Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TRO/ROOT KIT?


  • Please log in to reply

#181
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Thanks Ron. I see that Akamai is everywhere. It still has Word try to connect to it even though I still have to go through all the "Deny" use of "Digitally signed MS macros" in order to use Word and now even the Asus motherboard disk wants to connect to Akamai before I can read the manual of the motherboard. I am beginning to think I simply need to block Akamai. What would be the best way to do that? (The motherboard manual is only available in Chinese on the Asus site.)

Edited by DAV2, 19 February 2012 - 10:59 AM.

  • 0

Advertisements


#182
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Akamai is nothing but a hosting company. They have hundreds or even thousands of companies as clients. They essentially rent space on their servers out to anyone.

You could go into IE, Tools, Internet options, Security, Restricted Sites, Sites then put in *.akamai.com and Add it to the Restricted List.

Another option is to go into the hosts file and add akamai.com to it with 127.0.0.1. They have made it hard to do in Win 7 but I think HostsXpert by FunkyToad makes it a lot easier.
http://www.funkytoad...m_content&id=13

What might work better at fooling it is a black hole proxy (homer is a good one) in conjunction with a PAC but that is not so easy to set up:

http://www.ericphelp...rity/index.html

A black hole proxy lives on your PC and pretends to be a server. It will accept any connection but not let it do anything. You steer outgoing traffic to it by using the PAC.

Haven't used one in 10 years. I just used it to kill off ads back before we had AdBlockPlus but it could be configured to send all traffic to akamai to the black hole proxy.
  • 0

#183
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, there are no ifs, ands or buts about it. MS is definitely the source of the hidden macros. See snips. First no errors with "clean" install from holographic MS disks only. Then the Word security warning, signer and certificate. Now to regain my use of my computer I will use OO, but what do I substitute for WIN? All my software requires .NET to run. Can .NET be extracted and put into another "truly open" operating system? Win still insists on connecting to Akamai. I blocked it at the firewall level and noticed 2 errors immediately. First the search service and then the print service malfunctioned. Then I noticed Akamai used an entirely different 96.17.111.17 address to go around the firewall block right after Win disabled the firewall.
This reminds me of another story. Once upon a time this country had a great president and we have not had one since. That President's name was Abraham Lincoln. So great, that he has had more books written about him than any other being to walk this planet except, Jesus. Great, because he uttered the words "Government of the people, by the people and for the people shall not perish." Now certainly this means that limited Government of/by and for the people will not even dream of invading the privacy of the people's bedrooms while they are engaged in the worship of God himself. Right? That worship consisting and limited to just the most private ritual worship using only that which is provided by God himself for His worship. Namely man, woman and pot. And definitely not the God worship using only God provided holy rituals, God provided substances and actions of God worship in the privacy of ones own bedroom of "all night sex on pot."
Maybe, if we had many fewer wing nuts in Washington, we would have a real effective government that actually did the true work of Government of/by and for, by addressing real society destroying things such as man made crack, speed and EULA.
Yes, EULA works just fine, after all it is doing its real job just fine, according to MS. Gates after all, is the richest man on the planet. Now if some voters would stop voting into office all these wing nuts and Government actually stopped using all its wing nut time invading the privacy of the people's bedrooms and the worship of God, Himself, maybe Government of/by and for could actually address what needs to be addressed, so that I can actually use my computer as I chose. Who are these voters anyway. Don't they know what they are doing? Another quote "God forgive them for they do not know what they are doing." Any suggestions, Ron, on how to keep my "clean" computer functioning?

Attached Thumbnails

  • MSM.PNG

Edited by DAV2, 20 February 2012 - 02:43 PM.

  • 0

#184
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
MORE SNIPS

Attached Thumbnails

  • MSM2.PNG

Edited by DAV2, 20 February 2012 - 02:46 PM.

  • 0

#185
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
MORE

Edited by DAV2, 20 February 2012 - 03:13 PM.

  • 0

#186
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
LAST
  • 0

#187
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

The warning is for Smart Tags which are not a virus threat.

Go to Tools/Macro/Security and turn on "Trust all installed add-ins
and templates". This will allow you to trust the add-in but keep your
security level set to High.

If you wish to disable the Smart Tags then in Word go to
Tools/AutoCorrect Options and turn them off.


http://help.lockergn...pict516422.html
  • 0

#188
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron,thanks like usual, but I have uninstalled Word and started using OO. Win did its usual during the uninstall process of Word by insisting I give an unknown by unknown full access to my computer in order to uninstall Word and then it reconfigured Basic to allow installation of OO. That then led to no access to Akamai when I use OO so far. ((<br />)) Now all I need to do is to figure out how to see the hidden directories/ files that Win hides and to stop the insidious malfunction of Win by keeping the ((")) Search ((")) service functioning and stop all the hidden and not loaded drivers that are working just fine.((<br />)) I think I really do need a different operating system that still uses .Net. (At least, I am now rid, for now, of all the mysterious black boxes, that used to pop up and then disappear on the desktop.)

Edited by DAV2, 21 February 2012 - 07:32 AM.

  • 0

#189
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, I think I may have not understood. Could you please repeat the best and acceptable ways to prepare a disk for Win instalation? I kill disked, partitioned and formatted. I then re-partitioned and re-formatted to be sure. Then with the load of Win, it said that it had expired as of Christmas last year and was no longer a valid copy because I had not validated it by that time. Something on the disk had retained some information. How do I remove all info from the disk?


  • 0

#190
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
IF you have repartitioned there shouldn't be any info left on the drive tho I suppose it wouldn't hurt to go in and do fixmbr.

Did it tell you that it had expired before or after you connected to the internet?

If after then you probably need to call them:
http://www.sevenforu...ws-7-phone.html

If before then go into the BIOS and set the clock for back before Xmas. See if it still thinks it is expired.
  • 0

Advertisements


#191
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, I noticed that one of the kill procedures had errors. I assume that those are areas that it can not write. Since the disk checks out OK on all read operations, I assume Win is, may be, reading the areas that can not be written and getting confused. I low level formatted to remove all the non writable areas. Now is this the best way to load Win?

I never connected to the net nor changed any time during or after the load.

I did, however see that Win did let me actually see "autorun.inf" and "autoruns.inf" that I had placed as a test. So Win has the ability to hide and show files when it chooses, just like it can make a shortcut to a shortcut and then lose it.

Edited by DAV2, 22 February 2012 - 02:42 PM.

  • 0

#192
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
I wonder if the DVD itself has some kind of expiration date on it. That's why I suggested trying to change the date back to before Xmas.
  • 0

#193
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, for feedback, I low level formatted, kill disked, now without errors, partitioned, formatted and loaded Win from same disk on same computer not connected to the net and got no errors. Win simply must have gotten confused in the last load process, before the low level format. It does look like the reload of Win is taking longer, but it is at least working now without errors. I wonder for how long. I will watch for the first error.
  • 0

#194
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, some feedback. I want to thank you for all the help in getting Win to work. The low level format then a wipe, without the tens of thousands of write errors, then partition and then format looks like it is working so far. No search errors, Win stopped blocking seeing files. Can now see PNG files on the computer. No funny drivers that error load but are working just fine. Com... does not quarantine Avast as a root kit and Avast does not find Trojans and viruses in the page file. Com... (Does not fill up anything inside quarantine directory, unlike before.), MBAM and Avast scan clean. Eliminated Word, so no connect to Akamai possible there. Win does not turn off the firewall or A/V and the firewall and A/V have yet to crash. No pop up of unknown by unknown wanting to take control of the computer, only MS. Now all I need is to get up the courage to connect to the internet. Then, if all goes well, all I have to do is to repeat the process with a lot of other computers that are still doing all the above. It has been a long time since I low level formatted, but I guess I need to get used to it and remember to do everything not connected to the internet. Thanks again for all the help and I am very sorry that Combofix and some of the other tools that you used on the computer did not work better, because this is a lot of work. Any other suggestions to keep my "clean" computer clean, so I do not have to repeat this process every couple of weeks like I have had to re load Win for the last year? You see, the sad thing about it is that I have no idea how all the computers got this way nor how I really got one to work so far. I allays use A/V and never do any dangerous work on the internet. The most dangerous is simply following up on Google searches and I will have a hard time not using Google.<br /><br />After connect to internet for updates, Win started its old tricks by losing the A/V.

Edited by DAV2, 23 February 2012 - 08:44 PM.

  • 0

#195
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, feedback. The systematic self destruction of Win by Win did not take long to get underway. Following Win losing the A/V and firewall. Yes, not just turning them off (which it did), but losing where it placed them, now it is commencing on the path of continuing self destruction with “illegal” whatever that is, use of database by multiple threads, whatever those are. I hope I get more than a day or 2 use of Win, before it becomes totally unstable and useless now that I have connected to the internet for more than 1 day.

Attached Thumbnails

  • AVASTNOPATHS.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP