Author Topic: Help?  (Read 19696 times)

0 Members and 1 Guest are viewing this topic.

Online Elderberry

  • TBR Contributor
  • *****
  • Posts: 24,281
Re: Help?
« Reply #25 on: August 18, 2018, 04:27:18 pm »
I

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #26 on: August 19, 2018, 05:21:34 pm »
@InHeavenThereIsNoBeer
@DB
@Elderberry


SHOOT!  I'm seeing now that my previous reply, laboriously typed out on my phone, didn't post!  GRRR...I wasn't trying to ignore anybody...


As I recall, my points/questions were:

1) What am I looking for, with the netstat -an | find "443" and netstat -a | find "live"?   I had LONG lists on the first, as I had 350+ tabs open in Google Chrome (yes, I mean it...).   I have been trying to get an old laptop running, to run it on a working computer.  Should I be running those while it "sits and spins" looking for the site?  Should I pipe them to a .txt file and post the results here (uh, it contains my IPv6 address)?

2)  I don't think I infected myself, as I thought I just waited to go to my work computer and then changed it there (without clicking anything).  Then again, I've been working to the point of literal exhaustion lately, and I'm not going to trust anything I did.  So perhaps I did do something stupid.  (We always think we won't be stupid enough to be phished . . .  :shrug:)  Right now, I can't check the alert e-mail I got to even see whether it's a phishing e-mail because I can't get to my e-mail on my desktop!  The funny thing is, viewing the e-mail on my phone doesn't show any link I'd have clicked...but... I'm going to operate on the assumption I was stupid and just mis-remember what I did.  The circumstantial evidence sure seem to point that way! 

3) I've followed the steps here: https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide// after my Avast! didn't find anything.  I still think the most likely scenario is malware, though. 

4) If the malware is gone, there still seems to be somewhere it's intercepting (or trying to) my attempt to get to microsoft.com or login.live.com (and maybe others).  I guess even if I've removed the malware, I need to get that back.

5) If I do a "repair" with my original Windows 7 disk, will that likely patch up any problems the malware caused (opening ports or whatever)?



I'm a terribly disorganized person, and I'd really like to avoid having to reinstall everything.  But is that what I have to do?

Thank you SO much!
« Last Edit: August 19, 2018, 05:40:45 pm by Suppressed »
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline InHeavenThereIsNoBeer

  • Hero Member
  • *****
  • Posts: 4,127
Re: Help?
« Reply #27 on: August 19, 2018, 06:40:18 pm »
@Suppressed

I can speak to #1.

Each TCP connection uses a source IP, source port, destination IP, and destination port.  You might think of the IP as a phone number, and the port as an extension (but in TCP we use extensions on both sides).  netstat shows us these connections, along with the state that they are in (generally, ESTABLISHED or CLOSE_WAIT for a good connection, SYN_something for a connection that is hung in the initial setup).

Here's an example of a connection I have open (using different port because it's a different protocol, and not on MS so the syntax is a little different).

hawkeye$ netstat -an | grep :22
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN     
tcp        0      0 172.30.219.103:45151        172.30.219.110:22           ESTABLISHED
tcp        0      0 :::22                       :::*                        LISTEN

hawkeye$ netstat -a | grep wolverine
tcp        0      0 hawkeye:lds-distrib         wolverine:56510             ESTABLISHED
tcp        0      0 hawkeye:nfs                 wolverine:rndc              ESTABLISHED
tcp        0      0 hawkeye:mysql               wolverine:52692             ESTABLISHED
tcp        0      0 hawkeye:lds-distrib         wolverine:56508             ESTABLISHED
tcp        0      0 hawkeye:mysql               wolverine:52690             ESTABLISHED
tcp        0      0 hawkeye:45151               wolverine:ssh               ESTABLISHED

Okay, first thing to note is I added a colon before the 22.  I don't need to see every line with a 22 in it.  I could even use ":22 " to cut it down further if necessary.

netstat with -n shows me only numbers, while w/o it it looks up the hostnames associated with the IP address and port if available.

Looking at the two lines that have the same source port, 45151, I can see that the connection is established.  I can also tell what addresses it is using.  The latter will provide a clue if the address doesn't "look right".  From there, we would use other tools to determine if DNS is providing the correct information, or if something like a virus is bypassing that information to try to trick you into providing your login info on a site that looks a lot like hotmail/microsoft. 

You want to run these while it is spinning.  If the connection is http/https and sucessful, it's going to stay open a very short time after you load a page so you have to be quick.

There shouldn't be anything wrong with posting your IP, because that IP should be one that is only available inside your house/work/etc.  But if you want to dump it to a file and search and replace, go for it.  As long as you're not seeing anything when you look for "SYN", we should never need to care what your local IP is, only what you are trying to connect to.
My avatar shows the national debt in stacks of $100 bills.  If you look very closely under the crane you can see the Statue of Liberty.

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #28 on: August 19, 2018, 06:57:29 pm »
Each TCP connection uses a source IP, source port, destination IP, and destination port.  You might think of the IP as a phone number, and the port as an extension (but in TCP we use extensions on both sides).  netstat shows us these connections, along with the state that they are in (generally, ESTABLISHED or CLOSE_WAIT for a good connection, SYN_something for a connection that is hung in the initial setup).

When I ran   netstat -an | find "live",  nothing was returned.

When I ran   netstat -an | find "443",  I got several.  I'm private messaging that listing to you.

Quote
netstat with -n shows me only numbers, while w/o it it looks up the hostnames associated with the IP address and port if available.

I tried running   netstat - a > netstat.txt and I don't see anything that looks obviously like a microsoft/live.com address.

Quote
Looking at the two lines that have the same source port, 45151, I can see that the connection is established.  I can also tell what addresses it is using.  The latter will provide a clue if the address doesn't "look right".  From there, we would use other tools to determine if DNS is providing the correct information, or if something like a virus is bypassing that information to try to trick you into providing your login info on a site that looks a lot like hotmail/microsoft.

At no time did I see it redirect me to a false login, but this is the one site that my browser was saving the password of (since I clicked that by mistake...it's my policy to never let sites nor browsers save my password).  My antivirus might have been preventing redirects, and my antimalware efforts since this started might have broken some chain. 

I'm still set up with the Google DNS servers (assuming I did it properly), but am I right in guessing that it looks like some intercept that's not even having it go to live.com?
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Restored

  • TBR Advisory Committee
  • ***
  • Posts: 3,659
Re: Help?
« Reply #29 on: August 19, 2018, 07:24:52 pm »
I found that old versions of OS don't handle new versions of media very well. It could be Flash or some other software. I find this is particularly true of old versions of Linux.
You have to clear caches, cookies and such. Perhaps clear the Java cache. If you are running a really old version of Java, you might be SOL.
Countdown to Resignation

Offline InHeavenThereIsNoBeer

  • Hero Member
  • *****
  • Posts: 4,127
Re: Help?
« Reply #30 on: August 19, 2018, 08:25:41 pm »
So, netstat -a isn't going to help.  It appears MS doesn't provide "reverse DNS" (IP to hostname) for addresses associated with live.com.

There are a few things I might look at next.

1)  Check to see what DNS returns for login.live.com (though a virus could also screw with the command to hide its presence).  In my case, I see that when I query the IP for login.live.com, it gives me back three IPs I can try.  They tend to use the same few addresses (not always in the same order) for a few minutes, then use a different set for a few minutes.  That's okay, they do that to try to spread the load over multiple IPs.  What I've noticed is that they all start with 131.253.61 and end with an even number. 

hawkeye$ nslookup login.live.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
login.live.com  canonical name = login.msa.akadns6.net.
login.msa.akadns6.net   canonical name = vs.login.msa.akadns6.net.
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.102
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.96
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.98

hawkeye$ nslookup login.live.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
login.live.com  canonical name = login.msa.akadns6.net.
login.msa.akadns6.net   canonical name = vs.login.msa.akadns6.net.
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.96
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.98
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.102

If I run nslookup and then quickly connect (just connect, not login) to login.live.com in my browser and run netstat:

hawkeye$ netstat -an | grep  131.253.61
tcp        0      0 172.30.219.103:37328        131.253.61.98:443           ESTABLISHED

I've only been looking at this approach for a short time.  For all I know they might use a completely different IP range on Monday.  But if you compare the results of the above between working and non-working machines, or better yet the busted machine when it works and when it doesn't, you might see a pattern emerge.

2)  If that doesn't provide any clues, another thing to look at is what changes in the netstat -an | find ":443 " output when you try to connect to login.live.com.  Run nslookup, netstat saved to file1, connect to login.live.com, netstat saved to file2, then compare file1 and file2.  You should see a new connection in the IP range returned by nslookup.  If you consistently see something different, particularly a new connection to somewhere else, that's a clue (with the caveat that if you have another tab open with a page set to auto-refresh you may see false positives).

3) Do the nslookup.  Pick one of those IPs and connect to it using https.  When I try this in firefox, I get a certificate error (that's good), I click 'advanced', unclick 'permanent', and click 'confirm' and I get the login screen and netstat shows a connection to the IP I put in the browser.





My avatar shows the national debt in stacks of $100 bills.  If you look very closely under the crane you can see the Statue of Liberty.

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #31 on: August 19, 2018, 08:28:40 pm »
@Suppressed

Update subsystems.
Make sure Flash, java, and especially Silverlight (as this is an MS site problem) are latest version.

You have eliminated browser level issues - Since the problem persists in Chrome, but also exists in IE and newly added Brave (which IIRC is a Moz fork) It is not a browser issue, except for eliminating saved pwds in case the saved pwd is the issue.

DLD and use Piriform's CCLeaner (free)

After install, run the cleaner interface with it's normal settings. This will perform a cache dump for dang near every temp cache on your machine with one push of a button... to include temp files and emptying the trash.

This is to eliminate any outdated forms preferred as cached, and force the machine to dld new forms and etc.

**Note If you intend to keep CCleaner onboard, there are some setup issues to address, having to do with shutting off it's TSR, and whatnot... remind me and I can help with that

You have expressed some discomfort with the idea that Avira is keeping you clean... DLD and install, and maintain EmsiSoft's EEK . It DOES NOT run TSR. IT IS NOT a realtime scanner. It is an on-demand scanner ONLY. But it is a very good cleanup engine that will install to the root of your system drive, can be manually updated, and works very very well as a secondary to assure the efficacy of your primary. Emsisoft is the continuation of the old FourSquare trojan hunter, and is excellent. Perform a full scan, normal settings.

All things tried, and no joy, only three things remain:
1. Hosts file has a redirect which is interfering with proper address. POSSIBLE

2. LSP level malfunction - Unlikely but possible... can be a bugger to fix, fix can cause worse problems, so let's figger 'not' for now.

3*** Server-side malfunction is denying the specific machine as a trusted device. This is LIKELY. Log into your MS account, get into security, and remove all trusted devices. This will require all your devices to be reestablished as 'trusted' but will eliminate any duplicates that might be causing denial.


Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #32 on: August 19, 2018, 08:57:18 pm »
Update subsystems.
Make sure Flash, java, and especially Silverlight (as this is an MS site problem) are latest version.

You have eliminated browser level issues - Since the problem persists in Chrome, but also exists in IE and newly added Brave (which IIRC is a Moz fork) It is not a browser issue, except for eliminating saved pwds in case the saved pwd is the issue.
@roamer_1

Okay.  I didn't have Java installed, so I just installed it.  I'll update Flash and Silverlight. 

Quote
DLD and use Piriform's CCLeaner (free)

Oops...forgot to mention that I'm a paid user of CCleaner Pro, and recently that also stopped working (perhaps knocked out by the malware?).  I reinstalled the latest version.

Quote
After install, run the cleaner interface with it's normal settings. This will perform a cache dump for dang near every temp cache on your machine with one push of a button... to include temp files and emptying the trash.

I've run it without deleting cookies.  I suppose I should go back and delete them?

Quote
**Note If you intend to keep CCleaner onboard, there are some setup issues to address, having to do with shutting off it's TSR, and whatnot... remind me and I can help with that

I'd appreciate that.  It was the TSR that was giving me the warning that it wasn't working anymore, I think, so are you saying I should just somehow set it to scan and then not stay resident? 

Quote
You have expressed some discomfort with the idea that Avira is keeping you clean... DLD and install, and maintain EmsiSoft's EEK . It DOES NOT run TSR. IT IS NOT a realtime scanner. It is an on-demand scanner ONLY. But it is a very good cleanup engine that will install to the root of your system drive, can be manually updated, and works very very well as a secondary to assure the efficacy of your primary. Emsisoft is the continuation of the old FourSquare trojan hunter, and is excellent. Perform a full scan, normal settings.
Actually, I'm using "Avast!" and it was probably doing its job.  Just talked with a friend who mentioned how out of it I was a few weeks ago, so more and more I'm suspecting I was dumb and just don't remember it.  BUT...it sounds like running that might be a good idea.

