Under attack from Com + ActiveX Entries ?

[sub101uk]

O/S is Windows 7 Using a TOT Forth Router Model Number is GPO - 5900 .

 

I wonder if any others out there are having the same problem as me for the past week my Dell Lap Top seems to have become a bit unstable , The Blue Tooth mouse started doing strange things , I am using Avast so gave it a full scan and nothing found . I checked my Registry with Max Registry Cleaner and found 14 - 18 Com + ActiveX Entries . So I would delete and the computer seem fine again with a few hours I got the same again . Now I am getting 14 - 18 Com + ActiveX Entries every 10 minutes .

 

Any thoughts from any body regarding this problem , I have turned off the internet link and there is No Entries ? I turn the Router back on and the Entries start again . As far as I am aware of every 24 hours I thought we were all given a different IP address .

 

I there for think the problem is in the router , The Router is a TOT Forth  Model Number is GPO - 5900 maybe someone could go over the security settings with me as at the moment there set on default I did change the password when you sign on to the router but the rest is bog standard .

 

Cheers

 

 

 

 

[JB300]

Com+ components are a common/integral part of Windows & probably self re-registering when you start something.

Would help if you listed the names of the registry entries

[sub101uk]

Thanks for getting back on this I am not a IT guy but fully understand that without seeing logs it would be hard to help .

I am using Windows 7 Pro and its fully up to date with what ever updates there are available but I fully understand regarding using a Registry tool in fact many people dont but over the years I have used Max Registry Cleaner but I have never come across any thing like this before .

 

My internet link is from TOT with a Forth Router Model Number is GPO - 5900 , Now as soon as I turn the internet link on wireless or Lan within 10 minutes I get down loaded to my lap top 18 - 14 Com + ActiveX Entries , I will take a screen grab and show you what I mean . Any idea what these are and why I should get them every 10 minutes ? The Lap Top is a 17 inch Dell soI have no idea why i should get it .

 

ok I checked with Google regarding what Apple Inc.Bonj was and they came up with this :-

 

Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks. Bonjour uses industry standard IP protocols to allow devices to automatically discover each other without the need to enter IP addresses or configure DNS servers.

 

So How do I remove it from Windows 7 .

[JB300]

Try this http://www.thewindowsclub.com/remove-bonjour-from-windows

[sub101uk]

Thanks for that I am looking at the same thing " How to remove Bonjour from windows 7 its slow but getting there .I did download " Windows Install Cleaner " but it does not show up on the list of programs .

 

I did follow these tips :- But its not there on Services or System Configuration  so will keep searching .

 

 

[JB300]

Try rebooting your machine into safe mode with cod prompt then rename mDNSResponder.exe

Might be some cleaning up afterwards but it should cure your problem.

Bonjour is a pucker service (albeit it acts like a virus) so nothing to worry about (though I do remember forcibly removing it from my Win7 machine as it kept popping up with messages)

[sub101uk]

So far I have had no luck in finding the file I did try :-

Firstly, if you have any Apple software installed on your computer such as iTunes there’s a high likelihood that there’s already a Bonjour folder residing under ‘Program Files’ section. On most occasions, the service starts automatically and runs a process named mDNSResponder.exe which cannot be killed by Windows Task Manager.

You will, in most cases, be able to uninstall the program via Control Panel – but in some cases, this may fail! Hence, a safe method described here to uninstall and remove the Bonjour service and files – mDNSResponder.exe and mdnsNSP.dll.

Press Win + R keyboard keys in combination, to bring up the ‘Run’ dialog box. Next, type the following command and hit OK. Alternatively open an elevated CMD and do it.

"%PROGRAMFILES%\Bonjour\mDNSResponder.exe" -remove

To unregister the dll file, open a command prompt window, as an administrator, type the following and hit Enter.

regsvr32 /u "%PROGRAMFILES%\Bonjour\mdnsNSP.dll"

Restart your computer, go to C:\Program Files\ and delete the Bonjour folder.

iTunes and some other programs need Bonjour to function. If you use these programs, do NOT remove Bonjour! Make sure you have administrator privileges before executing these commands.

 

I did try this as well :-

To unregister the dll file, open a command prompt window, as an administrator, type the following and hit Enter. Restart your computer, go to C:\Program Files\ anddelete the Bonjour folder. iTunes and some other programs need Bonjour to function. If you use these programs, do NOT remove Bonjour

 

But all I got was Unable to Find but Bonjour is there as you can see from the Max Reg attachment  , The way they seem to hidden this file I dont think they wanted people to find it unless its under some other file name but I have checked on the dates and there is nothing , Yes I thought the same as you Boot up in safe mode but still unable to find the file . I will emailing Apple and see what they say .

