n-State or n-Style TABULASSION
PROLOGUE-
To start with...
Having primitive and perhaps ( not so ) obsolete understanding of certain sciences/ technologies ... for having studied,
more than two decades back, : -
i) ( ELECTROMAGNETIC ) WAVEGUIDES, coupled with...
ii) ( ELECTROMAGNETIC ) PROPAGATION & ( TELECOMMUNICATIONS ) SYSTEM PLANNING.
iii) ANTENNAS ( as in a TELECOMMUNICATIONS &/ or WIRELESS systems )
Therefore, some intuitive understanding/ inference can always be recalled/ made out of the underlying subject matter/ area.
This so... even after decades !!
Now... intuitive recall and inference may/ may not be all true, at times.
Now...
Scientists/ Researchers have been studying/ investigating sun-spots/ solar flares/ solar cycle.
Their repeat cycles every 11.5 - 12 years.
And, their impact on : -
a) Disruption in communication systems/ equipments ( esp. Satellite communications ),
b) As a causative source of disturbing earth's tectonic plates. Thereby causative of earthquakes - small, mild, medium or big.
As also - tsunamis.
c) Ionization - ionization of all the atmospheric ( concentric ) layers. Particularly, the ionisation of IONosphere.
Ionization of the ( primarily ) IONOSPHERE has several and diverse effects.
Quite importantly this is tied to the IONOSPHERE's height ( layer ) flattening out or thickening at different locales
around the globe.
This is also tied to a localized area of the Ionosphere acting out as either a convex or concave lens to sun's rays.
As also, to all the other diffracted waves/ rays striking at any of the lower/ upper - layer/ point/ portion/ area
of the ionosphere.
( There is also the possibility of specific area(s) of the ionosphere acting as a very complex lens. Having rather yet to be
defined attributes OR perhaps a rather well defined behavior. )
d) Varied/ variable radiation emission experienced at different layers of earth's atmosphere and on the surface.
As also at different depths of the earth's surface - during diverse states/ stages of solar cycle.
The frequency/ strength( power per sq. meter ) of the radiation hitting the different layers of the earth's (sub)surface and
atmosphere.
e) Atmospheric pressure at any point on earth's surface can be altered. Very low pressure or high pressure areas can be effected.
At specific altitudes. Owing to the diversification of these emissions.
Those who have expertise in "Earth Sciences" must have elaborate understanding, exposure & experience with different stages/
states of the solar cycle on earth as a whole.
Now, this info. anyone can get from www ( wild wild web ).
Now, it is alleged by many that HAARP AND/ OR similar programs utilizing technologies as similar to HAARP have the ability to
play with the ionosphere. In a very complex and comprehensive manner.
Thereby, potentially effecting changes in the climate across the globe. Effecting Climate / Weather cycle changes.
Now...
HAARP/ HAARP-like technologies need not be earth based. They can be mobile, sea-based, space-based or the transmitting mega
antennas can remain submerged under water/ in the sea and may come out periodically/ for few hours in the open on need basis, etc.
NOW, COMING TO THE POINT ...
Nearly two years back... ( between 15th and 20th June, 2013 ) I had observed the clouds at very high altitudes flitting past overhead. Per my observation, the clouds scurried way tooo... faaasst !!!
This I have observed days after day. Instead of more of low clouds which generally rain.
The clouds were at a greater altitude. And, they had a tendency of flitting across vast stretches of land mass.
These clouds hardly rained the way they normally should.
Now...
This coincided with the extreme downpour at KedarNath. Which carried on for several days. Possibly and ostensibly the low pressure
area over the Uttarakhand areas sucked in all the clouds from very far off locales. Especially from the Bay of Bengal area.
And, once the clouds gathered at KedarNath, etc. areas they precipitated and there was a marked deluge all around Uttarakhand. !
We had a national tragedy.
So, when I did express my "piece of thought" on a "chanced on" blog, I hardly did expect $HIT to follow me thence. Ever after.
Since then... and still now.
Only the form, format and scale has changed. But, $hit is $hit or BS, after all.
Have been left sans Grace. And the remnants of peace has LEFT me, since then.
... ... ...
Now... a few examples, in order : -
1) Amongst photocopying/ photostat machines Xerox is the leader. So, when someone states " Xerox" this or that.
It is pretty well understood by all and sundry the implied notion.
2) Amongst internet search engines, Google remains the leader. Do we all not state "google" this or that...
Btw, we hardly ever use- yahoo or bing this word/ keyword/ phrase/ sentence !
3) Amongst Operating Systems, Microsoft's Windows remains the market leader. So, whenever someone talks of a GUI
based OS - the base is always Windows design layout and features. Till the recent past.
Windows means the ubiquitous PC.
As such...
So, when I did state that "HAARP-like" technologies in my message to the Captain's blog almost two years back -
I did NOT mean to imply HAARP exactly.
Rather, it had the essential implications that underlined similar technologies/ programs.
Having same/ similar breadth, capacities, scope and scale.
Regarding such high tech programs - only minuscule info lies, anyway, on the www.
So, if someone or a set of people mis-read/ mis-interpret it. NOT good. It is on them to infer WELL.
Infer the implied connotation, correctly. Rather than take umbrage and/or to read too much !!
It had NO direct or indirect implication to HAARP. Rather to similar technologies/ program.
---> Just making a point here. A plain note. To start with !!
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Start of...
n-State / n-Style TABULASSION
NOTE - When some very smart people, like ze Captain speaks of TABULASSION...
They (w,c)ould have been exposed to/ watched blatant and flagrant "N"EPOTISM ( "bhai-bhatijaaa-waad" ).
Little do these set of people ( like, ze Captain ) appreciate the power inherent in the actual/ real TABULASSION.
So, let me put forth herewith a livewire ( this is certainly going to raise some heckles ) example of TABULASSION...
at the nano scale. Note... nano... scale.
So... take it as nano State/ Style, as well. Comprendo !! ze Captain !!
Here - n-State / n-Style; n => NANO ( = 1 X (10x-9) )
<<<<<<<<<<<
STATING -
_________
TABULASSION Serialization Format : -
N.SerailizationNumberCount__Date.DayMonthYear_Day/Date/Month/Year
Date/ Year Format could be -> DD.MM.YYYY OR MM.YYYY OR YYYY
>>>>>>>>>>>>
START of TABULASSION...
=======================
N.001__Date.DayMonthYear_JUNE.2013
__________________________________
NOTE THIS :-
>>> End of June, 2013. As a routine item, I changed my PC's login password.
ThereAfter, I change my PC's password again during the last week of NOV, 2013. <<<
Now, note what transpires, meanwhile : -
[
I do believe that 99.99999 % of the people, were they to chance on these issues/ instances might
take this as normal occurrence miss out the real serious nature of the underlying threat
perception/ actualization. And, what it possibly might entail, going forward.
Well... NOT ME.
]
Between these months of ( end of ) JUNE, 2013 TO ( end of ) NOV, 2013 came across
three sets of pretty serious security breaches on my Computer. Let me TABULATE
the same, belows.
A) Have been using a pretty good Total Security ( TS ) Solution instead of an
anti-virus program. Same vendor, since the past several years. Never had any
issues, as far as I recall.
For, this TS program had features that worked pretty well. It's actually GOOD !
Now, this vendor's Total Security program is supposed to be a notch above internet secuity ( IS ).
And, internet secuity ( IS ) is certainly many notches over the plain and simple
antivirus ( AV ) program offered by the same company.
So... had reasons to believe that I had the best possible product protecting my
computer. And, therefore me. As, a rule I keep my system always well patched.
An inherent rule for accessing the internet anytime of the day, as part of startup & logon
has always been - check for any Software updates, OS patches, AV signature files update,
browser version update, misc. softwares update, etc.
Apply any/all updates. Then only start using the PC for accessing the internet.
This, I have been doing, since past several years.
Now, as part of keeping my system sanitized. Been regularly running the Total Security ( TS )
program for : -
1) regular anti-virus SCANNING - checking for viruses, worms, etc.,
2) regular rootkits check/ scanning.
3) regular Antimalware scan,
4) once in a while - Physical Memory scanning.
But, most importantly -
5) Periodic ( generally, weekly ) bootup scan. i.e. boot-time scan. Most thorough.
Implies, that once the boot-time scan is initiated; the system
reboots. Then, even before the Operating System ( OS ) or even its' kernel is
loaded the TS Security program loads and initiates a boot time security check
and analysis of the entire system.
Starting with & including the Master Boot Records ( MBR ), as well.
Item #5 is vitally important. More vital than all others, though other security checks
are nearly of same importance and necessity.
NOW... for WEEKS at end and for few MONTHS, noted that the BOOT-TIME SCAN is FAILING to complete.
OBSERVED the following, in this context : -
A) Two scenarios : -
a) While in the boot-time scan mode, the system would be ( sort of ) hung up.
The actual progress of the scan is stuck up at some point. There is NO further scan progress.
Even after considerable wait time ( say, one hour or more ) the boot time scan does NOT
successfully complete. That would have been followed by the OS booting or coming up normally.