Quote
All things tried, and no joy, only three things remain:
1. Hosts file has a redirect which is interfering with proper address. POSSIBLE

Checked my Hosts.txt file and it appears to just have a blacklist, with nothing new at the end and a search for "live" doesn't show anything (other than as part of a blacklisted site name).   

Quote
2. LSP level malfunction - Unlikely but possible... can be a bugger to fix, fix can cause worse problems, so let's figger 'not' for now.

Okay.  That's the first part of the thread that I've really not known anything at all about. 

Quote
3*** Server-side malfunction is denying the specific machine as a trusted device. This is LIKELY. Log into your MS account, get into security, and remove all trusted devices. This will require all your devices to be reestablished as 'trusted' but will eliminate any duplicates that might be causing denial.

Okay...I'll try that tomorrow when I'm in my (work) office.

Thanks!
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #33 on: August 19, 2018, 09:00:15 pm »
@Suppressed

Addendum:
Reset router to eliminate any chance the router has decided to deny the traffic from that machine to that site.

Does the machine connect by wire or air?
if timeout is an issue, is it latency over air? I know this sounds dumb, but a buddy of mine moved his fridge, and wrecked his connection to a machine in the basement... drove me nuts figuring that out...

Anyway, if you have a usb wireless nic laying around, a temporary alternate net connection might be fun.

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #34 on: August 19, 2018, 09:13:56 pm »
@Suppressed

Addendum:
Reset router to eliminate any chance the router has decided to deny the traffic from that machine to that site.

Does the machine connect by wire or air?
if timeout is an issue, is it latency over air? I know this sounds dumb, but a buddy of mine moved his fridge, and wrecked his connection to a machine in the basement... drove me nuts figuring that out...

Anyway, if you have a usb wireless nic laying around, a temporary alternate net connection might be fun.

I'm using the Comcast-supplied gateway with a direct wired account. 

I know, I know...a long step down from when I used to use a DD-WRT hacked firmware router to unleash the full commercial capabilities on my consumer-model router (that were nerfed purely by the firmware).  But tech abilities evaporate with time and age, and I now can barely get around.  So rather than fight Comcast on bridge mode and have them say it was my router whenever I have a problem, I've stuck with their equipment.

I had Comcast send a reset signal early on with this issue.

No USB wireless NIC laying around here, unfortunately.  Something like this?  https://www.amazon.com/gp/product/B01CCMUN8C  (Should I Amazon Prime it?)
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Gefn

  • "And though she be but little she is fierce"-Shakespeare
  • Cat Mod
  • *****
  • Posts: 18,184
  • Gender: Female
  • Quos Deus Vult Perdere Prius Dementat
Re: Help?
« Reply #35 on: August 19, 2018, 09:24:09 pm »
I hate my iPhone, in two weeks I’ve gone through four of em. Two of em had exploded batteries and two of em just didn’t work.

I’m currently on the 5th. Fingers crossed. Thank heaven for Apple care.

all were on the house.
G-d bless America. G-d bless us all                                 

Adopt a puppy or kitty from your local shelter
Or an older dog or cat. They're true love❤️

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #36 on: August 19, 2018, 09:30:37 pm »

Okay.  I didn't have Java installed, so I just installed it.  I'll update Flash and Silverlight. 

@Suppressed
OK... I hate java. And I don't like running it anymore. But especially with site specific problems, it is good to have it onboard. All it takes is a server-side issue and some dork programmer is having troubles, and falls back to a java workaround. So yeah. Keep it on till resolved, and remove it at your leisure as desired. Some folks do fine without it... I still need it around where I go...

Quote
Oops...forgot to mention that I'm a paid user of CCleaner Pro, and recently that also stopped working (perhaps knocked out by the malware?).  I reinstalled the latest version.

I've run it without deleting cookies.  I suppose I should go back and delete them?

YES. Can't trust that anything is valid, and it may be nothing more than a malformed cookie causing your whole problem...

Quote
I'd appreciate that.  It was the TSR that was giving me the warning that it wasn't working anymore, I think, so are you saying I should just somehow set it to scan and then not stay resident?