 

 

[JB300]

Should be in the Bonjour folder in either Program Files or Program Files (X86) depending on version of Win7.

Here's a better article on removing mDNSResponder.exe

http://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

[sub101uk]

Thanks for the support on this as its driving me nuts every 10 minutes I seem to get these attacks , Yes I have looked in Program files + Program Files (X86) and there is no Bonjour or Apple file and there is nothing . My Ver of Windows is 7 Pro Service pack 1 .

 

Ok I will give your link a try and see how we get on .

[JB300]

I'm assuming you have hidden files showing in explorer, have you tried from the CMD prompt?

[sub101uk]

Yes I thought of that as well to turn hidden files on , Strange it seems to have stopped most of the time I get these entries every 10 minutes and its been one hour , I did add to the Schedule on the reg cleaner ,Clean every 10 minutes but I would love to know were this Bonj file is hiding , I wonder if its Skype ?  " As its got on that link " Don’t use iTunes? You aren’t alone, and that’s not the only way that Bonjour gets installed on your computer. It’s also bundled in a whole bunch of other software, like Pidgin, Skype, and Safari, and used to connect clients together on the same network. "

 

I could trying deleting Skype and see what happens even if Skype is turned off I still get these entries so maybe I need to remove it .

 

The plot thickens !

[KittenKong]

You apparently have 28 empty registry keys. They are normally meaningless and harmless. What makes you think they are an attack?

 

Apple are appalling for installing badly-written and pointless bloatware though usually if you remove iTunes and Quicktime and Safari then most of the rest of their crap will disappear with it. Bonjour is harmless so even if isnt removed it is nothing to worry about.

[sub101uk]

I wish it was harmless but its the stuff that comes with it . If you Google Apple Bonjour your find these details :-  Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks using industry standard IP protocols. It is a key component of Apple applications (e.g., iTunes, iPhoto), services (e.g., MobileMe) and devices (e.g., Apple TV, and Airport).

 

I have no idea how it got on there I just want to find the program and remove it as at the moment I am spending most of my time deleting it every 10 minutes any way back on with the hunt .

 

JB300 , I have removed Skype and its history and Bonjour its still there , If every thing fails the only thing left to do is format the hard drive and do a total reinstall however Bonjour may be hidden in the mail for all I know but I do back all data every week  . I could email Apple and see what they say , But most the details I have found on the internet on how to locate and remove Bonjour .

 

The search continues !

[JB300]

Can you see it running in Services (start-> run -> Services.msc) ?

If so you should be able to disable it from there.

if not start a cmd prompt (start-> run -> Cmd)) go to the root of your OS drive (cd C:\ assuming OS is on C)

Search for The file (dir msdnsresponder.exe /s)

[sub101uk]

Hi JB well I did contact Max Reg this morning and they did a remote link up and after one hour they are still unable to even find the program so its gone to the next level of tecs .

 

Ok will have a look in services and let you know , As for the search for (dir msdnsresponder.exe /s) I think this was one of the things I did try the other day but will give it a second guy . I think its under some other name other wise I would have found it by now . But the remote guys what a second crack at it this afternoon so will let you know how they get on .

 

[sub101uk]

Hi JB well I did contact Max Reg this afternoon and they did a remote access for 2 hours and were unable to find or remove Apple Bonjour in the end the guy got very silly and clicked on " Ignore Entries " and told me he had fixed the problem .

 

So looks like a format and reinstall and hope that the the backup has not been corrupted every week I make a full back up so I hope all goes ok .

[JB300]

Hi JB well I did contact Max Reg this afternoon and they did a remote access for 2 hours and were unable to find or remove Apple Bonjour in the end the guy got very silly and clicked on " Ignore Entries " and told me he had fixed the problem .
 
So looks like a format and reinstall and hope that the the backup has not been corrupted every week I make a full back up so I hope all goes ok .

Crazy!!!


Good Luck [emoji1303]

[sub101uk]

Sorry for delay to reply but I had to do a reset on my router I forgot my VLAN settings anyway all up and running again with APPLE Bonjour in tow thats what comes up in every scan every 5 - 10 minutes . All the data is backed but whats for stopping Bonjour from moving over to the back up , Every thing is backed up on a USB plug in 2 TB Seagate which is only plugged in once a week .

