Before diskcheck starts (before login screen) you are presented with a text saying press any key to cancel it.

That's what I did at first -stopped it from running.

But why would it happen in the first place ?
Is it strange that it kicked in automatically ? :confused:

Could someone have been tampering with my Windows settings ?

As it was, I did have a corrupt file segment.......

Another thing I was concerned about was whether any Windows/Microsoft "Services" had been stopped by the person tampering with my security(see my other post.....) that should be running(some of them say "critical").

Any advice about this ?

Thanks.


Split off from: http://forums.spybot.info/showthread.php?p=311344#post311344

Could someone have been tampering with my Windows settings ?

If you don't use a password for Windows, everybody can log in when you aren't at home... Moreover, and that's more important here I guess, backdoor programs or rootkits can start and change different files on a computer... :fear:

I don't say that you are infected with these kind of Malware, because we haven't seen an HJT logfile or anything similar here.



Any advice about this ?

I have already given you a suggestion in your second thread. ;)

Happy Safe Surfing!

This thread is reaching far into space.
Well, this thread is already resolved. It could be FP made by Spybot-Search&Destroy (TeaTimer).

Checkdisk might have been put in the Startup Manager, but that's a different story.

If you don't use a password for Windows, everybody can log in when you aren't at home...

I use a password(for extra windows security ?) even though no-one else uses my computer.



Moreover, and that's more important here I guess, backdoor programs or rootkits can start and change different files on a computer... :fear:

Yes this was my concern and what I guess happened......
Too much of a co-incidence to be anything else.

Apart frome running anti-malware and rootkit checks(which I've done using AVG) what is the best way to check for backdoor programs and extracted files, do you know ?
I've been scouring my hard drive looking for strange files, but to be honest, it seems that you need to be an expert to understand if a threat exists ?



I don't say that you are infected with these kind of Malware, because we haven't seen an HJT logfile or anything similar here.

I have already given you a suggestion in your second thread. ;)

Well, I thought about posting a HJT log straight off but wanted to find out more first. Lucklily spyware doctor picked it up and my PC "seems" ok now.
Suppose I'd like to be doubly sure and post a HJT log but if I don't have any errors anymore, it's a bit unfair to do this and use up resources when the problem no longer exists......



Happy Safe Surfing!

Thanks :bigthumb: (I might need it... !)

This thread is reaching far into space.
Well, this thread is already resolved. It could be FP made by Spybot-Search&Destroy (TeaTimer).

Checkdisk might have been put in the Startup Manager, but that's a different story.

I suppose you're right it is a "different story" and not the initial question, but I'm sure you've gone "off topic" onto other related issues before ?

I'm honestly not trying to be offensive but no-one is forced to contribute anything if they don't want to.

At the end of the day I still have concerns surrounding my Windows security and start-up services and would like to discuss them with anyone willing to help.

Regards.

Apart frome running anti-malware and rootkit checks(which I've done using AVG) what is the best way to check for backdoor programs and extracted files, do you know ?
I've been scouring my hard drive looking for strange files, but to be honest, it seems that you need to be an expert to understand if a threat exists ?
Hi there.

I'll usually leave it to the good guys (anti-malware) to search my drive. You never know if you have a good file, and you thought it was bad.

I usually use some of each, like MalwareByte's, a2 plus SuperAntiSpyware since I rely on them to catch the baddies :o)

Hi mariner77,

thank you for this update. :)

You can use the following tools (beside Spybot and AVG) to check your computer for Malware:
SuperAntiSpyware (http://www.superantispyware.com/superantispywarefreevspro.html)
A-Squared (http://www.emsisoft.com/en/software/free/)
Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)

If you need more help, you can use the Malware Removal Forum. Therefore, I have already given you a link. ;)


If you have any questions, please feel free to answer again. We try to help you as effectively as possible.

That's great advice guys - I wasn't aware of those products. (or had possibly forgotten about them a while ago)

Yes, I guess your right drragostea - you can't tell a good file from a bad one.

