Is It Possible For Someone To Be Connected To My Computer?

Hi,

Tech Support at Optimum Online always asks if they can connect to your computer, when you have a question, no matter how big or small the issue. I feel weird about it but I finally let someone do this. They moved my cursor around and basically Cleared Private Data, yata yata yata...

They said that once they or I closed the chat window, they are disconnected. I was just wondering, is it possible for them to still be--or anyone to be connected to my computer?

Last night when I turned the computer on, the screen was entirely blue with a message in white saying there was an attempt to write to read-only files, and I had to start the computer over. I don't know if that has anything to do with this, but it never happened before.

Please let me know what to do or how to know, so that I ensure privacy?

Thanks,

Edna

 

Hi cinderedna,
Welcome to Major Geeks!

Your name is great! With regard to your computer problems, what does Optimum Online say about this? Is there a way to reach them by telephone or e-mail rather than having to talk to them via remote access? What security programs are you using? Do you have a firewall installed? The Windows Firewall is not adequate and needs to be replaced with a two-way firewall, so for starters, if you don't have one, I advise you to go to How to Protect Yourself from Malware and find the list of firewalls and install one of them. If you have a security suite, it will already have a two-way firewall and you won't need to do this.

After you rebooted your computer, did you get the same blue screen and the same message again? Is it a recurring problem or was it a one-time message?

abri

 

Hi Abri!

Thanks for the welcome and for the kudos on my name! (I don't know if you've heard of the children's picture book, Cinder Edna...it's great )

The firewall I have is Sunbelt and I paid the $15 to get the upgraded version. I think I started having problems when my child decided to disable it frequently in order to use google destop. For some reason Sunbelt blocks it and I couldn't figure out how to add it to an "accepted" list.

I've been using just Spybot and the AOL virus remover, which was free up until recently, so a couple of days ago I changed it to AVAST, and also did CCleaner, Ad Aware, Spyblaster, and I tried to do ThreatFire but Sunbelt kept blocking it...and again, I couldn't figure out how to get it to accept it, so I uninstalled it.

I have tried to get Optimum Online's tech support to do more. I've always said no to connecting to my computer and so they only instructed me to do the "Clear Private Data" and the "Options," (Remember visited pages..., Accept cookies...and Always Clear My Private Data...)

Each time they say that's all they can instruct me to do. The last time when they said this, I finally OK'd them to connect to my computer,...and that's all he did anyway!

I'm switching to Verizon next week.

But anyway, any suggestions would be great! I downloaded HijackThis, but have not run it, since I don't know how to read the results.)

Cinder Edna

 

Hi cinderedna,

I hadn't heard of the Cinder Edna children's book and I will look for it.

The bluescreen sounds like it could be malware. If so, it would help to run through the instructions in the READ & RUN ME FIRST so I can check your logs. Counterspy is bulky, but good. I'm not sure why it would be interferring with your programs. When you finish the instructions, please attach the logs with your next post.

abri

 

Hi Abri!

OK I did my homework. I did everything on the sheet except for downloading more malware remover and deleting some things in start-up because I'm not sure what is OK to delete and what is not.

The MSConfig adjustment...do I leave it like this from now on?

The making hidden files appear stuff...do I leave them like this from now on? Because on the one that says "(recommended)", the computer asked a second time if I was sure and made it seem like the computer can have problems if I do this.

Also I wanted you to know, that what has also been happening lately is sometimes, like 5% of the time, all my windows I have up suddenly close without warning, including the email I'm writing.

Also several people have been telling me that they have not received emails I've sent them. I don't know if it's coincidence, but this started occurring right after optimum online changed something (now you have a choice to change your email from optonline.net or optimum.net)

(More) When I start the computer up, I get two notes: one to download Windows Installer, the other download a new version of Adobe Acrobat. When I click yes, both of them say that they cannot work. The Windows Installer says because something's missing re "Sonic Updater."

Right now as I type I am defragmenting using IObit Smart Defrag.

Thanks,

Edna

 

Hi cinderedna,
Please attach any logs you got when you ran the instructions in the READ & RUN ME. This will give me a chance to see if there are any abnormal files on your computer that might explain some of the symptoms you're describing.
abri

 

Hi, OK I got this from the defragmenting program (which is still going):

Update History

Beta 4.03 (Jan 6, 2008)

* Fixed a RAM usage bug
* Removed optimized defragment (temporarily)
* Fixed crash bugs in some systems
* Fixed GUI bugs

Beta 4.02 (Dec 4, 2007)

* Fixed several serious bugs
* Fixed general bugs

Beta 4 (Oct 20, 2007)

+ New defragment engine
+ New optimized file placement algorithm
+ Improved AutoDefrag function
+ Improved program interface

 

Hi cinderedna,

After these problems started, did you ever try going back to a restore point from before this tech got ahold of your remote access? I'm not sure this would be possible, but it might get rid of the problems more easily than running all these tools.

