Author Topic: Help?  (Read 3006 times)

0 Members and 1 Guest are viewing this topic.

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #50 on: August 21, 2018, 12:25:48 AM »
@Suppressed
Then it is definitely within the OS, all else is eliminated.
It is not in the networking, as there is nowhere to blacklist sites other than the firewall and the HOSTS - Both already confirmed to be ok

Something just hit me... I'm a bit confused about my HOSTS file.  I'm wondering whether I was looking at the right thing. 

It used to be HOSTS.txt was on a main path, but I think my antivirus has it in some protected space, as I'm trying to find where it is, and when I search for Hosts, it shows Hosts.txt and when I right-click/Properties, it says the target is "C:\Users\<userid>\AppData\Local\AVAST Software\Browser\User Data\Default\Extensions\kmediagceboldddnnajkcochbkfkedel\1.14.20.170_0\assets\thirdparties\www.malwaredomainlist.com\hostslist\hosts.txt"

I'm not seeing any other HOSTS file.  Could there be one hidden or something?  I'm trying to remember where to find a "PATH=" to see where it's looking.

Quote
Brings me back around to AV, script blockers, adblockers, or some sort of hijacker. Whatever that could be must be over all browsers, or was imported into each.


Yeah.

Quote
Here is another thing to try - make another (temporary) user, and try to log in through that... If you can log in though that, then all you have to do is back your data, kill off your real user (deleting files), reboot, and rebuild the user... Probably quicker and better than an overlay install...

I just created another user and it couldn't log in.

Quote
If you cannot login through that, then it would seem to me you have a critter, or it has to be AV, or some other overreaching thing.

So...since I've done all kinds of antivirus steps, is the best step now to try to back up or get a new SSD and try to reinstall? 
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #51 on: August 21, 2018, 12:29:14 AM »
@DB

I've not been following this so forgive me if I ask/say something redundant... Did you backup your computer at all? Do you have any backups you can restore from prior to it going bad? Unless you can identify what caused your problem so you can remove it you won't know for certain if you got rid of it and your computer is really secure. You can copy all your pictures, documents, music, etc off your computer and then scan it all with something reliable to make sure it is clean. Drives are cheap, you can buy a new one and start over while keeping your original drive intact (but not connected to the computer). Yes it really sucks... But if your computer is compromised and you don't know by what your options are pretty limited if you want any certainty it is secure again.

If I'd thought of it, I could probably have done a System Restore, but all the restore points are too young.

I have Carbonite backing up individual files, but nothing for the system...I've been unable to get a good backup system working for me.

You make a good point about drives being cheap.  I'm thinking I might just need to swap out the SSD, and hope the HDD is not relevant.  My big problem is that I'm so disorganized, it's finding all the install stuff.   But you're right, that's probably what I'll have to do...
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online DB

  • Hero Member
  • ****
  • Posts: 5,132
Re: Help?
« Reply #52 on: August 21, 2018, 02:27:01 AM »
@DB

If I'd thought of it, I could probably have done a System Restore, but all the restore points are too young.

I have Carbonite backing up individual files, but nothing for the system...I've been unable to get a good backup system working for me.

You make a good point about drives being cheap.  I'm thinking I might just need to swap out the SSD, and hope the HDD is not relevant.  My big problem is that I'm so disorganized, it's finding all the install stuff.   But you're right, that's probably what I'll have to do...

If you are certain everything of importance is copied off the drive you can wipe it and start over without buying a new drive. Generally I buy a new drive just be sure that if something was skipped I can still recover it. Or if it all goes wrong I can go back to it. The drive may have another partition setup with a recovery installation. If that's the case it already has all the drivers backed up making re-installation much easier. It still remains possible that the backup installation as been corrupted but that isn't real likely.

You can also buy genuine Win7 installation discs off of Amazon and eBay. I bought 3 copies of Win7 Professional earlier this year...

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #53 on: August 21, 2018, 03:25:23 AM »
Something just hit me... I'm a bit confused about my HOSTS file.  I'm wondering whether I was looking at the right thing. 

@Suppressed
Sorry so late replying... got on the phne with my kid, and then went to finally make some dinner....