Suppose I was thinking along the lines of:

1) folders "created" on certain dates ?

i.e. Is it possible there may be uninfected software/files installed on my computer but there to spy on me ?

2) startup services that may be "stopped" when it says they are critical ?

On this point, should I restart any startup services that say need to be run ?

Sorry for going off on a tangent somewhat but if my Windows settings have been "tweaked" by someone else(possibly IMO given the automatic chkdsk run) then I'd prefer to know if possible.

Any steps I can take to ensure the integrity of my "services" or is this a forlorn or pointless task to attempt ?

Anyway, first stop for me will be to definitely install and run those programs you both suggested.

Many thanks guys, much appreciated. :bigthumb:

folders "created" on certain dates ?
No, because that question is vague. If you mean like how do we know what is going on in our computers when you check the folders for evidence, or how we can tell if we have malware by looking at the folder's last modified date, then no we can't. That is very unlikely.

Is it possible there may be uninfected software/files installed on my computer but there to spy on me ?
That is contradictory :o(.

startup services that may be "stopped" when it says they are critical ?
There are so many services and we only know so much. Just leave it be mariner.

possibly IMO given the automatic chkdsk run) then I'd prefer to know if possible.
That answer to your questions is very vague, like it's very hard to explain... There are so many things going on, like... if a boot AV scan started up out of no where tomorrow, I'll just cancel it and dismiss it since it was nothing. I can't lose sleep over that.

No, because that question is vague. If you mean like how do we know what is going on in our computers when you check the folders for evidence, or how we can tell if we have malware by looking at the folder's last modified date, then no we can't. That is very unlikely.
I agree we can't tell if there's malware or not.

But I mean, if I came across a folder that was "created" at the same time as I got a possible another error or infection, and it wasn't me or my actions that caused it to be created, then wouldn't that be suspicious and possibly an indication of someone extracting folders containing files on my computer ?

If so, that may then affect my decision of whether to investigate the issue further....

Like a detective trying to gain clues to solve the case, I may not know what I'm looking for until I find the clues.

Whether I can do anything whatsoever without anti-malware software is another matter though (maybe I can't do anything).

As to whether people extract files or not, I don't really know. Do they ?

I take your general point though - let the malware finders do the hard work for you......



That is contradictory :o(.

Can you explain why ?

I was thinking of someone gaining "remote access" to my computer.

Is that totally impossible ?

Assuming just for a second that someone can tweak my Windows settings then what makes you so sure they can't gain access to other parts of my computer too ?



There are so many services and we only know so much. Just leave it be mariner.

Are you saying there's nothing I can do, you don't think there is any potential threat or it isn't worth my time investigating into it ?



That answer to your questions is very vague, like it's very hard to explain... There are so many things going on, like... if a boot AV scan started up out of no where tomorrow, I'll just cancel it and dismiss it since it was nothing. I can't lose sleep over that.


Fair enough, but if you'd just been censored and had other strange errors at the same time, wouldn't you be concerned at all ? :confused:

You seem to me to be quite trusting and "laissez faire" about many things in my opinion. And not really mega-helpful to be honest.

I guess you still think it's "highly unlikely" I had a youtube type attack ..... ?
In my opinion, I'm pretty sure in my own mind what happened.

If you're saying that it's not worth the effort to investigate, then fair enough, that's another thing, and I'd probably agree with you.

Personally I'd prefer to know the pro's and cons from a technical perpective rather than a "I wouldn't be worried" approach and make up my own mind what action to take, if any.

Anyway thanks for your opinion.....

But I mean, if I came across a folder that was "created" at the same time as I got a possible another error or infection, and it wasn't me or my actions that caused it to be created, then wouldn't that be suspicious and possibly an indication of someone extracting folders containing files on my computer ?
Then take your painstaking time digging and searching for that folder, assuming you know what it is and where it is.
My suggestion is to upload the folder to VirusTotal (a army of anti-virus on demand scanning tools).

