Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Hacker turned my Win10 PC into a VM and remote controls it for months now! HELP!  (Read 19475 times)

0 Members and 1 Guest are viewing this topic.

frazz

    Topic Starter


    Rookie

    • Experience: Experienced
    • OS: Windows 10
    A lot of companies make use of Akamai-based servers as they are a very large CDN (Content Delivery Network). Microsoft in particular have used it for Windows Update for around a decade now. Apple has actually been starting to move away from the Akamai CDN for their own in-house Content Delivery Network for a few years but still utilize a number of nodes (eg. servers for certain geographic areas)

    I can't answer your specific questions about why X or Y and such, but that would hardly be evidence to your underlying claims- Occam's Razor and all that. It could very well be user error or just a misinterpretation of errors or stuff happening on your system. By way of example, the other day I couldn't log in to Windows and was told my password was incorrect, and then on another one of my systems, I received an error message regarding my account credentials having been changed. This sounded suspicious of course but it turns out that Microsoft's account services were having problems.

    Those lists of services and scheduled tasks appear to be normal services and tasks found in Windows. For scheduled tasks, Some of them don't indicate a executable or DLL file because the associated Actions are attached to a Custom Handler, so you get the "friendly" name for the Custom Handler which as I recall is part of the XML definition for that scheduled task. It lists something known as a "CLSID" which points at a registered Class definition. As an example, AUScheduledInstall is a scheduled task responsible for part of Windows Update. it references CLSID "{F3B4E234-7A68-4E43-B813-E4BA55A065F6}", which itself points at an AppID of "{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" which is the Windows Update Agent itself. When listing Scheduled tasks, it will simply say 'AUScheduledInstall" or list the service path (\Microsoft\Windows\WindowsUpdate\AUScheduledInstall) which of course doesn't exist on the file system.

    AppV is a component of windows as are several "vm" named services. They do not appear in the services Snap-in (services.msc) because that only lists services managed by the Service Control Manager. Services with startup type 0 are boot-time services, and services with startup type 1 are services loaded with the initial kernel load. This includes the various HyperV and AppV Services included with Windows 10, many of which are services with names starting with "vm". On my desktop, most of these are disabled- however that is likely because I have VMWare installed, as on my other Windows 10 systems they appear to be enabled. If you have been disabling these it could- somewhat ironically - explain the source of unusual behaviours you might have been having.

    I think your latest post was cut-off, or hit the post limit as the log appears to be truncated. FWIW, a search brought up a number of issues surrounding MSI's various driver packages not providing signed/WHQL drivers, so it is not necessarily an indicator of anything untoward.

    *context handler. And yah I know what’s a Clsid is, that’s just it though, all of my apps and security devices are used under a different handle /clsid that I don’t control. Obviously there is parts of a pc that provide support for apps and what not but not every single dll And CFg exec file on the pc. A handler is just that it handles operations for that given clsid. A handle. Handler. Mine as we’ll be the same thing. Also why every single program gets added it’s  own unsigned service because schost can be controlled from a remote shell. So making everything a service it can look as if ignore Ian my legitimate program but it’s not and it’s not me using it fully.