Resolved I may have been hacked

[illiadca]

Hi
Thanks in advance for any info you might have to share with me. My computer info is as follows :
Asus P5Q SE Plus motherBoard
Intel Pentium E6500
Kingston 2 X 2 GB PC2-5300
O/S Windows 7 Ultimate
Wireless network card Broadcom 802.11g
No other added pci cards
My issue started about 7 or 8 months ago my computer completely froze after some time and effort I restarted into safe mode and examined the usual suspects Spyware ,Viruses Chckdisk etc. after a restart into normal mode my computer was reacting very slowly to every click of the mouse. ( example It would take 3-5 minutes forfirefox to open but would close down immediately and open normally every time after that.) This seemed to be the case for about the first 6-8 programs I would open and then the computer would work well for a short time ( 20 minutes or so ) then freeze up solid again. This cycle happenned three times. In the end I decided it was bad blocks on my hard drive and replaced the drive, with a western digital WD2500-AAJS-00L7A0 and then reinstalled Windows everything worked great Then about two months later it started again this time, I noticed That my antivirus Avast had stopped running and my remote access had been enabled ( I keep this turned off ) So I reinstall an anti-virus program "Avira" turn off remote access, all in safe mode I should add it was the only way I could. Do all the normal scans Malware bytes, virus scans and it come up threat free. Once again my computer runs great for about another two months. Computer freezes again and one more time I find my remote access is enabled and antivirus is shut down. I do all the usual things and this time I am getting a little suspicious so I add a key encrypter to my machine. Everything is great until about two months later ( when I say two months I mean 6-9 weeks ) This time my avtivirus is shut down and my media sharing is enabled, I also keep this shut off. It seems each time I turn off these sharing sources I am able use my computer normally again for about two months. Does this sound familiar to anyone or maybe someone can share their thoughts.

I should also mention that I am not new at this we have 5 computers in the house I keep them all maintained and the one I am on is the computer that has been acting this way.

 

[Bobbye]

Welcome to TechSpot! I'll try to help sort this out.

What is strange is not so much what's happening, but the pattern it has> every 2 months! And after a new hard drive, after reinstall. While the remote being enabled and the AV disabled smacks of some type of malware infection, obviously it would have to be one with some kind of date ability. But surviving the steps you have taken and getting clean scans points more to a hardware problem.

The best place for you to check this out is looking for errors that come at the time of the freeze n the Event Viewer, as that seems to start the pattern. Errors are time coded so if you can approximate when the 2 months cycle begins, you can look for errors in the categories given.

Accessing the Event Viewer in Windows 7:

1. Start> Run> type in eventvwr
2. Choose the log.
3. Double click on the Error to open

There should be a copy icon on the opened Error. Copy examples, if any and paste the information here. Include Event #, Event Source, Date & time, Description.

You will be the detective here. Look for recurrences at the 2 month intervals
If you are not familiar with the Event Viewer, click the blue link to read the descriptions of the features- it will give you some idea of what you're looking for.:

For the times when you've been in Safe Mode, you will see Errors with multiple processes that won't start. That's normal. You are trying to find what-if anything is happening within the system at the beginning of the 2 month cycle. If you can get into Normal Mode, it might force the start of the cycle. As you know, some things don't run in Safe Mode. I also have a breakdown of the 'different' type of Safe Mode to use as diagnostics.

The categories are:

1. Security-related events.
2. Setup events.
3. System events.
4. Forwarded events. These events are forwarded to this log by other computers.
   

The last category might be of particular interest. Note: Please do not copy the entire Event log.
Errors are time coded. Check the computer clock on freeze.
=======================================
If you can boot into Normal run and access the internet long enough, run this online virus scan: Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[illiadca]

Hi Sorry I took so long to get back to you I couldn't possibly isolate the event viewer logs at this point and there are no viruses showing up on esets online scanner. Maybe I am stuck waiting until it happens again my computer is running great right now.

Thanks

 

[Bobbye]

So I'll see you in 2 months!