Windows 7 build 7600 not genuine copy

[GGirlx]

HP-DV7 I7CPU x64 1TB HD 8G ram 7-ULT

I have used Super AntiSpyware,Malwarebytes,Norman,Dr Web,McAfee Stinger,Avast,Spywareblaster,RogueKiller,Ms Security Essentials
Norton,and combo-fix

Everything comes back clean except Rogue Killer which said my host file was infected which it fixed. Rogue also came back with a bunch of fake win 7 files. I have had to stop every service having to do with
remote control and virtual servers/drivers/usb ports. SFC file is not working. Originally I would have to run an SFC scan everytime I boot
because something keeps replacing with fake software. At the end of every session I am left with a stamp in the lower right screen claiming windows 7 build 7600 not a genuine copy and sometimes it pops up a window that says let's take care of that now...I never click the next button. I cannot use windows update because as soon as I turn it and associated services back on it's like a floodgate was opened saying come in. It's not obvious until I try to access files and I get access denied.
When first discovered I could see 2 active users in task manager but they fixed it now so it consistently says 1.
There are services I cannot turn off and there are services which completely disappear from the services panel like
terminal services. They kept changing my home network status to public until I turned off HomeGroup services.
By the way...I am hardwired. Haven't been able to use wireless since late 2010 because I noticed my network traffic
getting slow and I found out by using zamzom there were 2 other users on my line. Got their Mac addresses in fact I used
Inssider to get Mac addresses of all my neighbors and I blocked them in my router...found out it is completely useless
because anyone can change a mac address. I used to have all window updates current but cannot see going thru the process until I find a solution.
Gave up on using a router because anyone who has a belkin router
uses the same IP address to program the router...I don't know how
but 3 times I set it up and 3 times someone programmed a password
in faster than me and I was locked out...I finally reset again...typed in 30 characters as fast as I could and saved it and was able to block them out
to no avail they were still getting on my line but they could no longer change the router settings.
Tried to access free support at MS but it asks for PID code and comes back and says my PID is not valid for this country.

I have wiped out my pc to factory settings at least 3 or more times and
I used system restore just about everyday until they kept erasing restore files and changing SFC file to a fake file
which will not restore my original ms files. They have messed with my camera which is now covered with electrical tape - changed background
colors and settings and they have taken away file privileges from me so at one point I couldn't access my documents.
They were totally able to gain control of Online Armor so I switched to using Win7 firewall assisted by peer blocking.
They still have access...just takes them longer. I have resorted to using Time Freeze because I feel I have no other options.
At least when I boot - it repairs most of the damage. It feels like it has to be someone who is or was affiliated with or has knowledge
of MS and they are using system logons to gain access. It is somehow triggered to start the access process as soon as I log on using task scheduler. (task scheduler has been changed by them and I can no longer turn the service off)

I have looked all thru the task scheduler and there is so much there that has to do with 7 functionality I am unable to identify what is real.

It feels as if somehow during the logon process I am being passed over to someone elses actual desktop or I am showing up on a dual or
virtual monitor because they know when I am online and I have different system windows pop up without any prompting from me.
I called Comcast and described problems and they say there is no
this can happen on a hard wired pc.

I haven't re-installed yet cuz I thought MS might want to see how someone so easily Manipulated their software. Where should I send
this.

Anybody else run into this???

I have been dealing with this problem for a year and a half...please if you can forward this msg to MS and find someone who is willing to take on the challenge I would be ever so grateful...I didn't ask for help initially because I thought it would be fun to solve it and hone my skills....now I am just tired of dealing with it. I cannot make any purchases online at all - I do all my research online then I have to call places direct
for fear of how talented my attackers actually are. My husband wants me to contact the FBI but I am no one with nothing important on my PC so who would do this.
The whole access to the wireless access thing is just baffling cuz that means someone would have to have a turbo booster pointed directly at my house to access my router setup...please...someone be brave enough to send me to a guru.

Thanks - GGirlX

 

[Cobalt006]

Rather the contacting MS. I would more be willing to contact the FBI or my local authorites. To see how this could have happen. I really Don't think MS could do much for you accept. Tell you to report it. I myself would really would intrested in finding out way someone would be messing with my computer.