Can you explain why ?
This is because if someone plans to spy on you without your consent, it is already logically considered malicious or unwanted. Agreed?

Are you saying there's nothing I can do, you don't think there is any potential threat or it isn't worth my time investigating into it ?
I'm not saying you can't do anything, but it is consumes a lot of your time. Maybe not depending on the services you have running, but for basics, you have to know what they are and what they do (Google is your friend).
This is Spybot support forums, not Windows.

Fair enough, but if you'd just been censored and had other strange errors at the same time, wouldn't you be concerned at all ?
Not being smart, but in my eyes no, because that has not occurred for me.


You seem to me to be quite trusting and "laissez faire" about many things in my opinion. And not really mega-helpful to be honest.
Maybe because I don't share your perspective and read the same quantity of articles that you read and spend my time on net neutrality. I just don't read all the articles you read to put it. I would disagree if I was not "helpful" at all, because I tend to answer your questions straightforward. Even if you are a novice, I answer it as 'helpful' as possible. Your the first member I've met that goes through all these topics. I try to answer the best I can, but in return I might not expect the most understanding responses.

If you're saying that it's not worth the effort to investigate
I'm not saying that, not implying it either. I would assist you, but I don't see how this is related to Spybot-SD at all.

"I wouldn't be worried" approach and make up my own mind what action to take, if any.
Or maybe because that might be what I would do if it was my own machine, but hey you know your PC better than others.

If you were digging holes, you might be digging 10 feet instead of two. Honestly, it's probably because you start questions from another query. Like if it was a deleted Youtube comment, you might say it could probably be someone attempting to invade my system that causes this "censored" problem.

Then take your painstaking time digging and searching for that folder, assuming you know what it is and where it is.

I was thinking of a windows explorer search by date and time range - I can leave it running no problem.



My suggestion is to upload the folder to VirusTotal (a army of anti-virus on demand scanning tools).

That's great, thanks.



This is because if someone plans to spy on you without your consent, it is already logically considered malicious or unwanted. Agreed?

You mean the file(s) are identified by definition as "malicious" by how the anti-virus/spyware program identifies them ?
I take your point......

So basically, if I can't find it by scans then it's probably not worth being concerned about ?



I'm not saying you can't do anything, but it is consumes a lot of your time.

True, but so does sitting waiting for scans to finish.....

Sorry for taking up too much of your time.

Ignor me if you like (really ! I'm not trying to be horrible :))



Maybe not depending on the services you have running, but for basics, you have to know what they are and what they do (Google is your friend).
This is Spybot support forums, not Windows.

I only asked because I thought there might be some simple answers like "Yes turn all your critical services on which are not on".
Point taken though - I don't expect help with every single starup service on my machine.



Not being smart, but in my eyes no, because that has not occurred for me.

Fair enough - I take your point.
I suppose it's true that unless you experience something yourself, you can not appreciate what has actually happened.

I guess you may think I am "dreaming the senario up" in my mind but I'm 99% sure I'm not.



Maybe because I don't share your perspective and read the same quantity of articles that you read and spend my time on net neutrality. I just don't read all the articles you read to put it.

Without wanting to brag at all, it's probably the only place where I know more about computing than you - that's why I know what's really going on.......



I would disagree if I was not "helpful" at all

You have been most helpful, honestly.
Thankyou for your time. (and patience with dealing with me ! :))



because I tend to answer your questions straightforward.


Well, I beg to differ a little.
Yes you give a straightforward answer, but like a lot of technical people I've met, they tend not to answer the question posed to them, but give their own take on what they think may have happened.

A lot of the greatest brains make poor teachers......

I'm not trying to bring you down though, honestly.
Just my humble opinion about technical people.



Even if you are a novice, I answer it as 'helpful' as possible.