If you've never gone back to an earlier restore point:
Go to Start / All Programs / Accessories / System Tools / System Restore
Select to return the computer to an earlier date and click on ok.
A calendar will come up on the next window with some of the dates highlighted.
Choose a date from before the problems began and select it.
Click on ok and allow it to run.

If this does not work, please attach the logs which are produced when you run the instructions in the READ & RUN ME FIRST.

Thanks.
abri

 

Hi Abri,

That sounds like a great idea, I'll try that (Systems restore). Before I do, is there any chance any programs or videos we've downloaded or files or text documents we've created or updated will go back to non-existence or to the point they were at, at the previous date?

CinderEdna

 

No. These files are not the type which are changed.

 

Hi Abri!

Do you happen to know anyone who does website changes and maintenance to an already existing website?

Best Wishes,

Cinderedna

 

Hi cinderedna,

I don't know anyone, but you need to find someone you trust with the work.

As for your computer, did you ever try the earlier restore point?

abri

 

Hi Abri!

You know what happened? I didn't try the restore point and then during the time you were helping me my computer got inundated with lots of email, junk mail, and I think I was away and by the time I came back your email got lost in a pile of stuff. Sorry I hadn't gotten back to you about that. I appreciate your help!

Also thanks for your advice about a web person.

Best,

Cinderedna

 

Hi cinderedna,
I've gotten a little lost in this.
How do you wish to proceed?
abri

 

Hi Abri,

The computer's OK now. Thanks! I did what you said (but the reversal thing) and it's OK now. I downloaded a bunch of stuff including CC, CWshredder, Kapersky, Spywareblaster (already had Spybot) but I think the biggest thing was that I bought him a firewall.

Just couldn't get around it. Haven't found a free one that does much.

Thanks again!

Cinderedna

 

Hi cinderedna,

I'm so glad to hear that! Thanks for posting back!
All the best with your computers!

abri

 

Thanks Abri! You helped a lot!

CE

 

Abri!!!

OMG I've been trying for hours and hours to get through to you!

Please help, something is seriously wrong with my computer and still can't get onto my verizon email and most websites it takes a long time and mostly times out before anyway.

I've been trying everything, it's coming up as no spyware or viruses but something is going on...

I know we usually don't go to Hijack this but I just did it and will paste it because I don't know if I'll be able to get back on here to post.

If you can, please tell me what to delete and I'll keep trying until I get read my yahoo email again.

Please please please Abri and/or anyone else...Thanks in advance!!!



CinderEdna

Logfile of HijackThis v1.99.1
Scan saved at 10:50:14 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.

 

Hi,

I made some educated guesses and it's still taking a while, maybe 2 minutes instead of 5 now to get to a page.

This is the new hijack this (also I deleted Babylon but it's still there in the browser and Best Crypt from the old Jetico firewall but I still can't delete it from Add/Delete on the Control panel (says error). Also, found Bulldog Puppy and Video Egg on my DD's desktop, deleted it from there. Also found "Signout.jsp" on my desk top, deleted it from there."

Also tried to download diagnostic tool, Kaspersky, new browser (Max) and RegSeeker and Advanced WindowsCare v2 Personal from here and they all said they were corrupt or weren't compatible with W32. OK thanks:

Logfile of HijackThis v1.99.1
Scan saved at 7:44:07 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.

 

Hi attached please find the logs for Super Antispyware, Malware Bytes, and Combo Fix. Spybot found nothing.

Thanks!

CinderEdna

 

Hi attached please find the log for MGtools.

Thanks!

CinderEdna

 

Hi I haven't written in a while because my computer was completely in a coma. After I did everything you said, WinPatrol (which you told me not to put on) said something came up re Win32 and I clicked accept and after I shut down I turned my computer on and it wouldn't, not even the not online stuff.

I really hope you guys aren't the ones who did this to me because I was trusting you to help me. I'm interested in putting together a profile of the type of people who create viruses and spyware. I wonder if they look like the slime of the earth or just are on the inside? Hmm.

CinderEdna

 

Hi Chaslang,

Thanks for your help. I'm glad you are not one of them and are out there helping people. I just got back online a few days ago because a friend rebooted my whole windows back to factory settings.

It comes with a trial of Norton but I've already after a few days my connection is going off and on. I downloaded Spybot, Spyware Blaster, CCleaner which I've used. Spybot found a bunch of spyware and got rid of everything except one thing.

I followed the read and run me directions again and also downloaded but have not yet installed the four mentioned SuperAntiSpyware, MG Tools, Malware Bytes and Combo Fix.

But I'm afraid to turn off my computer because who knows if it will start again?

Thanks,

Cinder Edna

 

Hi Chaslang,

Thanks so much! Because my computer was started over to factory settings, we don't have to worry about any of the old stuff like the Jetico remains and Scotty the dog. I already deleted Viewpoint Media, and changed my computer to reveal the hidden Windows stuff.

The only thing we have to worry about is what I've been downloading today because my computer keeps timing out and I've started compulsively downloading things. It was either that or ice cream and I'm out.

Although I have Norton trial, it's really annoying me so I downloaded Sunbelt. I had the paid version but I just downloaded the free version to try to have something because Norton seems to be doing nothing. But I don't know how to dismantle Norton and I have to find the phone number or email of my Sunbelt account to get the upgraded version again.

I've also downloaded installed and ran Spybot, Spywareblaster, Ccleaner, SuperAntiSpyware, and Sunbelt and downloaded but have not yet installed ComboFix, MGTools and MalwareBytes.

Right now I'm compelled to installed Antivir or something to kill whatever is timing out my machine but I will try to be patient or go in another room and meditate until I hear from you if I should or not. Or I'll just sit on my hands.

Thank you,

Cinder Edna

 

Hi

My computer was restored one week ago and I just started having problems again a few days ago. It's exactly how it started happening last time; the computer works fine and fast for about the first 10 minutes and then times out. But with a difference...this time I have Dell Network Assistant downloaded and when it times out, I minimize the pages I'm working on to find Dell Network Assistant behind it, with an illustration of the computer networking or making contact or something, and it says, there has been an error, contact your service provider.

Now here's the weird thing. Then I close that message, maximize the screens I had been working on, hit go on the URL, and they work again for another 10 minutes or so until it happens again.

Also a few hours ago, I used the Norton Removal Tool on here and removed Norton. I also installed and ran the rest of the three, Combo Fix, MalwareBytes and MG Tools. Then I removed Sunbelt and I downloaded and installed Online Armor Firewall. But the stalling is still happening.

 

Hi Chaslang!

OK it just happened again. And again, all I had to do to come back online was, I maximized this page, and hit reply to write this message, and boom it's working.

I copied down exactly what it says:

Network Repair Wizard

Network Analysis Complete!

We have detected a problem in your Service Provider’s Network. You should contact them for help with this problem.

 

OK thanks. I'm sorry I asked if the board was a spyware cracker. Please forgive me.

Cinder Edna

 

Hi, it's not my connection. I just spent a couple of hours on the phone with Verizon and they connected to my computer and found stuff they say is a lot of malware. They said they found rundll32.exe and dllhost.exe and several other things that shouldn't be in my Task Manager. Also for some reason they couldn't find my Task Manager at first like something had changed.

Last night the new firewall I put up said that DSAgnt.exe wanted to open something Windows32/cmp or somethign like that. Today the firewall said that Open Office wanted to open it.

Cinder Edna

 

Here are the logs from yesterday.

 

SuperAntiSpyware log attached. Last time Spyware found nothing. I'll try again now.

 

Hi I received a message from the firewall saying that a program wants to change your host file so that each time you type www.007guard.com it will be redirected to the computer 127.0.01.

Spybot found 3 PUPS of WildTangent. It cannot remove it. It says it will remove it when I restart but when I restart it still cannot remove it.

 

OK I will go to the software forum. Thank you, sir.

 

Hi Chaslang,

I'm back so soon.

Computer has been running fine but one of my documents won't open. I posted on the software page because it may be due to a lot of HP downloading today.

Malware question is, I right-clicked on the document name and clicked on the choice to have Malware Bytes check it.

My firewall said mbamswissarmy.sys wants to run program located at Windows\system32\dmas

Is this OK? I blocked it temporarily.

Then it said,

mbam.exe wants to remotely control Superantispyware

?

Then, mbam.exe wants to start another process, windows\system32\notepad.exe.

Should I let it or is this malware?

CE

 

OK thank you. Also, the firewall lists accepting two different Malware Bytes. The one I ran four days ago which I understand (Malware Bytes' 1.24), but then a second one listed as first being exposed to today (Malware Bytes' 1.00).

 

Yes but I didn't install it again today...and it looks like today's version is older.

 

All right, thanks so much Chaslang!

Also I want to delete from my Add/Remove:

I have Java (6) Update 4 and Java (6) Update 7. When I updated last week, Java said that Update 4 was their latest so which one should I delete?

Also I have J2SE Runtime Environment...is that connected Java? Should I keep it?