A
AlainEos
Guest
My story.
Soon after the Anniversary Update of Windows 10, I began to suspect intrusion on my system. I noticed extreme interruptions and odd jumps of my cursor while I was on Wordpress, editing my blog. Then the system began freezing, forcing hard shutdowns. Next I began to receive constant demands by a pop-up box, for my administrator password. I couldn't close this box. It kept popping up. More freezes. More hard shut downs.
Of course I scanned with Webroot. Webroot detected 7 files, all Currentcontrolset files, part of Windows 10, all identified as threats. At first one scan solved the problem, and I attempted to continue working with other websites. But then it began to require 3 scans to stop the interruptions, freezes and demands for an administrator password. This happened over several days.
Finally I became convinced that there was a rootkit that my Webroot security could detect and block, but couldn't eliminate. I made an appointment for an online session with Microsoft. That took several hours, and the tech said everything was fine. Then I went to Webroot, to ask them to uninstall Webroot and reinstall it with all updates and eliminate extraneous files. They did this. That was another online session lasting several hours.
After all that, I ran a Webroot scan. Guess what? Same seven Windows 10 files identified as a rootkit threat. And they show up in scan after scan after scan. So I did a full system scan with Windows Defender. That took 6 hours, and turned up two threats:
exploit java: Anogre.E
exploit java: Obfuscator.w
I don't know if these are the javascripts used by hackers on Wordpress or not. But Windows defender found them and removed them. Then I ran another Webroot scan. Yep. Same seven Windows 10 files identified as a threats came up again.
That was this morning at 9am. When I turned on my computer, I got the same seven files identified as a rootkit threat. All Currentcontrolset files. So I tried to run another Windows Defender scan. Imagine my surprise when I discovered that Windows Defender can't be turned on now, because it doesn't exist!
So I came to this forum. I looked up this helpful message:
"Please follow the below steps and check:
Step 1: Enable Windows defender from control panel
1. Press Windows + X, Click on control panel.
2. On right top corner click on View and then choose large items.
3. Now from the list click on Windows Defender and try to enable it.
If not try to enable it from services.
Step 2: Enable Windows defender from services.msc.
1. Press Windows + R, to open run prompt.
2. Type services.msc and press enter to open services list.
3. Under services look from Windows defender service and start the service.
If you face any issue while troubleshooting, please provide the outcome, so that we can work on your issue.
Hope the information helps, if you have any further queries, feel free to post. We are here to assist you.
Rehards,
Guru Kiran"
So I did all of that. Windows Defender, the system tells me, is uninstalled. Now, how did that happen? I used it yesterday to find two javascript beasties! Now it doesn't exist.
I am going back to my original assessment: Windows 10 has a vulnerability to hacking that is similar to a rootkit strategy that was used against Windows 7 last year, just before Windows 10 was rolled out. After the rollout, this particular rootkit attack began to die out. Apparently Windows 10 fixed that vulnerability. Apparently, during the Anniversary Update, the vulnerability has returned.
Microsoft has ignored this problem, pretending it doesn't exist.
Does anyone know what I'm talking about? If there is a vulnerability in the operating system that can be exploited with a javascript, that is a more serious problem than a mere rootkit attack. It means the security problem is hardwired into the operating system. I hope someone sees this who understands the importance of this threat.
This could potentially cripple infrastructure. Can someone reply?
79 threats detected and removed since my online sessions with Microsoft and webroot. Apparently I didn't have techs who acknowledge the problem
Sincerely,
Alain Eos
Continue reading...
Soon after the Anniversary Update of Windows 10, I began to suspect intrusion on my system. I noticed extreme interruptions and odd jumps of my cursor while I was on Wordpress, editing my blog. Then the system began freezing, forcing hard shutdowns. Next I began to receive constant demands by a pop-up box, for my administrator password. I couldn't close this box. It kept popping up. More freezes. More hard shut downs.
Of course I scanned with Webroot. Webroot detected 7 files, all Currentcontrolset files, part of Windows 10, all identified as threats. At first one scan solved the problem, and I attempted to continue working with other websites. But then it began to require 3 scans to stop the interruptions, freezes and demands for an administrator password. This happened over several days.
Finally I became convinced that there was a rootkit that my Webroot security could detect and block, but couldn't eliminate. I made an appointment for an online session with Microsoft. That took several hours, and the tech said everything was fine. Then I went to Webroot, to ask them to uninstall Webroot and reinstall it with all updates and eliminate extraneous files. They did this. That was another online session lasting several hours.
After all that, I ran a Webroot scan. Guess what? Same seven Windows 10 files identified as a rootkit threat. And they show up in scan after scan after scan. So I did a full system scan with Windows Defender. That took 6 hours, and turned up two threats:
exploit java: Anogre.E
exploit java: Obfuscator.w
I don't know if these are the javascripts used by hackers on Wordpress or not. But Windows defender found them and removed them. Then I ran another Webroot scan. Yep. Same seven Windows 10 files identified as a threats came up again.
That was this morning at 9am. When I turned on my computer, I got the same seven files identified as a rootkit threat. All Currentcontrolset files. So I tried to run another Windows Defender scan. Imagine my surprise when I discovered that Windows Defender can't be turned on now, because it doesn't exist!
So I came to this forum. I looked up this helpful message:
"Please follow the below steps and check:
Step 1: Enable Windows defender from control panel
1. Press Windows + X, Click on control panel.
2. On right top corner click on View and then choose large items.
3. Now from the list click on Windows Defender and try to enable it.
If not try to enable it from services.
Step 2: Enable Windows defender from services.msc.
1. Press Windows + R, to open run prompt.
2. Type services.msc and press enter to open services list.
3. Under services look from Windows defender service and start the service.
If you face any issue while troubleshooting, please provide the outcome, so that we can work on your issue.
Hope the information helps, if you have any further queries, feel free to post. We are here to assist you.
Rehards,
Guru Kiran"
So I did all of that. Windows Defender, the system tells me, is uninstalled. Now, how did that happen? I used it yesterday to find two javascript beasties! Now it doesn't exist.
I am going back to my original assessment: Windows 10 has a vulnerability to hacking that is similar to a rootkit strategy that was used against Windows 7 last year, just before Windows 10 was rolled out. After the rollout, this particular rootkit attack began to die out. Apparently Windows 10 fixed that vulnerability. Apparently, during the Anniversary Update, the vulnerability has returned.
Microsoft has ignored this problem, pretending it doesn't exist.
Does anyone know what I'm talking about? If there is a vulnerability in the operating system that can be exploited with a javascript, that is a more serious problem than a mere rootkit attack. It means the security problem is hardwired into the operating system. I hope someone sees this who understands the importance of this threat.
This could potentially cripple infrastructure. Can someone reply?
79 threats detected and removed since my online sessions with Microsoft and webroot. Apparently I didn't have techs who acknowledge the problem
Sincerely,
Alain Eos
Continue reading...
