PDA

View Full Version : Need to know more. Lots more!



azureimage
21-12-2011, 08:45 PM
Hi everyone-I am back online. After a looong break. And a battle with malware ,I.am.still trying to find out more about how my computer works...not completely clueless but not up with code and scripting!I would like to find out(for a start)what mutexes are.Everything I install includes lines of reference to mutex.Are these a problem,anything to worry about?hope to make contact with some tech savvy person,not to solve problems but to learn more.thanks
AZURE

bevy121
22-12-2011, 12:14 AM
to lock a resource while it's being used basically

Short for mutual exclusion object.
In computer programming, a mutex is a program object that allows multiple program threads to share the same resource, such as file access, but not simultaneously. When a program is started, a mutex is created with a unique name.
After this stage, any thread that needs the resource must lock the mutex from other threads while it is using the resource.
The mutex is set to unlock when the data is no longer needed or the routine is finished. (http://www.webopedia.com/TERM/M/mutex.html)

azureimage
26-12-2011, 12:36 AM
hi again thanks for getting back to me.
I am running Win 7 home prem,on a supposedly stand alone unit,as the sole user.
I am sure there are one or more identities running things,blocking
access,going to strangewebsites,stopping updates,creating partitions,keylogging.The computer is a weird hybrid of Win7,
and my former XP unit,full of System32 files,frozen at 14/7/2009.
There is an X drive visible when I attempt a repair,not sure if this is normal.
The Trusted Installer owns various files,and changing this affects various things,such as internet access.
Antivirus,and help from another forum has not really detected anything obvious,but this is common for this type of hidden infection,
I think.
The sort of mutants I mean are for instance in Resource Monitor
explorer mutant \sessions\1\base named objects\_!SHMSFTH history!IE5
'' '' '' " " " " \_SHuassist.mtx
And others scattered with exclamation marks
My next question is regarding C Windows Sysnative What is sysnative,and why is only visible
when scanning? Thanks
AZURE

bevy121
26-12-2011, 11:16 AM
a weird hybrid of Win7,
and my former XP unit

a hybrid... hmmm

I don't think I'll even attempt to understand or answer anything else in that post - just that bit so far has given me a headache

kahawai chaser
26-12-2011, 12:45 PM
Mark Russinovich from Microsoft is a bit of a guru on windows resources/scripting processes, check out his blog (http://technet.microsoft.com/en-us/sysinternals/bb963890) and the many utilities from sysinternals (http://technet.microsoft.com/en-us/sysinternals/bb795533) that he created for monitoring threads, dll's, handles, etc.

azureimage
27-12-2011, 06:31 PM
bevy121,thanks for even thinking about it,sorry about headache...imagine what it is like living with it,hehe.
kahawai,thanks...have most of those tools,and they show that my standard admin account is denied access to basically everything.
the BUILTIN admin is specifically blocked from modifying the windows system files(from the XP SP2 configuration)
that are at the heart of the problem
But good new,this forum must be lucky for me,my
AV actually showed trojan (AUTUIt) activity for the first time ever!Know this does not solve my probs ,but was great to actually
find something
And I had an offer of overseas help from an interesting source,.

So what about sysnative,any ideas,anybody?
Thanks
AZURE

bevy121
28-12-2011, 10:38 AM
The %windir%\System32 directory is reserved for 64-bit applications. Most DLL file names were not changed when 64-bit versions of the DLLs were created, so 32-bit versions of the DLLs are stored in a different directory. WOW64 hides this difference using a file system redirector


32-bit applications can access the native system directory by substituting %windir%\Sysnative for %windir%\System32. WOW64 recognizes Sysnative as a special alias used to indicate that the file system should not redirect the access. This mechanism is flexible and easy to use, therefore, it is the recommended mechanism to bypass file system redirection. Note that 64-bit applications cannot use the Sysnative alias as it is a virtual directory not a real one.

http://msdn.microsoft.com/en-us/library/aa384187%28v=vs.85%29.aspx



might help if you told us what it is you were actually wanting to do

KarameaDave
28-12-2011, 10:51 AM
I'd be reinstalling my Operating System on a formatted HDD myself.

azureimage
09-01-2012, 04:01 PM
You wil think its crazy but i hav been told this is s sophisticated hijack with possible military or government applications.makes u afraid to go online.hope the cia or pentagon or worse dont come calling hehe.thanks all for tryin to help azure xxx

fred_fish
09-01-2012, 04:07 PM
Yes, the tracker they have planted in your arse only has a short range, so they need the malware on your PC to relay it's temperature readings back to Langley.