Jump to content

A2service starting a remote thread? Does this firewall log look suspicious?


Recommended Posts

Hello,

I'm afraid I have something bad going on here, but I'm not sure, so I thought I'd post here before going to the malware forum (especially since the machine may not even be worth cleaning, as I will describe below).   Emsisoft Anti-Malware scan doesn't show anything, but I have been concerned about a possible kernel-based malware and dll injection/api exploits?    I can't run or even install Malwarebytes.   I just installed Private Firewall, and this log shows some activity that looks strange to me, including a2service starting a remote thread.  This is a home computer on wifi but not connected to a homegroup at all, and I have tried to disable/disallow all remote access whatsoever.  When I use ProcessExplorer, many of the program windows come up with blank information and tell me I don't have access.  

You are going to scold me, because I have been running Windows 7 without updates.   I have shut down a bunch of services, disabled debugging, and disallowed a bunch of programs.  I realize the machine is in a bad state with the current OS and no updates, and I will likely be wiping it and installing Linux soon.  I need a new computer but would like to use it as a backup computer.   I can't reinstall Windows 7, because I accidentally put tape over the product key and can't read it anymore.   However, I am curious about what is going on here and would appreciate any thoughts you have.   Do you think there might be malware in the boot sector?   If there is malware in the boot sector, would it be destroyed if I reformatted and installed Linux as opposed to Windows?  Is it worth trying to remove malware from this Windows installation? 

Just wondering what you make of these screenshots from Private Firewall and ProcessExplorer.    Notice that "sniffers"  are being set with each new program.   Private Firewall shows two unknown programs listening at ports, but I can't find them on any program list, and the firewall will not shut them down.  ProcessExplorer shows an almost blank properties window for a2service and unknown handles.   One last thing that makes me feel like I'm going crazy:   When I saved these jpg files to my desktop, the computer initially generated two thumbnails that looked identical...one that was the .jpg, but the other's properties said something like "PMOD" with something about "Windows shell."   I'm not sure...but they were there but are now gone.  

I apologize in advance if I am totally misreading everything and just being paranoid.  However, all these sniffers and hooks and the unknown programs have me worried.  Thank you for any thoughts.  

bluescreen

 

 

unknown programs listening for connections.jpg

processexplorer a2service blank properties and many groups.jpg

processexplorer a2service and msn.jpg

processexplorer a2service unknown handles and ntdll userthreadstart.jpg

private firewall log showing a2service creating remote thread and also sniffers and hooks.jpg

Link to comment
Share on other sites

@bluescreen  ... > I can't reinstall Windows 7, because I accidentally put tape over the product key and can't read it anymore.

I googled for "how find w7 product key" and found several sites describing ways to find it, not all requiring the physical label.  For example:  https://www.ionos.co.uk/digitalguide/server/configuration/how-to-find-a-windows-7-product-key/  says how to find it in the registry.  I don't know if the method is correct or not, though.

Link to comment
Share on other sites

@bluescreen try disabling your ad blocker while on our forums. Also, if you're using Firefox on the computer the FRST logs are from, then I recommend removing one of the ad blockers you have installed (either that or remove both of them and replace them with uBlock Origin).

BTW: I highly recommend that you never run ComboFix. Unless the maker of ComboFix decided to start updating it again, then I wouldn't consider it safe.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...