I am a complete novice ! :D:

Your knowledge of all this stuff fars outweighs me, but I'm technically a good problem solver too. (maybe that explains my number of questions......)



Your the first member I've met that goes through all these topics.


I know - maybe I could be briefer and I apologize that I ask too many questions.

Just from my point of view, I'd rather thrash it out now than revisit it later in the day.
I take your point about being Spybot-related though, maybe this is not the place to ask so much......

It's probably because you've been quite helpful that I do ask so much.

:thanks:



I try to answer the best I can, but in return I might not expect the most understanding responses.

Sorry I don't wqnt to come across as being horrible to you, but can I give you my honest opinion? (and criticize you again ? (joke :oops::red:))

I got a bit frustrated by you hypothesising about what may have happened or what I might have done, when the plain facts were that there was nothing that I had done to get the red shield error.

I got censored and it popped up instantly.
That's just the fact of the matter.........

Sometimes it better to trust people and answer their questions specifically than to imagine scenarios that may have happened, which you don't really beleive can possibly be true.....

Anyway look, please don't hate me for saying that.

I don't mean to cause you any offence or bring you down at all because you have helped me a lot and I appreciate it, really I do.

I know I'm a pain up the @rse askign so many questions, but that just the way I am, due to my limited knowledge on the subject.

I'll try my best not to ask too many unrelated questions in the future and do more research myself than relying on the forum so much (I'll find it tough though !)



I'm not saying that, not implying it either. I would assist you, but I don't see how this is related to Spybot-SD at all.

Fair enough - point taken.



Or maybe because that might be what I would do if it was my own machine, but hey you know your PC better than others.

Fair enough and point taken - you can only say what you would do yourself.

It's not really a case of knowing my machine better, It's more a case of knowing how sites like youtube operate (in addition to what actually happened right before I got the shield up)



If you were digging holes, you might be digging 10 feet instead of two.


I probably am now by asking all these questions...... :surrender:



Honestly, it's probably because you start questions from another query.

Fair enough - it's not exactly Spybot related, though to be fair I felt I never really got an answer about why Spybot couldn't fix it.
Remember I said it didn't matter whether I clicked "I have my own anti-virus program" or not ?
Maybe I misunderstood and it was more of a "notification" message from Spybot than an error to be fixed....



Like if it was a deleted Youtube comment, you might say it could probably be someone attempting to invade my system that causes this "censored" problem.

There you go hypothesising again.......

What happened was that I pre-drafted my reply into 2 comments - posted the first one, then went to post the 2nd one 10-20 seconds later and bang - all sorts of weird stuff, like the red shield, AVG message and "End Task [[[[[[[[[[[[[[[[[[[[[" on shutdown etc....

So my comment wasn't "deleted", the 2nd one never made it after the first one. There's a very good reason for this too, but I wouldn't want to bore you wit the details (it is very interesting however......)

You may find it difficult to believe me when I say I got censored, but you're just going to have to trust me on this one - after all, I should know ?

I know to the normal good and trusting soul it sounds unbelieveable that anyone would do such a thing, but when you consider how many scams there are on the web and in the world in general, it isn't that difficult to believe ?

I got censored and the red shield error kicked right in right away.

That's honestly what happened.

Why do news sites like BBC have "moderated" comments ?

I could show you news articles about the US government and congress wanting to give Obama an internet "on/off" switch but I don't want to ram it down your throat.....

Anyway........
Just running a SuperAntiSpyware and a-squared scan now.

May I ask, can I ask on this forum about other malware-related products ?

Maybe I should seek help from their own "support" groups - probably me being a bit lazy and wanting to ask everything here.

Just that I've got "trace" errors from asquared but am wondering if removing them will affect the running of the program I already have installed......

Tell me to use their support if you like, no problem at all.

Anyway, thanks for your help dr, you're a good and helpful guy and despite me being highly strung, I appreciate your help a lot. :rockon:

Yours,
Mr Cantstopwriting........