 

I will drop a email to the Avast forum group and see what they say in the best  best cause of action but all the normal ways to find and delete this Apple Bonjour have failed .

 

So the plot so far is when you do a cold boot then scan you start with 22 Invalid entries , Delete those and 18 appear within seconds  then 14 after that . This might sound strange but it seems to be coming from TOT .

 

I have 3 hard drives on this machine and there not linked in a raid So might just pull and replace C drive and do a total reinstall . I  am fully aware that Apple Bonjour by its self is not a problem but it means people can connect to you without using a IP address which is why my attacks are on going .

 

Cheers for now

[KittenKong]

3 hours ago, sub101uk said:

I  am fully aware that Apple Bonjour by its self is not a problem but it means people can connect to you without using a IP address which is why my attacks are on going .

 

You keep saying "attacks" but I see none. I see a varying number of empty registry keys. Ignore them.

[sub101uk]

Hi Kittenkong thanks for the feed back yes your right by its self Apple Bonjour is a harmless program , However with this program in my computer its high lighting my computer on the net . If you Google Apple Bonjour your see what I mean  " Bonjour is Apple's version of the Zero Configuration Networking (Zeroconf) standard, a set of protocols that allows certain communication between network-connected devices, applications and services. Bonjour is often used in home networks to allow Windows and Apple devices to share printers. Which means they can keep on attacking your computer without your IP address .

 

About 3 weeks ago my Bluetooth mouse starting doing strange things and my lap top started to be very unstable ,  I found by turning off my internet link and a few checks the computer was fine again . I did wonder how did they keep finding me because as far as I know every day your IP address changes then by running Max Reg cleaning I found Apple Bonjour appear every day when I checked the registry until it got to the stage its in now I delete it and it re appears within a few seconds or minutes . There is a fair amount information on the net regarding how to find and delete and so far nothing seems to work .

 

As you can see from above the guys at Max Reg Cleaner did a remote access on my computer for the total of 3 hours and they had no luck on finding it . So we can wait and see if any of the other computer groups have any ideas. 

[sub101uk]

Just to give you a update on my problem , I ran " Highjack This " in a attempt to find and delete the above files from my registry but I found there is a lock down on my system as you can see from the attachment the only way to edit the file is by doing it by hand .

 

If I down load my registry log can someone who has experience on editing registry have a look and tell if any thing is out of place because I do not know what I am looking at .

 

   

[KittenKong]

It is entirely normal that the hosts file does not have write access. http://helpdeskgeek.com/windows-7/windows-7-hosts-file/

This is not a reason to imagine that you are under attack.

 

You can read the content of the hosts file by doing what it says in your pop-up. Normally it should be empty apart from the descriptive content near the top. If there anything after the "127.0.0.1       localhost" part just copy and paste it into a reply here.

 

Did Hijackthis actually report any hijacked domains? If not you dont need to worry about any of this.

[sub101uk]

Understood KittenKong sorry but I am not a IT guy and just seems strange why my system denied write access because in the past I have used this program and never seen this before . I wish I could just carry on with my work and think was just a bad dream but the facts are very real while this program is installed on my machine and the internet link is still connected the blue tooth mouse goes very unstable and the screen just locks up and the only way to unlock is turn off the internet link then do a Ctrl -Alt - Delete and go into task manager and for some reason the screen unlocks its self , If you leave internet on the problem remains

 

My thoughts are how do they keep finding me as my IP address changes every day , I did go across the road to the coffee shop and the same thing happens there so there not finding me via my IP address . Which brings me back to Apple Bonjour as we know with this program installed on your computer you dont need a IP to connect its all done for you .But if you delete this program with max registry cleaner within 5 or 10 minutes its back again .

 

Have a look at this Log file and see what you think or if any other members of these group know can help let me know as I am running out of ideas .

 

 

hijackthis Log File 23.12.2016.txt

[KittenKong]

I cant see anything wrong with that log but I'm not a Hijackthis expert. You could post it on their forum and see if someone spots anything.

 

Is there any particular reason why you are still running Win7 and have not switched to Win10?

 

Have you tried using another mouse?

[sub101uk]

All ok on the Log yes yes its all looks ok but like you I dont know what I am looking at , I see nothing there that says Apple Bonjour , Yes I thought the same maybe the mouse was the problem but I do have a spare blue tooth + wireless mouse the plus you have the screen locking up but if I turn off the Wifi the problem stops . Every thing so far points to the internet .Plus every time I delete Apple Bonjour with my reg cleaner with 5 - 10 mins the file is back again I get 14  Com / Active X invalid Entries if you turn off the at the router then scan " Nothing " Turn Router back on and then it boots fully you have 22 Com / Active X invalid Entries . When you check out these Entries its Apple Bonjour .

