1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Remote computer/ server has control of my computer & user profile

Discussion in 'Virus & Other Malware Removal' started by roothit, Jul 26, 2010.

Thread Status:
Not open for further replies.
  1. roothit

    roothit Thread Starter

    Joined:
    Jul 20, 2010
    Messages:
    6
    There is a remote computer/ server logging on and and controlling my computer.
    I realized that it has changed around around my files
    When I go into My computer, my profile windows logon is a folder under there along with the drives.
    There is also another folder called Common Files. I think THIS remote computer has changed my log on TO BE A dependent on a service that is logged on. Its called IANMAN COMPUTER. This is a personal home computer and the only one. So its not part of a network

    Commodo firewall REported/ detected that I was a new netwotk was dected that I was a part of

    The Hijack this log is pretty uslewss and does not show much.

    I found these lines using Regrun/ Unhackme:
    Windows Core Components tab in Regrun/ Unhackme
    Active Setup items
    --------------
    "%ProgramFiles%\Outlook Express\ setup50.exe" /APP:OE /CALLER:WINTT /user install
    shows this target file in system
    D:\PROGRAM FILES\OUTLOOK EXPRESS\SETUP50.EXE
    --------------
    --------------
    "%ProgramFiles%\Outlook Express\ setup50.exe" /APP:WAB /CALLER:WINTT /user install
    shows this target file in system
    D:\PROGRAM FILES\OUTLOOK EXPRESS\SETUP50.EXE
    --------------
    --------------
    %systemRoot%\system32\regsvr32.exe /s /n /i:UserInstall %SystemRoot%\system32themeui.dll
    shows this target file in system
    D:\WINDOWS\SYSTEM32\REGSVR32.EXE
    --------------
    --------------
    %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    points to
    D:\WINDOWS\SYSTEM32\SHMGRATE.EXE
    --------------
    --------------
    %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    points to
    D:\WINDOWS\SYSTEM32\SHMGRATE.EXE
    --------------
    --------------
    D:\WINDOWS\inf\ unregmp2.exe /ShowWMP
    shows this target file in system
    D:\WINDOWS\INF\UNREGMP2.EXE
    --------------
    --------------
    D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    points to
    D:\WINDOWS\SYSTEM32\IE4UINIT.EXE
    --------------
    --------------
    D:\WINDOWS\system32\ieudinit.exe
    points to
    D:\WINDOWS\SYSTEM32\IEUDINIT.EXE
    --------------
    --------------
    RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    points to or is supposed to be
    D:\WINDOWS\system32\IEDKCS32.DLL
    --------------
    --------------
    RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    points to or is supposed to be
    D:\WINDOWS\system32\IEDKCS32.DLL
    --------------
    --------------
    regsve32.exe /s /n /i:U shell32.dll
    is supposed to be
    D:\WINDOWS\system32\REGSVR32.EXE
    --------------
    I knew that setup50.exe for Outlook Express was hijacked somhow, but didnt know the extent because when I looked it up on the net it showed as a regular file.
    "ProgramFiles%\Outlook Express\ setup50.exe"
    It showed up on comodo but disappeared really quick, I count control or find it.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/938580

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice