welo

The log shows no trojan infection but an installed rogue security software that has been removed.

I thought that when you mentioned 'Spybot' you referred to 'Spybot Search & Destroy' which is a respectable anti-malware software. BPS Security Console as well as probably other products from Bulletproofspyware(dot)com are considered Rogue Software or maybe worse.

Rogue Software is a fake software that claims to do something which it does not do well (or not at all), and at the same time reporting fake warnings and alerts trying to scare you into purchasing software (real or fake as well) to get rid of a problem that is not there.

this is what WOT (Web of Trust): http://www.mywot.com/de/scorecard/BulletProofSoft.com

this is what McAfee's SiteAdvisor says: http://www.siteadvisor.com/sites/BulletProofSoft.com/summary/

People even report trojan and malware infections with software downloaded from this website. Verifying the exact threat level is not possible for me.

It could be possible that this software messed with your profile or system settings to create problems which might lure you into a purchase of their software.

Do NEVER download software from the internet without cross-checking its credibility. One way is to download only from respectable download sites such as download.com, filehippo.com, softpedia.com - and read the reviews on download.com. If the program is not listed there, better stay away.

Install the WOT plugin from www.mywot.com - this will warn you about many unsafe and untrusted websites (but remember that the listing can NEVER be complete)

How to proceed from here?

I recommend either one of those options

• Reinstall the OS
  
• Have a (real) professional check your system
  
• Run several respected antivirus solutions to check your system
  

I also want to remind you again that you better backup your data NOW!

Recommended antivirus software:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html?tag=mncol

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Thanks for your detailed feedback.

However, even with your new findings I can't really pinpoint the problem any further, everything that has been said still applies. I could detail my theories about why it could be a hardware problem and why a software problem or malware infection, but the result is still the same.

Try the actions I described in post #10.

I would do the virus/malware checks parallel to my other suggestions since the scans will take some time anyway - you can have the scans run overnight.

Since you are travelling and probably have limited internet access: Malwarebytes requires internet for the update, but can then run without internet connection. Hitman Pro requires an internet connection even while scanning because it uploads suspicious files to a scan cloud, Eset will not run without Internet Connection I think since it tries to update every time when run (I think), Kaspersky includes the the latest updates (and cannot be updated at all), but is unfortunately hosted on a slow server, and the download is 70MB.

Try this website for the Ubuntu Live CD or USB: http://www.ubuntu.com/desktop/get-ubuntu/download.

Good luck.

Not sure how 'streamlined' the process for the Non-B is in Phnom Penh, but if they have questions or require more paperwork, it might be an advantage to go yourself. Tourist Visas (if not on long-term stay) used to be no problem in Phnom Penh and straight forward with an agent (including same-day service), but not sure about Non-B.

Maybe others can share their experience.

welo

I think yes, that's the actual customs check for persons, the one before the turn is for vehicles - at least that's my interpretation.

I always thought it is official because

1. you have signs that point the way for ladies and gents - scams usually don't have any permanent installments, but I might be wrong

2. every time I passed the border in Poipet there were officers sitting there, even though they hardly ever check westerners. I've been checked maybe 1 out of 10 times.

welo

@thaimite

Yes, the user should have the choice, and the home user definitely DOES have the choice.

I do not defend Microsoft and its practices (but I do defend its products against unreasonable bashing sometimes).

I do oppose simplifying and generalizing of problems, and to judge the commercial software industry based on the wrongdoings of Microsoft is unfair.

I do think that a free open source operating system has huge advantages. I do believe that Linux has become very strong and will become even stronger in the future, and I'm looking forward to this. There is a huge interest in a free open source OS, not only by enthusiastic idealists but also by commercial companies. For this reason Linux is and will be successful.

I agree that software quality and ease of use should be the main criteria, and mostly is for the average home user, and neither license model does guarantee high quality. My experience however tells me that in many areas the user has a greater choice with Windows than with Linux. That is however my personal experience and I don't claim to have done an extensive review and comparison of software. And my opinion is based on not the current situation but on the past years, which might distort the pictur

I am not sure I'm ready to descend into this discussion now, because there are so many aspects to it - that might come across a bit unfair, sorry for that.

If I had the possibility I would have setup a dual boot system already a view months ago, but having a Laptop I'm very limited in harddisk space. And I'm not ready to abandon Windows yet, and I don't think it's a good idea to run Linux with a graphical UI in a VM (at least on my system).

welo

@Martin

It is correct that the GPL does not enforce anything on the end-user, but gives him a wide-range of 'rights' to use the software. I want to make this clear because I'm not interested in spreading FUD.

The GPL is a software license that grants extensive rights, and imposes one important 'restriction' which only affects software developers (professional or not) that produce derivative work based on the GPL'ed software. 'Derivative work' means that I take the software - which can be a complete application with UI for instance but also a toolkit, framework or so-called software library - and modify it, or just use it to write my own piece of software 'linked' to the GPL'ed code.

If I want to redistribute this created work, I have to make it available under the terms of the GPL as well.

This basically means that I cannot 'sell' the derivative work I've created as a software product (due to market dynamics as we worked out in the previous posts). While this makes perfect sense in order to protect people's work from being commercially exploited, and moreover to spread the idea of 'free software', the implications are far-reaching.

The 'problem' is the definition of 'derivative work' and 'linking' when it comes to software development. When I last checked the discussion on this question were still ongoing, and the opinions differed. It might not appear to the average user that 'linking' is a very fuzzy term.

There is a reason why one of the most successful Open Source projects, the Webserver Apache, is not released under the GPL but under the 'Apache License', which is also a Free Software license but allows using the source code for both the development of proprietary as well as free and Open Source software. This applies of course also to websites and web applications that run on top of Apache.

While you (Martin) obviously find it desirable to push companies to provide access to the software source code in order to be able to analyze the software, this is not desirable for many companies for various reasons, mostly commercial - to protect their investment (maybe months of research) and protect their advantage on the market which was most likely gained because of innovative ideas or just years of experience in the field. The very same reason why e.g. food companies don't publish information about their recipes and production process together with their sold product.

So if the Apache Server had been released under the GPL or any other copyleft license (copyleft = "requiring that the same rights be preserved in modified versions of the work", wikipedia), it most likely would not have been that successful. Or Facebook would most likely not have used Apache as their platform (do they actually use Apache?).

I'm no expert on this matter, and I don't claim to have a solution to the problem. However, my 'feeling' is that just because there are black sheep in the software industry that abuse their monopoly, and because there is a general bad practice of restrictive software license terms, it is not fair to identify commercial and proprietary software as the culprit.

My ideas:

• Keep educating users and lobbying for less restrictive software license terms - but no need to condemn and demonize proprietary software
  
• Improve laws to forbid unfair license terms - what we know as 'free market' is actually regulated by the state, so why consumer protection laws should not be able to aid here?
  
• As a company purchasing software: negotiate better license terms, e.g. access to source code for security audits, terms of use when product is discontinued, etc
  

welo

Well, I do have absolutely no glue of the whole subject (PCLinux, CDMA USB modem), but when you say

4 digit PIN number

the SIM Pin comes to my mind, or even a Bluetooth PIN (well, obviously not applicable here), but not a PHONE number...

welo

I don`t use the It's all text! addon, for several reasons:

• Can't use the website's editor buttons in a text editor
  
• No autosave means no crash recovery
  
• Didn't work for me with Thaivisa back then
  

Text Area Cache works so reliable for me that I never ever thought about using an external editor.

If you do use the editor, make sure to press CTRL-S every now and then. This will update the text to the browser, and then Lazarus and/or Text Area Cache should kick in and autosave the text - haven't tried that though.

welo

Spybot is OK as well. What kind of threats did Malwarebytes find? Just one trojan infection is a serious problem!

Maybe Malwarebytes found files that have been quarantined by Spybot.

Can you provide the log file of the Malwarebytes scan? Start the program, open the tab 'logs', open the latest log file, copy/paste here.

It might also be a good time to make a backup of your data now that your PC is working again / still working. In any case (hardware problem or malware problem) you might run into the same or more problems soon.

welo

Don't calculate your stay too short, this week the consul was allegedly out of town and things went not quite so smooth - at least for me and 2 others I met. Not sure if the information was correct, and problems might as well been due to our specific visa situations (mine was for a Tourist Visa). And of course this doesn't necessarily mean that next week will be the same, or your visa situation is the same.

However, standard pickup times are x+3 days. Agents used to be able to speed this up (express fee).

And I guess you have your paperwork ready.

welo

Re-reading your latest post I see another possibility:

Assuming that you use the media keys for volume control, the connection between volume and Touchpad might indeed be the keyboard, and it might not be directly related to the audio system, but to the keyboard. Your recent comment on the keyboard not working makes this possibility more likely.

I further assume that your keyboard comes with a special launcher application that allows configuration of the special media keys - maybe one is configured to launch the display properties.

Try to find the keyboard program launcher in the autostart list (msconfig.exe) and disable it.

If you have an external (USB) keyboard then use this keyboard and see if the problem persists when you don't press any keys on your built-in keyboard.

Removing the keyboard entry from the Device Manager as suggested by sulasno is a good point as well. Sulasno, I assume you suggest to remove the entries for the USB peripherals only, not the entries for the USB root hub and the USB host controller, right?

Rick, please provide as much information as possible. Remote diagnosis are pretty hard, you can help a lot by providing detailed reports. If you proceed with any actions, please report about your doings and the outcome, even if it doesn't solve the problem.

If you have questions about a suggested step, please google or ask here.

welo

After your clarification and your troubles with system restore I doubt its a hardware issue. Such erratic behavior would rather point to a malware infection IMHO.

One more question: when changing the volume, do you use special media keys on the laptop? If you change the volume using the mouse and the volume control in the system tray, do you experience the same problems?

If you don't have a backup of important data on your PC, this should be your number one priority now. If you have any external storage device with an old backup, it might however be better to keep it safe and not connect it to your PC for now.

Actions you could take for further troubleshooting

• Start Windows in Safe Mode (F8 during startup) and observe the behavior
  
• Disable all startup programs - hit WIN-R and type 'msconfig.exe', change to system start and disable everything
  
• Download a Linux LiveCD (eg Ubuntu) and verify the problem - if the problem persists, a hardware problem is verly likely.
  
• Which antivirus programs did you run? I recommend Malwarebytes Antimalware, Hitman Pro, ESET Free Online Scanner or Kaspersky Virus Removal Tool. Run full system scans, start with Hitman Pro and Malwarebytes.
  

Please report any abnormalities that you encounter. If you have troubles downloading or accessing websites, or one of the programs cannot update, please report this as well. This might help

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html?tag=mncol

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

the site is a "Wooden Entrance" or almost a pine window... i went to a post about some westerners journal of being imprisoned in thailand. the thread was on the front page - it isnt now-and i dont remember what section it was in - helpful i know. several posters in the thread posted a link to another article about it (within this thread). when i tried to view that link - that was when the warning occured, and Lavasoft/google chrome would't allow it to open.strange, as a mate thinks my computers been hacked.any comments on that being paranoid or sensibly cautious?

I would take any warning seriously. Better to be cautious, the mess you MIGHT get into is probably not worth it.

Of course false alarms (false positives) are possible and not uncommon no matter which antivirus/security solution you use.

Like I pointed out in a previous post, Google's system (built into Firefox by default) will block a malicious/hacked website for at least a view days AFTER the website has been cleaned of the hack/malicious code.

You could check Google's report to see for how many days the website is 'clean' (IF at all) and then decide whether it's worth the risk and ignore the warning. However, many times a website gets hacked AGAIN after it has been cleaned because the security hole that allowed the attacker to infiltrate the website has not been fixed yet.

You still didn't give more details on the reported warning. Was it the same warning as on the image that I posted in my previous comment? Or did the warning come from Lavasoft.

If reported by Lavasoft, the risk also depends on the threat level reported, but I guess Adaware would not block access to a website because of a simple tracking cookie or a similar low-risk threat.

Please note that the pro version of Adaware does not include the powerful Avira antivirus engine like its commercial versions.

welo

Oh, I see!

Forgot to post the instructions on howto disable BACKSPACE=HISTORY_BACK in Firefox. Just for completeness, in case somebody else stumbles over this topic in the future...