 

[Leeky]

You might want to print this before following it.

If you have a separate modem and router, then remove then unplug the modem to kill your internet connection. If you have a combined modem/router remove the internet connection by unplugging it, to remove internet access.

Log into your router using your browser (usually 192.168.0.1 or similar), use the reset option and then do the following:

1. Change the login password to something strong, like for example: [FONT=Andale Mono]%47S3&<{u2$1O5Yt[/FONT]
2. Write down the password in a safe place. Underline any upper case letters to help you remember them
3. Log back into your router.
4. Turn wireless off (if you need Wireless, change the SSID, set it not to broadcast it, use WPA2 security with a password similar to above, but make sure its different! Also, add wireless devices to the MAC access list in step 8 or they won't work).
5. Ensure remote management access has been disabled.
6. If the option exists, disable wireless connections to the router control panel.
7. Enable the Routers firewall and all firewall settings.
8. Add your computer to the routers MAC access list, and deny all connections except those added to the list.
9. Set Port scan response to disabled. This will prevent the router responding to port scans (as if it doesn't exist).
10. If the option exists, backup the new settings to your computer.
11. Remove any filters created for port forwarding and triggering.
12. Leave the modem disconnected for now, to stop the internet from working.

The above will tighten security as high as possible on your router. It will prevent access to the control panel unless a computer is connected to the router physically, and will hide your wireless identification. The strong passwords will ensure that brute force attempts take so long its rendered pointless for all but the most determined of hackers.

Also, by enabling the MAC access list and setting it to deny all but those added to the list it will prevent ANY connection from any device not listed in it. It can be side stepped though, by someone spoofing an allowed devices unique MAC address, but it's an extra layer of defence to stop the occasional hacker.

Long hexadecimal passwords as per the above example for your wireless password and control panel password are essential. The layer of defence your creating with the above steps is only as strong as these passwords. By making them this long and randomly generated it increases the time it takes for a hacker to brute force them considerably. You don't need to remember the wireless password, as the control panel will show it when you log in.

If you need help with making these passwords, use this: http://strongpasswordgenerator.com/ But make sure you swap around some of the characters before using it just to be safe. Also, use at least 16 characters, if your router will allow it. If not, use as many as it will allow but it MUST be randomly generated and not a word or phrase, or anything that is easily guessed. Do not store it on the computer, keep it written down somewhere safe and out of view.

As another note, in order to allow new devices you need to enter their MAC addresses to the MAC access list in the routers control panel. These can be found by checking for the MAC address in the devices properties. They will need to be added before they can be used with your internet connection.

With the PC, do the following:

1. Make a backup image of your current hard disk, to another one (external is ideal if you have one.
2. Verify the image has been processed correctly.
3. Wipe the hard disk and re-install Windows using your Windows installation DVD.
4. Plug the modem back in, or turn it on.
5. Install your AV. Microsoft Security Essentials is very good.
6. Use a Firewall. Windows Firewall is okay, but doesn't stop outbound traffic. If you want total control, use Comodo Firewall. This is highly regarded.
7. Install any third party drivers required to use your computer.
8. Update Windows completely until no updates remain.
9. Change your login password to something with at least 12 characters and unique to you. Include numbers in the password.
10. Change the account passwords of all email accounts, MSN and other social networking sites like Facebook etc. Changing your email passwords are crucial, as access to these compromises every single account you have online. With email access a hacker can just reset passwords for any site you have an account with.

A few other questions:

1. Does anyone have access to your computer?
2. Do you share the internet connection with others? e.g. house mates, family, communal internet connection (University or whatever)?
3. Are you using a genuine Microsoft disk, or a torrented one that you've downloaded? I won't shoot you for it, or close the thread, but its important we establish your using genuine uncopied media.
4. Do you currently have WiFi security enabled, and if so, what security are you using for it?

I would also contact the FBI, or which ever law enforcement entity deals with these issues. Give them the image you created if they need further information from you. The unmounting of this image will give them the exact state of your computer as well as anything that has been compromised before you wiped it.