 

I did try " HighJack "  web site but its not taking any more cases it tells you to try one of there other sites I started a topic on bleeping Computer but so far had no reply so might try one of the other site that deal will hacking attacks and see what they say but to be safe I am turning off the router because I can see a fare amount of data on my router but I am not doing any thing . Oh yes I am using Windows 7 pro because I know the system it did come with 8 but I had that removed and 7 installed I am a XP fan .

 

I did find this down load but I cannot download the file http://turn-off-bonjour-service.www.software112.com/

 

 

Edited December 25, 2016 by sub101uk

[KittenKong]

It could simply be some driver malfunction that is causing Bluetooth to lock up when wifi is used. Try a corded mouse with Bluetooth turned off.

 

The invalid registry entries are meaningless. Ignore them.

 

Is it safe to assume that your Win7 Pro is not a legitimate version? If so this may well be where your problems are coming from. If you have a legitimate Win8 key then I would be inclined to update to Win10 as this can still be done for free.

[sub101uk]

Sorry but all of what you have said I did check when the fault appeared 3 weeks ago and slowing all my problems point towards the internet , All drivers were changed but the mouse problem and screen locking up still continues I might also add that its not only the mouse but also the touch pad on the lap top .At the end of the day if the lap top does not go online the computer works fine with no problems . Within seconds of going on the internet the problems start and I find 22 invalid entries as soon as I delete those 18 more of the same appear delete those and then 14 of the same appear delete those and you get no more invalid entries for 10 minutes then the whole thing starts all over again .

 

Turn the internet off then give it a scan you only get just 22 entries and then nothing until you reconnect to the internet , So remove Apple Bonj and you remove there connection . This Dell lap was bought from Dell in the UK with a legitimate version on Windows 7 Pro installed and has been working fine until 3 weeks ago .

 

I would love to ignore the problem but to be able to work I need internet access but as soon as I go online the problem starts , Even to reply to your message I have to turn the wifi off write my reply and turn it back on to send my reply . I think all I can do is keep searching the internet for a cure and keep deleting the entries every 10 minutes .    

Edited December 25, 2016 by sub101uk

[KittenKong]

For the nth time, you can ignore those empty keys. They are doing nothing. I am also certain that Bonjour is not putting you at any risk. I think you are just experiencing some driver issues as all the functions you describe (Bluetooth, wifi, touchpad) are often handled by the same chipset in laptops, so a problem with one could easily affect another.

 

If you have a Win7 licence key then I suggest that you simply back up your data, format the hard drive and reinstall everything. If you particularly dont like Bonjour then be careful not to install any Apple products or things like printer drivers which may have Bonjour bundled with them.

 

Personally if I was doing that I would skip to Win10 directly as it is a much better operating system. You can still install it for free if you have a valid Win7 key (and if you are a little devious).

 

Edited December 26, 2016 by KittenKong

[sub101uk]

Sorry for the delay to reply to you but been having hand to hand combat with my registry , Not to sure where abouts you are in Thailand but I can assure you my problem is real and I cant just put my head in the sand and say " Its Nomal " This is far from normal .Since I am not getting any were with my limited IT skills I contacted some guys from the local university and they did a remote access job and also confirmed my feelings . Sorry but all of what you have said I have all ready checked from installing a full set of drivers . 

 

Apple Bonjour was is just a program that lets you connect without having a IP address but as in my case someone is using it to install malware on my computer " if my computer is not online then the lap top is fine " as soon as you go online the attacks starts . So by removing Apple Bonjour I will remove the connection .

 

I have no intention of installing O/S 10 and there are many thousands of people out there who feel the same in the same way many people use XP , Windows 7 is still being supported so why should we change any way this is not a debate on  operating system . This computer is used 100 % for work there is no down loads so I have no idea where Apple Bonjour unless its installed on Skype but I already thought of that so I removed it .

 

Anyway the first thing that the guys from the university did was remove Avast which found nothing and install  ESET Security they found many items but nothing to do with my current problem . If the guys at the University dont have any luck I will do a total reinstall as Dell did install a copy of 7 Pro on Drive E and there is no no raid on this computer so it should a a straight forward remove old C drive and install new 1TB .