HOSTS is in %windir%\sytem32\drivers\etc\  And it is named HOSTS with no .ext. It is hidden/protected/system, so you have to turn off hidden/protected files  to even see it.

see here:
https://www.petri.com/edit-hosts-file-windows-7
And your AV may be protecting it too - you may need to go into it's options and turn off hosts file protection.

Or use this dohickey:
http://www.abelhadigital.com/hostsman/

Get the portable one (no installer) Unpack to a temp directory on your desktop (or whatever) and run it... no install, delete when you want.
RTFM

Quote
I just created another user and it couldn't log in.

So...since I've done all kinds of antivirus steps, is the best step now to try to back up or get a new SSD and try to reinstall?

You might try disabling AV, disabling firewall and see...
You might go back and run EEK as I first recommended.
and if there is in fact a redirect in hosts...

But I can understand that this is becoming laborious. May be time to nuke and pave. That would be your decision.

If you are there, I would recommend the new SSD system drive  - They are quite cheap anymore, and if you are like most of us, a 256g will suit you fine for a system drive...

If your machine is new enough to matter, the performance difference makes it a no-brainer.

And that way, when you are comfortable with the idea that all your data is moved over alright, rub the old drive off and use it for backup and storage.

ALL my system drives are SSD, and the only other thing I would recommend in that case is to redirect your pics and movies into something like /Media/pictures and /Media/Movies on the rearward drive to keep all that fat stuff off your system drive... Likewise your torrent base directory and etc... you know the drill.



Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #54 on: August 21, 2018, 03:28:48 AM »
@Suppressed
Make SURE you have your keys (Windows/Office/etc) before you scrub it.
If you can't find your keys, let me know and I will provide a sniffer to get them out of your system...

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #55 on: August 21, 2018, 03:37:15 AM »

I have Carbonite backing up individual files, but nothing for the system...I've been unable to get a good backup system working for me.


WAT?

Cobian

But if you're scripty,
FreeFileSync
FreeFileSync is incredible awesomeness. Scriptable batchiness. Beauty day. But not for the faint of heart.

Cobian runs all my big backup stuff, and freesync is for USB backup on my laptop and goofy stuff like special handling for music and picture backups...

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #56 on: August 21, 2018, 04:28:26 PM »
@Suppressed
Make SURE you have your keys (Windows/Office/etc) before you scrub it.
If you can't find your keys, let me know and I will provide a sniffer to get them out of your system...

Thanks!

I found a text file where I had precisely two keys saved, sniffed from my old installation.  Definitely not what I need!
I've ordered the SSD, and probably won't have time to work on this until Sunday, but will take the scraps of time over the next few days to gather such things.
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #57 on: August 21, 2018, 04:30:05 PM »
WAT?

Cobian

But if you're scripty,
FreeFileSync
FreeFileSync is incredible awesomeness. Scriptable batchiness. Beauty day. But not for the faint of heart.

Cobian runs all my big backup stuff, and freesync is for USB backup on my laptop and goofy stuff like special handling for music and picture backups...

I had tried Macrium, but not Cobian.  I'll look into it.
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #58 on: August 21, 2018, 04:32:10 PM »
@Suppressed
Sorry so late replying... got on the phne with my kid, and then went to finally make some dinner....

No problem!  I appreciate all the time you've given me! 

Quote
HOSTS is in %windir%\sytem32\drivers\etc\  And it is named HOSTS with no .ext. It is hidden/protected/system, so you have to turn off hidden/protected files  to even see it.

That was what I recalled, and I hate to admit it, but I usually keep all files unhidden (and extensions visible), but I'll have to confirm tonight.

+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online DB

  • Hero Member
  • ****
  • Posts: 5,132
Re: Help?
« Reply #59 on: August 21, 2018, 04:35:41 PM »
No problem!  I appreciate all the time you've given me! 

That was what I recalled, and I hate to admit it, but I usually keep all files unhidden (and extensions visible), but I'll have to confirm tonight.

There are two levels of "hidden" I believe. There are hidden files and hidden system files.

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #60 on: August 21, 2018, 05:18:34 PM »
Thanks!

