I went through all steps - think someone has remote control over my computer

Hi all,

Well, I did everything in the sticky topics, but to be honest, I did NOT reset the Start Up processes to default because I've spent over 16 hours straight trying to figure out which processes and what I can do, to stop an harasser from gaining comlete control of my computer every night.

I have had apartment intrusions which have been ongoing, and I believe they installed not just a keylogger, but an entire wireless remote connect system to my computer.

They've disrupted web cam surveillance software I've had running to try to catch them, they've uninstalled some of my software entirely, and that's only what they've done to my computer!

I have an Intel Pentium 4 Processor
512 MBs Ram
Windows XP Pro Service Pack 3, with updates

By the way, this was a brand new, perfectly fine reinstallation of the OS in January, I think, or the first week of February, after a complete format, and the hard disk was thoroughly tested before formatting and was fine.

Now, not only has Avast disappeared from the System Tray, I don't know what to do because any passwords I try to secure to my user account (and I'm the only user) can be "seen" by the remote user, right? Not only that, but I just opened Task Manager and there are no users attached to the processes except for System, on ONLY ONE!

The overnight hours are when they typically screw around with my computer. Please, I am begging, outside of another total format and reinstall, HOW CAN I GET THEM OUT OF MY COMPUTER? Oh, "Spy Doctor" which I never would have bothered with reported a keylogger in a small, previously harmless astronomy app, so I removed the app from Start Up rather than uninstalling it for now, and it isn't running.

In fact, nothing will run - since I started all the tests on the do-first list here, my email won't get email from the server, Avast disappeared from the System Tray (and I did disable the real-time scanner before running the app that said I should, but declined to reconnect online without AV running), my firewall has reported one critical and two major application hijackings over the past 6 or 7 hours, and I'm so exhausted and upset, I just can't think of the rest at the moment.

Do you want my logs uploaded as attachments? They were all clean, as far as I could tell, yet something is terribly wrong.

Please, please help me.

Thank you,
Sandra

 

Hi, thank you for replying!

I'm not sure if I still have all the logs. I found, examining the system, several services they could use to control my computer, and I disabled them. I also just downloaded a security update for "hypeterminal" because, believe it or not, I'm thinking of using it for a Unix web shell account I have, rather than having to access it with a Java applet and a browser. But, right now, Hyperterminal is disabled, along with a bunch of other services.

But you see, I tried doing System Restore over and over again yesterday, trying date after date, closest to my recent clean install of XP, and each time it said it hadn't worked, however some changes were made. Some of the software I'd uninstalled and deleted from Program Files was back, some stuff was unchanged, some stuff was changed, and some stuff was gone.

I'm guessing that as long as I have all the services disabled that they could use to connect, then whatever software (VNS?) they might have installed is at least blocked, unless they break in again to my apartment, have my new computer passwords from any cams they may have placed in here (YES, I am paranoid, now!), or could crack them (my passwords).

I just found a little method of possibly fixing System Restore without (hopefully) losing all my restore points, from the Tech Republic site. So, when I get time, I'll try that.

I really want to thank forums.majorgeeks for the display of the related topics because one or two of them were what led me to realizing I could disable services the criminals could use to control my computer.

If things start getting wacky again on the PC, I'll post the logs if they are still in existence, or go through the steps again.

So Many Thanks!!!!!

Sandra

 

Hi Kes,

Thank you! I will organize the attachments ASAP. The delays are due to a lot of confusion as to appointments today; yesterday I tried to run an online test at SUPERAntiSpyware but I had disabled Active X and their instructions for re-enabling it were very confusing and time-consuming, and I haven't received their report yet, if they ever even did the diagnostic, because I started out in Firefox, and they require IE; and also I'm not doing too well - I think I still have Saturday's logs, but if not, I'll re-run whichever I need to get a new log.

For what it's worth, IE keeps getting new dll's and I'm not sure why unless it's connected to having disabled a bunch of services. The main reason this bothers me is that if I refuse the dll, Sygate (the old, freeware, unsupported firewall) reports a "Major" security problem, and I had read on someone's site that around 2 or 3 safe Microsoft system files can be replaced or piggybacked with malicious files that don't show their file extension, and it's a bug Microsoft never fixed.