Let us know how you get on, and I hope this helps.

 

[Cobalt006]

Leeky hit it on the nail. Very good advice.

 

[GGirlx]

You might want to print this before following it.

If you have a separate modem and router, then remove then unplug the modem to kill your internet connection. If you have a combined modem/router remove the internet connection by unplugging it, to remove internet access.

Log into your router using your browser (usually 192.168.0.1 or similar), use the reset option and then do the following:

1. Change the login password to something strong, like for example: [FONT=Andale Mono]%47S3&<{u2$1O5Yt[/FONT]
2. Write down the password in a safe place. Underline any upper case letters to help you remember them
3. Log back into your router.
4. Turn wireless off (if you need Wireless, change the SSID, set it not to broadcast it, use WPA2 security with a password similar to above, but make sure its different! Also, add wireless devices to the MAC access list in step 8 or they won't work).
5. Ensure remote management access has been disabled.
6. If the option exists, disable wireless connections to the router control panel.
7. Enable the Routers firewall and all firewall settings.
8. Add your computer to the routers MAC access list, and deny all connections except those added to the list.
9. Set Port scan response to disabled. This will prevent the router responding to port scans (as if it doesn't exist).
10. If the option exists, backup the new settings to your computer.
11. Remove any filters created for port forwarding and triggering.
12. Leave the modem disconnected for now, to stop the internet from working.

The above will tighten security as high as possible on your router. It will prevent access to the control panel unless a computer is connected to the router physically, and will hide your wireless identification. The strong passwords will ensure that brute force attempts take so long its rendered pointless for all but the most determined of hackers.

Also, by enabling the MAC access list and setting it to deny all but those added to the list it will prevent ANY connection from any device not listed in it. It can be side stepped though, by someone spoofing an allowed devices unique MAC address, but it's an extra layer of defence to stop the occasional hacker.

Long hexadecimal passwords as per the above example for your wireless password and control panel password are essential. The layer of defence your creating with the above steps is only as strong as these passwords. By making them this long and randomly generated it increases the time it takes for a hacker to brute force them considerably. You don't need to remember the wireless password, as the control panel will show it when you log in.

If you need help with making these passwords, use this: http://strongpasswordgenerator.com/ But make sure you swap around some of the characters before using it just to be safe. Also, use at least 16 characters, if your router will allow it. If not, use as many as it will allow but it MUST be randomly generated and not a word or phrase, or anything that is easily guessed. Do not store it on the computer, keep it written down somewhere safe and out of view.

As another note, in order to allow new devices you need to enter their MAC addresses to the MAC access list in the routers control panel. These can be found by checking for the MAC address in the devices properties. They will need to be added before they can be used with your internet connection.

With the PC, do the following:

1. Make a backup image of your current hard disk, to another one (external is ideal if you have one.
2. Verify the image has been processed correctly.
3. Wipe the hard disk and re-install Windows using your Windows installation DVD.
4. Plug the modem back in, or turn it on.
5. Install your AV. Microsoft Security Essentials is very good.
6. Use a Firewall. Windows Firewall is okay, but doesn't stop outbound traffic. If you want total control, use Comodo Firewall. This is highly regarded.
7. Install any third party drivers required to use your computer.
8. Update Windows completely until no updates remain.
9. Change your login password to something with at least 12 characters and unique to you. Include numbers in the password.
10. Change the account passwords of all email accounts, MSN and other social networking sites like Facebook etc. Changing your email passwords are crucial, as access to these compromises every single account you have online. With email access a hacker can just reset passwords for any site you have an account with.

A few other questions:

1. Does anyone have access to your computer?
2. Do you share the internet connection with others? e.g. house mates, family, communal internet connection (University or whatever)?
3. Are you using a genuine Microsoft disk, or a torrented one that you've downloaded? I won't shoot you for it, or close the thread, but its important we establish your using genuine uncopied media.
4. Do you currently have WiFi security enabled, and if so, what security are you using for it?

I would also contact the FBI, or which ever law enforcement entity deals with these issues. Give them the image you created if they need further information from you. The unmounting of this image will give them the exact state of your computer as well as anything that has been compromised before you wiped it.

Let us know how you get on, and I hope this helps.

Thank You for yoour responses.


Leeky - great advice.

Not using wireless at all. Router is unplugged and all wireless services on the
pc are disabled. I really feel like someone has hacked into my comcast line but when I called them they said there is no way someone could do that and what I am describing cannot happen to a hard-wired pc.

To answer your questions:

1. Does anyone have access to your computer?
No...just me and I am the only one who knows the password which is extremely long


2. Do you share the internet connection with others?
No...just a comcast cable connection in a house not apartment but neighborhood is so overbuilt it feels like apartment. We have other PCs but because of problems we only connect 1 pc at a time.


3. Are you using a genuine Microsoft disk, or a torrented one that you've downloaded?

I have the built-in system recovery which puts back to factory condition
and we also bought the windows 7 ultimate CD at the time of purchase directly from HP. I tried the disk initially but I couldn't get it to work...I forget what error I was getting so I just stuck with the built in recovery.


4. Do you currently have WiFi security enabled, and if so, what security are you using for it? No...but was using WPA2

I am definitely going to keep your router setup advice so after I find out how they are actually getting in and I am confident
they are no longer there I can setup the wireless again. I set mine up opposite whereby I was listing all neighborhood MAC addresses in the block list instead of just adding an authorize only list. Problem with that is it is maxed out at 20 addresses and I actually had 23 addresses near me at the time with more being added all the time. I want to get rid of comcast but my only other option is ATT and their service is lacking speed wise and I saw them send an email to my mother saying since she had one of the least expensive internet options they were going to have to charge people for downloads over a certain amount. I download software all the time...I don't want to
have to measure my usage. I will start by making a disk image on my 2nd HD -
HP config=2 750GB HD and then I'll have to do a little research
locally to see who might handle this...I found a software the other day that scans an ip address and pulls up a google map showing the general location...I scanned my own IP address and it shows up on a street across the HWY a couple of miles away. Was so disappointed that it can't give actual street address cuz now I don't know if my IP has been re-routed or if the software just isn't capable of being any more precise.
I want to solve the hardwire access issue first. I can see the ip address assigned to me and there are 3 active - 1 for my pc - 1 for comcast modem and a 3rd one I am now blocking using peer block software. That's about the extent of my knowledge.

Thanks again for the reply...I have to wait til Monday to call around and get advice...will keep you posted but if you have any other suggestions
I can work with you anytime at your convenience starting Monday.

 

[Leeky]

Your actual internet connection shouldn't be an issue. It's highly unlikely someone has gained access directly through the connection itself by compromising the Comcast hardware.

The problem is your computer, or your network settings which are enabling sustained attacks. It is always best to run with an *allow* list rather than a deny list. That way only devices you can identify are allowed access.

My IP address shows up miles from where I reside using mapping methods. It's a pooled IP address, leased out when available and shared by others. This is common.

You need to follow those steps ASAP really. That should prevent further problems from happening, but its crucial you format and start with a clean installation of Windows.

If you follow these steps, and it happens again, it could point to a compromised recovery image. Which could indicate why the issue is returning despite previous steps to mitigate it.

I'm available pretty much all the time, and quite happy to assist you further should you need more advice.

 

[Cobalt006]

Did you ever take leeky advice.

 

[Bobbye]

windows 7 build 7600 this copy of windows is not genuine

It isn't clear to me whether you are just getting notice of this or whether you actually know the OS isn't genuine. If it is the former, please run the following:

NOTE1: If you cannot connect and download directly to the internet, download the program to a flash drive, then connect it and run the program on the problem computer.

NOTE2.: Whatever you are using to type in your replies, please click on Format and Uncheck Word Wrap.

If it is the former (just notice), please run this and paste the entire log in your next reply:

Please run the MGA Diagnostics tool

• You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
• You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
• You must choose to Run this tool when prompted.
• Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
• If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
• After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
• Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows is it for?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
==============================
For curiosity, why were you running the SFC everyday when you started up?

 

[tragicallyhip]

Wow! what a headache, Try Linux