even half close.

Your history, your Posts, are indeed your concern, or should be, however, when you Posted, you made it public.
When you made it public, you invited replies.

I promise you this, curiosity did not kill the cat, the disorderly antelope ran, the cat lives.


To focus on being helpful, not being an good guy, you can try first breaking down the partition tables completely
and then re-building the partition tables from scratch. This action will destroy any references to previous data
links to volume serial numbers. Then re-install the operating system from the orginal disk with no other software
installed but the operating system its self. Do not update Windows, Do not enable the Windows firewall,

Yes, Do make sure that there is an reliable Internet connection.

Run the Norton Power Eraser choosing the option to scan for rootkits, an reboot will be required, after reboot,
Norton Power Eraser will then make an Internet connection to check for updates and gather Cloud Information from
Symantec and continue to scan the system. After the system scan the results will be displayed on the Norton Power
Eraser interface with an local link to the full report.

Norton Power Eraser requires no installation, just download and run.
Norton Power Eraser is an specialized tool/scanner.

I do not want to go into any great lengths to create distractions or to pull away from the truth, so I will leave
the research for the above solution up to you, being that research is what you do most.


HKEY1952

 

Anything is possible

Thanks for the tips on the rest.

 

You are welcome The Oracle


HKEY1952

 

There is no 0day, only today, nothing more

Nothing I have said here hasn't been said elsewhere. There is nothing to hide from. Just trying to avoid tricky hackers when they like to toy with us which they do quite a bit Hate to be made someone's example and not have good documentation to prove that's all it ever was, just an example, and not who or what I really am. I don't do anything wrong, but in today's day and time, you never know what it could "appear" to look like to others.

Conversations like this are now part of public record and could only help prevent that from happening in the end is all. Nothing you are stating hasn't already been thought of "by" me friend People that have nothing to hide, have nothing to hide.

Not only are you guys awesome help technically, but my posts are also an insurance policy is all. Public record just like you said.

To anybody else "that really counts" I am just a speck of sand on the beach of humor. Just like you see it.

Just cause your paranoid doesn't mean they aren't coming to get you.

LOL

~Off topic discussion removed~

Enjoy your freedom of the internet for now....the world is changing Faster than what you think.

Oh and BTW...me going to help forums and talking about this is helping more than you might think.