Type about:config in Firefox Location Box, and then confirm the warning message. Then locate the following preference name:

browser.backspace_action

Change the “browser.backspace_action” to one of the following values to reflect your intention on how the Backspace key should behaves:

0: Pressing [backspace] will go back a page in the session history and [shift]+[backspace] will go forward. (Default in Windows)

1: Pressing [backspace] will scroll up a page in the current document and [shift]+[backspace] will scroll down. Except Camino that does not implement any behavior for the value 1, which is unmapped. (Default in Linux builds before 2006-12-07)

Any other integer number: Any other integer value will simply unmap the backspace key.

source: http://www.mydigitallife.info/2008/06/22/disable-or-enable-backspace-as-go-back-page-browsing-function-in-firefox/

Also when I the volume on my graphics card driver screen shows up?

Sorry, I can't figure out what you are talking about here.

I wonder whether this could be a hardware problem, some power related fault like a short circuit - turning off the volume usually turns of any current on the audio output. Turning on the volume increases the power output on the audio jacks, and I assume this might somehow affect the Touchpad device. Still, it seems kind of unlikely.

On the other hand mouse and audio drivers are not really related on software/driver level - some devices are internally connected via USB and might interfere, but not sound and Touchpad AFAIK.

So my guess is that this is a bizarre hardware problem, or a malware infection. Or your problem analysis is faulty What do you mean with the statement above?

welo

I don't understand why you still lost text when you had Lazarus installed. I prefer the Text Area Cache to Lazarus anyway, because it is simpler and does exactly what it's supposed to do (in my case), not less and not more.

If lazarus does not work reliable for you, try the Text Area Cache - you can have both installed if you want, they didn't interfere when I tested them both at the same time.

I kind of forgot about the problem, because I obviously solved it - it didn't happen to me ever since.

what did I do?

• Disable CTRL-W shortcut (that closes the current tab) as described in post #1
  
• Disable the BACKSPACE button, which in Firefox will jump back in the browsing history when the cursor is not placed inside a text input field
  
• Configure Firefox to not display a close button for each tab individually - as described in post #18
  
• Install the Text Area Cache plugin
  
• Enable the Touchpad option 'Disable Touchpad while typing' and 'Disable Touchpad when USB mouse is connected'
  
• Change shortcut for Google Translate Client from CTRL-CTRL to something else
  

You can see that this problem really drove me nuts, but I can say one (or more) of those counter measures really did the trick.

I guess that your problem might be the BACKSPACE button, maybe combined with accidentally brushing over the Touchpad and moving the cursor out of the text input field.

welo

It's you who brought up the topic...

OK. so I just lost an entire post I had written, and now I'm a bit grumpy...

Since you also revived my old thread on this topic I will post further comments there...

Btw, here is Google's report for Thaivisa

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://thaivisa.com

Thanks, elkangorito, for the clarification!

Orion, I guess you cannot blame a UPS with surge protector for failing to protect equipment in case of a primary strike. A lightning strike is not a 'surge' in the network but a massive event. Of course there are UPS devices of different quality, some doing what they are supposed to do, others don't.

^^^

WOT is a good pick!

It is slightly different from other blacklisting services, especially Google's 'Attack Site' feature.

While Google only focuses on infected websites spreading malware, WOT allows its community to rate several aspects of the website resp. its owner. This allows 'blacklisting' companies that are known for fraudulent activities or spamming and such.

If you get a negative rating from WOT, I would avoid the site. You can access a more detailed report to find out what problems have been reported, users often provide a comment to their rating explaining further why the website is considered 'bad'. There are websites that are disputed whether they are unethical or not, the comment page will help you make your own judgement.

However, often a website will not be rated at all, which of course does NOT imply that the website is safe. The active WOT community is too small to cover the entire net. Fraudulent companies/groups/individuals often popup new domains and websites on a weekly basis to avoid blacklistings etc.

WOT offers plugins for all major browsers!

welo

chandler, that's a great write-up you are doing here!

To avoid waisting time because of text being lost in cyberspace I recommend Firefox and this addon: https://addons.mozilla.org/en-US/firefox/addon/5761/

Auto-saves any text input in text fields in the browser in multiple revisions. No matter why the text input is lost (browser/system crash, tab closed accidentally, content deleted/overwritten), this addon allows you to restore your precious work with 2 mouse clicks! For more ideas check this topic.

welo

Can we get back on topic please?

There is obviously two relevant topics here (like nikster pointed out)

• data safety - this includes (long-term) data backup and crash recovery (which again are related but not the same)
  
• data security / privacy - whereas OP pointed out the specific issue of safeguarding your privacy when handing in the computer for repair
  

Of course the topic of data security is a huge one - your data cannot be kept safe if your PC (operating and software) is not safe. Then there is the issue of online privacy.

However, while it is valid to point out those aspects, I think the OP (and this discussion thread) is served better when focusing on the matter of data encryption (just as the first posters on this thread did).

The problem with both topics (backup as well as data encryption) is that they are not necessarily easy to setup and maintain for the average user. I guess Apple has (yet again) a head start with TimeMachine and encryption facilities built into the OS.

For some reason I tend to avoid built-in facilities into Windows, I tried the system image and backup features in Windows 7 but they seem kind of clumsy (again).

Does anybody have Windows based solutions that he/she thinks appeal to the standard (non tech-savvy) Windows user (which I could recommend to friends)?

I personally use Gizmo Drive for sensitive data which allows encrypted virtual drives and is fairly easy to use, but I don't use drive encryption for my user account in general - this thread actually makes me think about why I do not.

And for backup... Can anybody recommend an all-in-one solution to handle system and data recovery (in case of a system crash) plus long-term archiving. I guess something like Apple's TimeMachine that further allows to categorize data into essential and non-essential would do the trick.

Martin definitely knows his stuff when it comes to data backup, and I guess the issue of long-term backups (data that will NEVER be trashed) is also important to home users. Even though I think that his experience in the professional field does not necessarily apply to the typical home user. ANY form of data backup is better than none, and most users will rather ignore the problem complitely (not doing ANY backup) than dealing with a complicated setup that requires to make many decisions on revisions being kept, backup schedules and backup strategies etc.

Just post the name of the website, we can find the link on our own. Or send it as private message to those who requested it.

If we are talking about the Firefox message saying 'Reported Attack Site' it is worthy to point out that

• this does not necessarily imply that the owner of the website intends to distribute malware, rather that the website might have been hacked by a 3rd party and modified to distribute malware. This is the most common scenario.
  
• this is not a permanent warning/block. The service is powered by Google, and the website will be checked regularly whether the malicious code has been removed and the website is clean - after a certain period without any malicious activity on the website the blacklisting will be removed. Click 'Why was this site blocked' and you will get a detailed report if the website currently contains malware/malicious code, and for how many days is is clean. Based on this information you might decide to click 'ignore this warning' and browse the website.
  
• Ignoring the warning by switching to Internet Explorer is not a good idea - firstly the warning/block is not set without reason (see above), secondly, IE as the number one browser for the average user is number one target of malicious website attacks, switching to IE will even increase the risk of infecting your PC if the website is actually still infected. Just because IE doesn't give you a warning doesn't mean the website is SAFE.
  
• Thai websites are more often affected because the percentage of poorly maintained websites in Thailand is supposedly higher than in western countries, therefore infections/successful attacks more likely.
  

The warning message I'm talking about:

You can re-enable the addons one by one to find the one that caused the problem.

Seems that your profile directory was wiped or you were logged in under a different user account. The recycle bin is not specific/tied to your user account AFAIK, so I would expect it to contain all items even if there are problems with your account's profile directory.

Might be an attack by malicious software or just some Windows 'anomaly'.

Maybe others have experience with this kind of problem and possible reasons?

Using System Restore was a smart choice!

If the problem appears again you might want to verify the user account name you are logged in with. You can also check the C:\Users folder - each account has its own subdirectory, plus one for the 'All Users' and one for 'Default User'.

I guess a malware attack is possible, not sure if it would the most likely reason though. Of course, if you do use your computer for serious stuff (work, internet banking, credit card transactions, etc) you might want to make sure that your PC is not infected. Don't rely on one antivirus scanner only. Some free scanners that come without a resident shield/guard and will not interfere with your main antivirus scanner: Malwarebytes Anti-Malware, Hitman Pro, Kaspersky Virus Removal Tool. Search the forum for posts on this topic and links to these programs.

Don't think that your computer is clean just because one program said so.

Did you have NOD32 installed and updated before or did you just install it after the 'crash'?

Some malware likes to hide/infect the System Restore directory, in case of an infection it is recommended to disable System Restore, then restart, actually wiping the whole System Restore data, then re-enable and set a new System Restore point. This should be done AFTER the computer is cleaned from any malware, otherwise it might be infected again. Of course you will loose all System Restore points.

welo