I wrote down which files in my notes someplace, but can't locate them them at the moment.

Please excuse my many delays - I am having immense troubles trying to live in this apartment and get things done promptly.

Many, many thanks,
Sandra

 

Hi Kes,

*Please* forgive my long delay. I had begun to think everything that was happening on my computer (and in my apartment) was being done manually, because people hired by the apartment finder (I think, because I had an argument with him, and I think he's horrible) keep getting into my apartment, (which is on the 1st floor of the building) usually when I'm *asleep*, and that means they have a camera (or more) in my bedroom, because I sleep very erratic hours (and I detected a camera in my bedroom, directly across from my bed, on Sunday with a thing I bought from a spy store, but don't know where the camera is).

The nightmare of all this is that no one believes me! The police won't do anything because they say "unless a crime is committed", but B&E is a crime, and I can't *prove* it because the things that get changed around in here, in the police's view, are not evidence.

So I began typing in my latest password in the dark several weeks ago, because I thought any camera would be pointed at my keyboard, but they might have captured that password just recently because, today, when I got to my computer, my firewall had "encountered an error and needed to close" and who knows how many hours my firewall was non-functional. The last thing it reported was a port scan around 6 AM, which was around the time I was woken by a noise - just after 6 AM. I opened my eyes, to see if anyone was in my room, and forced myself back to sleep.

I've bought window alarms, that do keep going off, and door alarms - but I need to sleep with ear plugs, and in deep sleep I don't hear those alarrms from the two other rooms and the kitchen - and I'm pretty sure they've routinely come in through the kitchen window because it faces an alley, and has a handy dumpster to climb on top of right below it, outside. Plus, I sprayed pepper spray all around and over the kitchen window sill and saw it had been slid across.

On Sunday, I did my best to barricade my bedroom window with shelving and boxes in front of it. It had been broken, since the last time I tried to close it - the way the window opens and closes and locks. It will no longer close. These's still a small area where a small sized person could get through, but it's right over my bed, and I just can't imagine not noticing if someone were stepping over my head to get in there. However, the door lock remains intact, so there's no way I can imagine that they could get into the bedroom now except from the small gap in the bedroom window barricade.

I *know* how crazy this all sounds, but the B&E's have been going on for at least two months, I think. I was slow to start barricading the doors and windows and to get the alarms, etc., because I didn't know about all these gadgets - but it's not enough for the police. Even if I do find the camera, the police would probably say, "so how do we know it's not yours?" And each of the times I've gotten shaken up enough to call them, one of the first things they ask is if I'm on medication! (I'd been advised NOT to call them, because "they'd think [I'm] nuts.")

Well, the computer problems must be occurring due to local on-site tampering, while I'm sleeping. All the malware logs look clean (but still, apps keep encountering "errors and must be shut down").

I'm at my wits' end - I feel like I'm trapped in a Twilight Zone nighmare and I don't have the money to move - I used it all up moving *here*. It will be months before I save up enough to move again.

I'm so sorry to lay all this on here, I know it's off-topic, but having "malware" inside your living space is just so much worse than having it on my computer - they can still do *anything* criminal they could do by cracking my computer while they are actually in here.

I'm going to try to attach the logs now. Oh, there's no space for MGlogs.zip.

Thanks so much,
totally-freaked-out Sandra

 

Hi Kes,

Thank you! I'm a bit calmer at the moment, but worried about whether they can still get in with the bedroom window barricaded as it is presently with that gap a slender person could come through (and no decent barricade of the kitchen window because it's too high and large, and not enough barricading of the windows in the room next to the bedroom, and definitely when I go out (because they can use my front door, too)). It was only about four or five days ago that I *think they* somehow completely corrupted Peer Guardian 2, which I had been running. After the uninstall, I had to delete its folder in Program Files offline in Safe Mode, because there was no other way to clear it out. When I did a fresh install, it worked fine again.

