Possible For A Hacker To Commandeer Comodo DNS Servers

I haven’t been out to purchase blank CD’s yet but I ran GMER again to see what would happen. I saved a log file but I can’t find it right now-it showed nothing except the four Bluetooth items usually associated with these scans-the Comodo update file that showed up yesterday on the list doesn’t show up today. Any idea what this means?

Also as far as Mr. Y/Mr. X and other hacking-including of our cell phones and text messages-the most worrisome thing from a law enforcement point of view-more worrisome than the hacking which I’m not sure even exists right now-is the fact Mr. Y was at one time a customer service representative for Bank Of America customer service in Glendale, California (took calls) and claims to have something called a dba key and has constantly been threatening my bank account. Fortunately I’ve never had a Bank Of America account and have never had issues but my friend Tamar the other person on the victim end of this has had numerous problems with her bank accounts, her relatives bank accounts (according to her) and such things as PayPal accounts and internet seller accounts.

Maybe the steps I’ve taken and also routinely blocking through Comodo Firewall have put a stop to the worst of this. I routinely block everything now as long as it doesn’t effect anything I’m doing such as various Vaio services, etc.

Also there was an update of 77 Windows files yesterday and yet another update overnight I just remembered but don’t know what that was about. In the past I have received problematic updates that were not from Microsoft.

have you tired to go back to the normal DNS servers? this is how you do it, How to Change Your DNS Settings and click on obtain ip address automatically and obtain dns automatically.

I chose the Comodo ones for added security I don’t know if they were actually broken into I just thought it might be a possibility-I don’t think my normal DNS servers would be a better choice. There’s a lot I don’t know here-I don’t even know if the hacking has ended-I do know the computer is more stable and less likely to act up if I block anything I can-for example, right now the firewall says 1084 intrusion attempts have been blocked (in less than a day-the last reboot would have been when I burned that Avira disc) so that’s significant I think.

The computer just did another update which was likely the same as the one overnight (which actually would have been the last reboot not when I ran the Avira disc.) They failed which is probably what happened overnight-these are the three of the 78 total (1 optional) that failed:

Cumulative Update for Media Center TVPack for Windows Vista for X64 Based Systems
Microsoft.NET Framework 3.5 Service Pack and .NET Framework 3.5 Family Update
Windows Malicious Software Removal Tool x64-November 2009

Anything to worry about there?

Firewalls on a new count of blocking intrusion attempts 20 when I looked in perhaps three minutes since computer restarted-all of the things I blocked had .exe extensions and computer is running fine (a little hot to the touch though but nothing really unusual for a computer.)

It will probably keep trying and failing these updates all the time now.

if you are still having problems, I would recommend grabbing EasyVPN installing, getting a screen name and lettmign take control of your computer. That way I can try to diagnose these problems for you. How does that sound? http://easy-vpn.comodo.com/

Thanks-I downloaded the program just now and oddly enough I received a couple of warnings about dll items Comodo doesn’t recognize I found odd considering its a Comodo program. So let me know when you would like to try this.

Okay I created an account and signed in so I guess you’ll let me know when you’re ready.

I just need your screen name, PM it to me

This a s s h o l e Mr. X has broken into the computer again just now. Proof:

Comodo no longer centered on screen when opening (typically it is-its now likely been disabled)
Bogus update from HP with series of numbers unable to turn off, unable to close, takes over screen, changes registry upon startup, shut off immediately, still registry change message appears, unable to fix through repair or system restore

Spoofed cell phone call moments later (before 5 a.m. PT) followed by this text message:

Yea rite ur the hairy ■■■ f u c k that dead csblt 312 spyware is nothin compare 2 wat ur gona get psyko loser

U got no chance scumbaf

Comodo you need to prosecute this piece of dung!

Mr. X Santa Barbara CA Lago Vista TX Birthdate: 13/13/1970

Also threatening Tamar if she sees me Thanksgiving and rang her house repeatedly last night

I uninstalled and reinstalled Comodo but the fact it still isn’t centered on the screen tells me it probably is already disabled-I’m grabbing updates right now.

This is not limited to the hijacking of Comodo’s servers-according to Tamar he has broken into servers at Los Angeles area Public Libraries and Valley College (while she is on the computer) in addition to theft from her and her relatives bank accounts, PayPal and other online merchant accounts (she sells rare books or at least did until all this ■■■■) and threats against her and her relatives (including apparently ■■■■■■ threats-some sent to underage relatives of hers). He has done it to me before I had a computer at FedEx rental computers in both the Westwood area and Pasadena. There is a 2006 Hewlett Packard computer on my floor that has been completely destroyed by this ■■■■. (as has at least one computer belonging to Tamar.)

I got a notification of another network wanting to join immediately upon restarting after installation-it is a different series of IP numbers than the usual notice-I always set it to don’t notify me of the other networks, however-maybe part of these numbers have to do with Comodo because I believe the second set is the same as usual.

Here it is:

5.0.188.195/255.0.0.0

Also a Firewall notification I have never seen before: IAAAnotif.exe

I blocked it then got this message: Event Monitor User Notification Tool Has Stopped Working

I don’t know if this is a new update from Windows because I’ve never seen that Firewall message before or if its a trick like the bogus HP updates (it used to be at one time the HP updates could be closed or refused-they’ve been modified so matter what a person clicks on or if they even accidentally graze it it locks the bogus malware into action. This is similar to what Spyware Doctor does that I wrote about a few days ago.

The Comodo updates did apparently come through so I’m going to restart and run-in the meantime I need to run errands and definitely pick up those CD-R’s I need.

After downloading the updates Comodo did load in the center of the screen which is a good sign-I’ve noticed how these viruses work to an extent on various programs when there’s a problem-for example another sign was clicking on Comodo before the reinstall brought up two separate boxes that said Comodo Internet Security over the icon while normally there is only one. The GOM player icon produced nothing but a tiny square box another sign among many in these various programs something is amiss so I uninstalled that as well.

How can I go back and get something I’ve previously blocked unblocked? I think this may be a problem with the event notification service now since I keep getting the message the program isn’t working and I’ve also done that with the fingerprint reader before (I never use it, but it would be nice to have it available if I want it.)

The scan is at about 70,000 items now (so about a quarter way through) and clean so far-I’m going to go out and get those CD’s I’ve been needing to burn the anti-virus boot from CD programs.

you must have a bot on your computer, that is the only thing I can think of, get those CDs burn kaspersky using the exe I gave you earlier, reboot and boot from the cd, update and do a full scan to clean out everything.

Really tired-I couldn’t sleep last night-which was the one bright spot in this ■■■■ calling before 5 a.m. (Tamar reports not only calls but knocking on her door in the middle of the night the last two nights-threats have been made about us getting together tomorrow that are reminiscent of an incident recently in which Tamar may have been abducted (I don’t know, the story is fishy but the text messages tell a really bizarre story with details that make this hold up):

www.myspace.com/370392338

I’m running GMER before burning Kaspersky (which I hope to Christ burns and will work) and GMER was stopped mid sweep (I restarted it.)

Comodo displayed during the sweep by GMER it had found the following item and I elected to quarantine it:

TrojWare.Win32.Trojan.Agent.(curvy wave sign)318@75956370

C:\Users\RodneyPeterson\AppDat…\jar_cache9587.tmp

Do you know what this is and is the quarantine enough to get rid of it? (Remember the computer has blue screened and shut itself off to prevent damage with no warning recently)

The scans not over and its picking up two Comodo items in quarantine-one 4519 bytes one 212 bytes both

C:\ProgramFiles\COMODO\COMODOInternetSecurity\Quarantine (that’s all I can see right now)

Let me ask you this would you consider letting me call you once I’m ready to boot from CD to make sure I’m getting all this right?

(It’s done now-here’s the GMER log)

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-25 13:13:48
Windows 6.0.6001 Service Pack 1
Running: 25f23t9c.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a81
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb89e4b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d028a81 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fb89e4b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\jar_cache9587.tmp 4519 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\jar_cache9587.tmp.info 212 bytes

---- EOF - GMER 1.0.15 ----

Frustrating-I can’t figure out how to create the CD. I never burn CD’s, only DVD and then with click to disc. The Roxio program is telling me to create folders, find folders, similar types of things I have no idea how to do to burn the ISO image. Just clicking on the button which is the normal way I can for example erase a problematic DVD or BluRay completely won’t cooperate.

Think I accidentally hit on how to do it-it’s burning and hopefully it’s the ISO image.

Okay-I am really really going to need extensive help with this when available. The disc is right-just like the DVD I created-but it will not swap (whatever that means) when it gets to that part. This occurs whether I use safe mode or not. It’s very confusing and a screen appears which is a prompt for me to type commands but I have no idea what commands to type.

In the meantime after the GMER scan and the supposed quarantine of the Trojan this piece of dung Mr. X stuck on the machine Comodo opens in the center of the screen as it should updates correctly and is currently scanning.

But a bot makes sense this scumbag has also talked about a bot several times in these illegal text messages hacking channels belonging to AT&T (myself) and Sprint (Tamar) (in other words when I receive threatening messages it looks like Tamar wrote them, when she receives them it looks like I wrote them)-apparently this ■■■■ has a very illegal pocket cloning device (at least Tamar tells me this-as well as the spoofing problem-from research she’s done on the matter.)

Tamar also believes the spoofed phone calls, laughing and hanging up have something to do with the implementation of the bots and viruses.

And now I know what that HP update ■■■■ is about. It’s a toolbar apparently legitimate from Yahoo and HP for Internet Explorer-yet if it’s legitimate why does it crash a computer upon its appearance and not give someone an option to refuse it-also the instructions about how to get rid of it are almost impossible to both implement and follow-if its rogue it certainly looks as if the whole thing really is HP and Yahoo including every single web page associated with it.

Also the ■■■■■■ Windows update updates EVERY SINGLE DAY whether or not I want it to or even need the updates-not only did it fail to install the same three items it always fails to install, three more items that were previously part of the system failed upon trying to be reinstalled.

Bleeping computer, indeed.

this is how to properly burn the iso to cd

1. Go to Creator Classic
2. Put in a blank disc
3. Click “File”,then click “Record Disc from Image”
4. A window will pop up.Browse to the file you want to burn (your .iso).Highlight it and click Open
5. A Burn Progress window comes up,click “Burn”.The burn should start.

why don’t you try the avira exe again, that might work for you. I don’t know how much more I can help from here, you just don’t have to experience necessary to fix this problem yourself and I would just take the computer to a repair shop.

try this download hitman pro http://files.surfright.nl/HitmanPro35.exe and follow my instruction here on how to use it, that might help.

video 1 Hitman Pro AV Video 1 - YouTube

Video 2 Hitman Pro AV Video 2 - YouTube

They did fix somethings and you have internet access so that might work for you.

I’ll look into those other things and I appreciate the help and feedback thus far.

The computer was purchased in February with a three year extended and accidental damage warranty from Sony-so that means I have the option of calling in for Tier 2 support during normal business hours (easier problems are 24 hours for Tier 1) or sending it in to Sony. But what would I tell them?

Simple question-I figured out how to turn off the automatic Windows updates (hopefully) any idea how I can stop this HP update thing? Does anyone know anything about this-if this is a legitimate HP/Yahoo Toolbar (and it looks like it is) how are they getting away with basically hijacking peoples computers?

Also once I’ve blocked something I find out later I may need (such as the Windows notification service I wrote about) how can I get it back to unblock it?