You asked for details. Here it goes:
It is not a laptop. It's a steady pc. I don't have an Internet connection at home; I don't even have a router. All I have is my motherboad, unless someone has accessed my room and changed something. I can not exclude that. However, I have serious reasents to believe that some guys have gained access to my computer and keep messing things up. People keep telling me that this cannot be done since I don't have a router. But it has been going on for months and it has developped to a nightmare. The funny part is that I never wished to connect to the Internet, in order to be safer.
I used to have XP Home Edition. I have formatted the computer a few times as it wouldn’t open. Now I have Vista 7. My software is legal.
Indications:
- I have used a number of firewalls. They mention that some programs are listening and it refers to a remote computer with zeros as an address. Of course that could mean nothing. They use 127.0.0.0.1.
- I get the feeling that they connect to the computer as part of the system, to the main console through TCP/UDP, local port.
- I have scanned the pc with various antivirus programs. Right now they can not detect a virus.
- They move my mouse, it moves to irrelevant positions on the desktop, it even gets disconnected. Once, my mouse started moving asif someone was dragging it. It moved from one edge of the screen to the other and kept on. My hand was perfectly steady. I think they can hear everything in my room, as whenever I mention something annoying for them, they take control of my mouse. I use a black mouse pad. They disable the port and I can’t use it, it gets back when I have failed to do the job I was intending to. Sometimes I have failed to open my USB disc, it just comes and goes, whenever they want to. Usually when I have something important to copy from the flash disk.
- There is no software problem concering the quides, I have the original cds in good shape and I have programs like “Registry Mechanic”, “Tune Up Utilities”, “Ashampoo Optimizer” etch. They don’t detect any hardware problems.
- My security programs fail/collapse one after the other in a matter of days or ask me to download them again…. It’s a disaster. I insist that it is not a virus! Though I do think it's somekind of malware/worm I can not detect.
- In the past I could not see the user accounts. I could not get in through the control panel. Nor could I see the incidents (Security, Local settings…., appliances/hardware like gates, services,monitor… ) I know I had done nothing which would justify this. It just happened. These problems starting occuring when I started checking these things, like trying to anderstand what the incidents were showing. Whenever I got to discover something new (to me it was an unknown world), it would be the last time I gained access to the data. My account was one of an adminastrator. After that I used a non-administrator account to be safer.
- There are problems with my keybord as well. It's new. But what I think you might find interesting is that: When I once restarted the pc, the keyboard was inactive, thus I could not enter safe mode pressing enter. When I had to type my password to enter, it worked, when windows started, it was once more inactive, thus I could not access any security program or settings because for that, I would have to type my administrator password. This was not the case for a much older keyboard of different type. I don't know the word in english. It's the one which connects at the back of the tower. I think it is called serial. The other keyboard connects like a flash disk.
- The RPC Remote Process Control is working and I can not terminate it! Do I need it as I do not wish to connect to any network? It does not even allow me to check its properties. It is locked by the SYSTEM account and there is a password. I do not know if this is default. When I finally managed to terminate it once, the computer wouldn’t start, it kept returning to the log in Window, I kept typing the password all over again! I had to format the computer. I guess that's because it was programmed to do so if it failed to connect or something.
- When I used Windows XP, during shut down, it mentioned that it was terminating the Internet connections. Is that normal? What was it terminating as I had no connections to the internet.
- I get the feeling that I am part of a local network and various users can log in. It is like they have their own administrator accounts. Someone had told me that I do not need a Wifi connection and that a neighbor could easily connect to the LAN using their router, or something like that. Then another guy said that If I don’t have a router I don’t have a LAN. Some other guy said that the only case for that to happen would be for me to connect to a neighbor’s router. I think they are giving me a lot of misleading information. They even told me that I don't have an IP adress. I certainly have not attempted to connect to anyone’s pc. I wouldn't know how, even if I wanted to.
- Once, I saw my firewall block a command/file called ping. I checked it on the Internet and I found that If someone knows your IP they can connect to the computer, through this command. Why did the command start running out of nowhere?
- Most or all of the programs I use, even simple arcade games, try to perform actiong through Iscvhost.exe-irpcss and RPC (Remote process control).
- DHCP, DNS, SMB, NAStatus UI, LP Remote, I will not pretend I know what these thing are, but they have run on a daily basis. Once my firewall blocked a java script.
- I had a problem with svchost files, Local Network. One or two of its proccesses and one of the SYSTEM as well, were causing my CPU use reach 100%. This started when I tried to install a firewall program "On line Armor". I had to terminate these proccesses to finish the installation. My pc kept running without any problems despite terminating these proccesses.
- All the programs running on my desktop keep trying to access and modify my registry. Even paintbrush. Additionally, all programs try to control my firewall! Not the other way around! I can see it as a notification by the firewall. Even paintbrusth. The programs perform these actions through DNS resolver/RPC!
- My screen turned blue a few days after that as soon as Windows started and I had to reinstall Vista. I don't know what caused this.
- Power Bios server with the server RPC CONTROL\OLEEE8087F002824DC6A2060115E55A and svchost as a port was trying to control a network enebled connection using OLE.
I read a magazine article lately which explained that you can access a pc just through its network card. That a series of programs like Web client, DNS, IPV6, και 4, Ι/Ο e.t.c collaborate for this to happen. All these programs run on my pc like crazy, I get notifications from the firewall. The article said that to do this you need a hacking tool and that the rest is done by a worm. It is called "conficker/Kido". That the worm creates a cory of the svchost file and takes control of the system. It even starts procedures, like the ones of Local Network I had to terminate due to CPU reaching 100%. My ad-aware Pro antivirus had once detected Kido. I kept removing it and adding it to the quarantine but everytime a ran a new scan, it was there. I finally never saw it again.
I think that something like this is what is happening here.
These are my Web adopters (if I am saying it right), in Managing devices:
WAN MINOPORT (IP)
WAN MINOPORT (IP) COMODO FIREWALL MINOPORT
WAN MINOPORT (IP) PC TOOL DRIVER
WAN MINOPORT (IPv6)
WAN MINOPORT (IPv6) COMODO FIREWALL MINOPORT
WAN MINOPORT (IPv6) PC TOOL DRIVER
WAN MINOPORT (L2TP)
WAN MINOPORT (PPPOE)
WAN MINOPORT (PPTP)
Host Controller Nvidia nForce COMODO FIREWALL MINOPORT (my firewall)
Host Controller Nvidia nForce PC TOOL DRIVER
Host Controller Nvidia nForce 2 PC TOOL DRIVER
In Mobile Devices: There is a Windows Mobile Device (Since reinstalling Windows, it has been trying to download its drivers)
I am willing to attatch any data you will need, from my pc. I have many screenshots.
Technitians say I should perform a format but I know they will be in my system before I even start the Windows. I have already tried this option. It does not shut them off.
Please, I know it’s a lot of work.
If it is a bot to bot Network, whose description I have read seem a lot like what I am going through, can somebody tell me how I could stop something like that?