But with Windows, who knows. It's just that when so much goes wrong after a completely fresh reinstall - and I *know* they messed around with the web cam software when I was trying to use it to get proof of them being in here, then all sorts of other things started crashing - well, you know.

Here's the log, now. And again, thank you so much.

Sandra (needing some sedatives)

 

Hi Kes!

Thank you for all this!

Go to Assist: I did uninstall that - it's one of those remote Dell session things - Partition Magic used something similar, to help me with problems. I did uninstall that.

Yes, I did pay for Spyware Doctor because it was the only semi-trusted app I could find that specifically said it could detect keyloggers (SAS says it does too, but it didn't identify the one that Spyware Doctor did - which might have been a false positive, but might not have been since the download for the app that was identified is at SourceForge, and the app is open source).

SAS is supposed to be able to find rootkits. Aren't they 'installed' when you put a copy-protected CD or DVD into an optical drive? I haven't done that (at least not since the new OS install), which is an aggravating problem anyway because I don't have DVD player and could only watch one on my computer so far.

Yes, I have passwords on my user accounts (only two, both admin) - and I said that the passwords on the account I use most had been cracked twice, or maybe three times - that's when I became concerned there was a camera in here, and bought all the window and door alarms, and a camera detector, which detected one directly across from my bed, which is how they knew when I was sleeping and could come in. I can't "find" that camera and I moved everything that was over there in front of the bedroom window as a barricade, and since my duct tape is missing, I taped a whole bunch of paper around the giant hole from the cable cord in the wall - since then, I don't think they've known when I've been asleep, but it might be too early to tell.

I will go through all the steps you've given me. Please be patient with me - I was hoping to try to rent a car this week (which seems kind of hopeless) to go drive to an area pretty far from here to look for a place to move. It's clear I can't stay on here with these break-ins, and the police doing nothing, and no one even believing me.

My energy is pretty low, so I'm very limited as to what I can get done. Very much want to update the things you outline below, though.

So grateful,
Sandra

 

Hi Kes,

I did *everything* you told me to do, including finally getting rid of my old Sygate firewall at the end, and installing the Comodo.

BUT, the Comodo went into a scan, even though I had unchecked the option to install its antivirus (because I already have Avast).

Also, my computer now keeps demanding something off the "Dell Resource CD" and I don't know what to do abou it.

But here are the new logs - if the first one is a list of rootkits, I think I'm going to be sick. The 2 bad registry entries on one of the other logs apparently can't be removed?

Thanks, and now I'm quite worried...

Sandra

 

Hi Kes!!!

Here it is. I'm not sure if this is even the same version, because it appeared on my desktop in a folder called "Diagnostics" after a blue screen yesterday.

So I'll attach the one I did before, too, which has the lengthier name (because I renamed it right after saving it).

More blue screens since yesterday. Not sure if my Comodo install went right.

Thanks so much,
Sandra

 

Hi again, Kes,

I tried to attach the same one I did before, but it won't work. Another thing that went wrong yesterday was that my monitor driver went missing. I called Dell tech support and at first, the computer "found it" by searching the OS, and I was able to adjust my screen resolution (because after a blue screen, the res was the lowest extreme).

But I found I'd adjusted it a bit higher than I had it previously and wanted my old setting again. When I tried to change the screen res, I found that I only had the option to have it at the lowest possible res, or the one I'd picked. So, I uninstalled the driver and we again tried to let the computer find it in the OS - that time, I got an error message which said something about causing major damage to the computer. So, I downloaded the appropriate driver from their site, installed it, but still have the same problem - I only have the option of the screen resolution I picked last night which is a bit too high, or the lowest possible.

Oh, and the computer blue screened again at some point after I decided I wanted to change the res I picked, and went into chkdsk on reboot which always upsets me because, before my reinstall of the OS in early February, each time it went into chkdsk (which was nearly constant after the first couple of blue screens), I had data loss.

That was why I bought Partition Magic, to protect as much data as possible in a partition other than C:\

And Dell always says, "You know, you can always just go back to the factory preset." But I don't *want* to go back to the factory preset, even if it's possible, because they preinstalled so much bloatware which turned out to be only shareware anyway.

If I were living in a secure environment, I'm quite sure my computer would be just fine. As it is, I have to change my password every week, at least, and only login when the room is dark, and make sure I set the screensaver to start if I'm going to be away from the computer/room longer than 5 minutes.

I'm so sick of having to turn out all the lights everytime I want to get to the desktop, and all these constant screw-ups. This latest batch of problems began when I took a nap without exiting my desktop into screensaver mode (which requires my password to get back to the desktop).

Sorry for ranting. I'm just in a horrible situation and can't see a way out.

Again, so many thanks,
Sandra

 

Hi Chaslang,

Please forgive me; I am so sorry. I misnamed the log, I think! I just gave it a .txt file extension - please let me know if this is the right log.

It says I already uploaded it - as gmer.txt?

My delay - Again, I'm so sorry!!! I was sick all weekend and hadn't checked the mail.

I'll re-do what you've told me to do, as soon as I can get offline and finish some things I'm doing.

Once again, please forgive my mistake. Thank you both so much for your patience and monumental help. If you weren't here, I don't know what I would have done. If you accept donations for maintaining this web site and forums, I will gladly make a donation if Paypal is accepted.

Thank you so much,
Sandra

 

Hi Chaslang,

Hopefully, here is what you last asked for.

Thank you,
Sandra

 

Hi Chaslang,

I didn't install Comodo Security - I only installed the firewall, but it gave 3 options for the security level of the firewall. Anyway, there was an error when I first installed Comodo, so I uninstalled it and reinstalled it in Safe Mode. I am pretty sure I ONLY installed the firewall.

I *don't know what malware problems I am having*. As I have said repeatedly, all the scans shoe up clean, but every time I come back to my computer, I find that changes have been made (such as today, settings on the printer).

I am having regular blue screens and my monitor will not give me more than two options for screen resolution. I updated the monitor driver - still have the problem.

I do not think these are malware problems. I think these are tamperings with my computer by whoever keeps getting into my apartment.

You don't want me to explain about gmer.txt, fine - I won't explain it.

Sandra

 

Hi,

Sorry for the delay. I thought you were through with me, so I haven't checked the mail box until now.

I'll follow your instructions.

I did buy the SuperAntiSpyware Pro but is it safe to run alongside Avast, or will they conflict?

What about MalwareBytes? If I'm using SAS Pro, should I also buy MalwareBytes and, if so, run it alongside both SAS Pro and Avast?

After you said it looked like I had installed Comodo Security Suite, I downgraded (disabled or removed - I can't remember their terminology) two of the 3 options that install when you install only the firewall. So, now I have just very basic firewall, I guess.

Is it important that I uninstall ComboFix?

The computer is still under warranty, so I was going to get back to Dell about the Monitor screen resolution problem. I'm not sure if they can help, though, so if not, I'll gladly look in the software forum.

I'll follow your instructions below. Please let me know if SuperAntiSpyware (paid-for edition) will run fine along Avast (I don't think I've ever noticed a problem with it running with Avast, except maybe once when I had Peer Guardian running also - I'm not sure if it had anything to do with that, but my computer had blue screened when I finally logged back on with my password), and if I already have that, if I also still need MalwareBytes.

Thank you.
Sandra

 

OK, I tried to uninstall ComboFix, *exactly* as you told me to. I got a message that there were no pointers to it, or it wasn't installed, or something. BUT, as of yesterday, I saw I still had the ComboFix logs, and I don't remember uninstalling it before.

Also, since yesterday, my computer has started blue screening again. (After about two months or more of being pretty stable.) I will have to ask what to do in the software forum.

Thank you,
Sandra

 

Hi,

I found ComboFix.exe and saved it to my desktop, so I will reinstall it, and then uninstall it, exactly as you told me to.

Now, I have to go to the software forum. :-(

Thank you,
Sandra