I found a text file where I had precisely two keys saved, sniffed from my old installation.  Definitely not what I need!
I've ordered the SSD, and probably won't have time to work on this until Sunday, but will take the scraps of time over the next few days to gather such things.

@Suppressed
Try Enchanted Keyfinder
Portable. Unpack to a temp folder and run it.
If you need it to, it can be directed to an offline system for extraction too, but if you are running within the OS you are sniffing, it is pretty direct. Just run it. Delete (or file away) when done.

For sure does Windows and Office, and some others. It is an Open Source fork off of the ol Magic Jellybean
« Last Edit: August 21, 2018, 05:20:19 PM by roamer_1 »

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #61 on: August 21, 2018, 05:27:06 PM »
No problem!  I appreciate all the time you've given me! 

That was what I recalled, and I hate to admit it, but I usually keep all files unhidden (and extensions visible), but I'll have to confirm tonight.

LOL! I always have extensions visible... That's how I identify files... I still couldn't tell you what the little icons are... Every client machine goes out of here with extensions visible.

But I don't mess with hidden and system files... I keep a separate file manager set to see all files, and leave the Windows file manager with all that hidden...

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #62 on: August 21, 2018, 05:28:35 PM »
There are two levels of "hidden" I believe. There are hidden files and hidden system files.

Thanks!


In any case, yeah, I had checked the right HOSTS, and it has nothing added.
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #63 on: August 21, 2018, 05:29:17 PM »
@Suppressed
Try Enchanted Keyfinder
Portable. Unpack to a temp folder and run it.
If you need it to, it can be directed to an offline system for extraction too, but if you are running within the OS you are sniffing, it is pretty direct. Just run it. Delete (or file away) when done.

For sure does Windows and Office, and some others. It is an Open Source fork off of the ol Magic Jellybean

Thanks, @roamer_1  Will do!
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #64 on: August 21, 2018, 06:19:56 PM »
Thanks, @roamer_1  Will do!

btw @Suppressed , realize that all keyfinders are gonna show up in AV as a bug... They don't want you sniffing your keys... So disable AV or exclude a folder in your AV and run it from there.

FYI

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #65 on: August 27, 2018, 10:32:59 AM »
Update:
The wireless connection did nothing for me.  I spent time over the weekend trying to get stuff backed up.  I found that several keys weren't ripped by Enchanted, so I was going around trying to be sure I could find them or the license files.

Bottom line, I still haven't done my reinstall.

The curious side of me wonders whether I could install an e-mail client and access my mail that way.  You know, like the old Outlook, Pegasus, or whatever.  Anyone got any recommendations for one of those?
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Offline dfwgator

  • Hero Member
  • ****
  • Posts: 9,930
Re: Help?
« Reply #66 on: August 27, 2018, 10:35:41 AM »

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #67 on: August 27, 2018, 10:40:21 AM »
Update:
The wireless connection did nothing for me.  I spent time over the weekend trying to get stuff backed up.  I found that several keys weren't ripped by Enchanted, so I was going around trying to be sure I could find them or the license files.

Bottom line, I still haven't done my reinstall.

The curious side of me wonders whether I could install an e-mail client and access my mail that way.  You know, like the old Outlook, Pegasus, or whatever.  Anyone got any recommendations for one of those?

Yes. I use thunderbird.
Mozilla mo'bedda.

https://www.thunderbird.net/en-US/

Should hook right up to MS
Needs an addon to get to Google.

Get the lightning addon if it doesn't come preinstalled - That gives you PIM capabilities, though accessing calendars for google and MS require more addons.

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #68 on: August 27, 2018, 10:45:20 AM »
Yes. I use thunderbird.
Mozilla mo'bedda.

https://www.thunderbird.net/en-US/

Should hook right up to MS
Needs an addon to get to Google.

Get the lightning addon if it doesn't come preinstalled - That gives you PIM capabilities, though accessing calendars for google and MS require more addons.

@roamer_1

Wow...what service!   :beer: 
Can't tell you how much I appreciate your help, and that of everyone here!
+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #69 on: August 27, 2018, 10:47:52 AM »
@roamer_1

Wow...what service!   :beer: 
Can't tell you how much I appreciate your help, and that of everyone here!

