Jump to content

Need some help

Nipplemilk909
By Nipplemilk909
in Troubleshooting
 Share
Posted

Can someone help me understand what's going on, on this screen

Taken from my dell inspiron 15 win10 

1484546745666-970158361.jpg

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
18 hours ago, Nipplemilk909 said:

Can someone help me understand what's going on, on this screen

Taken from my dell inspiron 15 win10 

1484546745666-970158361.jpg

That's the GRUG4DOS boot loader. Found  here:  http://grub4dos.org/

 

If you just bought you're laptop, allot of 3rd  party sellers will ship their computers with something like FreeDOS to test out the system.

 

Did you just get this system? If you've been running it for a while, you should know what it is, especially if you had a *nix distribution installed.

 

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
6 minutes ago, ionbasa said:

That's the GRUG4DOS boot loader. Found  here:  http://grub4dos.org/

 

If you just bought you're laptop, allot of 3rd  party sellers will ship their computers with something like FreeDOS to test out the system.

 

Did you just get this system? If you've been running it for a while, you should know what it is, especially if you had a *nix distribution installed.

 

Just bought this system two days ago, after setting up the pre built win10 through custom settings (like telling stuff not to listen or send data without my permission) started running auto runs and process expl and found a lot of processes in question. Also I found I had a drop box 20 GB program installed and I couldn't take it out not even as administrator accnt

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

I wish I had taken a pic but I saw some processes that  indicate virtual machine use, not only on this system but others in my housre

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Nipplemilk909 said:

Just bought this system two days ago, after setting up the pre built win10 through custom settings (like telling stuff not to listen or send data without my permission) started running auto runs and process expl and found a lot of processes in question. Also I found I had a drop box 20 GB program installed and I couldn't take it out not even as administrator accnt

Format the drive, with something like Gparted:  http://gparted.org/download.php

Boot it off a CD or Flash drive and secure erase the drive.

 

Next off a second computer, download the Windows 10 ISO from here: https://www.microsoft.com/en-us/software-download/windows10

You'll need a DVD or flash drive.

 

Once you're all setup. Download any necessary drivers and whatnot. This is the safest and most 'vanilla' way of installing Windows. Don't use the OEM crap or recovery partitions on the laptop,

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, Nipplemilk909 said:

I wish I had taken a pic but I saw some processes that  indicate virtual machine use, not only on this system but others in my housre

Take a screenshot off a machine that has it running from task manager. Do you recall having anything like Hyper-V, VMware Workstation, or VirtualBox installed?

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 minutes ago, ionbasa said:

Format the drive, with something like Gparted:  http://gparted.org/download.php

Boot it off a CD or Flash drive and secure erase the drive.

 

Next off a second computer, download the Windows 10 ISO from here: https://www.microsoft.com/en-us/software-download/windows10

You'll need a DVD or flash drive.

 

Once you're all setup. Download any necessary drivers and whatnot. This is the safest and most 'vanilla' way of installing Windows. Don't use the OEM crap or recovery partitions on the laptop,

Would dban suffice? Im nuke trigger happy 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Nipplemilk909 said:

Would dban suffice? Im nuke trigger happy 

Yes. A pass or two of zeroing magnetic storage (HDDs) is more than acceptable..

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 minutes ago, ionbasa said:

Take a screenshot off a machine that has it running from task manager. Do you recall having anything like Hyper-V, VMware Workstation, or VirtualBox installed?

So on my Asus machine I I installed  VMware on it but that machine is now not operational atm,  my gfs laptop on the other hand a Toshiba satellite had hyper v processes present 

I'll post some pics of the task manager and process expl

14846133146111861485709.jpg

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Nipplemilk909 said:

So on my Asus machine I I installed  VMware on it but that machine is now not operational atm,  my gfs laptop on the other hand a Toshiba satellite had hyper v processes present 

I'll post some pics of the task manager and process expl

14846133146111861485709.jpg

You can take screenshots with the snipping tool: https://support.microsoft.com/en-us/help/13776/windows-use-snipping-tool-to-capture-screenshots

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

this is comming from a machine that had a low level user that doesnt know anything about virtual machines. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
31 minutes ago, Nipplemilk909 said:

also another thing to add, i had not too long ago restored the os, so not that ,manny things should be downloaded 

 

There's  nothing strange or abnormal in those screenshots. If  you look at the Hyper-V processes, they are stopped, meaning, its not running on the system. Windows 10 ships with Hyper-V built in, but it has to be manually enabled by the user. So far it looks like it hasn't been enabled.

 

What do you believe is suspicious? Is there any specific process?

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 minutes ago, ionbasa said:

There's  nothing strange or abnormal in those screenshots. If  you look at the Hyper-V processes, they are stopped, meaning, its not running on the system. Windows 10 ships with Hyper-V built in, but it has to be manually enabled by the user. So far it looks like it hasn't been enabled.

