Jump to content

I have gone through innumerable PCs, OS, hard drives etc. in past 1.5 years common thread...


Recommended Posts

Guest ilovemsft
Posted

That is identifies as built in admin "S-1-21-1955630605-950701974-2966414360-1001". When searched on an Acer Aspire running Win 8 64 but, search shows the following, " search-ms:displayname=Search%20Results%20in%20Computer&crumb=location:C%3A%5C&crumb=location:D%3A%5C&crumb=location:cdc%3A%2F%2F{S-1-21-1955630605-950701974-2966414360-1001}.

 

 

I have lost many PCs a security problem that seems-by consensus of those few who could figure it out-to registry keys, programs, files, BIOS, device managers, disk management with one item in common. The corrupted files were all elevated beyond my capacity to remove- or beyond the capacity of any Anti-Virus/anti-spyware programs ( Avast, Microsoft Security Essentials Comodo, Bit Defender, Kaspersky Pure 3.0, Norton, MacAfee, Trend Micro, Panda, .... ad nauseum); remote support ( 4 separate paid level 2 MSFT techs, Support.com, Dell, Samsung, HP, Norton, PCeSupport (biggest waste of $$) Tools that have included; HijackThis, Hitman Pro, Combofix, Spybot, Adware, Rkill, TDSSKiller etc.); anti-malware; MBAM, Super-anti malware, Defender; Registry repair tools; Eusing, HiJackThis, , ... and so on, and so on. I have had at least 6 PCs 4 running Windows 7, 2 running Windows 8 taken to highest rated local PC repair shop.

 

 

This has cost a fortune in time and money and though I feel like I am fairly close to knowing the reason for the problem, I am no closer to knowing how to keep it from continuing to happen. The few details that have emerged throughout all of this are:

 

1) It seems to immediately infect any re-installed OS, new hard drive, and new PC. I had hoped to avoid this by switching to Macs but I needed Windows for the software I use professionally. When I boot camped Windows onto the MacBook, that was corrupt in the first day it was installed.

 

 

Realizing that this had to be something so basic and fundamental in the process of starting a new PC or OS I avoided any internet connection, flash drive or any other possible common denominator I could think of. From my limited technical knowledge, the closest I think any program or machine has come to identifying the root cause were the Support.com tech guy who inferred by the behavior of machine(s) that ir was likely the result of a Trojan Horse Attack that he thought was a variant of SireFef. I use inferred rather than discovered since all infected PCs seem to block internet access that have downloadable tools that might seem like a threat. Paranoid sounding? undoubtedly, however I will get access blocked results when I try to navigate to sites like Bleepin Computer. Pop-ups blocking "Run" buttons, and programs with extensions like .jpg rather than .exe. Early in this process when I knew less than the little I do now, I came across a setting that stated something to the effect, "allow PC to continue broadcasting even when internet is turned off/system is shut down". When I saw it originally it seemed as if it must have been referring to something far beyond my technical grasp. Though it still does seem that way, it sounds far more suspiciously malevolent after having spent a few thousand dollars on PCs and cures.

 

 

One of the many security programs I've tried to use actually had isolated the programs/registry keys that were most commonly infected and identified the infection as MyDoom. SpyBot S&D's free software has been as effective as any of the much pricier alternatives but runs into the same problem that stonewalls all the programs that have located issue, i.e. insufficient security privileges to remove or quarantine the infected files/registry keys.

 

 

Though I have a very limited understanding of the Command syntax, I have tried to follow to the letter any viable suggestion for removing these threats but run into the same "insufficient permissions" problems that are usually the first symptoms of this infection. They syntax of the registry keys does not permit modification or deletion of keys that show as corrupt. In the 18 months I have been wrestling with this issue I have seen similar questions go from non-existenent to overwhelming on Windows tech support forums. The answers offered by Windows techs never seem to work in real world, e.g. they do not account for grayed out choices, having normal permission granting privileges, read-only, ownership blocked by corrupt NT/System level admin profiles that seem to demonically counter every move I attempt.

 

 

So given all of the above- should anyone have made it all the way through- I'd truly appreciate any helpful suggestions on what to do- if not retroactively by helping me re-gain use of more than a dozen PCs than prospectively to keep any new OS or machines from getting infected? I have been trying to find if there are consumer level hosted platforms that run virtually, literally and figuratively, everything I can possibly keep from any Windows hard drive, hopefully that would include the OS, 3rd party software applications as well as data but I'm not familiar enough with the lingo to put a name to what I am seeking. I guess a hosted or cloud service that is Saas/PaaS (unsure if one alternative allows for 3rd party software or not). Sites that I have attempted to glean info from seem to already be geared to an IT person who is working with enterprise level software (and budgets). I'm not sure if Azure is similar to what I'm seeking and frankly do not have a very high opinion of the process of getting to a knowledgeable person in Windows support. The techs I've encountered after paying the annual support fee ranged from helpful (but unable to fix problem) to unhelpful (and unable to fix problem) to arrogant (and unable to fix problem). I'm not just singling out Windows techs but most of the techs who I have paid for their expert services (generally running the same free A/V software I could have run and when nothing leapt out, proclaimed PC fixed. (Since then I've read quite a bit about the infected files either appearing as or actually being Windows system files. e.g. CSRSS,exe, $RECYCLE.BIN, Autorun.inf) . Again apologies for length. Cannot figure how to attach logs since this is being written on MacBook. But will provide if possible,

 

 

 

I wish there were some way to condense this but every attempt seems to cause potentially important info to be left out.

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...