@Suppressed
No problemo. Holler if you need a hand setting it up... But it should go pretty automagically.

Online Cyber Liberty

  • Coffee! Donuts! Kittens!
  • Hero Member
  • ****
  • Posts: 32,603
  • International Cracker of Wise
Re: Help?
« Reply #70 on: August 27, 2018, 10:53:02 AM »
Yes. I use thunderbird.
Mozilla mo'bedda.

https://www.thunderbird.net/en-US/

Should hook right up to MS
Needs an addon to get to Google.

Get the lightning addon if it doesn't come preinstalled - That gives you PIM capabilities, though accessing calendars for google and MS require more addons.

I like T'bird.  I just installed that app, none of the other stuff like Lightning.  Works great!
I will NOT comply.
Thanks to Cripplecreek and Oceander for the medal!      

Online roamer_1

  • Hero Member
  • ****
  • Posts: 12,572
Re: Help?
« Reply #71 on: August 27, 2018, 11:04:33 AM »
I like T'bird.  I just installed that app, none of the other stuff like Lightning.  Works great!

Here's a tip:
If you are stuck w/ POP3 service for your mail, move the TBird data from where it is kept to somewhere in your backup chain. Both Firefox and Thunderbird's data reside in subfolders of %user%\Archives\ on my machines, and that is always backed up with my user profile. And it makes t far easier to sync between machines.

If you hook up MAPI (which most are anymore) then it is not necessary, as MAPI data is physically kept on the server... Even so, moving the data file where you can get at it is a good idea... Same can be done for outlook, too.

The really beauty part of that, and why I like Mozilla so much, is fresh installs. Push your crap onboard, fire up Moz products in profilemanager mode, point em at their data, and DONE. All your settings are in, all your history, preferences, addons... all of it is right the way you left it.
« Last Edit: August 27, 2018, 11:05:51 AM by roamer_1 »

Online Suppressed

  • Hero Member
  • ****
  • Posts: 12,669
    • Avatar
Re: Help?
« Reply #72 on: August 27, 2018, 11:14:40 AM »
Sounds good!

+++++++++
“In the outside world, I'm a simple geologist. But in here .... I am Falcor, Defender of the Alliance” --Randy Marsh

“The most effectual means of being secure against pain is to retire within ourselves, and to suffice for our own happiness.” -- Thomas Jefferson

“He's so dumb he thinks a Mexican border pays rent.” --Foghorn Leghorn

Online Elderberry

  • Hero Member
  • ****
  • Posts: 4,171
Re: Help?
« Reply #73 on: August 27, 2018, 11:55:51 AM »
@roamer_1 has it right! I stepped up to Thunderbird from Pegasus so long ago I can't even remember. And I don't keep messages on the server.
He who makes an attempt to enslave me, thereby puts himself into a state of war with me.

Online Cyber Liberty

  • Coffee! Donuts! Kittens!
  • Hero Member
  • ****
  • Posts: 32,603
  • International Cracker of Wise
Re: Help?
« Reply #74 on: August 27, 2018, 11:58:51 AM »
Here's a tip:
If you are stuck w/ POP3 service for your mail, move the TBird data from where it is kept to somewhere in your backup chain. Both Firefox and Thunderbird's data reside in subfolders of %user%\Archives\ on my machines, and that is always backed up with my user profile. And it makes t far easier to sync between machines.

If you hook up MAPI (which most are anymore) then it is not necessary, as MAPI data is physically kept on the server... Even so, moving the data file where you can get at it is a good idea... Same can be done for outlook, too.

The really beauty part of that, and why I like Mozilla so much, is fresh installs. Push your crap onboard, fire up Moz products in profilemanager mode, point em at their data, and DONE. All your settings are in, all your history, preferences, addons... all of it is right the way you left it.

I'll have to look at my Thunderbird setup when I get home.  I know my provider has help pages that will tell me what I have...

Is it worth it for me to get Lightning working?  When I first got the T-bird, I didn't find the help pages about setting it up very helpful.
I will NOT comply.
Thanks to Cripplecreek and Oceander for the medal!      


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf