Someone clicked on one of those stupid 'speed up your pc' links while researching another problem?
Well I'd be asking the user exactly what they used the machine for a couple of weeks back when this problem happened. Have we checked the browser history?
I don't believe it's anything the user has done on the laptop. Chrome was ****ed, but I think that was an unrelated issue.
No-one else has used it in months.
...as far as the user is aware. That doesn't make it true though.
My money's still on prankage by a technically proficient third party who has gained illicit access to the machine without the users knowledge.
...as far as the user is aware. That doesn't make it true though.
I believe her in this case.
My money's still on prankage by a technically proficient third party who has gained illicit access to the machine without the users knowledge.
It would seem so, wouldn't it.
Do you have an answer to this part, or are you also guessing still?
I don't know with absolute certainty I suppose, but I'm pretty sure what's happened, yes.
I don't know with absolute certainty I suppose, but I'm pretty sure what's happened, yes
Is that because you are a wise old owl?
(-:
Cougar - Moderator
What do we do with it?
System restore!
Good point. I tried that. No difference.
format c:
install linux
the symptoms will definitely go away 😉 (along with many others)
or ditch it and get a mac
hmm, just read the rest of the thread.
guess you could maybe try installing latencymon, see if there's any actual processes/drivers are going mental? then kill it/them? will at least tell you the most active processes/drivers to start having a look at.
andytherocketeer - Member
format c:
install linuxthe symptoms will definitely go away (along with many others)
until you need to do something useful! 😆
Is there an entry in the "programs & features" list where the "Installed On" date & time correlates with the creation/modification date & time of the task and/or .vbs file? If so, what is it?
^-and that includes "updates" too.
Do we have anything more specific than a couple of weeks? I'm assuming that is significant - though not getting it (Thanksgiving, Black Friday, start of Advent?)
I presume the vyi name isn't significant, but the ch.vbs and ch.bat might be given you don't exactly remember one, but do remember the others...
Anything to do with children who have just broken up from school/uni?
Do we have anything more specific than a couple of weeks? I'm assuming that is significant - though not getting it (Thanksgiving, Black Friday, start of Advent?)I presume the vyi name isn't significant, but the ch.vbs and ch.bat might be given you don't exactly remember one, but do remember the others...
Not to my knowledge. I should've written them down really, then I could've asked her.
The file names / task name aren't relevant to anything I'm aware of.
Is there an entry in the "programs & features" list where the "Installed On" date & time correlates with the creation/modification date & time of the task and/or .vbs file? If so, what is it?
We're almost there. "When" is the question I was looking for.
There's no creation date on the Task (logging is disabled, which IIRC is default behaviour), just "last run" which tells us nothing.
The dates on the two scripts is October 2015.
End of October?
IIRC MS changed the method of patching Win 7 in October.
MS patch issue?
End of October?
I see where you're going with that, but no, 12th I think.
Glorious - edit: nope that's August
Glorious
Nope, it wasn't Eddie Izzard either.
I have the feeling this is a massively drawn out joke, leading to a puntastic punchline
Would I do that to you? (-:
It's not, honest.
do we know when (exactly) the issue was first noticed?
Not exactly. "A couple of weeks" is all I was told. (I asked for System Restore purposes, it was a sufficiently accurate estimate for me to be able to pick an older restore point.)
10/12 <> 12/10?
Oh, nice thinking. But no, it's a UK date format.
Can we have a summary?
Can't remember what we know and what we're trying to figure out any more!
The scripts dated October [i]2015 [/i]but there seems to be a suggestion that the month of October is significant, but not the year.
Either that or the ending of the "one child policy" in China has something to do with it.
Is it an elaborate ruse to prevent the user seeing any internet spoilers for Rogue One?
there seems to be a suggestion that the month of October is significant, but not the year.
Does there?
Did you say system restore was not successful? That suggests the script's been in place for some time (since Oct 2015), but has been triggered by a date change - the restore point you used contained the script, which is still triggered by the date condition.
Are we correct to assume a third party placed this?
When's the user's birthday?
Were there any earlier restore points to track down exactly when the scripts and task were added? If so, and based on the available information, when were they added?
I'm not sure I'm getting anywhere here, but more information is always better (eventually the penicillin spores might land in my culture).
Did the task have a start date or was it execute immediately?
I might be upset if this ends in confusion between Halloween and Christmas.
Did you say system restore was not successful? That suggests the script's been in place for some time (since Oct 2015), but has been triggered by a date change - the restore point you used contained the script, which is still triggered by the date condition.
To be clear, the restore was "successful" in that it completed, er, successfully; it just didn't solve the problem.
Are we correct to assume a third party placed this?
I believe so.
When's the user's birthday?
Dunno.
Did the task have a start date or was it execute immediately?
I didn't see a start date, just "last run."
Something to do with Christmas countdown?
With Jimmy Carr?
Is there any evidence the 3rd party created this interactively or are there any pointers that it was done programmatically (i.e. via an install) - for example any evidence in the user & windows temp folders?
Something to do with Christmas countdown?
It's certainly a conundrum.
[quote=Cougar ]
Are we correct to assume a third party placed this?
I believe so.
OK, so we come back to the contradiction in this post:
[quote=Cougar ]
...as far as the user is aware. That doesn't make it true though.
I believe her in this case.
My money's still on prankage by a technically proficient third party who has gained illicit access to the machine without the users knowledge.
It would seem so, wouldn't it.
So you believe that nobody else has used the computer, yet a third party has placed this?
...and you previously dismissed my looking at browsing history to find possible infection vector.
Is it just a scheduled task made via clicking buttons, or is it an actual script someone has written? (If the latter can you post the contents?)
Is there any evidence the 3rd party created this interactively or are there any pointers that it was done programmatically (i.e. via an install) - for example any evidence in the user & windows temp folders?
Not really.
So you believe that nobody else has used the computer, yet a third party has placed this?
That's not quite what I said. I said no-one else has used it for months.
...and you previously dismissed my looking at browsing history to find possible infection vector.
I didn't dismiss it, I just didn't do it.
I'll post up the conclusion now I think, because you've all but got it.
[quote=Cougar ]That's not quite what I said. I said no-one else has used it for months.
Aaargh - I didn't get the distinction when we started discussing the date of the scripts. So somebody put on a timebomb - and have you established who did use the computer months ago?
(I think to be fair, you've made it a bit harder for us than it was for you 😉 )