Re: "ghost" is typing on my XP machine

From: The Atomic Ass (the_atomic_ass@NOSPAMrunbox.com)
Date: 07/03/02

• Next message: Eric Perlin [MS]: "Re: Remotely shutting down networked PC"
• Previous message: Bruce Chambers: "Re: website activity"
• In reply to: Mickey Perlstein: ""ghost" is typing on my XP machine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: The Atomic Ass <the_atomic_ass@NOSPAMrunbox.com>
Date: Wed, 03 Jul 2002 20:54:46 GMT

Mickey Perlstein elegantly belched in
news:12fc101c222cc$df39dfe0$2ae2c90a@hosting.microsoft.com:

>
>>-----Original Message-----
>>On a regular basis somebody or some program is sending
>>keystrokes to my machine. Whatever is being sent doesn't
>>make sense. it is stuff like "they may be a man of the
>>two". Before the characters appear a few underlined dots
>>show up then the words replace the underlined dots.
>>I've enabled the firewall option that my Network card has
>>but that didn't help. I have Windows XP Professional
>>installed. Windows Messenger is installed but the typing
>>occurs even when Messenger is not running. Any ideas on
>>how to fix this would be very appreciated.
>>.
>
> First I'd like to say "THAT'S HILLERIOUS!!!" really wierd.
>
> Now to investigate:
>
> we need to isolate the problem.
>
> As I understand it here are two complainers:
> Fabian, and JO.
>
> First we remote the hacker part:
>
> When this happens, immediately pull the plug out of the
> wall (if modem, pull out of rj11 jack if LAN)
> If the problem persists, there is no hacker (at least no
> back door)

Correction, RJ-45. RJ-11 is the phone line. Ethernet is RJ-45.

> If no hacker (BackDoor) step 2:
>
> Run msconfig (Start - Run.. MSCONFIG )
>
> STARTUP tab
> -----------
> remove all the processes you don't recognize, and even
> remove some you do (uncheck them)
>
> SERVICES tab
> ------------
> click, HIDE ALL MICROSOFT SERVICES Uncheck all Services
> you don't recognize

I had a Microsoft certified virus once. I'm not kidding either, it started
as a service, and when you would click Hide MS services, it would
disappear. (I didn't know Microsoft certified Viruses ;)

> WIN.INI Tab
> -----------
> check if you have a load or boot section , clear it too
> (you need to click on the (+) sign to open the options.
>
> SYSTEM.INI
> ----------
> Same as WIN.INI
>
> Goto the START - PROGRAMS - STARTUP
> ------------------------------------
>
> Check all the files there
> Files can be located be right clicking the file and
> clicking properties, then Read the file location.
>
> If you don't know it. it might be bad.
>
> **** Write down all you changed, at least where if not
> what.
>
> Run the PC for a few days like this in our private
> little "debug/diagnostic mode"
>
> If problem doesn't persist, you are looking for one of the
> services/files in your PC, that you contracted (what is
> known as a trojan hourse.)
>
> A program that claims to do one thing and actually does
> another.
>
> It is very simple to create the program you speak of, and
> it isn't mallicious so No AntiVirus Program would detect
> it, as it does nothing to the system.

Well, it still infected the system somehow, so I honestly can't imagine
that they wouldn't classify it, at least. Remember, some Virii and/or
trojan horses are completely in-effective, but are still included in
scanning.

> Well I hop this helps.
>
> If it doesn't Email me, it might be a bigger, more indepth
> problem.
>
> I would like to know:
> pitronot@msn.com
> Mickey Perlstein
> Microsoft Certified Systems Administrator for Windows 2000
>
>
>

-- 
Some people have recently voiced their displeasure in my binary posts and 
comments.  If you are one of them, complain to my Administrator!
Postmaster@ranko.d2g.biz
(for those of you who are wondering, is this a gag?  yes it is.  I'm the 
Administrator) 3)

---

• Next message: Eric Perlin [MS]: "Re: Remotely shutting down networked PC"
• Previous message: Bruce Chambers: "Re: website activity"
• In reply to: Mickey Perlstein: ""ghost" is typing on my XP machine"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: msconfig problem ... Operating system is Windows XP Home Edition Version 2002 with SP2. ... Administrator to make the return to Normal Startup. ... Event Type: Warning ... (microsoft.public.windowsxp.help_and_support) Re: Automatic and web based Windows Update Installs all fail... ... "Administrators only" error message when you attempt to use the Windows ... Please contact your system administrator." ... CD, (by clicking on the Install Windows 2000 link), I receive the infamous ... (microsoft.public.win2000.windows_update) Re: Automatic and web based Windows Update Installs all fail... ... "Administrators only" error message when you attempt to use the Windows ... Please contact your system administrator." ... CD, (by clicking on the Install Windows 2000 link), I receive the infamous ... (microsoft.public.win2000.windows_update) Re: Administrator rights-QuickBooks2006Pro ... XP and Windows 2000 users must have Power Users or Administrator group rights in order to run QuickBooks. ... Quite simply, the application doesn't "know" how to handle individual user profiles with differing security permissions levels, or the application is designed to make to make changes to "off-limits" sections of the Windows registry or protected Windows system folders. ... limited accounts, you can fix it to allow limited users to access the ... (microsoft.public.windowsxp.security_admin) RE: forgot password ... You can also log into with the default or Bult-in Administrator account ... and the password is the one you have set during initial setup of Windows XP ... If you created a password reset disk for Windows XP, ... Click the user account that you forgot the password for, ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)