Questions raised by member Softdown (malware and deleting recent posts)

BB.BB. Super Moderators Posts: 26,768 admin
For Softdown (any anyone else),

I have asked Vanilla Support if they had any malware related issues (such as Trojan Agent) that they have seen... And they said no.

So--I think--That Softdown's trojan issue(s) is probably not related to our forum (unless I get further information).

Second, I have asked about the ability for users to delete recent posts--The forum was configured to allow poster deletion of their own posts that are less than 2 weeks old.

Waiting for an answer on that question.

-Bill
Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset

Comments

  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    Testing ability to self delete user Softdown's posts.

    -Bill "moderator" B.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • BB.BB. Super Moderators Posts: 26,768 admin
    Softdown,

    Don't worry about the above post in your name--Just doing some testing and talking back with the "mother ship" about the failure of the software to let you delete your own resent post(s).

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    Thanks for the effort BB, I was out of town for a bit. Regarding the malware, I was attempting to say that I believe it is agents who have the ability to implant malware in flash memory anytime they want. Though I see your point in that said malware was/is frequently popping up while writing on this board. The malware reappeared this morning though I did not discern when it arrived. I opened up six different web sites as soon as the computer started.

    The inability to delete my own duplicate post after a couple minutes does, of course, need to be reviewed.

    FWIW....I have a relative who gets "implanted" with various companies to ensure that their hardware etc. does a proper job of relaying desire information to Big Brother. He took the liberty of implanting an EXEC while I was attending his out of state wedding. Mission first? He was either sloppy or "feeling his oats". The EXEC bears his name and is always present on my screen. I would imagine it is a keylogger. Masters from MIT in EE is his background. However...this particular trojan agent has manifested on other laptops as well. Necessitating the use of Malwarebytes Pro....to remove flash memory malware.

    His EXEC program records what I do, one would think. The Trojan allows them to control my laptop to a degree. I would imagine that most people either replace their laptop, turn it off, or have the malware professionally removed. I doubt that a large percentage have the ability to remove malware from flash memory. That type of malware, is I believe, somewhat proprietary property of the Five Eyes.........America, Canada, England, Australia, and New Zealand. Big Brother constantly seeks more power....more control.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • BB.BB. Super Moderators Posts: 26,768 admin
    One of the problems that has occurred is that once any malware is in the field (government or other), the hackers take that new software, analyze, and re-purpose into their own use.

    There are so many ways that computers can be compromised now, and combined with high speed 24x Internet, that we have roared into 1984 with near zero privacy. Add cell phones that everyone carries with them and are also easily compromise...

    My advice to my kids--Never write anything on a computer that you would not want seen on a billboard next to the highway.

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    Well put as usual. I may point out that it was the government, not the private sector hackers, who bribed/coerced the multitudes of backdoors into almost anything that can be flashed. If it can be flashed, it can be hacked.

    Windows ought to be called Backdoors. Some companies that are unusually co-operative with Big Brother: Microsoft, Facebook, AT&T, and Google. Interesting that the 2015 bull market was made possible by companies that mine a lot of data for Big Brother: Microsoft, Facebook, Google, Amazon, and Apple.

    The latest wall street darling, that I heard about, is a chip maker. Can't help but wonder what surveillance enhancements a chip might carry.

    Shouldn't this be "In the weeds"?
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • BB.BB. Super Moderators Posts: 26,768 admin
    Was an announcement about the questions/issues you had with the forum...

    No need to continue here--Not going to fix anything (other than, hopefully, the fail to delete problem).

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    Should have known you were right. The Trojan Agent appears when I open this web site. I checked before starting up my browser and found no malware. Checked after opening one web site, this web site....and found the Trojan Agent. Plus this interesting piece of news that I am pasting:
    2017/08/17 06:04:19 -0600    USISPOLICESTATE    John    ERROR    Scheduled update failed:

    I do not feel these results are absolutely definitive. The Agent could appear as a result of opening the browser, I use Firefox. I should try to check for that tomorrow if I remember. However......it certainly does presently appear as if the malware corresponds to opening this web site.

    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • BB.BB. Super Moderators Posts: 26,768 admin
    I don't know--Nothing related that I can find. Checked the elements that load with our website and don't see anything.

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    BB. said:
    I don't know--Nothing related that I can find. Checked the elements that load with our website and don't see anything.

    -Bill
    Due to my sordid history of butting heads with the electronic police state, I should not be surprised to find it is an issue specific to me. Incidentally, while I was editing my latest new discussion....the screen darkened and a rectangle showed up with three small "dancing" squares. My internet froze in spite of Microsoft Network Center not finding any problems.

    The freeze was persistent so I played a game of Monopoly. Things were OK upon return after ~15 minutes. This has happened "here" before.

    I think I will install NoScript with "pretty strict features" here.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    edited August 19 #11
    My little buddy, the Trojan Agent, was detected prior to doing anything other than opening my browser. I am still curious as to why it seized control of my laptop while typing comments here. The #1 suspect has to be the guy that installed the EXEC while I attended his wedding in Washington. No telling how much control that gives him....what a guy. Nice mom though.

    Edit: However we do live in the time of government Thought Cop traffic jams when well over a million attempt to dominate the net. So almost anything is possible.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    The Trojan Agent loads when Mozilla is opened. Seems like a likely "State Operation" to me. Guess I'll use a different browser...until that gets hi-jacked.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • mcgivormcgivor Registered Users Posts: 1,204 ✭✭✭✭
    @softdown did you ever consider your computer may be corrupted, I had many problems with a laptop, switching to an Android tablet solved all issues, including energy consumption.
      1500W, 6× Schutten 250W Poly panels , Schneider 150 60 CC, Schneider SW 2524 inverter, 8×T105 GC 24V nominal 

  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    mcgivor said:
    @softdown did you ever consider your computer may be corrupted, I had many problems with a laptop, switching to an Android tablet solved all issues, including energy consumption.
    An EXEC program was installed while I attended a wedding in Seattle. The name of the EXEC program is GREG. The name of the groom is GREG. So yes...GREG has access to a lot of data.

    There are no viruses and malware is removed first thing in the morning. I can't hardly stand tablets. 

    This thread is about learning more about the malware....which seemed to be related to this web site. Further analysis has found that opening my old browser, Mozilla Firefox, unleashed that trojan agent.

    A couple times a day I am encouraged to throw my buckets of money at various challenges. Interesting.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    Incidentally....as I recall GREG worked for Android. Possibly ensuring that State Operators had access to desired data...while ensuring everybody that nothing could be further from the truth.

    Everything is loaded with backdoors. Fighting terrorists you know....
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • mike95490mike95490 Solar Expert Posts: 7,249 ✭✭✭✭
    GREG might be a BHO (Browser Helper Object) and can easily be removed and/or disabled in firefox and other browsers
    Powerfab top of pole PV mount | Listeroid 6/1 w/st5 gen head | XW6048 inverter/chgr | Iota 48V/15A charger | Morningstar 60A MPPT | 48V, 800A NiFe Battery (in series)| 15, Evergreen 205w "12V" PV array on pole | Midnight ePanel | Grundfos 10 SO5-9 with 3 wire Franklin Electric motor (1/2hp 240V 1ph ) on a timer for 3 hr noontime run - Runs off PV ||
    || Midnight Classic 200 | 10, Evergreen 200w in a 160VOC array ||
    || VEC1093 12V Charger | Maha C401 aa/aaa Charger | SureSine | Sunsaver MPPT 15A

    solar: http://tinyurl.com/LMR-Solar
    gen: http://tinyurl.com/LMR-Lister ,

  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    mike95490 said:
    GREG might be a BHO (Browser Helper Object) and can easily be removed and/or disabled in firefox and other browsers
    Now I am confused a bit. Investigation says it was installed ~two years before I bought this computer...as new. It never appeared on my screen until after the 2014 wedding. From then on....it can not be removed from my screen for more than several seconds. This is what it says: "Failed to find required file"..... That message is next to a red X. The box says GREG at the upper left corner. 

    I have not been able to remove it....it is an EXEC. I did disable it's persmissions just now. Or so I am told. 

    I do recall what seemed to be an agent saying ~ "Greg installed an EXEC on his computer." Things are always a bit weird in the surveillance business. 
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • BB.BB. Super Moderators Posts: 26,768 admin
    Greg.exe is an acer computer installed file:

    http://www.freefixer.com/library/file/GREG.exe-104055/

    fixer.com »
    Library »
    What is GREG.exe?

    What is GREG.exe?

    GREG.exe is part of Global Registration and developed by Acer Incorporated according to the GREG.exe version information.

    GREG.exe's description is "Global Registration"

    GREG.exe is digitally signed by Acer Incorporated.

    GREG.exe is usually located in the 'C:\Program Files (x86)\Gateway\Registration\' folder.

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    Yes....that is all well and good. But what triggered it to take a permanent presence on my screen? With this cryptic message: Failed to find required file

    The screen presence occurred after the trip to Seattle. I consider it possible that the program was used for a search. Clearly the search did not find anything that was desired.....as witnessed by: "Failed to find required file".

    The evidence is not conclusive at this date. Though I find the timing and permanent screen presence of interest. 

    I am using a different browser and not finding my little Trojan Agent so far. Now my question would be............who can imbed a flash memory Trojan Agent into a browser? Imbedding malware into flash memory is, without a doubt, done by government Thought Cops. I had to remove the Trojan Agent every time I mentioned the Federal Reserve. Memory is that the occurrence takes ~10 minutes though I never timed it. I have removed this Trojan Agent at least 80 times I believe. I would bet the number is well over 100 times.



    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • EstragonEstragon Registered Users Posts: 1,428 ✭✭✭✭
    Failed to find the requested file sounds to me like an error returned in trying to open a file/socket that's a dependency. If I was writing a trojan or malware, I wouldn't be writing a dependency failure message to the UI, but I don't write trojans or malware, so YMMV.
    Off-grid.  
    Main daytime system ~4kw panels into 2xMNClassic150 370ah 48v bank 2xOutback 3548 inverter 120v + 240v autotransformer
    Night system ~1kw panels into 1xMNClassic150 700ah 12v bank morningstar 300w inverter
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    edited August 20 #21
    The malware is in the browser, not this web site as it initially seemed to be. So this discussion should probably die unless someone can offer some personal expertise or some pertinent insight. 

    The Greg EXEC probably has no relation to the malware issue.  Though I am sure that Acer did not intend for the user to have a permanent ~2" x 3" box on their screen advising them that "Failed to find required file".  This issue is likely so obscure that it would be difficult to ascertain what really happened. 

    Greg apparently did not create the EXEC named Greg. The EXEC program named GREG did achieve a permanent ~ 2" x 3" presence on my laptop screen after attending his wedding. 

    Incidentally I "divided" my computer due to the annoying presence of the EXEC box. I can log into a "similar computer" that does not have the annoying EXEC box on the screen. However....something largely disabled my ability to use Ebay on that computer partition. Being in the boondocks, I do a lot of shopping with Ebay. The Greg EXEC can be ~95% shoved aside with the cursor.

    Having said all that, this continues to mystify me: Greg EXEC:  Failed to find required file
    I can assure interested parties that I had no ability to use the Greg EXEC to look for a file. Never completed a single class in computers. 

    By the way, the malware is back in spite of using a different browser. Takes two minutes to disable. I do ocassionaly get a message that there is another ~ "cloned computer on my network".  I will try to relay the exact message next time the message is received. 


    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
  • BB.BB. Super Moderators Posts: 26,768 admin
    It sounds like Greg.exe is trying to find another file (removed/etc.).

    Here is a link that tells you how to remove greg.exe and prevent windows from running it:

    http://www.shouldiremoveit.com/Acer-Registration-6573-program.aspx

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • softdownsoftdown Solar Expert Posts: 1,498 ✭✭✭✭
    BB. said:
    It sounds like Greg.exe is trying to find another file (removed/etc.).

    Here is a link that tells you how to remove greg.exe and prevent windows from running it:

    http://www.shouldiremoveit.com/Acer-Registration-6573-program.aspx

    -Bill
    Thanks.....that easily removed the GREG.exec from my laptop screen. Thank God I never had the cajones to confront Greg about it. It is amazing that it permanently popped up on my screen when I returned from his Seattle wedding. 

    One agent(?) even told me "Don't remove his keylogger".  

    What a crazy little show that was.
    First Bank:16 180 watt Grape Solar with  FM80 controller and 3648 Inverter....Fullriver 8D AGM solar batteries. Second Bank/MacGyver Special: 10 150 watt BP Solar with Renogy MPPT 40A controller/ and Xantrex C-35 PWM controller/ and Morningstar PWM controller...Cotek 24V PSW inverter....forklift and diesel locomotive batteries
Sign In or Register to comment.