Sidebar=>Option: Inner Sidebar=>Monitoring: Shut it all off.
It will no longer be resident, and you will have to have the fortitude to fire it up and manually run it now and then...  I have a once a week thing I do... a nice cup of tea, and manual machine maintenance... It's a groovy time. There is a peace in it  :shrug:

Sidebar=>Option: Inner Sidebar=>Cookies: Nothing in 'Cookies to Keep'
I prefer to nuke and pave cookies every time. It confounds tracking, and prevents malformed cookie problems which can cause problems like you are having now. :)


 
Quote
Okay.  That's the first part of the thread that I've really not known anything at all about.

LSP is a network layer... Normally, if it is messed up, it borks everything. But it also can just do weird stuff on occasion. That only ONE site is continually pissed off is pretty unlikely... Which is why I am not very confident in that being your problem. But it may be more than one site, and you are simply not noticing the others, so it cannot be precisely eliminated. But pretty unlikely.

Quote
Thanks!
:beer:

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #37 on: August 19, 2018, 10:19:05 pm »
No USB wireless NIC laying around here, unfortunately.  Something like this?  https://www.amazon.com/gp/product/B01CCMUN8C  (Should I Amazon Prime it?)

@Suppressed
You never answered wire vs. air... If it is wired, hardware is less likely...

Worth considering, but you would be having an overall speed and latency problem, with this particular site being longer returning than most (not unheard of, being MS...) thus presenting as a symptom of a larger issue...

But if you are not having problems any other-where,  Hard to believe. So no, not worth all the trouble without proving an overall timeout/latency issue exists.

If the box can be easily removed to another location (offsite) and the problem persists, that immediately eliminates everything in your home environment as being causal.


Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #38 on: August 19, 2018, 10:35:15 pm »
@Suppressed
You never answered wire vs. air... If it is wired, hardware is less likely...

Oops... by "I'm using the Comcast-supplied gateway with a direct wired account." I meant that the gateway was wired to my desktop, not that the account was wired.  :laugh:

Quote
Worth considering, but you would be having an overall speed and latency problem, with this particular site being longer returning than most (not unheard of, being MS...) thus presenting as a symptom of a larger issue...

But if you are not having problems any other-where,  Hard to believe. So no, not worth all the trouble without proving an overall timeout/latency issue exists.

Well, there are occasional oddball behaviors at other accounts, but I'm not sure that they're related.  For example, I've not been able to login to my CDbaby.com account, though I might be getting password wrong, so I tried to request a password reset link multiple times and it hasn't arrived (to a yahoo account, not my hotmail one).  As a login issue, maybe that's related...or maybe it's just problems on their end. 

Quote
If the box can be easily removed to another location (offsite) and the problem persists, that immediately eliminates everything in your home environment as being causal.

It's going to be difficult to remove offsite, as it's a full (server) form desktop, but I could ask my buddy if I could make a visit sometime this week with it.  I also just placed the order for USB wireless adapter to see if I can leech someone else's signal with my gateway unplugged.  happy77
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #39 on: August 19, 2018, 10:35:41 pm »
I hate my iPhone, in two weeks I’ve gone through four of em. Two of em had exploded batteries and two of em just didn’t work.

I’m currently on the 5th. Fingers crossed. Thank heaven for Apple care.

all were on the house.

Wow...what model is that?!
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #40 on: August 19, 2018, 11:17:08 pm »
Oops... by "I'm using the Comcast-supplied gateway with a direct wired account." I meant that the gateway was wired to my desktop, not that the account was wired.  :laugh:


@Suppressed
Not much to go wrong there.... Modem, patch cable, NIC.

Quote
Well, there are occasional oddball behaviors at other accounts, but I'm not sure that they're related.  For example, I've not been able to login to my CDbaby.com account, though I might be getting password wrong, so I tried to request a password reset link multiple times and it hasn't arrived (to a yahoo account, not my hotmail one).  As a login issue, maybe that's related...or maybe it's just problems on their end. 

Sounds pretty incidental. If you are getting decent returns from your favorite speedtest site, and not experiencing ALOT of packet drops on pings, I doubt it is going to be that.

I am betting on server-side, and eliminating your trusted devices as being the culprit... Or something messed up with another MS service like OneDrive or something along those lines.