Many a times, observed that the system enters a hybrid mode ( between sleep and up-and-active
mode. But mostly asleep, but only for the LEDs ) wherein the LEDs on the system ( PC ) keep
on blinking repetitively.
The ONLY way to get out of it was to forcefully power OFF the system. Then, restart the system
sans the boot-time scan.
In effect, the boot-time scan had encountered a failure. Perhaps, owing to a deadlock situation ?
or, perhaps an insurmountable problem the TS program's boot-time scanning application could NOT
successfully overcome ?
NOW... ALSO NOTED THIS, REPEATEDLY...
As a corrective measure I had to uninstall and then reinstall the vendor's TS Security program.
Then after the requisite strict configurations and virus definitions patch up - the boot time scan
worked fine. But then, AFTER FEW DAYS or AFTER some time - it'll again revert back to its' earlier
described status. i.e. it used to go BAD. In effect - something fishy happened to it.
Above - I tried out a couple of times.
b) The boot-time scan aborts mid-way. Without completing successfully.
Without running the full stretch... so as to say.
But then, it goes on to declare that the scan completed successfully !!
But that's NOT true. This clearly implied that the boot-scan encountered a 'perhaps' pseudo-'legit'
entity that perhaps instructed it to dis-continue with further scan processing ( one of the reasons ).
Though, there could be several plausible reasons. Only a thorough forensics analysis could tell.
Too FISHY !!
B) Coupled with the problem encountered in A)... discovered the following issue as well...
Not sure whether this was a concurrent occurrence, right from starting of item A).
Though, I DO believe this to be a concurrent issue.
For weeks and months ... NOTED that one ( PROBABLY ) spurious program is running in the
background.
This program would run for sometime. Then abort. Then run again some other time.
Could NOT determine what actually triggered it ON !
Could NOT mark out the policy which determined its' very existence; and, what triggered ON
this program ON and OFF.
For months, observed this program in the "TASK MANAGER" of the Windows Operating System.
Now, this program had a pretty long name. Perhaps 30 to 50 characters long name.
And, was sometimes of around 6 MB size.
Other times, it could be roughly 9 MB size. ( Just recalling. Not sure whether this sizes
are exact. Maybe the size was in 5-9 MB range value. Need to verify this quantification. ).
Example : -
-----------
File Name : ~qhmx_00..._....exe
Size : 5328 KB
Install Shield Software Corporation
File Version : 2.1.5.0
Date created : 11/28/2013 04:19 PM
Size : 5.20 MB
File Description : Package For The Web Stub
Now...
The TS Security program marked it as "clean". Even another anti-virus program saw NO problem
with it, on scanning.
BUT, for no fairly apparent reasons - NOT me !!
For... having been exposed to problem situation as in A), I had been extremely suspicious of this
application going ON/ OFF. Which supposedly had NO origin. And, was perhaps downloaded off the internet.
Downloaded and run by whom ? Which program got it ? And, why ? Were questions that were NOT answered.
Was it a malware ? A keylogger program ? A remote desktop viewer, such as VNC, etc. ?
Were questions tormenting me almost every day. Without exception.
I had apprehensions. My sixth sense foreboded something going wrong... or already gone wrong.
Something was OR could be in the offing. Hit me in the face in the future ... ?
Someone or a set of people were up to something... ? But what ... ?
I HAD TO find out. For, I had a sense of EXTREME unease with these frequent occurrences.
Became DISTRAUGHT, DISORIENTED. Constant irritation paved way for unbridled resentment at the ( supposed )
perpetrator. This is around Q3/ Q4 , 2013 !!
I HAD to find out what's going ON ? By WHOM ? And, WHY ? Why target my computer ?
And, since HOW long ? Was it a long time affair and only recently observed. Or, was this one a recent
malady.
Now...
I interpret, infer and suspect malady; but my sentinel ( the TS Security program ) says ALL OK !!
- "ALL IS WELL" .
I tried everything to get rid of this program. Deleting it &/or securely deleting it, etc.
But, then it often always came back. Perhaps, downloaded off the internet.
Big headache with A) and B)... I prepare for the worst... viz. a compromised System ( i.e. PC ).
And, results accruing out off it... could be mind-boggling and mind-numbing.
For... quite a few cyber security breaches that implied a hacked system could have taken place.
The malicious party's - intent, motive, motivation remained unknown and way too in the dark.
So, I had to... wait... further...
Find OUT - WHO ? And, be prepared for potentially nasty surprises.
C) Sometimes between these months of ( end of ) JUNE, 2013 TO ( end of ) NOV, 2013...
Not sure, which month it was or which day of the week of what month... ?
I observed one unusual keyword which was part of my PC's login password to be popping OFF
another web-site/ blog I frequented. This keyword, all standalone, stared me in the FACE.
Shocked me. Then dulled my wit/ wisdom. The implications thereof were understood well by me.
Someone OR a set of people were mocking at me, in my face. I could only holler "YIKES".
This could NOT be a mere coincidence. Coincidences DO, for sure, happen.
But, NOT this one. I would intuitively know of coincidences or lack thereof.
But, in this case I had been expecting something... to show up and hit me.
Something had to be in the offing. Something... that would explain A) and/ or B) .
C) served as a plausible evidence for risk &/or threat surmisations/ expectations as in B) .
I had NIL doubt remaining that a remote hack has been on effect on my computer.
Someone is having a keylogger, a VNC, etc. on-board my PC and could be surveilling my PC in real-time.
This was one possibility that was NOT TO BE RULED OUT !!
THIS ALSO MEANT THAT THE HACKER/ PHISER HAD ACCESS TO MY LOGIN-ID AS WELL AS PASSWORDS TO ALL MY E-MAIL,
MESSENGER, BLOGGER, ETC. ACCOUNTS.
POSSIBLY THESE GUY(S) HAS/ HAVE BEEN EVEN WATCHING ME LIVE, IN REAL-TIME.
NOW DO YOU UNDERSTAND WHAT HACKING MEANS or IMPLIES ??
AND, THE ENDLESS POSSIBILITIES OF EXTREME MISCHIEF, HARM, ETC. THAT I HAD BEEN EXPOSED TO - WAS AND IS
DEEMED TO BE REAL.
SINCE HOW LONG ?? VERY HARD TO TELL. COULD HAVE BEEN SINCE MONTHS.
BUT ONE THING WAS CRYSTAL CLEAR - THAT SOMEONE HAD ALL MY LOGIN IDS and PASSWORDS WAS A POSSIBILITY I
COULD NEVER RULE OUT !! MUST NOT RULE OUT !!
NOW, HOW TO INFER WHETHER IT WAS THE WEB-SITE/ BLOG THAT PROJECTED THAT SPECIFIC KEYWORD INFO. OR WAS
THERE A DECOY SERVER IN BETWEEN THAT INJECTED THAT INFO. WHEN I MOVED ON TO THAT SPECIFIC WEB-PAGE ?
"YIKES" !!
Grace had left for good now. Peace became all elusive now. I had NIL peace of mind, thence on.
But, still I could NOT say with certainty whether the info. I saw was coming from the web page
I did visit. Or, was that info. maliciously injected by a Decoy HTTP server, en-route.
But, one thing was for sure - someone probably had access to my computer's login password.
Maybe, a keylogger, a remote desktop viewer, etc. was planted and used to extract this info.
This very well ALSO MEANT that a lots of OR almost ALL of my internet accounts id and password
were basically logged and this info. NOW resided with someone else.
Also, quite a few of my private docs, files on the PC (c,w)ould have been uploaded !!
But why ? Since how long ? How does this help them ? <-- Had to be found out.
So MANY MANY red flags !!
A DIRECT WAGER : Ye... Be a man. Be half a man. Own it. Lest I point fingers.
While my nerves were frayed I have pointed fingers at the shell, earlier.
Now, it is the kernel that MUST own up. Be half a man. Will you ?
<<<<<<<<<
TO NOTE -
The following possibility also crossed my mind...
When anyone does visit a web-site/ web-page/ blog then there is always the possibility that some
malicious individual/ group, etc. can play lots of mischief and do real harm in case they can access
or control one's computer. Like...
1) The desired web pages can be delivered to one's browser via a DECOY ( spurious ) HTTP server.
And, the contents of the desired web page can be added to or reduced as per any malicious intent.
So what one gets to see and experience could be ALL OR PARTLY spurious web content !
The computer's signature and/ or MAC address can be logged and previously deciphered. And this info.
CAN be used to send a customized web content by the ( also, possibly decoy HTTP server ) or the
web-site or web-page owner. Web content that's NOT all homogeneous across ALL the visitors of the
web site / portal. Possibly customized to suit specific purposes.
This holds true for MOSTLY the insecure ( plain-text ) HTTP connections traversing the internet.
The HTTPS ( secure ) connections are generally supposed to offer better security.
Maybe/ maybe NOT.
DNS spoofing, Man In the Middle ( MITM ) type attack, etc. can effect lots of these hacks.
NOW...
It is noteworthy that recently the US Govt. has determined that they will provide all the
US Govt. web sites with HTTPS-only connections. Wise decision ? Really ? Maybe.
Hope they include the MD5 hash digest of the web-page &/or content as well, as an additional
security feature. Noting that a gaping hole in the SSL security was observed last year.
Out in the open since years.
Who knows there could be yet other ones, as well. Right there in someone's cyber arsenal.
This hopefully pares down the risk in all its format.
>>>>>>>>>>>
THAT TIME AROUND...
I HAD MADE A RESOLUTION/ DETERMINATION. I DID HAD/ HAVE INTENT, MOTIVE AND MOTIVATION.
THAT... I MUST SOMEHOW UNCOVER THIS MASTER HACKSTER/ HACKER/ TRICKSTER.
AND TRY TO FATHOM OUT THE DAMAGE THIS GUY HAS BEEN DOING. WHAT HE HAS DONE/ NOT DONE - ONLY THIS
GUY AND THOSE AFFILIATED TO HIM WILL KNOW. I MAY NOT EVER KNOW - WHAT ALL, EVER, WAS EVER DONE IN
MY NAME; IN LIEU OF ANY/ ALL OF MY LOGIN-IDs AND ACCOUNTS !!
I MUST DO. OTHERWISE NOT SURE - WHAT HITS ME IN THE FACE ?
IF I WERE TO GO COMPLACENT ON THIS MATTER FOR SAY MONTHS OR YEARS...
FOR THE ISP ( INTERNET SERVICE PROVIDERS ) AND THE GOVERNMENTS DO KEEP LOG OF ALL THE INTERNET ACTIVITIES.
WHEN ANYONE TYPES "ZE" ON THE INTERNET. THE CENTRAL GOVT. IMMEDIATELY KNOWS WHO'S IT. YOUR CREDENTIALS.
THEY JUST HAVE TO KEY IN THE LOGIN ID via THE CMS OF NTRO AND THEY HAVE ALL THE INFO.
WITHIN - 5 to 20 SECONDS FLAT !!
COMPRENDO !!
POINT TO MAKE : -
===============
FOR ANY RISK MITIGATION; WHEREIN THE PALPABLE THREAT IS ANYWAYS BOUND TO MATERIALIZE. IT MAKES SENSE
FOR THE THREAT TO MANIFEST ITSELF. TO BASICALLY ACTUALIZE. SOONER THAN LATER.
THERE MUST BE THREAT ACTUALIZATION. AND, THERE MUST BE A WAY TO BE READY WHEN IT ACTUALIZES, RATHER
THAN BE TAKEN OFF GUARD.
POINT IS, PLAIN AND SIMPLE. SOMETIMES RISK MITIGATION REQUIRES THEREAT ACTUALIZATION. A MUST.
THIS IS MORE OF RELEVANCE WHEN THIS AFFECTS THE MASSES.
ESPECIALLY SO- WHEN PALPABLY VAMPIRES, DEMONS, DEVILS, MONSTERS, ZOMBIES ARE INVOLVED.
HAVING BLACK MATTER IN THE HEAD AND HAVING SINISTER MACHINATIONS AND EVIL DESIGNS.
A COMPOUNDED-LY NEGROID INTELLIGENCE CAN AT BEST, HOLLER, MAMBA.
MAMBA, REMINDS ME OF AFRICANS. ESPECIALLY PYGMIES. AND, COLLECTIVE INTELLIGENCE OF PYGMIES.
...HOW THEY LOVE THEIR SMOKED MAMBA.
And, go on to look for and search for one ??
Not mE. Especially so in India.
Even though my mental faculties are decimated ten times over, over the past two decades.
Still some gray matter resides with me.
And, now I know how to increase this matter many fold.
Comprendo --- FISHERMAN !! or, is it PHISHERMEN ??
N.002__Date.DayMonthYear_16.OCT.2013
__________________________________
>>>
DETECTED AND REMOVED FROM MY WINDOWS Based PC...
VirTool : Win32/ Obfuscator.XX ( Themida License )
Alert Level : Severe
Status : Active
N.003__Date.DayMonthYear_15.NOV.2013
__________________________________
>>>
YET AGAIN... !!
DETECTED AND REMOVED FROM MY WINDOWS Based PC...
VirTool : Win32/ Obfuscator.XX ( Themida License )
Alert Level : Severe
Status : Active
N.004__Date.DayMonthYear_25.NOV.2013( MONDAY )
______________________________________________
>>>
One of the web browsers on my PC, which should be having the latest UPDATED/ PATCHED
version as - Opera 18.XX;
INSTEAD, has - OPERA 12.16 !! ( This is 25.NOV.2013 !! )
Also, noted the following - "PAK" file type in Opera browser folder. With .pak extension.
Never did I chance on the .pak file type earlier. Not sure what file type is this !!
But, this is NO concern. Concern is - how comes Opera 18.XX downgrades to Opera 12.16 ??
Precautionary Step : Had to get the Operating system and the antivirus re-installed, patched
and updated within a week's time.
AS AN ASIDE : MY ONE WHOLE DAY IS WASTED ON THIS.
N.005__Date.DayMonthYear_DEC.2013
__________________________________
>>>
Logging onto my wife's social media account...
Under "Active Sessions" ... Found the following : -
Login location : New Delhi, India.
ON the Dates : 01-12-2013 AND 04-12-2013
ILLEGAL login - TWICE. Using a mobile phone having WinME as the OS.
Knew then and there only ... VERIFIED... something is cooking big time.
Someone or a set of people are hellbent on cooking something... big time !!
N.006__Date.DayMonthYear_EarlyJanuaryAndFebruary,2014
_____________________________________________________
>>>
There were 3-4 instances of the comp. monitor flickering wildly.
Completely hazy screen. Wild flicker.
Incident spread over a week OR 10 days period. Then, again, in Feb, 2014.
TO NOTE - WOULD NOT BE SURPRISED IF THE MONITOR SOFTWARE DRIVERS HAD BEEN UPGRADED.
UPGRADED TO WHAT ? AND, WHY ? WHY IS THERE A PROBLEM NOT PREVIOUSLY EVER SEEN ?
( AM I READING TOO MUCH ? SUSPECTING TOO MUCH ? )
I apprehend that the display drivers were upgraded. But, somehow do NOT work fine.
Why so ? For... I would NOT expect the display manufacturer to make such mistakes and NOT
rectify it.
N.007__Date.DayMonthYear_15_JAN_2014 ( WednesDay )
__________________________________________________
>>>
There is Windows Software Update on my PC.
Then, after RESTART, got the following POP-UP MESSAGE...
Windows Cannot find -
"D5765674-46E6-54D3-A380-4F46F3-EFAFCC.exe"
"Make sure you typed the name correctly and try again."
The start-up process hung up at this time.
NOTE --> Had to reset the computer, in order to force normal restart.
SO, NOT sure whether the software patch up was really applied successfully !
Also, again, found the following application ( inexplainable ) in the Windows Task Manager -
Akamai Net-Session client -> "netsession_win.exe"
NOT sure what it is meant for ?
N.008__Date.DayMonthYear_15_FEB_2014 ( SaturDay )
_________________________________________________
>>>
Wildly flickering computer monitor display observed, yet again.
A video card issue ? Or, a pseudo-legit device driver gone awry ?
Suspect the latter. Perhaps a recently installed spurious device driver ?
Cannot say !
N.009__Date.DayMonthYear_16_FEB_2014 ( SunDay )
_______________________________________________
>>>
Facing problem in computer starting up...
PC startup problem observed. Monitor/ display paralyzed.
Computer boot-up fails and the display is blank.
The anti-virus software crashes with the following error -> OXCOOOOOOD
Very first time observed.
The next day - noticed wildly flickering computer display/ screen, yet again.
N.010__Date.DayMonthYear_17_FEB_2014 ( MonDay )
_______________________________________________
>>>
Wildly flickering computer monitor/ display observed, yet again.
This could imply that the software or drivers ( if any ) may not be
working properly. Why bad drivers, all of a sudden ?
Whilst, I never had any issues since the past several years !!
N.011__Date.DayMonthYear_14_MARCH_2014
______________________________________
>>>
Got the following error on my PC : -
Error : 0x80070057 : The parameter is incorrect.
All of a sudden got this pop-up.
WHY errors popping up on my PC with so much frequency ? Need log this.
Root cause could be anything. Yet TABULATING.
( MOOT IDEA IS - THIS HELPS IN ANY FUTURE TABULASSION )
N.012__Date.DayMonthYear_23_MARCH_2014
______________________________________
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Around the middle of March, 2014...
I had aired a thought on the missing MH370 around the middle of March, 2014. Perhaps few of the first ones to put forth a theory indicating very high-tech cyber-hijacking as a potential explanation for this. The same I had put forth on this same blog site. ( Later removed by me - when I sensed that this post has unleashed mischief on me. )
NOW...
LET ME PUT FORTH ONE OF THE MAJOR REASONS I FELT COMPELLED TO PROVIDE MY TAKE ON THE MH370.
GOES HERE...
THERE WAS REPETITIVE MEDIA FOCUS ON THE ( PURPORTED ) ROUTE FLIGHT MH370 MIGHT HAVE TAKEN.
Then, it was supposed to have hived off ( in the Indian Ocean ) one of the ways...
"DAAYEN BAAJU", "BAAYEN BAAJU", "GANGAA BAAJU", "JAMUNAA BAAJU", Northern Arc, Southern Arc....
Well... well... well...
Now, any sane person might think and ask... why not straight ... ???
Going ON straight would have meant that it would have entered the Indian airspace. And, our radars should have
picked it up, without fail. But, based on the data on the grounds it was apparent that it never ever came
close to our airspace. So, our establishment proclaimed so.
But then, NOT sure whether the Chinese ( who had majority of the passengers including some pretty valuable
Freescale employees working on the K2 Chip, etc. ) were to really buy the Boeing/ Rolls-Royce version.
They could have thought that POSSIBLY it went straight. And, into the Indian territory. And, we are denying it.
In that case, they could have thought that we are possibly complicit with others in this.
Perhaps in a subservient sort of "we closed our eyes" role. They could think on those lines.
So... there was a fair chance of suspicion arising in their minds, regarding the true knowledge or lack thereof, we had.
And, this certainly would NOT have helped our mutual situation and positions. The historical relations we have.
There was a distinct possibility that seeds of suspicion could be sown. Distrust would have increased way further.
NOT GOOD. NOT DESIRABLE FOR US BOTH NATIONS.
Would NOT have cared much if any distant nation were involved.
So, was forced to do some online research. And, came up with another line of thought... and posted it.
I had NIL ( repeat... NIL ) intention of researching or posting my thoughts. Pretty excessive media coverage and
repetitiveness ( read, rant = propaganda ) somehow elicited that response.
Had NIL intentions to set fire and destroy my personal & professional aspirations, in doing so.
Yet I did exactly the same by giving a "plausible" theory not backed by any data/ info. on the ground.
Not good for me. I knew.
... RECAP ...
Now, if I or someone else gets this idea then what's so great about it. Even any of you would have thought the same thing. Just need to search online for either "Hugo Teso" OR his "PlaneSploit", etc. Now, note that the following URLs state the same thing -
http://www.inquisitr.com/1173907/flight-mh370-hijacked-by-cell-phone-cyber-jack-theory-raised-by-terror-expert/
http://www.dailymail.co.uk/news/article-2582015/Is-missing-Malaysian-plane-world-s-CYBER-HIJACK.html
What I could have avoided mentioning in the post was Boeing and Rolls-Royce real-time data. I plain and simple - questioned it. Based on some palpable media silence on their part.
I now understand that perhaps a set of people did not appreciate what I stated as a plausible theory.
When I did state it, I did not give it much thought that this opining might go on to invite so much problems for me. Problems - How ? Let me explain, how -
Well, I DID sense something amiss with my computer system right from 17th or 18th of March, 2014. And then -
The licensed anti-virus ( TS Security ) which would update almost few times every day failed to update for almost 4 to 5 days - between 19th to 23rd, March. Even, a manual try for update would return "Anti-virus Definition is up-to-date" message.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
1) My anti-virus programme FAILED to update on THREE consecutive days - 20th to 22nd, March.
After the 19th of March, 2014 the update occurred only on the 23rd of March, 2014.
This is no mean anti-virus... it is a notch higher than an internet security.
It's a TOTAL SECURITY software.
2) For the very first time in several years since I started using this TS Security Software.
It is finding files that are deemed security threat and MUST need be quarantined.
What files... ? No idea. These files were uploaded to the TS Security's support server !
Three instances in three days, between the 20th to 23rd of March !!
NOT good news for me.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>
My licensed anti-virus program finds files to be quarantined. And, uploaded for further analysis. Each day, for three straight days, in a row. These files are found on my most preferred browser "Mozilla Firefox". Well, I NEVER did find any quarantines in the last so many years.
Way later, it came up in internet news that many security holes are found in Mozilla Firefox !!
Have I inferred that someone DID wilfully hacked into my comp. system. For airing a post on the missing flight ? Yes, I did so.
Then... with a sense of heightened threat perception relating to the missing MH370 when there was media report of a false flag attack directed against India. I thought more of it. Meanwhile, I curiously had an early morning dream on MH370 on the 24th. At the same time, since the past week, I had been sensing 'issues' with my comp. system that I attributed to my post that had to do with plausible cyber-jacking of a certain flight. And, I was getting more and more fed up each passing day.
Net result was... I poured some of the thoughts on the 25th of March on a certain ( my favorite) blog. It was mostly reactive. Perhaps, more of a knee-jerk. It had a different dimension, altogether.
Now, NOTE what I have to STATE below...
Meanwhile I had discontinued using the Mozilla Firefox Browser.
Then, I started using the Internet Explorer ( IE ) browser ( till that time Mozilla Firefox was well patched up. )
And see what ? Within a few days - I hear that major security flaws are found on the IE browser as well. This was HEARTBLEED flaw. Also, some pretty serious SSL type flaw was discovered.
<<<<<<<<<<<<<<<<<<<<<<<<<<<
ADDED NOTE -
============
Overtly concerned, I raised the above mentioned incident to Capt AV.
Muff Captain, as he is.
He refused to publish my concerns ( in-house messages / comments ) on his blog site on
two occasions( by the 23rd MARCH; 2014 ).
But you see that he is wise enough to publish another message/ link that I had passed
along ONLY for his perusal.
( And, once he read that post; that's it - it's purpose was up and over.
And, I had removed the post thereafter. Within less than 24 hours. )
I have written mostly for the Capt. ( I know the Capt. will read this, as well. )
But then he puts the link on HIS FLASHY BILLBOARD.
A bland postcard coming from a smallish catamaran.
And, has been trying to pull me up with endless mind-games !!
It's like... I pass on to someone a .22 pellet. And, the recipient loving the pellet
puts it in a cannon or howitzer. And... fired it as is his habit/ wont.
Thereafter, ze ... and troupe is making fuss all around to nail me down and pin me.
Make an example - a scapegoat out of me.
"Bahut aawaaz kiya !!" And, "Itna Shor kyon macha hai, bhaiyya !! ??"
And, trying to pin the blame on mE. Why ? Why you gave the .22 pellet, you ... ?
You gave it... so you are ... the scapegoat.
What about...
I pass on a harpoon to the Capt and he uses it against his own tanker. Then he blames mE that I
torpedoed his tanker. Destroyed it. And, everyone is looking for the harpoon-wallah.
AND...
Then... there are troupe of people who have been weaving spider webs to NET me. Nail me.
Now, does a "troupe" ring a bell !! ??
Me dazed now !!
N.013__Date.DayMonthYear_02_APRIL_2014 ( WednesDay )
____________________________________________________
>>>
Some ostensibly suspicious files ( perhaps ) noticed under the home folder of the Opera web browser.
I HAD TO uninstall the browser. Had to re-instal it, yet again.
As a preventive minimalistic security measure.
N.014__Date.DayMonthYear_03_APRIL_2014 ( ThursDay )
___________________________________________________
>>>
One fine day, I notice that the data transmission upload / download is as follows
( when there was nothing to be uploaded as such ) -
Downloaded Data size : 2X MB ( X => data quantum )
Uploaded DATA SIZE : X MB ( approx., say )
==> Downloaded a fresh image of the TS Security. There seems to be some problem.
Perhaps a corrupted copy of the TS Security Software.
PREVENTIVE MEASURE : -
Had to re-install the Operating System, etc. yet again, the very next day.
N.015__Date.DayMonthYear_March_And_April.2014
___________________________________________
>>>
The internet access device's LED as also the device behaved erratically ( never ever seen previously ).
Recently, did some searching online and came up with the following. For your reference -
http://www.computerworld.com/s/article/9247424/Users_face_serious_threat_as_hackers_take_aim_at_routers_embedded_devices?taxonomyId=246
http://www.pcworld.com/article/2095860/cybercriminals-compromise-home-routers-to-attack-online-banking-users.html
N.016__Date.DayMonthYear_10_APRIL.2014
______________________________________
>>>
I see the anti-virus ( AV ) program used by me downloading something like - 15 to 20 MB of data for virus definition updates. ( Never did so in the past. Rarely would do so. Where the data downloaded is at best a few MBs' only. ) This type of data update has become pretty much rampant with this AV program, every few days. Has happened almost a dozen or so times. NO matter even IFF I uninstall the AV program and then re-install and fully update the system/ AV. After re-installation of the Operating System.
This has been going on, since almost a fort-night.
Recently, the same anti-virus program downloads nearly 33/ 34 MB of data as virus definition updations.
N.017__Date.DayMonthYear_11_APRIL.2014
______________________________________
>>>
1) Seeing the same problem with TS Security today. Too much ( 17-18 MB ) of a download as virus definition updations.
At one go.
2) The router link is going down, way TOO often. Not sure why. Could be normal. Or, unusual.
N.018__Date.DayMonthYear_12_APRIL.2014
______________________________________
>>>
Seeing the same problem with TS Security today.
Too much ( 15-17 MB ) of a download as virus definition updations, at one go.
N.019__Date.DayMonthYear_16_APRIL.2014
______________________________________
>>>
Seeing the same problem with TS Security today.
Too much ( 12.5 MB ) of a download as virus definition updations. At one go !!
Way TOO much !! Whilst, a few MBs' is actually the norm.
N.020__Date.DayMonthYear_17_APRIL.2014
______________________________________
>>>
YET AGAIN... There seems to be some problem with the "Mozilla FireFox" browser.
A HIGHLY ENCRYPTED file under the folder name "Mozilla-temp-files" is created
in the Windows Temporary ( TEMP ) directory.
This occurs - as and when I try using the "Mozilla FireFox" browser.
THIS IS UNUSUAL !! Something fishy. Big time.
Logged for TABULASSION.
N.021__Date.DayMonthYear_20_APRIL.2014
______________________________________
>>>
Since the past THREE days, there's been NO Security Software's Virus Definition Updates.
NEVER ever happens. This is a repeat of the last month, wherein there was NO update for 4-5 days.
BUT -> the TS Security Software decided to update in the evening !!
N.022__Date.DayMonthYear_21_APRIL.2014
______________________________________
>>>
Modem LED turned red; while the modem was in the training process. ( 01:10 PM ).
View this with extreme suspicion ( 97 % ) .
Could be normal occurrence owing to some Network-related anomaly ( 3 % )
Never experienced this earlier, across the past several years.
For - I rule out the links down issue.
And, I DO NOT expect the DNS server of the ISP to be down.
N.023__Date.DayMonthYear_24_APRIL.2014
______________________________________
>>>
1) ( Potentially + ) MALWARE QUARANTINED by the TS Security Solutions.
Malware Generic : Pdyd5
Location : C:\Windows\SoftwareDistribution\Download\BITCDBA.tmp
The TS Security Solution was NOT ABLE to identify the malware.
Uploaded the Pdyd5 image to the TS Security's Support Server.
Seems like someone lost a cyber arsenal here ?
Talking of cyber arsenal - seems like when the HeartBleed was found and fixed.
Some nation state ( perhaps ) lost a cyber arsenal that had a net worth of hundreds of
million $s'. Maybe, couple of billion USD, in net gains to be actualized !!
2) Mouse cursor movement seems a bit erratic since yesterday.
Hazy movement. A wee bit dazed. Erratic movement observed.
N.024__Date.DayMonthYear_25_APRIL.2014
______________________________________
>>>
Seeing the same problem with TS Security today.
Too much ( 15 - 16 MB ) of a download as virus definition updations. At one go !!
Way TOO much !! Few MBs' is the norm.
N.025__Date.DayMonthYear_26_APRIL.2014
______________________________________
>>>
Router LED turned red; while the modem was in the training process. ( 01:10 PM ).
View this with extreme suspicion ( 98 % ).
Could be normal occurrence owing to some Network-related anomaly ( 2 % ) .
For - I rule out the links down issue.
And, I DO NOT expect the DNS server of the ISP to be down.
N.026__Date.DayMonthYear_27_APRIL.2014
______________________________________
>>>
In the Task Manager of Windows ( Observing processES ) : -
a) " wowexec.exe" ( NOTE - this is NOT "wowexec.exe" )
b) ntvdm.exe
The first process, since the name is preceded by a "space" is DEEMED by me as plausibly FISHY.
It is difficult to terminate. Tried a few times to terminate. Then it went.
Along with it, process #b ( ntvdm.exe ) also vanished.
Not sure how both are tied together.
N.027__Date.DayMonthYear_29_APRIL.2014
______________________________________
>>>
Read on www.rt.com...
Yesterday, MAJOR INTERNET EXPLORER ( Version 6 to 11 ) Security flaw unearthed.
The flaw provides remote access to victim's computer.
HAD BEEN USING INTERNET EXPLORER, NOW. AND, SINCE QUITE SOME TIME.
AFTER THE MOZILLA FIREFOX HAD PROBLEMS LAST MONTH.
Seems like - someone lost one of their potent cyber arsenals on mE ??
What a waste !!
N.028__Date.DayMonthYear_30_APRIL.2014
______________________________________
>>>
Seeing the same problem with TS Security today.
Too much ( 15 - 16 MB ) of a download as virus definition updates ( 03:20 PM ). At one go !!
Way TOO much !! Few MBs' is deemed as norm.
N.029__Date.DayMonthYear_07_MAY.2014 ( WEDNESDAY )
__________________________________________________
>>>
After having freshly re-installed the Windows Operating System with ALL the affiliate
applications... few days back. Wasting a day in the process.
A) Seeing the same problem with TS Security today.
Too much ( 15 MB ) of a download as virus definition updates ( 07:35 AM ). At one go !!
Way TOO much !! Few MBs' is deemed as normal observance.
Especially - with NO other apps accessing the internet.
It went on to download 26 MB+ of data.
B) Have given up on Interent Explorer for the moment. So... now using the Google Chrome
browser.
Now, in the Windows Temp folder, seeing : -
"Chrome_BITS_912_26192" named folder having date/ timestamp as : Date : 05/07/2014; Time : 07:46 AM
Containing the file : -
BITE042.tmp - Type : TMP file ; Size : 9,748 KB
Date/ TimeStamp : Date : 04/01/2007 ; Time : 12:30 PM .
Seems like some - 1st April, 2007 OLD HACK. For sure !!
IMPORTANT : When I do Software Update on Google Chrome - there's NO latest update.
AND... there's no perceptible TASK seen in the Task Manager that could be downloading this
"chunk" of data.
Info. of little consequence : This file NOT deleting even after several tries. Then all of a sudden
deleting on using "permanent" delete. Not sure, how this made a difference.
Decided to reinstall the Windows OS, yet again.
Later, the TS SEcurity Software Downloads 11-12 MB of virus definition updates. ( @ 11:00 PM )
N.030__Date.DayMonthYear_08_MAY.2014 ( THURSDAY )
_________________________________________________
>>>
The TS Security Software Downloads 12.5 MB of virus definition updates. At one go. ( @ 06:25 PM )
This looks suspicious.
N.031__Date.DayMonthYear_09_MAY.2014 ( FRIDAY )
_________________________________________________
>>>
a) The TS Security Software Downloads 13/ 13.5 MB of virus definition updates. ( @ 12:25 PM ) !!
b) The TS Security Software Downloads 09 MB of virus definition updates. ( @ 05:40 PM ) !!
So, since after 11:00 PM, 7th May,14 ...
Total TS Security based DOWNLOADS = 11.5 + 12.5 + 13 + 9 = 46 MB ( In less than two days time !! )
Seems like TS Security Software has gone BERSERK.
FISHINESS CONFIRMED !!
N.032__Date.DayMonthYear_10_MAY.2014 ( SATURDAY )
_________________________________________________
>>>
1) The TS Security Software Downloads 33/ 34 MB of virus definition updates. ( @ 10:35 AM ) !!
2) I had downloaded a pretty good security scanner on my computer. Perhaps yesterday.
And, pretty soon, the very next day it is gone !! Before it is even/ ever used.
As, if it never was there. Deleted from folder.
In light of #2 - had to reinstall the Windows OS again.
Such happenings have become rampant now. Making me be MOSTLY offline.
Requiring my comp. system to be fixed, formatted, re-imaged, etc. almost MORE THAN 7-10 TIMES
since the 20th of March till date. And, even earlier. As a precautionary measure.
N.033__Date.DayMonthYear_14_MAY.2014 ( WEDNESDAY )
_________________________________________________
>>>
Requested for help from Capt AV. Posted issues faced on my blog.
N.034__Date.DayMonthYear_16_MAY.2014 ( FRIDAY )
_________________________________________________
>>>
Some repetitive problem observed on router. Last LED always turning RED. Repeats 5-8 times.
Powering OFF/ ON the router does NOT help.
Now, releasing the IP address and request for IP address re-allocation DOES NOT help.
Each and every time, it says : -
"An error occurred while renewing interface LAC : The name specified in the Network
Control Block ( NCB ) is in use on a remote adapter. The NCB is the data."
Now...
As a work around - changed my Computer's name. This resolved the problem.
VERY IMPORTANT : NOT sure WHY a change in the Computer's name MUST resolve this problem ?
The thought occurred to me : Is it possible that another Computer having the same name as my
PC and perhaps the MAC address spoofed to mine is on the same network ( LAN or WAN ) as mine.
Is it at all possible ?
Well... too many questions and unknowns here.
Anyway, decided to re-image my system with the Windows OS, yet again.
N.035__Date.DayMonthYear_18_MAY.2014 ( SUNDAY )
_________________________________________________
>>>
1) After visiting a certain web-site, found a SQL query in the TEMP folder.
First time seeing SQL queries in TEMP folder !!
2) Since sometime now, noting that the HDD LED on the Desktop is flickering,
even when NO active application is up and running.
Some hard disk activity ? Some file indexing ? Some search ... ?
3) Noted that after the fresh OS installation and a newer anti-virus installed
2 days back...
The newly installed powerful security program ( anti-virus ) is having issues
wrt responsiveness. The license popup is not responding. It's basically freezing.
Some problem keeps on seeping in... even when the OS is newly installed and all patched up
with the best possible security system ( AV ) program.
PRECAUTIONARY/ PREVENTIVE STEP : -
Installing the OS yet again.
N.036__Date.DayMonthYear_20_MAY.2014 ( TUESDAY )
________________________________________________
>>>
Router LED turns RED. This repeated after one hour ( 04:10 PM )
NOT sure what problem is causing this OR is caused here ?
N.037__Date.DayMonthYear_22_MAY.2014 ( THURSDAY )
_________________________________________________
>>>
Some repetitive problem observed on router. Last LED always turning RED.
Repeats 8 - 10 times. Over a 30-40 minutes period.
Powering OFF/ ON the router does NOT help.
I rule out the links down issue.
And, I DO NOT expect the DNS server of the ISP to be down.
Now...
As a work around - changed my Computer's name. This resolved the problem.
N.038__Date.DayMonthYear_23_MAY.2014 ( FRIDAY )
_________________________________________________
>>>
1) After visiting a ceratin web site, found the SQL query in the TEMP folder.
Seems like somehow the Windows Indexing Services are AUTOMATICALLY being enabled.
Again and again. Even when it is manually turned OFF by me.
Trying to index WHAT ?
2) Observed that, at least, four instances of SearchProtocolHost.exe was running at
one moment. Later, only one instance of the program SearchProtocolHost.exe was running.
3) RED LED is ON - observed on the router ( 12:40 PM )
4) Visted a web page. Saw SQL query come up, again.
Now, changed the Internet Explorer ( IE ) Security settings to "Medium" lvel.
But, hey - my router's last LED ( denoting internet connection ) turns RED, again.
Second time now.
Is it possible that there's Network intrusion initiated from the remote end on the router ?
N.039__Date.DayMonthYear_27_MAY.2014 ( TUESDAY )
_________________________________________________
>>>
Observed an unusual HDD ( Hard Disk Drive ) scan in progress. Whilst, there's NO app running.
Some indexing service is going ON, seems like. Indexing what ? Files, for some meta-data ?
Decided to reinstall the OS ( Operating System ).
N.040__Date.DayMonthYear_30_MAY.2014 ( FRIDAY )
_______________________________________________
>>>
Observed on TWO different counts - Red LED on the router again.
I rule out the links down issue.
And, I DO NOT expect the DNS server of the ISP to be down.
N.041__Date.DayMonthYear_01_JUNE.2014 ( SUNDAY )
_______________________________________________
>>>
1) After visiting a ceratin web-site, as usual...
Noticed...
In the "Safe Run for Apps", noticed that two instances of the "cmd.exe" are running.
( Perhaps, this could be normal. Not sure. Hence logging. )
Plus, one instance of "COM Surrogate" - dllhost.exe is running.
Could NOT terminate any of these programs.
Since, have rarely observed them previously in the Task manager.
Hence view them as an anomaly. Inexplainable. Perhaps having a threat connotation ?
( Not sure )
Anyway... logged.
2) While using a more powerful antivirus program from another vendor ( Internet Security ) in
sand-boxed mode...
With the newly installed YANDEX browser, few days back. Noting that... a file named "511.tmp"
of size 68 KB in the Windows Temp folder is created. This would NOT go away by any means.
Till the browser was closed.
Cannot say how or why ? but, view this as an anomaly !!
For I did NOT see this temp file EVER coming up earlier and linked to the Yandex browser.
Since the past several days.
N.042__Date.DayMonthYear_05_JUNE.2014 ( THURSDAY )
__________________________________________________
>>>
1) Yesterday, after visiting "a certain" ( for sure ) web-page(s)...
Found a file BIT3257.TMP ( Size = 45,329 KB ) in the Windows TEMP folder.
( Not sure what or how it was downloaded. What app could be using it ? )
It does not delete on repeated tries. Once deleted, re-appears again and again.
From the Windows TEMP folder.
2) Visited "a certain" ( for sure ) URL under strictest security and privacy settings
for Internet Explorer ( IE ). Observed the following, in the Task manager of Windows : -
a) Few instances of dllhost.exe, "COM Surrogate" . Tried to terminate it. On occassions,
it is difficult to end. Re-appears again and again.
b) "CTF Loader" task is seen, apart from a) above.
c) Incessant HDD LED activity is observed by me.
Now, this continues even after I had ended a) and b).
3) Suspecting some very high end embedded script/ applet/ malware at work ? Perhaps so !!
AS SUCH, as a precautionary + preventive measure - decided to re-image my PC.
Noted that the newer, more robust Internet Security ( IS ) takes in / downloads 225 MB of
virus definition updates.
Highly unusual and unlikely !!
As far as I recall, it should NOT have exceeded 30-40 MB ( Like last time ).
SO, whence this excess nearly 200 MB ?
Need to WATCH OUT !!
N.043__Date.DayMonthYear_6_JUNE.2014 ( FRIDAY )
_______________________________________________
>>>
One file - BITDEO3.TMP ( Size : 45,239 KB ) is recurring in the Windows Temp folder.
Raising Red Flag here !!
Deletion of this file is NOT allowed by the system.
As, this file is said to be OPEN in ...
"Background Intelligent Transfer Service" .
Now... why the heck BITS is running ??? And, secondly, why BITS is using this file ?
What's the idea ?
As, an intelligent transfer service running in the background... ?
What file/ data BITS is uploading or downloading ? From where ? What server ?
Which Windows Service or Application is using it ?
Why the need for such broader based system efficiency ? all of a sudden ?
Smelling something fishy here !!
Need to take some corrective measure here ?
N.044__Date.DayMonthYear_7_JUNE.2014 ( SATURDAY )
_________________________________________________
>>>
After re-imaging the system today...
Cannot make out why Windows Service - BITS is always running ON !! whenever
the router is ON ?
Anyway, observed file BITB54D.TMP ( Size : 50,981 KB )
With,
Attributes -> HAI
Size -------> 49.7 MB
On trying to delete it. It says "Cannot Delete".
NOW NOTE... the following reasons are given on FOUR CONSECUTIVE TRIES, to
delete this file : -
1) File is open in "Application Experience" ,
2) File is open in "System" ,
3) File is open in "Application Information", lastly
4) FIle is in use by BITS !!!
Something fishy big time. Need to keep watch.
N.045__Date.DayMonthYear_8_JUNE.2014 ( SUNDAY )
_______________________________________________
>>>
File BITB54D.TMP ( Size : 50,981 KB ) shows up in the Windows Temp folder,
as soon as the computer is connected to the internet.
This file maps to "BITS" service. Now, this is a SYSTEM process - svchost.exe
Amazingly, there are FOUR instances of svchost.exe running. ( As seen in the Task manager )
WHILST, the location of these files is NOT DISPLAYED !
Now...
Had to do "Show Processes from all users" ( logged in as ADMIN user ) and kill the
svchost.exe processes, one by one.
Only aftr this the file BITB54D.TMP is allowed to be deleted.
And, the basically "UNKNOWN" Download STOPS !!
PLAUSIBLE DEDUCTION - The observed 225 MB of virus definition downloads attributable to the newly
installed robust Internet Security ( IS ) few days back, could have been wrongly attributable ( by me )
to the IS.
It possibly has other sources.
Now, seemed like 100 % that BITS downloaded OR, BITS was used to download this quantum of data.
Few QUESTIONS -
a) What data ?
b) What APPLICATION is using BITS to download such a huge chunk of data ?
( Especially, given that the computer system is 100 % well patched & up-to-date )
c) What's the source/ sink/ server of such data transfer ?
THIS IS A GREAT SECURITY ISSUE.
N.046__Date.DayMonthYear_10_JUNE.2014 ( TUESDAY )
_________________________________________________
>>>
Today, after logging on to my computer... found that some .txt file
I had saved 3-4 days back IS MISSING from my system.
Permanently deleted !!
[
This file had my observations regarding how svchost.exe is behaving in a deviant
manner. Enabling the usage of BITS service to download large chunks of data.
Trying to sum up the errant behavior.
]
In light of the above anomaly, decided to re-image my system again as a precautionary
measure.
Lest someone ... catches me on wrong foot.
N.047__Date.DayMonthYear_16_JUNE.2014 ( MONDAY )
________________________________________________
>>>
Did Hardware RESET of the router, spaced months apart.
