Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


  • Content count

  • Donations

  • Joined

  • Last visited

Community Reputation

0 Neutral

About cTreamer

  1. As I sad I've Installed SP1 32-bit but none further Updates,Hotfixes and so on.Yes I've had Immediatly downloaded the LATEST VERSION and it doesn't start as click on it. Now I have another Problems Se7en_UA 6.5.7 after clicking on it some 7 seconds later it shows me first Dialog Box: I rename Appswitch.new file as required to Appswitch.dat file and click on it once more.So now it droped to me an second Dialog Box: Now it shows me some Error Why???????????????? Same issue also with Se7en_UA 6.5.8 version. There is no newer version right !! What is now the Problem I don't understand.
  2. As I sad I've Installed SP1 32-bit but none further Updates,Hotfixes and so on.Yes I've had Immediatly downloaded the LATEST VERSION and it doesn't start as click on it. Now I have another Problems Se7en_UA 6.5.7 after clicking on it some 7 seconds later it shows me first Dialog Box: I rename Appswitch.new file as required to Appswitch.dat file and click on it once more.So now it droped to me an second Dialog Box:
  3. As I sad I've Installed SP1 32-bit but none further Updates,Hotfixes and so on.Yes I've had Immediatly downloaded the LATEST VERSION and it doesn't start as click on it.
  4. Yes I Know,I did so at First I've Installed to C:\ and it didn't start. Than Deinstalled and Installed into my H:\Slipstream Windows AiO Folder and again mouse click on it 1-2 Seconds wait and it doesen't start again.Right Mouse Click and Run As Administrator was First what I've tried that I thought maybe could work. So it also doesen't work.Now I've installed Win 7 SP1 32-Bit but none further Post-Updates.How can I Fix this Problem???? Thank You Forwards cTreamer
  5. Hi I've Downloaded Today Se7en_UA 6.5.5 to My Slipstream Work Folder and than extracted it with 7Zip 9.20RC and than startup the Setup.I've installed it to C:\Se7en_UA and to my H:\Slipstream Folder without spaces.So now just normal with mouse I click on it and it doesen't Start. So WHY? My System: ASrock 890FX Deluxe5 AM3+ Motherboard AMD Phenom II 955 3.2Ghz BE C3 Stepping Boxed G.SKILL Ripjaws X DDR3 Ram 1866Mgz 11-10-10-28 2x4Gb MSI Raden R6970 Lightning Windows 7 Enterprise 32 Bit RTM Retail German(I am from Germany) None Service Packs None Updates Installed I have also Probelm Installing Win 7 32 Bit SP1 for Now some component during Installation is not completly downloaded Windows6.1KBXXXXXXXXX? What is this I don't understand. Thank You Forwards cTreamer
  6. Yes at me similar Problems. I've installed my Own Windows XP again and gonna scan again all 3 Partitions. So that for I hope this time I gonna get from Symantec Norton 360 v2.5 only False-Positives not such like Infected Win32.Virut.U or N or whatever. When is Symantec doing its Job well so I think gonna finally have success after 3 Months since October 2008. I wanna be just a quite sure you know and not to early say Ha Ha HA-He He He and this Bastard was still hidden in some EXE or DLL laughing to me that I haven't DEFEATED-DESTROYED him you know. I think I am very near to get out it of my System-Computer so till that nice Moment little bit of Passion is needed. I gonna Post again as earlier I can, if I had 100% Success or just Not you know. I have detected on the www.malwarebytes.org-Forum during my Searchings Actions in Google&Co some Person who has also same Problem and nobody had right answer for him, I've gave him a link to my Thread at msfn.org and sad that we have Resolution for him. So that's Great when somebody can help another one so you helped me and I am helping now the others as much I can. Greetings cTreamer
  7. Now it is working some another Norton, but it not matter I've updated the New Virus Definitions over 60MByte so I think that W32.VIRUT.CF dat is also on Board. So Now I am Scanning&Deleting&Quarantining and so on untill I have cleaned up all Infected Setup's and Msi's and simillar files. So at a first success gonna Post immediatly that winlogon.exe is no more connecting and downloading, till that very long hard way for me to go. Good Luck to All !!! Greetings cTreamer
  8. jellyhead: I have got Problems to install Symantec Endpoint Protection v11.0, each time I get a following Message in some small frame: Do you know why???
  9. So Itaka29 you are Welcome. As much user with same Problem, the better can be Resolution of some Problem. That for I think it's good that I've opened this discussion and should be spreaden to the other Forums. We have to make a Pressure on Security Software Firms that they should open theirs "Eyes" because time has changed and Cyber Criminals also with theirs Methods. People have no Time to wait over 3-Months and breaking theirs heads as just like me you know AntiVirus Firms should React faster and working with Goverement Specalists together(FBI,CIA,NSA). Over three Months ago I have detected this Problem you know, AntiVirus Firms are first now discovering and giving a Names to this threat. Are they are "Sleeping or What" lazy Manufactures. I am Scanning my Computer now Day-Night untill I have founded that small bastard. So Good Luck and thanks for your infos !!! Greetings cTreamer