 

What do you believe is suspicious? Is there any specific process?

suspicious of the hyper v, the fact that users is (27), com + event 

in the smaller picture, 

multiple scvhost, explorer .exe,

 

top picture, key iso, SNMP trap,vds virtual disk 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
21 minutes ago, ionbasa said:

There's  nothing strange or abnormal in those screenshots. If  you look at the Hyper-V processes, they are stopped, meaning, its not running on the system. Windows 10 ships with Hyper-V built in, but it has to be manually enabled by the user. So far it looks like it hasn't been enabled.

 

What do you believe is suspicious? Is there any specific process?

from process explor 

dlllhost.exe COM surrogate,

multiple scv host, 

locator.exe: rpc locator 

and then the three .exe filles i singled out that are found under explor.exe

 

 

pcs.PNG

porcc.PNG

dsfdsf.PNG

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, Nipplemilk909 said:

suspicious of the hyper v, the fact that users is (27), com + event 

in the smaller picture, 

multiple scvhost, explorer .exe,

 

top picture, key iso, SNMP trap,vds virtual disk 

Users (27) is the current number of processes bring run by that specific user. So, in this case 27.

 

As for multiple Scvhosts:

Windows 10 now runs processes in its own independent scvhost task to improve multicore workloads and  help isolate processes from one another.

See: http://news.thewindowsclub.com/service-windows-10-svchost-exe-86946/

 

Explorer.exe runs the desktop and the file explorer.

KeyIso is part of Windows, since Windows Vista. Its used storing cryptographic information. Such as a wireless password, a smart card credential, or even just the login password for your account. Again, its part of Windows.

 

VDS is part of Windows. You can mount virtual disks/drives since Windows 7. Its stopped on your machine since you don't have any mounted.

 

SNMP is used for talking to printers and other networked devices. Its part of Windows. It allows the discovery of other networked devices.

 

COM+ is a  programming API built into Windows: https://technet.microsoft.com/en-us/library/cc774135(v=ws.10).aspx

 

4 minutes ago, Nipplemilk909 said:

from process explor 

dlllhost.exe COM surrogate,

multiple scv host, 

locator.exe: rpc locator 

and then the three .exe filles i singled out that are found under explor.exe

 

 

pcs.PNG

porcc.PNG

dsfdsf.PNG

 

1 hour ago, Nipplemilk909 said:

this is comming from a machine that had a low level user that doesnt know anything about virtual machines. 

You should probably re-evaluate that statement if you cant ID a touchpad driver, Windows Explorer, the Intel iGPU Driver.

 

Just saying, this system looks squeaky clean. I'm not going explain every single process to you, Google exists. All of this is basic services that either are a part of Windows Kernel, or are from drivers running on the system.

 

 

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
29 minutes ago, ionbasa said:

There's  nothing strange or abnormal in those screenshots. If  you look at the Hyper-V processes, they are stopped, meaning, its not running on the system. Windows 10 ships with Hyper-V built in, but it has to be manually enabled by the user. So far it looks like it hasn't been enabled.

 

What do you believe is suspicious? Is there any specific process?

also i just opened load order from sysinternals, not sure how boot order should look like but heres a snap of how its showing up, something that cought my eye was the boot order:, alot of tags had n/a*, and  the boot order which includes "beep"  in the third pic and one that read "PnP Filter*"

 

boot.PNG

botasdfds.PNG

botsdaf.PNG

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
21 minutes ago, ionbasa said:

Users (27) is the current number of processes bring run by that specific user. So, in this case 27.

 

As for multiple Scvhosts:

Windows 10 now runs processes in its own independent scvhost task to improve multicore workloads and  help isolate processes from one another.

See: http://news.thewindowsclub.com/service-windows-10-svchost-exe-86946/

 

Explorer.exe runs the desktop and the file explorer.

KeyIso is part of Windows, since Windows Vista. Its used storing cryptographic information. Such as a wireless password, a smart card credential, or even just the login password for your account. Again, its part of Windows.

 

VDS is part of Windows. You can mount virtual disks/drives since Windows 7. Its stopped on your machine since you don't have any mounted.

 

SNMP is used for talking to printers and other networked devices. Its part of Windows. It allows the discovery of other networked devices.

 

COM+ is a  programming API built into Windows: https://technet.microsoft.com/en-us/library/cc774135(v=ws.10).aspx

 

 

You should probably re-evaluate that statement if you cant ID a touchpad driver, Windows Explorer, the Intel iGPU Driver.

 

Just saying, this system looks squeaky clean. I'm not going explain every single process to you, Google exists. All of this is basic services that either are a part of Windows Kernel, or are from drivers running on the system.

 

 

welp, i just feel like somethings out there., nothing like a class in cyber sec to get you paranoid,

 

one thing tho, why couldnt i delete the 20gb dropbox program on the new dell system, even when i was in admin user account activated by the cmd line? 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×