Quote
It's going to be difficult to remove offsite, as it's a full (server) form desktop, but I could ask my buddy if I could make a visit sometime this week with it. 

Worth doing if else fails - This is a process of elimination, so anything that can be eliminated is worthwhile...

Quote
I also just placed the order for USB wireless adapter to see if I can leech someone else's signal with my gateway unplugged.  happy77

I dunno what you're talking about  :whistle:
But a USB nic is a handy thing to have around   :beer:

I use em here all the time... I have a hacked down miniWin I boot into guest machines to get them into my network for file transfers... I had to specifically hack in the drivers for my USB nics because who knows which drivers are in any box? So I have USB2Wireless and USB2Wire adapters to make the miniwin functional for that purpose...

Which brings another thought... Howabout booting a Linux Live disk into the machine ... Or a WinPE with net support, which I doubt you'd have, but you surprise me all the time :D... That eliminates the host OS if the problem persists...

Barring environmental and hardware issues (which seems unlikely) that would almost certainly point to Server-side, as only the IP and mac-addy would remain from the original host transmission...

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #41 on: August 19, 2018, 11:42:00 pm »
Sounds pretty incidental. If you are getting decent returns from your favorite speedtest site, and not experiencing ALOT of packet drops on pings, I doubt it is going to be that.

Forgot to stop streaming a YouTube video and speedtest.net gave me
 PING 14 ms   DOWNLOAD 297.31 Mbps   UPLOAD 12.06 Mbps 
Best I've ever gotten.  :laugh:


Quote
I am betting on server-side, and eliminating your trusted devices as being the culprit... Or something messed up with another MS service like OneDrive or something along those lines.

Just realized, I'm not sure how to eliminate trusted devices once I get into my work machine.   


Quote
But a USB nic is a handy thing to have around   :beer:

Cheers!   :beer:

Quote
I use em here all the time... I have a hacked down miniWin I boot into guest machines to get them into my network for file transfers... I had to specifically hack in the drivers for my USB nics because who knows which drivers are in any box? So I have USB2Wireless and USB2Wire adapters to make the miniwin functional for that purpose...
 

I'll have to remember to keep track of the drivers.

Quote
Which brings another thought... Howabout booting a Linux Live disk into the machine ... Or a WinPE with net support, which I doubt you'd have, but you surprise me all the time :D... That eliminates the host OS if the problem persists...

HA!

I actually have a Linux SystemRescueCD but not a WinPE one.  I've never actually booted it. and I can download and burn and .iso for an updated one.  Unless the WinPE with net support would be better/easier to figure out how to get and burn...?

Gonna try booting from that SystemRestoreCD to see whether it gives me some sort of browser option.  Or perhaps find another installation that would.

as always...Thanks!
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Gefn

  • "And though she be but little she is fierce"-Shakespeare
  • Cat Mod
  • *****
  • Posts: 18,184
  • Gender: Female
  • Quos Deus Vult Perdere Prius Dementat
Re: Help?
« Reply #42 on: August 19, 2018, 11:42:49 pm »
Wow...what model is that?!

iPhone 6 s plus. Pink
G-d bless America. G-d bless us all                                 

Adopt a puppy or kitty from your local shelter
Or an older dog or cat. They're true love❤️

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #43 on: August 20, 2018, 12:05:06 am »
Forgot to stop streaming a YouTube video and speedtest.net gave me
 PING 14 ms   DOWNLOAD 297.31 Mbps   UPLOAD 12.06 Mbps 
Best I've ever gotten.  :laugh:


@Suppressed
You're hardware/connection is fine.

Quote
Just realized, I'm not sure how to eliminate trusted devices once I get into my work machine.   

Log into your account, get into settings, find security, and it's right in there.

Quote
HA!

I actually have a Linux SystemRescueCD but not a WinPE one.  I've never actually booted it. and I can download and burn and .iso for an updated one.  Unless the WinPE with net support would be better/easier to figure out how to get and burn...?

Gonna try booting from that SystemRestoreCD to see whether it gives me some sort of browser option.  Or perhaps find another installation that would.

as always...Thanks!

I just use a Mint Live Installation disk... or Ubuntu... because I have them around... They boot live from CD or thumb and have full access to the OS... Just like if it were installed. Just don't poke the 'install' button.

