Possible For A Hacker To Commandeer Comodo DNS Servers

Hi I just added Comodo Security following weeks of horrible computer issues caused by two deliberate hackers of a criminal nature. They have managed to get into and/or disable, possibly from the vendors themselves SpySweeper (full version), Anti Malware Bytes, and Double Anti Spy-all at once. It has been a necessity at times to uninstall and reinstall Comodo for perhaps the same reason. The following cut and pasted blog post starts to explain it and the reasons why this is going on. I think there’s a possibility they may actually have broken into Comodo’s DNS servers on more than one occassion.

Posted earlier today at Pam’s/Jenna’s (from the NBC series The Office) blog

Very nice. And hopefully will help out some nice cute kittens to find a home (like Oliver there’s a picture of him in my pics.) And these are the guys that almost did Oliver in and did do in another kitten (with crystal ■■■■):

Just to update you guys who know computers and a bit off topic but if I can think of anything radio related here I’ll add it: been experiencing severe illegal hacking from a specific party (Microsoft proved it and helped me file a complaint with the FBI/IC3)-part of a pattern of relentless stalking at my blogs here: www.myspace.com/370392338 appears to be gone after several security adjustments and downloads, hacker was breaking into third party programs from the source apparently (such as Comodo Internet Security DNS servers) so not easy to cure by any means. Still some bugs and weird behavior but vastly diminished.

ONE FLEW OVER THE CUCKOO’S NEST MEETS SLUMDOG MILLIONAIRE

At a resort-like California psychiatric hospital a beautiful abused girl from Beverly Hills meets a Midwestern man in a very unusual fashion. Hilarity, complete insanity and a bizarre fate driven love affair ensue. But criminals from the girls past are determined to keep them apart at any cost.

I’m Rodney Peterson the creator and writer of an untitled project revolving around Top 40 radio of the 70’s and 80’s (just as Mad Men revolves around an advertising agency of the 60’s) and Cutting Confessions-a fate driven comedy and drama filled love story partially set in a resort-like California psychiatric hospital-One Flew Over The Cuckoo’s Nest meets Slumdog Millionaire-here at my MySpace blogs and at InkTip.com

Follow me at twitter.com/rodneypeterson

Feedback?

Posted by RODNEY CUTTING CONFESSIONS WRITER DJ BILLBOARD FAN on Wednesday, November 18, 2009 - 2:59 PM

The computer is a Sony AW290 Premium (LED screen and Adobe Lightroom, only available on this model) with BluRay read/write (Pioneer drive), 4 GB memory, 640 GB Hard Drive, 2.66 MHZ processor. It’s running 64 bit Windows Vista Home Premium.

Why don’t you use “free bsd server” <—google it that’ll stop them cold
If you don’t know anything about it, LEARN IT set it up, tweak it

this will work

Thanks for the reply-I will Google it-never heard of it before-right now all the fixes and updates have been working since late last night-this also applies to our cell phones and text messages (the stalking and interference)-both Tamar (girl central character in above story is based on) and myself-I’ll retype a few recent text messages for you here so you get the idea-this has been going on for over two years!

Ha ha ha now got me laptop 4 1 u n psyko losers gots no way 2 stop rootkit registry botware ur skrewd hairyassfuck

Watchin u try 2 kill trojan glue on gpstraker best movie ha ha ha ur gonna croak just like ur sony vaio ur never gonna find rootkit faggot

others are more threatening than technological:

y dont u stop talkin outa ur hairy ■■■ (all caps)

hairy ■■■ brain that y ha ha ha (all caps)

had enuf ur shit n cunt 2 ur life as u know it over scumbag (all caps)

It’s not unusual to see 50 such messages a day sent back and forth on our hijacked cell phones. Now he’ll/they’ll (two guys) obviously be even angrier since they can no longer get in the computer (unless it has dormant rootkits, they’re there immediately after reinstall which I did about a dozen times over the last month)

There’s a restraining order and all of that but these idiots don’t care-I’m not going to go into it more than that but it gives you an idea of how serious it is and how many laws are being broken by these fools. There’s also been physical stalking and attacks as well.

Thanks again for your advice.

I’m just wondering, wouldn’t it be a bit more logic if well, just taking a guess here, your pc is a zombie = part of a botnet? That would fit because they = have your password, send spam, and your antimalware programs get killed.

Have you ever tried scanning in safe mode ? Please follow this guide in safe mode : Comodo Forum

If that didn’t work, I would sujest you to either format your pc or scan from a bootCD.

best regards,
eXPerience

make sure you don’t have a mbr rootkit.

