Welcome Guest.   Make a donation to an author on the site September 02, 2014, 11:41:06 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the full one-year retrospective report on DonationCoder.com.
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: [1]
1  Main Area and Open Discussion / General Software Discussion / Re: Google Books Downloader - WARNING - contains search hijack "arccosine.com" on: April 28, 2012, 09:45:00 PM
 Angry I got taken in by this 'bugger' also.  


I wanted to read a Google Book off line and downloaded a Good Book reader and it changed my home page to ‘arccosine.com’ which gave me a ‘Google Search’ screen ‘look-a-like’  I changed my homepage back to Google search and then discovered my wireless internet connection had been changed from ‘public’ to ‘home’ creating an unsecured internet connection.  I switched it back to ‘public’ and went looking into my ‘Services’ to see if anything ‘popped’ out at me as unusual.  I don’t know enough about how computers work but am trying to learn.  

I downloaded an application called ‘GooReader’ and think this may be where the ‘infection’ came from as it offered several services I have never even heard of before and I did not opt into any of them.  By the time I was finished with the screens they presented offering all of these unwanted services I began to notice ‘changes’ made to my computer.  The name of signer on this ‘GooReader’ is “Solimba Aplcaciones SL” The time stamp is Wednesday March 12, 2012.  I have searched for this in my registry – no show.  I have searched for this in my installed programs – no show.  When I clicked on the application again it let me know it was already installed and asked if I want it to reinstall.  I closed the dialog box and decided this is ‘bad news’.  Can someone guide me through the process of figuring this out?  I ran McAfree and it showed all clear.  

Two individual ‘Diagnostic System Host’ (WdiSystemHost) are listed in ‘Services’ – One has me locked completely out and one I can modify.
I downloaded the ‘SvchostAnalyzer’ from A&M Neuber Software and it gave two warning instances as follows:
Process: svchost.exe
ID: 1900
File Access is denied, Run program as Administrator!
Group: No Microsoft file
Services: 0

The second instance which showed up later appearing along with this one:
Process: svchost.exe
ID: 8664
File Access is denied, Run program as Administrator!
Group: No Microsoft file
Services: 0

How can I investigate if someone has ‘remote’ use of my computer?  What are the steps I need to follow to track this down?  Or what should I be looking for?
DcomLaunch has me frozen out.  

I don’t know enough about this subject to be of much good at tracking down what damage may have been done and what was ‘snagged’ from my computer and perhaps ‘sent’ to some unknown person.  Just very creepy and it takes a real CREEP to do this to people.  Time for me to learn what these JERKS are doing to us and how to intervene for our protection.  
Pages: [1]
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.025s | Server load: 0.01 ]