I can recommend Knoppix too - I used that for years - It is geared more for rescue than installation, but you will have great NIC detection, and full desktop/browser.

WinPE is great if you can find one. But it is complicated building one from scratch. And they suck for getting network. Certainly not worth doing just for this project...

But if you are looking for something to do, and need a whole bunch of coasters, I can recommend WinBuilder as a decent method for building a custom bootable miniwin. Seriously though... It is a major project.


Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #44 on: August 20, 2018, 12:07:21 am »
Log into your account, get into settings, find security, and it's right in there.

Thanks!  I'll let you know how it goes.

Quote
But if you are looking for something to do, and need a whole bunch of coasters, I can recommend WinBuilder as a decent method for building a custom bootable miniwin. Seriously though... It is a major project.

 :silly:  No thanks!
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #45 on: August 21, 2018, 02:32:06 am »
Update on my activities:

I figured out where they moved the "eliminate trusted devices" setting (it's under Enable Two-step Authentication" or whatever, and did it from work...but still no luck.


I'm gonna try to figure out which Linux iso I need to burn a Live version.  Ubuntu was taking too long, so I downloaded the "Cinnamon" iso from here: https://www.linuxmint.com/download.php  (Is that what I need?)  I burned it to a DVD, and will try it out after hitting Post on this message.




+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #46 on: August 21, 2018, 02:43:45 am »
Update on my activities:

I figured out where they moved the "eliminate trusted devices" setting (it's under Enable Two-step Authentication" or whatever, and did it from work...but still no luck.

@Suppressed
 8888crybaby

Quote
I'm gonna try to figure out which Linux iso I need to burn a Live version.  Ubuntu was taking too long, so I downloaded the "Cinnamon" iso from here: https://www.linuxmint.com/download.php  (Is that what I need?)  I burned it to a DVD, and will try it out after hitting Post on this message.

Yep. that'll do... Change the boot sequence to see the thumb or DVD before the hdd, stuff it in and reboot...

Firefox is onboard... if it sees your nic, you'll be golden...
DO NOT mash on the install button.
« Last Edit: August 21, 2018, 02:45:35 am by roamer_1 »

Offline Suppressed

  • Hero Member
  • *****
  • Posts: 12,921
  • Gender: Male
    • Avatar
Re: Help?
« Reply #47 on: August 21, 2018, 03:56:34 am »
Firefox is onboard... if it sees your nic, you'll be golden...
DO NOT mash on the install button.

Firefox via Mint got me right through the login at login.live.com. 

Should I put my Windows install disk in and see if it will do a repair, or what?
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online roamer_1

  • Hero Member
  • *****
  • Posts: 43,297
Re: Help?
« Reply #48 on: August 21, 2018, 04:07:41 am »
Firefox via Mint got me right through the login at login.live.com. 

Should I put my Windows install disk in and see if it will do a repair, or what?

@Suppressed
Then it is definitely within the OS, all else is eliminated.
It is not in the networking, as there is nowhere to blacklist sites other than the firewall and the HOSTS - Both already confirmed to be ok

Brings me back around to AV, script blockers, adblockers, or some sort of hijacker. Whatever that could be must be over all browsers, or was imported into each.

Here is another thing to try - make another (temporary) user, and try to log in through that... If you can log in though that, then all you have to do is back your data, kill off your real user (deleting files), reboot, and rebuild the user... Probably quicker and better than an overlay install...

If you cannot login through that, then it would seem to me you have a critter, or it has to be AV, or some other overreaching thing.

Offline DB

  • Hero Member
  • *****
  • Posts: 13,085
Re: Help?
« Reply #49 on: August 21, 2018, 04:12:35 am »
Firefox via Mint got me right through the login at login.live.com. 

Should I put my Windows install disk in and see if it will do a repair, or what?

I've not been following this so forgive me if I ask/say something redundant... Did you backup your computer at all? Do you have any backups you can restore from prior to it going bad? Unless you can identify what caused your problem so you can remove it you won't know for certain if you got rid of it and your computer is really secure. You can copy all your pictures, documents, music, etc off your computer and then scan it all with something reliable to make sure it is clean. Drives are cheap, you can buy a new one and start over while keeping your original drive intact (but not connected to the computer). Yes it really sucks... But if your computer is compromised and you don't know by what your options are pretty limited if you want any certainty it is secure again.