Thanks I have done this procedure before a year ago or something, for another issue, gave interesting results though.
But I don’t think its a virus, because it specifically deleted my most important recent files, like someone is monitoring my computer and knows what to delete.
That’s why I call it incoming traffic hackers.
Please tell me if there is an AVAST or windows log file I can check for suspicious incoming traffic AND (ideally) for corresponding suspicious changes to the windows file system.
Ideally I would see, if such a log file exists, that an IP address (not my own) deleted these files.
HOW CAN I GET PROOF THAT SOMEONE ELSE (HACKERS) DELETED THE FILES???
But I don't think its a virus, because it specifically deleted my most important recent files, like someone is monitoring my computer and knows what to delete.
If so it may be seen it the diagnostic logs ..... so, [b]attach[/b] logs ;)
are you the only one with access to that computer?
Thank you for looking into this issue. So I want to know if “incoming traffic hackers” can have deleted some recent important files. And if you have evidence or maybe even proof of such a thing please explicitly say so in writing in this forum post!!! And please say also how one can see this (or what to look for).
I remembered it wrong, I now work on a computer without AVAST, so I could not check before, It says Firewall changed mode, seems to be done at every windows restart, even when computer is not plugged in to the internet, could be an automatically entry in log file only triggered by booting windows, strange though that it remembers the ISP specification even when not plugged in. I never used password protected WIFI under this AVAST/windows by the way, windows does not know the password, never entered it there
I corrected my “misinterpretation / wrong remembering” of the log entry in my last post by the way. Please read this last post, because its strange that the entry shows up even when computer is unplugged from the internet and it can’t be connected by WIFI because windows does not know the WIFI key, never connected windows with WIFI, moreover Chrome browser says “no internet connection”
We can only comment/respond to what you tell us.
If you remembered the log entry wrong and posted the wrong info here, doesn’t change anything about what I said.
What I don’t understand of the logs:
FRST.txt has an entry for FireFox with lots of plugins and addons, I dont find FireFox in my windows programs search, I never installed it under windows 10, I have it on my UBUNTU Live USB stick which always is plugged in, even if I start from windows from SSD C: drive. Could be too in and old “Program Files” directory on D: drive from windows 7, 8 or 8.1 times, which is not active anymore (I have now as I said before windows 10)
ADDITION.txt warns 12 times in scheduled tasks for “… no file <==== ATTENTION”
PS: I see now that FireFox entries are all from plugins on the C: drive (Strange!!! What are they doing there?)
AHA by accident I saw in Google GOTOMEETING, please do not use such cryptic titles like G2M when you actually mean GOTOMEETING ADDITION.txt indeed says 10 times CITRIX/GOTOMEETING directories for exe’s and dll’s. However its not in the windows start menu and windows programs search menu. I can’t therefore start GOTOMEETING myself, maybe the hackers can. I think GOTOMEETING was for a webinar months ago, I’m not sure why it seems to be latent present on my windows computer.
Moreover “switch Firewall mode to Public/High Risk: TELE2 ISP network” message in Firewall Log “rules”, there is even a log entry when my modem is off (I mean disconnected from the electric grid AND as I said before also when on but unplugged from the internet. However in these cases Google Chrome always said “no internet connection”) Can you explain this ESSEXBOY? It can be that my computer is on another WIFI network in my neighborhood, but this than would be a stealth connection, since Chrome does not see it!!! Maybe the GOTOMEETING shit on my computer, makes this stealth connection, however coincidentally this is also the same TELE2 ISP as my genuine internet connection, but this makes it not more unrealistic.
WHY DOES MY AVAST PRO NOT PROTECT OR WARN ME FOR THIS “GOTOMEETING HACK”? OR IS THIS IMPOSSIBLE?
I think GOTOMEETING was for a webinar months ago, I'm not sure why it seems to be latent present on my windows computer.
That is easy to explain.
It was installed and never removed (properly).
Moreover "switch Firewall mode to Public/High Risk: TELE2 ISP network" message in Firewall Log "rules"...
So, your ISP is Tele2 and the firewall has detected that at some point.
Since it is a software firewall, it doesn't matter if modem is on or off.
However in these cases Google Chrome always said "no internet connection"
It would strange/suspicious if Chrome said there was a connection when the modem is off.
If that happens you should start to worry.
It can be that my computer is on another WIFI network in my neighborhood
No, it can't or Chrome would notice it and use it.
Maybe the GOTOMEETING shit on my computer, makes this stealth connection, however coincidentally this is also the same TELE2 ISP as my genuine internet connection, but this makes it not more unrealistic.
No, G2M doesn't make a stealth connection.
It uses your existing connection.
WHY DOES MY AVAST PRO NOT PROTECT OR WARN ME FOR THIS "GOTOMEETING HACK"?
There is no reason for avast to warn because it is no hack.
It is fully legitimate software that you (or someone there) installed for the webinar.
http://www.gotomeeting.nl/
