32 total posts
(Page 1 of 2)
anyone responding yet?
i got an email saying it was updated but i dont see any responses...
Tell us more ...
1. the make and model of the computer
2. how long you have had the computer
3. the operating system on the computer (as well as its service pack level)
4. What GROUP is your user account in (admin, power user, limited user, etc.)
5. What makes you think "the hacker owns the c drive" (open Windows Explorer and right click the C drive then look at properties. On its security tab click on the Advanced button and then select the OWNER tab in the resulting window and tell us what it says)
I am curious about these things because a RECOVERY PARTITION placed on the drive by the manufacturer is often SYSTEM PROTECTED.
Windows 7 will remember the NumLock's last state, meaning that if you log out with the NumLock on, it will automatically turn on the next time you log in; If you log out with the NumLock off, it will be off the next time you log in.
You can easily join or create a homegroup if you aren't paying attention to what you are doing.
Which of the Diskpart COMMANDS (diskpart does not use switches) are not available that make you think that diskpart has been "compromised"? Read this page http://support.microsoft.com/kb/300415
From what you have described so far I seriously doubt any "hacker" but think you might not be real conversant with Windows.
its custom made
ive had it about 2 years
its a gigabyte motherboard s-series h55m-s2v
gigabyte video ram.
there is no manufacturers partition as i had access to 500 gb when i first got it.
its running windows 7 32 bit (though i have more than 4 gb of physical ram installed)
i have access to an administrator account. but theres certain objects i cant access with it that are non vital.
i can run an admin privlidged cmd prompt but take own is not allowed. and previously i was asked for a password before acessing the c drive via cmd but no longer( i suspect he patched it)
i know the hacker owns the c drive because even though the appearance of my c drive is there. certain critical files are missing . and are non exsitant on my cpu. boot mgr boot ini ect have clones that dont do anything.
and when certain critical files have been moved or are in jepordy the numlock light goes on during boot. it hasnt nothing to do with its last state as i always shut it off.
and its the whole command prompt that is comprimised specifically cacls because obviously i could do alot with that.not just the diskpart program.
i really dont expect much help from you because youve just resorted to insulting my knowledge and havent offered much in a way of a solution. if youre so confident of your computer knowldge and my lack there off take me up on my offer of a remote connection.
also one last thing is iprenew/release and every other method results in the same ip address every time. thats a dead giveaway of a hacker.
"also one last thing is iprenew/release and every other method results in the same ip address every time. thats a dead giveaway of a hacker."
Sorry but that's untrue. My background includes writing router code back in the early 90's when routers were just coming out. I see a lot of folk want to help you out but it appears you have some per-conceived ideas that need to be worked out.
Some folk will take offense at such a comment and all you can do is wait for them to catch up or worse?
i guess you all know everything then and i dont.
every person on here has said im wrong in one way or another yet i know an unchanging ipv4 address when i should have an ipv6 address tells me something is seriously wrong. everyone but one of the replies might has well of not been said. either they didnt know enough, or just accused me of something. i can garuntee you that anyone that knew front to back ruby programming would just get me to download a couple cookies and confirm most of what ive said to be true. im not an expert i grant that but do you really think a firewall helps with a computer that has been compromised and has a hidden encrypted partition? if your answers yes please dont respond. and if you do know ruby programming try my computer. it shouldnt be too challenging to crack for anyone that does know it. esspecially with a willing aid at the computer.
and what on earth do you really think iprenew and realase do if not allow you to get a new ip? just a fancy way of disconnecting from the internet? seriously.
Your choice what to do next.
You are at a point where you have to decide if you're right or if it's time to catch up with folk that are willing to help you along.
I know of no major ISP fielding ipv6 so that's news that you can bring to the discussion.
-> LOVE RUBY! Great stuff.
Now about the partition. GPARTED has let be blast away such things before but be careful as if you are running 7, it's new partitions have really sent some folk into a tailspin not unlike your discussion here.
Bob (mostly embedded computing, apps, CPU designer, assembler to ADA and beyond.)
i also have something called trusted installer on my program. you can even google it, it has websites but i know its a foriegn program and what he uses to take control of my system. there are registry keys to treat some of its commands as "system" . could you tell me what you know about it? windows defender cannot start and actually has registry keys to delay its start.
you all seem to know so much why would that be. i look forward to your answers, well responses.
About TrustedInstaller. That's from Microsoft.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa382540%28v=vs.85%29.aspx and many other web pages. It is from Microsoft so if you want to think that's the hijacker then you're right. Microsoft OWNS this OS and those updates.
About the Defender issue. There's a lot of malware out there and many other reasons for it to fail. The clues are too sparse and you have been combative in your responses which has slowed any resolution to a crawl.
And now we are talking about TrustedInstaller, a Microsoft technology that you feel is something foreign when it's from Microsoft.
-> I'm guessing here that you don't care for Microsoft at this point. Did you want to discuss a move to Linux?
you know whats funny about that?
i have a clean computer used the same install disc that i dare not connect to my router or internet untill ive moved. and trusted installer is nowhere to be seen. maybe it comes in an update? lol but oh thats right i dont have those turned off but i get "updates" anyway. i really want to know why the other computer doesnt have trusted installer. i want to hear your answer. maybe it just comes in with my hard drive? i really hope you respond. and please be creative.
My answer is
I can't tell you exactly which update installs that. I am not a MSFT lacky but have written apps for many decades. Along the way you learn a little but in this discussion it's unclear what you want to hear. That is, if folk disagree or write an answer, even when it's clear that nothing is wildly wrong as we use this TrustedInstaller example.
Your thoughts about IP renewal are interesting to say the least.
i find you interesting as well
id like to know for what purpose microsoft added iprenew the name itself sorta implies a change and iprelease if not to give a different ip address. why are they there then? even my isp told me that it should have changed. but it never does. if you really think thats normal maybe you should be the one asking for advice and not me. all you have to go on is what i say and almost everyone has stated "thats normal dont worry about it" and i know a little more than ive been saying just to see what sort of advice was offered.
My background includes router code from
It was in the early 90's and our app then would hand out the same IP on a renew to the MAC address.
I see most DHCP servers do this today so why would you consider that incorrect behavior is something I don't understand. But then again, I was deep in router code long ago.
My advice is to not be as combative. Listen and learn.
Treesize Free says in the folder properties that TrustedInstaller is the owner of both my c:-drive, my Program Files folder and my c:\windows folder. And that's in an unhacked Windows 7 install.
Who else could be the owner, if these folders are made by the Windows 7 installer? Surely the installer trusts itself.
It's a free (and very useful) program (from JAM Software), so you don't have any excuse to not answer the question who's the owner of those three items on that "clean" computer of yours. My guess: it's TrustedInstaller!
you should have read more carefully.
i have a clean system with the same install disc. and there is no trusted installer on it. it just simply isnt on there. even when i wipe this computer trusted installer comes back. why? when a system using the same disc it doesnt show up at all. kinda weird. and the other computer works just fine.
Re: trusted installer
You didn't answer my question, alas.
Since trusted installer is a part of Windows 7, it should be there. This is mine:
It's version 6.1.7601.17514, copyright by Microsoft, dated 20-11-2010.
And what's yours on that "clean" system?
I don't expect you to answer that question, by the way. You don't answer many questions. You only repeat your paranoid statements about a hacked system.
In my Nov 16 post below, I explained what you should to do go back to normal. But it seems you don't want to go back to normal. Apparently, you enjoy suffering being hacked. Well, best of luck and enjoy.
This post./thread was initiated on 11/12/2012. It is now 11/17/2012.
Noted that OP is still talking about original problems with no apparent progress, nor have replies been made to indicate such solutions has even been attempted to be applied.
Seems to have made a point of ignoring most questions asked by other users here as well.
Some just like to complain; some may actually have a hidden agenda. Think the latter applies here, as many responses by the OP have actually been defensive and combative, and not grateful and thankful for any assistance. About the only thing the OP got out of this was the introduction to R. Proffitt and you, and also your consequent display of IT knowledge and experience.
No work appears to have been done yet to the sick system as far as I can tell.
A major point of the OP was to have someone connect to his/her computer, even tho it was buried in the post, by a remote connection.
Wonder if anyone fell for that one yet? What, exactly, would one find on the system if one did that? And, what exactly were the OP's expectations to repair any problems found, and how could these problems be fixed any other way other than a clean install and/or replacing the motherboard and/or the hard drive?
These problems cannot be fixed remotely. They can only be fixed by the OP, and no one else.
I think it time to lock this thread unless the OP shows the necessary initiative to start resolving his/her problems.
Am unsubscribing to this thread irregardless. Seems a total waste of time.
Please lock this thread if, in your opinion, you share this view.
Well, you answered some ...
of the questions asked but why not all? We are TRYING to understand your problem but YOU need to accept the help offered and respond to all the questions because we are not mind readers.
You keep saying that "the hacker owns the c drive" but you didn't follow up on the instructions to discover the actual OWNER.
We now know that this is a computer without a recovery partition but with Windows 7 you will have a small System Reserved partition at the beginning of the disk that serves two functions. First, it holds the Boot Manager code and the Boot Configuration Database. Second, it reserves space for the startup files required by the BitLocker Drive Encryption feature.
You mention "certain critical files are missing" but fail to name them so we don't know they are critical or even missing.
Now you are saying that the whole command prompt is "compromised" rather than just Diskpart which you initially claimed was the "compromised" command that I linked you to some instruction on its use. You say " its the whole command prompt that is comprimised specifically cacls because obviously i could do alot with that.not just the diskpart program" and again that makes me think you might not be familiar with Windows because cacls is a command and all the command possessor (the command prompt cmd.exe) does is run (process_ the command. Aren't you getting a nice little message to the effect that "NOTE: Cacls is now deprecated, please use Icacls." Additionally your syntax may be incorrect so this might be of help:
Bob has already explained that getting a new lease on the same IP address is not significant of anything, much less any "dead giveaway" of someone hacking or cracking your computer.
Back to the numlock, although it is last state oriented it is possible that the registry key is not changing and that you may have to do that edit manually - since you really seem to want to complain rather than work through the assistance offered I will only suggest you look up windows 7 numlock registry entry (just enter the search term exactly as shown in the bolded text and there you are. If you really were concerned about fixing that rather than ranting, I would even point you to -
the recovery partition is not 50 gb for windows.
at any rate tell me what you know about a program called "trusted installer" its on my computer and has taken control of it. and runs every time i do a system wipe. is it normal im really looking forward to your response on that.
the cmd doesnt list all the switches or even commands when i type /?
some of the explainations are wrong or missing for some of the commands. and i meant Icacls.
he or they rather can even control which websites i can go to for help.even a false windows site.
Trusted Installer is a Microsoft service
The Trusted Installer is a service named Windows Modules Installer. It handles Windows updates and optional components. If it is disabled, installations/uninstallations may not work. Trusted Installer is the 'owner' of most system files and registry entries.
More information here http://technet.microsoft.com/en-us/magazine/cc138011(TechNet.10).aspx
RE: "the cmd doesnt list all the switches or even commands when i type /?"
That is normal. It will only do so for the commands written to offer such help. For other commands try HELP name_of_command and for come others such as DISKPART you have to start the utility first then get the help screen because the /? switch only offers an abreviated:
/s <script> - Use a DiskPart script.
/? - Show this help screen.
Now if you were to type DISKPART then press the enter/return key to start DISKPART you could then type help to see the diskpart commands available to you for your use.
Regarding your belief that retaining the same IP address is some sort of confirmation of a "hacker" and your wondering about <b>"id like to know for what purpose microsoft added iprenew the name itself
sorta implies a change and iprelease if not to give a different ip
address. why are they there then? even my isp told me that it should
have changed. but it never does."</b> To start with there is no iprenew or iprelease - there are only renew or release switches for the ipconfig command. The switches are there so you can manually release and then renew an IP address should you be having address problems for some reason. If you are using the commands from a command prompt on your computer the commands are only working with your LOCAL network and affect ONLY your local IP addresses. If your router only has a few devices connected to it it is quite normal for your renewed address to be the same as the old one you just released. On the other hand if you disconnect your boradband modem or use dial-up services through a modem then it is the ISP's DNS Server that assigns the new IP address and with so many more connections it is common to receive a new address from the ISP. That 192.168.nnn.nnn address that you are so very worried about originates not with your ISP but with your router.
malware can be responsible for re-directs of your web browser and quite often are the result of some browser toolbar that you added - again, without evidence to the contrary which you have not produced your "problems" are NOT any "hacker" but simply your misunderstanding of how Windows and related elements such as IP address leases actually function.
I'll ask again for you to follow the guidance I previously offered for you to see and TELL US who the owner of your C: drive actually is since you claim it is this "hacker".
PS - READ the links offered to better understand things you have asked about and blamed on some "hacker". That is why we offer the links for your assistance.
<script> - Use a DiskPart script.
/? - Show this help screen.
If you enter the command DISKPART then press the enter/return key to start the utility you can then type help to see the commands available such as list and convert and select.
You'd have to clarify "MY SYSTEM ISN'T REALLY MINE TO BEGIN WITH"
it isnt mine because i cant control it
the hacker used true cypte i belive to create a hidden partition . im not very familiar with true crypt but im trying to learn it. is there any way to decryt a encrypted drive that used true crypt?
I can see you scared away folk.
Maybe all you need to add is a FIREWALL. I don't offer any help on selection and use but my opinion only. You need a firewall. That will lock them out.
Begs the question, who is hacking whom, alluding to my prior response.
im not a hacker.
i can prove it and you can by allowing a remote connection. you can put whatever you want on the hidden partition to see if the hacker might even talk to you. he knows everything... but consider this. why would a owner of a system use a partition that is less than 50 gb on a 500 gb ssd and then allow me to use the larger one? youll also see all the critical files are on this small hidden partition if you dont believe me as well as logs of MY activity. not the other way around. just depends on how good you are with your computer. ruby knowledge would be a bonus as i dont believe he knows much beyond c# and i know almost nothing about it.
Sorry, I'll Pass
1.) You say you are hacked.
2.) You will allow a remote connection to your computer.
3.) Now we have a mutual linked connection to my computer.
4.) You say you have a problem. Who's to say differently until the connection is made? Maybe this is a booby-trap for the naive?
5.) You seem to think we can help you with your problem via a discussion on c|net forums.. Sorry, you've a bit of work to do and since the computer in question is in front of you and not us, really cannot help do the work you need to do.
6.) Then there is the issue that this computer is not really yours; you do not own it, nor did you buy it?
If # 6 applies, why not give it back to the rightful owner and let him/her deal with this? Or just toss it, since it is not yours? You may not own it, but you certainly have that option. Just say you gave it away.
supposing youre right. im some hacker or theif and ive broken into a computer. someone has given me a pretty good response already. why not instead of hindering any help ill get by clogging my forum with unhelpful junk you just say nothing?
you might be right some of the time when you accuse someone of hacking or less then honorable intentions. but instead of wasting your time on them try helping people you actually believe need it. and honestly anyone that knew anything about programming would quickly realize that im not an computer threat in any way. though my hacker might be.
Mchain...as you said naive...no way in the western world would I do a remote under this circumstance..you'd have to be a brainless twit.
i should also mention
he can controll the sites i have access to as well.
Back to Computer Help forum
(Page 1 of 2)