I did do a complete reinstall Tuesday night adding Comodo as the first item of business when reconnected to the web. The computer right now is running fine-very smooth, very fast, no signs of any malware. I’m hoping it stays that way. Apparently the cell phone thing has something to do with it (I got a call at 3:30 am roughly, not unusual I’m sure it’s laughing and hanging up like it usually is)-apparently these spoofed cell phone calls are a way of getting in to the PC even though they’re not connected and have nothing to do with each other. He also did this yesterday at the moment I did the reinstall and connected to the web which I declined and also turned the phone off for a while so it’s kind of doubtful the call a little while ago will be able to get in either. I switched a number of settings to maximum protection-that plus the reinstall probably did the trick. If I have to do, I could purchase the original factory reinstall CD’s since there’s a possibility my recovery discs are infected but right now everything is fine.

The spoofed phone calls basically happen every time I do a reinstall and at other times.

What’s an mbr rootkit how would I know I have one and how would I get rid of it?

Oh this is probably important-as I was on the phone with Sony Tuesday night trying to reactivate the Blu Ray AACS key (which was giving me problems) the computer went into blue screen to protect it from damage and shut off immediately (before I could read the message to Sony.) I may have been doing a scan at the moment or something else that exposed the problem if it was a rootkit, virus or what have you. This is also often true when running Comodo (not since this latest reinstall) it grabs the virus but then the screen freezes and it either shuts down or I turn it off-at one point it would not let me load certain pages after a reinstall when I get a clean reinstall (like this last time) that doesn’t happen.

I still get some pages loading abnormally slow at times, usually closing the window and reopening it or going in from a different browser fixes the issue (it’s like the virus needs time to become effective and I stifle it by not allowing it the “food” it needs by closing these pages when the trouble appears to be kind of weird. Then again it’s not unusual to have slow loading pages at any point on the web.

Sorry to bring up every little thing just thought I’d let you know-MySpace loaded slow after being open all night on Internet Explorer (he particularly hates the MySpace page since the blogs detail some of his criminal exploits as a means of self defense and they are also slightly related to the writing project) closing it brought it back up normally-Firefox completely crashed upon opening Empornium (I know that’s a particularly bothersome site for people with spyware and the like-although none of it is meant to do what this guy does to us more for phishing and the like, I would imagine)-was able to reopen everything and all 11 open tabs eventually reloaded without issue. I just installed some 77 Microsoft updates yesterday afternoon and I’m guessing the Firefox crash was a normal reaction of one of my new installations or security measures. MySpace was also open on Firefox along with Facebook, Twitter, Craigslist, ReelRadio, InkTip, this page and the suggested Comodo link about scanning in safe mode and a few others.

I think I’m finally good. I found UnHack me through another post here after I read the post from the guy who mentioned the mbr rootkits (Thanks!), ran it and removed two Windows System 32 items it said were suspicious. Whether they were rootkits or not, I don’t know because it also prompted me to remove the Vaio Wireless Wizard, among other things (ten items in all-about half related to Vaio startup programs (I didn’t)-but out of all the System 32 items, it found just those two and everything is working now after weeks of dealing with this. Thinking about running an ad on Craigslist since although I’m hardly an expert, I have enough personal experience with this issue to help others (and writing pays zero at the moment-also ran an ad about walking dogs, petsitting, script coverage, personal assistant, etc.) and know at least enough about computers (all self taught and through helpful people in forums such as these) to help other people determine needs when computer shopping, etc. I love this computer (Sony Vaio AW290 with 18.4 16x9 LED screen, true 1080p HDTV, 640 GB Hard Drive, 4 GB Memory, 2.66 MHZ T-9550 Processor, Windows Vista Home Premium) and there’s a lot of people out there who don’t know that much about them and would be better off having one built to their needs like I did than buying a store model. I really appreciate the help. If on the off chance those System 32 items were needed, which I doubt, the system wouldn’t be running well or at all right now and it is. UnHack me also creates restore points-I wish I’d found the program weeks ago but the version I have was created yesterday so who knows? Probably safe now to reinstall SpySweeper, Malware Anti Bytes and Double Anti Spy since I paid for those programs-and all of them were compromised at some point. Comodo has been the most secure of the four and if this guy really did break into Comodo servers, I hope there’s some legal repercussions to it. He was able to disable Comodo but I could tell every time because the scans would start almost immediately with no update at all and be clean, similar to how SpySweeper acted. Malware Anti Bytes was compromised in a sort of similar fashion and ditto for Double Anti Spy.

Thanks for all the help-very much appreciated.

Please remember not to run to many programs at the same time. You can only run 1 antimalware program at the same time, so you will have to choose between Comodo, Spysweeper, and double antispyware (never heard of it, but it looks legit ?)

you might wanna run GMER also : http://www.gmer.net/

best regards,
eXPerience

It’s an easy choice-Comodo has by far the most configurable and better program of all of them. However, it looks like I deleted Windows 32 items that have to do with system restore (probably among other things) and installation (tried to install a printer again) so that means another reinstall. But it should be a very clean one with no problems at all.

I’m going to guess your attacker in going to test your system so just do 1 thing
1)on the bottom right side of your screen, theres the comodo icon (a white shield)
2)right click on it
3)go to configuration
4)click on "comodo -Progressive Security

Your done

so you will have to choose between Comodo, Spysweeper, and double antispyware (never heard of it, but it looks legit ?)

(This is just my own personal opinion, of course everybody has there own ) get rid of spysweeper, double antispyware and unhackme,
Just get avira priemium or prevx

then your finished with computer security and now you have more important things to take care of
Hopfully things will get better

Later :■■■■

Another reinstall-I have reason to believe Comodo has already been compromised and the virus in the following log file from GMER is not really contained-strongest evidence of this is the absence of the Comodo icon in quick launch. This is the GMER log file (also sent to GMER):

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-20 13:04:36
Windows 6.0.6001 Service Pack 1
Running: download[1].exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a81
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb89e4b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d028a81 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fb89e4b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ssrc.exe 493176 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ssrc.exe.info 230 bytes

---- EOF - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a81 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb89e4b Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d028a81 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fb89e4b (not active ControlSet)

do you use your computer with a cell phone enabled bluetooth??? or maybe bluetooth enabled headset???
If you say “No”
delete all of them

and go to
the “start icon” ----> click “run” -----> type in "services.msc
find any services called bluetooth in it
disable it
restart computer
also disable bluetooth on your cellphone if you don’t use it either :-TU
your done :-TU

as for

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ssrc.exe 493176 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ssrc.exe.info 230 bytes

I Googled that ssc.exe thing it’s not serious. HOWEVER I did a reinstall Friday I hoped would take and so far it has-with 77 Microsoft updates yet-BUT I got the blue screen your computer has been shut down to prevent damage from an unexpected problem earlier this morning and beeping noise-it restarted normally and is running fine right now. Any idea what happened here?

Comodo was acting funny-starting immediately without updates-and one clue its not working properly-opening in a different area of the screen. I recently reinstalled anti Anti Malware Bytes and that may have something to do with a previous poisoned installation of that app-the reason I did is I read that it is effective against Spyware Doctor-which is a rogue BS spyware program that freezes your computer and shuts down everything. Typically Spyware Doctor will hijack a page from a website where its part of the background advertising modifying a search so that you’re in fact reading a phony web page. I don’t think Comodo is effective against it yet-or at least it wasn’t yesterday-so something needs to be developed in the anti virus base to kill that program. Anti Malware Bytes does, but I believe the program was reinfected from a previous installation so I uninstalled it again-which is also true of Comodo-i uninstalled and reinstalled-there’s no button on the survey page for that-the closest one is satisfied customer. But that was the reason-I believe Anti Malware Bytes infected the program from the previous installations of it though there’s no way it should have.

This is the latest GMER log-note that there’s something about Comodo here even though the scan returned zero results. Hopefully Comodo hasn’t been broken into in the same fashion as Anti Malware Bytes making new installations problematic and suspect.

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 14:21:54
Windows 6.0.6001 Service Pack 1
Running: pjbg2s6m.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a81
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb89e4b
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d028a81 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fb89e4b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Rodney Peterson\AppData\Local\Temp\Comodo\Firewall Pro\Data\TempFiles\clp_files_update.ini 18243 bytes

---- EOF - GMER 1.0.15 ----

I suggest click on the link in my signature, find the SARDU videos and follow what I did so you can scan through a bootable cd/dvd and clean out the computer.

I’m not very computer literate-I’m self taught as well-which of the two videos do you suggest I start with? I currently don’t have a USB device-can I boot by recording to DVD? Do you suggest I go through these videos, write down what you did step by step and then follow that from my written instructions? I very much appreciate your reply and efforts.

there are 3 sardu videos here are the links

Video 1 How to Use SARDU Bootable CD/USB to Clean an Infected System Video 1 - YouTube
Video 2 How to Use SARDU Bootable CDUSB to Clean an Infected System Video 2 - YouTube
Video 3 How to Use SARDU Bootable CD/USB to Clean an Infected System Video 3 - YouTube

watch them and if you have any questions, please ask. And yes you can boot by burning to a dvd. Don’t worry about installing the utility, linux or PE parts of sardu, what you want to install is the antivirus parts.

Thanks-I’m watching the first right now. I guess there are actually three of them , not two of them. So it’s also like an anti-virus program?