phybeя's White Hat Help Desk

[phybeя]

phybeя's White Hat Help Desk​

I'm opening this help desk in hopes that I can answer questions and resolve issues that people have.

I plan on adding a compilation of the most common questions/answers and updating it frequently.


Please use the template below:

[b]Issue:
Question(s):
Any additional information:[/b]

 

[Poe]

Great to see a new member like yourself helping out, well done.

 

[phybeя]

Great to see a new member like yourself helping out, well done.

Thanks, that's what I came here for

 

[Justice]

Issue: I am infected into a botnet or something.
Question(s): When I got to process's it saids stuff like crss.exe srss.exe
Any additional information: When I try ending the process it said "Action was denied"

 

[phybeя]

Issue: I am infected into a botnet or something.
Question(s): When I got to process's it saids stuff like crss.exe srss.exe
Any additional information: When I try ending the process it said "Action was denied"

Those processes you described are actual legitimate Windows processes which is why you can't end them.

 

[Megaman]

Issue: when I turn on my Windows 8, Toshiba I am unable to sign in or access my computer
Question(s):is there a way to return this to factory settings or something , sorry for the idiotic question I don't really use computers much.
Any additional information: I had it for like a month, I did have Gescenck on there but nothing else if that matters.......

 

[frost]

Issue: when I turn on my Windows 8, Toshiba I am unable to sign in or access my computer
Question(s):is there a way to return this to factory settings or something , sorry for the idiotic question I don't really use computers much.
Any additional information: I had it for like a month, I did have Gescenck on there but nothing else if that matters.......

(I know I am not Phyber, but I know how to do this)

1.Take your mouse to the top left corner, then click 'Settings'
2.At the very bottom there is a button labeled 'Change PC Settings' Click that.
3.Next scroll down to the 'General' tab
4.Scroll down a bit and secod from the bottom there should be a restore to factory settings and re-install windows.

Hope I helped.

 

[phybeя]

Issue: when I turn on my Windows 8, Toshiba I am unable to sign in or access my computer
Question(s):is there a way to return this to factory settings or something , sorry for the idiotic question I don't really use computers much.
Any additional information: I had it for like a month, I did have Gescenck on there but nothing else if that matters.......

(I know I am not Phyber, but I know how to do this)

1.Take your mouse to the top left corner, then click 'Settings'
2.At the very bottom there is a button labeled 'Change PC Settings' Click that.
3.Next scroll down to the 'General' tab
4.Scroll down a bit and secod from the bottom there should be a restore to factory settings and re-install windows.

Hope I helped.

Let me know if Frost's method works for you. If not, I will assist you further.

 

[Cult]

Issue: When i load up my computer it goes i a black screen then says no bootable devise
Question(s): is there anyway to fix
Any additional information: Nope

 

[Rap]

Nice to see someone helping people out with White Hat problems. Great thread!

 

[Megaman]

Let me know if Frost's method works for you. If not, I will assist you further.

It would work, except my mouse won't appear on screen :/

 

[frost]

It would work, except my mouse won't appear on screen :/

(Sorry Phyber I know this is your thread)

I was having the same problems last week.Yet I resolved it. Are you using the built-in touchpad?

 

[phybeя]

Issue: When i load up my computer it goes i a black screen then says no bootable devise
Question(s): is there anyway to fix
Any additional information: Nope

1. Did this problem just happen randomly or did you do something that you think may have caused it?

2. What operating system is your computer?

 

[Andy]

Issue: ukash virus, Blocked my computer for clicking on a link and accusing me of viewing child porn.
Question(s): I know how to get rid of this virus. It is just a ling process and I haven't been bothered to do it, Been siting there for months now..
Any additional information: have you ever heard of it, If so any extra help would be great. I don't want to tell my parents about this virus because it will be probably the most awkward thing.

 

[Bry]

Issue: I got RAT'ed 4 months ago, when I saw he changed my desktop image, I removed the Internet Wi-Fi tool from the USB, restarted the computer, and restored my computer 1 week ago back. Then, without being connected to the internet, I scanned my PC with Pro Malware Bytes, and removed some viruses. Since then, I've not seen any suspicious activity, and I also have active protection from MBAM, but I see some strange proccess as these.

Question: Am I fully secured?

 

[phybeя]

Issue: ukash virus, Blocked my computer for clicking on a link and accusing me of viewing child porn.
Question(s): I know how to get rid of this virus. It is just a ling process and I haven't been bothered to do it, Been siting there for months now..
Any additional information: have you ever heard of it, If so any extra help would be great. I don't want to tell my parents about this virus because it will be probably the most awkward thing.

Yes, I have heard of it before. If you know how to remove it, why don't you? I wouldn't recommend keeping it on your computer since it could just slow things down.

I would recommend reading this guide if you need help removing it: http://guides.yoosecurity.com/how-t...ked-pc-asked-for-payment-100-pounds-or-euros/

---

Issue: I got RAT'ed 4 months ago, when I saw he changed my desktop image, I removed the Internet Wi-Fi tool from the USB, restarted the computer, and restored my computer 1 week ago back. Then, without being connected to the internet, I scanned my PC with Pro Malware Bytes, and removed some viruses. Since then, I've not seen any suspicious activity, and I also have active protection from MBAM, but I see some strange proccess as these.

Question: Am I fully secured?

I wouldn't say 100% that you are fully secured but if you haven't noticed anything suspicious, it's a possibility the RAT may be removed.

I'd recommend checking if you have any incoming connections that are established via CMD.

To do this, open up CMD and type the command "netstat -n" without the quotations. Take a screenshot or jot down any unfamilar IP addresses which show an "Established" state.

By the way, those top two processes in your task manager are legitimate Windows processes and the bottom two processes are Nvidia software processes so don't worry about those.

 

[Megaman]

(Sorry Phyber I know this is your thread)

I was having the same problems last week.Yet I resolved it. Are you using the built-in touchpad?

No touchpad what so ever

 

[Sharking]

Ah Phyber, you are a good friend of mine. Can vouch for you!

 

[Bry]

Yes, I have heard of it before. If you know how to remove it, why don't you? I wouldn't recommend keeping it on your computer since it could just slow things down.

I would recommend reading this guide if you need help removing it: http://guides.yoosecurity.com/how-t...ked-pc-asked-for-payment-100-pounds-or-euros/

---

I wouldn't say 100% that you are fully secured but if you haven't noticed anything suspicious, it's a possibility the RAT may be removed.

I'd recommend checking if you have any incoming connections that are established via CMD.

To do this, open up CMD and type the command "netstat -n" without the quotations. Take a screenshot or jot down any unfamilar IP addresses which show an "Established" state.

By the way, those top two processes in your task manager are legitimate Windows processes and the bottom two processes are Nvidia software processes so don't worry about those.

---

I see these IPs as established only having the internet browser opened. I don't know, do you see normal or suspicious man?

Btw, thanks for the help!

 

[Unicorn]

This is a great thread your helping people with;

Issue: RAT (just checking)
Question(s): What are the main .exe that would be running on my task management
Any additional information: Are all rats the same types of .exe apps running.