  10. Kell: Yes of caurse is LEGALL. I've bough it on : www.sienersoft.de. This is very big Software Reseller here in Germany. I can this Reseller from some Computer Magazine. So that for I have paid 260 Euros 2003 with Original Microsoft Hologram on it and mine own Licence. So when I want to SlipStream something I make copy from Original CD XP Pro on the Harddisc and include all that files that I wanna Updates,AddonsPacks,Tunings,Tweaks ,SP3 so on. I know such Problems I am very carefully when I download something exactly because of it I con not understand what have I downloaded wrong with this BOT-NET Sever binary inside of it. I think it's enough for your Question to make short Kell !!! jellyhead: First I thought I can resolve this Problem only with IP blocking. So I've done it the IP: in mine Hardware Firewall Router is blocked to all 65535 Ports Local and Remote. After that I thought oh thanks God I've resolved this Problem. Ha Ha Ha after some days of no more connecting winlogon.exe to all Crap, this BOT-NET Server binary has recognised that I have blocked IP . That for it has changed the IP for infecting and my winlogon.exe is connecting now to IP: also in Hong Kong. I just wanna say that I am wondering that such small binary is so Intelligent to recognise all this you know. This is an example that behind of all such binaries are sitting Professional Cyber Criminals and IT Specialists-Hackers with very lot of skills over 150%. jellyhead: I gonna try now with that what you sad Symantec Endpoint Protection. Scan all my Partitions and hope that this Anti Virus find this injected binary. I have another Question on which Partition did find Symantec Endpoint Protection this hidden file on C: (BootSector) or your normal Partitions(Software,Music,Video). And was it injected into some EXE,DLL,SETUP,MSI,COM,SYS,INI,INF,DAT,REG files what has shown you your AntiVirus where was hidden that Main Infector of winlogon.exe. Thanks for your infos!!! Jobe111 have you somehow Resolve your Problem(Our Problem)??? Glaukus what you mean with that McAfee EXTRA.DAT files, the virus Database of Mcaffe or what. How are your Experience now after some days of Testing EXTRA.DAT definitions??? I have launched Stinger ,but it is making to many Heuristic for files that are even not infected. So which version has McAfee Provided to you??? I have Avert Stinger v10.0.0.482 and yours is newer one or not. As you can see now we are a 4 Persons who have this difficult Problem. So that one whoes first succesfully DEFEATS and DESTROYS this Problem ,should also make some Screenshots so that other can also follow the right way you know. Thanks a lot for Helping ! Greetings cTreamer
  11. Yeah but in this Case things are more Difficult. There is not only a RootKit you know, a BOT-NET Server which is himself injected into other files and the RootKit for it is only hiding its Residence in DDR-Ram so that user can't see how is it manipulating winlogon.exe. I gonna check up some Setup and Msi Installations that I've downloaded maybe there is it hidden. I have all Legal Software you know, how is it Possible that very known Software Freeware-Shareware getting downloaded that before has been already Manipulated and putten on the Server. Are these Hackers Intruding into Web Servers from all around a world and injecting BOT-NET Binaries into the Setup Installations??? Are these Web Provider-Owner,Computer Magazines,Freeware Sites,Open Source BLIND or what!!! Does they controll theirs FTP-WEB Servers to see if there some Programms-Software been Manipulated. Now aday you can not trusting even a Legall sites you know. It's a Big Catastrophe and Shame for all Security Labors-Centers how few knowledge they have got and can not Analyze even some small file to find out where from is it comming you know. I hope that Glaukus has some Resolution about this and his McAfee is going to make a very good Tool against this binaries. I am wishing Good Luck for all 3 us!!! cTreamer
  12. How do you mean Glaukus??? Is that something like small Anti Bot-NET Tool or what. I mean you must say to your McAfee Specialists that they should make this Anti-Tool in way that it's not only deleting the "Second Step,Third Step" as I mentioned above. That should also find and delete the Mother of this Night Mare "Step Number One" BOT-NET Server binary that's in some .Setup or .Msi probably hidden. jobe111: How did you mean that with PDF Reader Foxit Free Edition???. Was it already Manipulated as like Trojan Dropper or so. I don't know if this McAfee small Utility gonna help us 3. Waiting now for Results from Glaukus and than we gonna look further. cTreamer
  13. Exactly this have I done already on my other Computer-Notebook, with same own SlipStreamed XP Pro SP3+AiO. I'd got same Symptoms on my Notebook in other Room untill I decided to bring Notebook near to me some Computer Technic Services you know. I don't know what he has done and how, he has Installed another XP Home from other CD and make a scan with G-Data AntiVirus 2008. Over 5000 infections he has find what normally was I think that G-Data AntiVirus has also Deleted but Unattended that BOT-NET Server binary in these 5000 files you know.So Notebook has now a Peace winlogon.exe is not connecting any more and all this stuff in Task Manager. So but when I for example would now again Install XP from my own CD I am not sure if the Notebook gonna have same Problems or not you know. I mean if G-Data Soft did really find and deleted that Bastard BOT-NET Server binary whatever Windows versions Now would I install there should be no Problems any more. So probably is that BOT-NET Server also Hacking some Windows System files before ISO Image is maden and Burnned on CD. Greetings cTreamer
  14. jobe111: Yes of caurse I hate this things like Insects and Parasits. So the Biggest Problem is what we all 3 have(cTreamer,Glaukus,Jobe111) is to find in all our normal Partitions (Excluded C:) where is that somebody or somehing hidden. Because that somebody or something is exactly that one connecting to IRC-Channel on Port:80 and downloads the "Final Executor" this small file called 0032.exe or 0032.exePING. So that for first we must DEFEAT that hidden file or files, so after that when "the Mother dies the Children are dying Automatically". I mean Guilty is not directly 0032.exe file that is infecting all Windows System Services one after one inclusivly winlogon.exe, Guilty is that one which is downloading at first from Hog Kong IP Aresses all this Dangerous TROJANS,WORMS,VIRUSES,SPYWARE,MALWARE&Co and it's Normally after that when you have got some 0032.exe -TROJANS&Co in your Computer that they are Manipulating-Infecting Windows OS. Look at this screenshot that aprove that this file belongs to Most Agressive Binaries and is Recognised only by its MD5-Hash Algorytm even Name haven't got this file because Experts don't know which VIRUS,TROJANS&Co are inside of this file. Here are I think we have to do in this Case with Most Dangerous BOTNET-ZOMBIES infections, our Computers are commanding other Peoples-Hackers.This IP in Hong Kong is Residence Palace of Hackers from here out they are sending Commands into this hidden file-files in our Partitions. So from the other IP other ISP are getting finally files donwloaded as like 0032.exe or 0032.exePING. And this 0032.exe file or something like this is finaly downloading all that Crap TROJANS,VIRUSES,ROOTKITS,WORMS,SPYWARE&Co. So we have here I think 3 Main Steps before there Appears some VIRUS,TROJAN&Co in any Task Manager. But Most Dangerous of all 3 Steps is "Step Number One" this unknow-hidden Bot-Net Program so called "BOT-NET Server" and this is what is Responsible for all Night Mares. Short sad we must delete that hidden file that gives Hackers from all Around a World Access to our Computers turning these into ZOMBIE-Computers. I don't know with which Anti-Software should yet try to find that BOT-NET Server small Programm???? So this gonna take very long time untill we 3 guys had find out such Misterious Top Secret called BOT-NET Server binary. Greetings cTreamer Good Luck to all that have this Problem!!! CoffeeFiend: You are wrong!!! First here we have not to do with normal RootKits and this can defeat even some small freeware AntiRootkit. Second Formatting is not Overwriting of whole Partition cause that there is very Big Chance something get a survived on Partition. Third the Partition C: has nothing to do in this case and Formatting it brings nothing. Because that Dangerous file is not a standart RootKit recognised from all AntiVirus&Co Companys, it is a BOT-NET Server binary which is controlled and commanded from BOT-NET Clients located at Hackers Residence Palace OK(IRC Servers&Co). So that for there is nothing on Windows C: Partition and shouldn't-couldn't be deleted because the C: is clean in this Case.
  15. No I've only Prevx EDGE Free Edition tried. It's finding nothing you know. So I've downloaded Prevx CSI Free Edition and it is scanning now. No Prevx CSI has found nothing on my Windows C:\ . Still no Results I think it gonna take some Weeks before I find out where it is hidden on my System. I need some strong Tool that scans also mine other 3 Partitions and not just only C:\ you know. With this Prevx CSI Free Edition can be only scanned C:\ and not other Partitions. Where is in your Computer-Partition hidden this file have you already find out ???, because I think it is not on C: somewhere else in other Partition in Files like Rar,Zip,Setups,Msi,CAB,EXE,DLL,SYS,INI,INF or so. At searching in Google I've found one very usefull site: http://mtc.sri.com/ they are Treating of all kind such difficult to find stuff. What is Interesting that I have found exactly same Report as yours you know. Here is one Screenshot from http://mtc.sri.com/ :