general queries

[mariner77]

Before diskcheck starts (before login screen) you are presented with a text saying press any key to cancel it.

That's what I did at first -stopped it from running.

But why would it happen in the first place ?
Is it strange that it kicked in automatically ?

Could someone have been tampering with my Windows settings ?

As it was, I did have a corrupt file segment.......

Another thing I was concerned about was whether any Windows/Microsoft "Services" had been stopped by the person tampering with my security(see my other post.....) that should be running(some of them say "critical").

Any advice about this ?

Thanks.


Split off from: http://forums.spybot.info/showthread...344#post311344

[Matt]

Could someone have been tampering with my Windows settings ?

If you don't use a password for Windows, everybody can log in when you aren't at home... Moreover, and that's more important here I guess, backdoor programs or rootkits can start and change different files on a computer...

I don't say that you are infected with these kind of Malware, because we haven't seen an HJT logfile or anything similar here.

Any advice about this ?

I have already given you a suggestion in your second thread.

Happy Safe Surfing!

[drragostea]

This thread is reaching far into space.
Well, this thread is already resolved. It could be FP made by Spybot-Search&Destroy (TeaTimer).

Checkdisk might have been put in the Startup Manager, but that's a different story.

[mariner77]

If you don't use a password for Windows, everybody can log in when you aren't at home...

I use a password(for extra windows security ?) even though no-one else uses my computer.

Moreover, and that's more important here I guess, backdoor programs or rootkits can start and change different files on a computer...

Yes this was my concern and what I guess happened......
Too much of a co-incidence to be anything else.

Apart frome running anti-malware and rootkit checks(which I've done using AVG) what is the best way to check for backdoor programs and extracted files, do you know ?
I've been scouring my hard drive looking for strange files, but to be honest, it seems that you need to be an expert to understand if a threat exists ?

I don't say that you are infected with these kind of Malware, because we haven't seen an HJT logfile or anything similar here.

I have already given you a suggestion in your second thread.

Well, I thought about posting a HJT log straight off but wanted to find out more first. Lucklily spyware doctor picked it up and my PC "seems" ok now.
Suppose I'd like to be doubly sure and post a HJT log but if I don't have any errors anymore, it's a bit unfair to do this and use up resources when the problem no longer exists......

Happy Safe Surfing!

Thanks (I might need it... !)

[mariner77]

This thread is reaching far into space.
Well, this thread is already resolved. It could be FP made by Spybot-Search&Destroy (TeaTimer).

Checkdisk might have been put in the Startup Manager, but that's a different story.

I suppose you're right it is a "different story" and not the initial question, but I'm sure you've gone "off topic" onto other related issues before ?

I'm honestly not trying to be offensive but no-one is forced to contribute anything if they don't want to.

At the end of the day I still have concerns surrounding my Windows security and start-up services and would like to discuss them with anyone willing to help.

Regards.

[drragostea]

Apart frome running anti-malware and rootkit checks(which I've done using AVG) what is the best way to check for backdoor programs and extracted files, do you know ?
I've been scouring my hard drive looking for strange files, but to be honest, it seems that you need to be an expert to understand if a threat exists ?

Hi there.

I'll usually leave it to the good guys (anti-malware) to search my drive. You never know if you have a good file, and you thought it was bad.

I usually use some of each, like MalwareByte's, a2 plus SuperAntiSpyware since I rely on them to catch the baddies :o)

[Matt]

Hi mariner77,

thank you for this update.

You can use the following tools (beside Spybot and AVG) to check your computer for Malware:
SuperAntiSpyware
A-Squared
Malwarebytes' Anti-Malware

If you need more help, you can use the Malware Removal Forum. Therefore, I have already given you a link.


If you have any questions, please feel free to answer again. We try to help you as effectively as possible.

[mariner77]

That's great advice guys - I wasn't aware of those products. (or had possibly forgotten about them a while ago)

Yes, I guess your right drragostea - you can't tell a good file from a bad one.

Suppose I was thinking along the lines of:

1) folders "created" on certain dates ?

i.e. Is it possible there may be uninfected software/files installed on my computer but there to spy on me ?

2) startup services that may be "stopped" when it says they are critical ?

On this point, should I restart any startup services that say need to be run ?

Sorry for going off on a tangent somewhat but if my Windows settings have been "tweaked" by someone else(possibly IMO given the automatic chkdsk run) then I'd prefer to know if possible.

Any steps I can take to ensure the integrity of my "services" or is this a forlorn or pointless task to attempt ?

Anyway, first stop for me will be to definitely install and run those programs you both suggested.

Many thanks guys, much appreciated.

[drragostea]

folders "created" on certain dates ?

No, because that question is vague. If you mean like how do we know what is going on in our computers when you check the folders for evidence, or how we can tell if we have malware by looking at the folder's last modified date, then no we can't. That is very unlikely.

Is it possible there may be uninfected software/files installed on my computer but there to spy on me ?

That is contradictory :o(.

startup services that may be "stopped" when it says they are critical ?

There are so many services and we only know so much. Just leave it be mariner.

possibly IMO given the automatic chkdsk run) then I'd prefer to know if possible.

That answer to your questions is very vague, like it's very hard to explain... There are so many things going on, like... if a boot AV scan started up out of no where tomorrow, I'll just cancel it and dismiss it since it was nothing. I can't lose sleep over that.

[mariner77]

No, because that question is vague. If you mean like how do we know what is going on in our computers when you check the folders for evidence, or how we can tell if we have malware by looking at the folder's last modified date, then no we can't. That is very unlikely.

I agree we can't tell if there's malware or not.

But I mean, if I came across a folder that was "created" at the same time as I got a possible another error or infection, and it wasn't me or my actions that caused it to be created, then wouldn't that be suspicious and possibly an indication of someone extracting folders containing files on my computer ?

If so, that may then affect my decision of whether to investigate the issue further....

Like a detective trying to gain clues to solve the case, I may not know what I'm looking for until I find the clues.

Whether I can do anything whatsoever without anti-malware software is another matter though (maybe I can't do anything).

As to whether people extract files or not, I don't really know. Do they ?

I take your general point though - let the malware finders do the hard work for you......

That is contradictory :o(.

Can you explain why ?

I was thinking of someone gaining "remote access" to my computer.

Is that totally impossible ?

Assuming just for a second that someone can tweak my Windows settings then what makes you so sure they can't gain access to other parts of my computer too ?

There are so many services and we only know so much. Just leave it be mariner.

Are you saying there's nothing I can do, you don't think there is any potential threat or it isn't worth my time investigating into it ?

That answer to your questions is very vague, like it's very hard to explain... There are so many things going on, like... if a boot AV scan started up out of no where tomorrow, I'll just cancel it and dismiss it since it was nothing. I can't lose sleep over that.

Fair enough, but if you'd just been censored and had other strange errors at the same time, wouldn't you be concerned at all ?

You seem to me to be quite trusting and "laissez faire" about many things in my opinion. And not really mega-helpful to be honest.

I guess you still think it's "highly unlikely" I had a youtube type attack ..... ?
In my opinion, I'm pretty sure in my own mind what happened.

If you're saying that it's not worth the effort to investigate, then fair enough, that's another thing, and I'd probably agree with you.

Personally I'd prefer to know the pro's and cons from a technical perpective rather than a "I wouldn't be worried" approach and make up my own mind what action to take, if any.

Anyway thanks for your opinion.....