Observed the following ANOMALY, wrt "Auto-configuration IPV4 address" : -
1) On 16/MAY/2014 showed as : 169.254.61.56
2) On 16/JUNE/2014 showed as : 169.254.140.240
3) On 16/JULY/2014 showed as : 169.254.250.191
4) On 17/JULY/2014 showed as : 169.254.28.208
5) On 07/SEPT/2014 showed as : 169.254.126.157
OBSERVATION NOTE : As such, this data ought have been hard-coded onto the router
at the time of manufacturing. Can only change in case there's
a Firmware &/or Software update/ upgrade.
This remains a suspect area.
I never know of any firmware upgrade/ update on the router.
N.048__Date.DayMonthYear_17_JUNE.2014 ( TUESDAY )
________________________________________________
>>>
While using the IE browser, observed again : -
1) Noticed the SQL queries again... 2-3 times.
On typing URL names and searches.
Not sure why the Windows indexing service is auto-enabled; even when it is
manually disabled by me ? Again and again.
2) Again seeing the rampant process - SearchProtocolHost.exe
This won't go away. Comes up again and again.
Seems like suspicious. Given my past experiences.
Logged the instances. Need to watch out.
N.049__Date.DayMonthYear_25_JUNE.2014 ( WEDNESDAY )
_________________________________________________
>>>
Since the past few days only, seeing the following processes in the Windows Task Manager : -
a) WMIADAP.exe ,
b) WMIPsrvc.exe
c) wmi32.exe ( WMI x64 Helper )
Suspicious and spurious !
Looks like "need to follow" this ?
N.050__Date.DayMonthYear_08_JULY.2014 ( TUESDAY )
_________________________________________________
>>>
Observed a TASK - "wsqmcons.exe" in the Task Manager of Windows, for nearly one ( 1 ) minute.
WIndows ( Systems ) SQM ( Structured Query Manager ) Consolidator ??
View this task with suspicion. Cannot say or determine why it came up !!
Needed to make note of this occurence.
N.051__Date.DayMonthYear_14_JULY.2014 ( MONDAY )
________________________________________________
>>>
RED LED observed on the router. ( 03:28 PM )
Anaomalous. Suspicious.
For - I rule out the links down issue.
And, I DO NOT expect the DNS server of the ISP to be down.
N.052__Date.DayMonthYear_24_JULY.2014 ( THURSDAY )
__________________________________________________
>>>
Owing to numerous ( for sure/ certain/ plausible/ suspectible ) security breachs on
my computer, I had been away from my e-mail accounts since past 3-4 months.
( Since the second week of March ) lest, someone gets illegal access to them.
And... creates a mischief !!!
Now...
A hacked system having an installed keylogger or VNC ( a remote desktop viewer )
surveillance tool can get any/ all info. out of the hacked system... to a malicious
external entity.
OBSERVED THE FOLLOWING...
1) Whilst checking for the newly arrived e-mails in the INBOX. Was DISTURBED and ANGUISHED
on seeing that there was a "READ" e-mail ( perhaps dated 19/APRIL/2014 ) amongst all the
UNREAD e-mails in the INBOX of the e-mail account.
( The color code changes for a "READ" e-mail; compared to an "unread" e-mail. )
This clearly IMPLIED that someone did HAD an illegal access to my e-mail account.
AND, this implied that possibly there was a sloppy lapse by the illegal intruder into
my account.
Or, was it deliberate ? Why ???
Who has had / having access to my e-mail account(s) ?
2) Noticed for months and months on end...
In the SENT e-mails log... I always ensured that the SENT e-mails would show as UNREAD
e-mails. But, frequently found that several of the recent ones as also some few select
sent e-mails would be showing as in "READ" state. As if someone opened them to read
them !!
The bold, black print of an unread e-mail is changed by reading it. It turns normal print.
( This is but, system (re)configurable. )
N.053__Date.DayMonthYear_31_AUGUST.2014 ( SUNDAY )
__________________________________________________
>>>
Serious and Severe issues observed...
1) Had downloaded quite a few web-pages from a specific web-site for offline viewing.
This... on an extrenal storage device using the HTTRACK utility.
THis was done during the first quarter of 2014.
Now, noticing that MUCH MORE than 99.5 % of the downloaded web-pages of the web-site
are GONE !! They vanish from storage as if someone deleted them.
That is impossible. Until and unless there's a resident script as part of the web-pages
that's done the needful. Else, there's a malware or rootkit on the external storage that
is designed for some mischief. Not sure how or why ?
Instead of the web-site page I see ... www.augadha.com
2) In light of the above... executed a strict virus scan ( using a sturdy Internet Security
product from a reknowned vendor. ) on the external drive. This threw up the following finds.
A set of problems were detected and successfully QUARANTINED : -
a) File Name -> :AFP_Afpinfo
Location -> G drive
NOTE : noting that there can be file names starting with the colon ":"
Not sure what is the implictaion of this find ? This file naming convention ?
What does this convey... basically ?
b) File Name -> :|COB21765-33AB-46C3-E763-EC7AAA7FEF21|
NOTE :- i) Noted the file name starting of with the colon ":" .
ii) Next the file name is embedded within "|" & "|"
Never ever chanced upon such files and file naming conventoions.
Such nomenclatures !!
iii) Deceted : HiddenObject.Multi.Generic
c) Detected and Quarantines five ( 5) instances of the TROJAN : -
HEUR:TRojan-DownloaderWin32.Generic
in five different infected files.
N.054__Date.DayMonthYear_17_SEPT.2014 ( WEDNESDAY )
__________________________________________________
>>>
1) Today as well as yesterday noticed that some program is downloading
nearly 12-15 MB of data.
After killing some random tasks via the Task Manager. And, after
STOPPING the BITS service... this download is halted !!
2) First time ever, seeing the "NisSrv.exe" APP running in the TASK MANAGER.
( LOCAL SERVICES ) RUNNING ...
a) Microsoft Network Realtime Inspection Service
b) Microsoft Network Inspection.
NOTE : Not sure if #2 is a problem area. Although, need to keep watch.
N.055__Date.DayMonthYear_20_SEPT.2014 ( SATURDAY )
__________________________________________________
>>>
Not sure if this is a potential problem. But, logging...
Program -> AM_Delta_Patch_1.185.214.0.exe ( Size : 1.7 MB )
utilizing 496 KB memory is seen running in the TASK MANAGER.
IMPORTANT : -
Observed that BITS has started downloading data yet again ( 5 MB ) till
I stopped it from downloading more !!
N.056__Date.DayMonthYear_04_OCT.2014 ( SATURDAY )
__________________________________________________
>>>
OBSERVED the following ( possibly suspicious, spurious ) process - VSSVC.exe
( Microsoft Volume Shadow Copy Service ) running in tandem with BITS.
Point is - there's nothing to copy, per my observation.
Even-so-then : what exactly is VSSVC.exe copying ?
What is it supposed to be doing ?
LOGGING THIS !!
N.057__Date.DayMonthYear_18_FEB.2015 ( WEDNESDAY )
__________________________________________________
>>>
Whilst visiting a certain blog site, early in the morning.
The blog page had loaded fully, I guess. And, internet activity fully stopped.
THen, all of a sudden observed that the web-page reloads FULLY again;
Whilst, I was already in a logon mode.
Gave me the idea that POSSIBLY an entrenched web/ Java/ CSS, etc. SCRIPT possibly ran... !!
What SCRIPT ? What purpose ? What's the idea ? WHY ??
Is it for good or bad ?
Not sure ! No idea !! Can't say !!
Now...
At this instance also - like many previous times, I recall that APPLE INC.
had been contemplating ( last year ) to have MAC addresses that are not hard-coded/ fixed.
But, can be made to vary... change. So, that APPLE end users are NOT caught in the ...
Not sure what they might have done with this plan/ idea ? But, hope that other
PC/ Laptop manufacturers take note of this !!
And, perhaps DO SOMETHING about it. Prevents far-end logging.
Chances of far-end user identification and therefore, offensive actions by a HTTP Server
or web-site or blog owner is actually pared down !!
N.0058_Date.DayMonthYear_12_MARCH.2015 ( THURSDAY )
__________________________________________________
>>>
While being connected to the internet, the last LED in the router is turning RED.
Again and again. ( Between : 12:48 PM to 02:00 PM )
Again, observed till 02:44 PM.
Is there any possibility of some remote initiated Network intrusion ?
OR,
The allocated IP address is being used by some other entity, in a spurious manner ?
How to go in for the ROOT CAUSE ? DO some root cause analysis ?
N.059__Date.DayMonthYear_23_MARCH.2015 ( MONDAY )
__________________________________________________
>>>
In the evening ( 07:12 PM ), on starting my PC, observed the following : -
a) frequently failing boot-up sequence. Since the PAST SEVERAL WEEKS, been observing
that as soon as the PC is powered ON. It tries to boot up... then fails. The LEDs'
go OFF. Then after a ceratin delay. It tries to unsuccessfully boot up yet again.
The LED turns ON. Then instantly it goes OFF.
This process repeats several times !! Not sure how and/ or why this new malaise is
happening ? What's the source ?
Some new issue, this ??
Why the Operating System is failing to load again and again ?
b) Why VERY distorted display ( nearly freezed ) coming up on two occassions in the past
one month ?
c) The router going down too often, just after the internet connectivity is established.
Why is the link going down too often ?
What's the root cause for this bizzare event ? Would NOt see as a links problem.
It ought to be some-thing different. Cannot pin point it.
d) Improper internet activity. EVen when there's not much in terms of internet
access.
LED's flickering ON/ OFF too much.
IMPORTANT -
Since mid-February, the suspicion that the BIOS on my PC could be possibly infected is
gaining on me.
Infected recently or quite many months back or last year ( 2014 ) or even earlier ( 2013 ) ?
Cannot say or determine.
Possibility of some high-end scripts/ malware/ hacks resident on USB drive, as well, may NOT be
ruled out.
One resounding suspicion DOES NOT necessarily mean that the BIOS is, indeed, infected.
But, this is intuitive. So, I am not neglecting this recurring thought.
A suspicion does NOT necessarily mean that it is true. But, we MUST NOT say that it is
NOT true.
Now... this is keeping me OFF the internet. And, all internet activities. Seems more like
a self-imposed gag, apprehending some plausible mischief/ harm.
N.060__Date.DayMonthYear_10_APRIL.2015 ( THURSDAY )
__________________________________________________
>>>
While being connected to the internet, the last LED in the router is turning RED.
Is there any possibility of some remote initiated Network intrusion.
OR,
The recently allocated IP address is being used by some other entity, in a spurious
manner ?
N.061__Date.DayMonthYear_15_APRIL.2015 ( WEDNESDAY )
____________________________________________________
>>>
@ 11:48 AM
1) Observed that the PC is having the same start-up problems. Recurring.
Pressing the Power ON button on the PC cabinet, the PC starts powering ON.
Then, turns OFF.
The LEDs go down. Then, after a pause it tries to come up, again.
Repeat process.
2) Now, somehow the PC Starts up. Using a Live CD, I log on. Then...
The computer monitor starts flickering. Becomes unresponsive. Freezes.
This required reset of the PC.
This recurs 3-4 times.
In light of #2 above, do I suspect a DVD drive infection ? OR maybe...
A BIOS infection ?? A USB drive resident malware on the USB micro-motherboard ??
Cannot say. Cannot determine.
N.062__Date.DayMonthYear_FirstQuarter.2014
__________________________________________
>>>
This is VERY VERY IMPORTANT for ONE AND ALL to observe and make note of.
NOW...
For accessing internet, one generally uses a modem, router, wireless dongle,
inbuilt WI-FI, etc.
Now, few people care to know that as part of their configuration... a username and
password needs to be supplied.
Generally, the ISPs' provide the username. And, there is a DEFAULT password.
THIS MUST NEED TO BE CHANGED. MUST. THIS IS A MUST.
But, the fact is, very very few people ever do change it. All across the world.
Even more so here, in India.
...
NOW, I had made the requisite changes years back and even supplied a strong password.
Basically, to stay more secure.
But, guess what ?
First quarter, 2014 : While re-configuring the router, I discover that my previously
supplied password DOES NOT WORK.
FOUND OUT that the password had been RESET.
Now, this came as a shocker.
There are only THREE ways this may happen : -
1) The user of self resets the password, for the specific username, or
2) The ISP staffer entrusted with managing/ monitoring these connections can RESET it,
(S)he can do it at will/ whim or if someone tells him/ her to do so. Plain and simple, in India.
Most plausible.
This requires changing the password via the ISP's server / database. Secondly, reconfiguring
the router, as well.
3) There is yet another remote possibility of a master hackster enforcing it from remote end.
( Any part of the world )
Though, this could require very precise knowledge and extra high end domain expertise.
THIS POSSIBILTY CANNOT BE RULED OUT.
...
There is a sure shot possibility that those highly proficient in IT SECURITY matters/ field
might have, for sure, precise idea/ knowledge.
THIS IS EXTREMELEY SERIOUS OBSERVATION. NOT PINNING THIS ON ANYONE...
WHILST, THIS REMAINS THE REAl FACT.
GOVT. and ISPs' please NOTE. EVERYONE EVER USING INTERNET, PLEASE NOTE !!
MUST CHANGE YOUR INTERNET ACCESS DEVICE'S PASSWORD. i.e. INTERNET ACCESS PASSWORD.
YOUR ISP STAFFER WON'T TELL YOU TO.
N.063__Date.DayMonthYear_PastTwoYears.Q3Q4.2013.2014
____________________________________________________
>>>
Having been using computers since past 15-20-25 years. Work required using it for way too long
hours.
So, it is but natural to come into observation... in case computers do not behave along expected lines ! !
NOW...
Had been observing too much HDD activities, since the past ( almost ) two years.
Even when there was NO perceptible application of interest, actively running.
As also - even running in the background.
Even when the antivirus program was NOT actively scanning, etc.
Basically, could NOT explain this high rate of HDD ( Hard Disk Drive ) usage.
Nonetheless, was wary of this anomaly.
Thinking retrospectively, seems like possibly : -
a) Some indexing service was mostly running ? ; &/ or
b) Possibly some file searching, undelete file operation was in operation ? etc.
Now, QUESTIONS -
----------------
1) What indexing service ? Initiated by whom ?
2) What file search &/ or undelete operations ? Initiated by whom and why ?
Cannot say.
Now... the moot point is... Who had the need to get into this all ?
N.064__Date.DayMonthYear_EndOfTabuLASSion_18JUNE2015
____________________________________________________
>>>
Been in the habit of exchanging New Year Greetings with old colleagues, friends, relatives, etc.
around the New Year's eve time. They would reply without fail.
Last year ( 2014 ) - observed that many of them did NOT respond back. Looked weird.
Gave me the idea that possibly someone filtered them off and deleted them.
This implied access to my e-mail account(s).
This also meant that possibly someone does NOT want me to receive certain e-mail backs.
Could be wrong here.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
FEW POINTS : -
1)
ALL the mentioned data and info. is true and aptly TABULATED.
Now, wherein memory recall was used in a few instances, a slight change in
the facts ( although in line with what is stated ) may not be ruled out.
2)
Faggots, Fagins, Sissies and Pussies will play with the honour, pride
and self-respect of others. They do so in VEIL. Under some collective might.
Real men and women- born of men and women will never engage in such shenanigans.
Engaging in abject and wretched deeds ( in pretext of whatever to justify it )
is a precedent which not only dooms their future but risks grave unrest and
upheaval in society.
If the Govt. were to sponsor it ( under the pretext of whatever... ); OR
if the DESHBHAKTAS in the Security Agencies to indulge in such things...
... then GOD save the country.
3)
Been sensing and expecting some BAD APPLEs.
BAD APPLES do often and always exist.
And, BAD APPLE reminds me of King Parikshit and a curse.
Telling now... there's a curse and a vow. Both shall be fulfilled.
Also, foretells that few BAD APPLES might very well mean veiled TAKSHAKs.
"RAKSHAK BAN GAYA BHAKSHAK",
NYET !!
"RAKSHAK BAN GAYA TAKSHAK"
So, had been in the mode to... "unveil" the TAKSHAKS.
For...
Only an unveiled TAKSHAK can be slaughtered or reformatted.
This is NOT the case of rhetoric matched with "extravagant rhetoric" bordering on
unbridled rhetoric !! It's much more. Surpass it... !!
DIMWITS and RETARDS won't get it.
>>>
Ever heard PHISHERMEN, I mean FISHERMEN netting a BLUE WHALE. Does NOT happen.
>>>
When the Lord saw that few veiled "CHIDI-MAARS" ( bird catchers ) are preying on innocents
- sparrows and pigeons and owls and... Basically, ignoramuses... !!
You ALL know what... the merciful LORD sendeth the GARUDA. Whilst the GARUDA is sitting on the
net... the veiled "CHIDIMAARS" are having a blast. Thinking that they had the catch of their
lifetime.
...
Let's see what the time brings forth...
>>>
Those who have the collective intellect suiting pygmies will always try to
catch some mambas when they do not have anything else to subsist on.
"Me smoked mamba" - their day-dream. First they dream of sucking the blood out of it like vampires.
Then, they intend to roast, smoke and enjoy the remnants.
But, hey !! it takes a collective brains and perception of pygmies to search for mambas in Bharat varsh !!
Or, are ye all hunting amongst Africans ( say, Nigerians ) here ??
Better go to AFRICA...
Chanakya would look for bad apples. And, Takshaks here in Bharat varsha.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
NOW... stating this as fact that ALL the above-mentioned security breaches since mid-2013 are
true, experienced first hand by me and gave me immense anxiety ( of what's happening next ).
MORE THAN TWO YEARS OF MY EXISTENCE WASTED OWING TO THIS ALL.
RESULT IS - I HAVE LOST FULL FOCUS ON WHAT I HAD TO BE DOING.
Previous Reference Point...
http://navalbharat.blogspot.in/2014/05/repeated-hacks-what-next.html
Tuesday, May 13, 2014
Repeated Hacks, What NeXt
EOF
