Internet police or paranoid delusions? Please check this shit out
28 2013-02-07 by [deleted]
ok. so it all began about 2 days ago after a very interesting conversation with a person claiming to be an IDF soldier. towards the end of the conversation my computer experienced a heavy load for several minutes; my browser and all my shit became unresponsive. after several minutes, cpu usage seemingly returned to normal until i powered down my machine. note that that entire day, i had done nothing but switched between reddit, anarchy online, and torchlight 2.
the very next morning, i turn on my computer, which i have set up to dual boot linux mint 14 and windows 7, to discover that windows 7 boots to a black screen where only the cursor is visible. ctrl+alt+del does not function. so i reboot into safe mode with networking, same deal. reboot into safe mode with command prompt only, same deal.
i am visibly perplexed.
i proceeded to run various antivirus software in an attempt to fix the problem. finally, after scanning with clamAV on linux mint 14, it becomes apparent that there is a bootkit present in the master boot record as well as 30+ other malware/trojans/exploits. i deleted the things, or so i thought.
i reboot windows and the same black screen problem persists. FUCK
DAY 2
i format and do a clean installation of windows 7.
the very moment i install wlan drivers and connect to the internet, i checked task manager to view the processes running and discovered this process running which has my cpu idling at 40% and almost 500mb of ram. it was also utilizing my internet connection at a rate of mostly 150-500kbps and up to 1.5mbps. the free space on my hd is also decreasing at a similar rate. i dont know what is downloading or where its going.
svchost.exe(netsvcs)
now, i understand that svchost.exe is a regular function of windows which does a handful of different things.
what i dont get is, this.
i opened up resource manager to get a closer look at this service causing havoc to my computer. i checked the tcp connections the service was making and i discovered literately hundreds of connections to various cloud servers associated with companies such as amazon, at&t, ntt america, gannett co. inc. softlayer technologies, and to my surprise ripe network coordination center. (whois is your friend)
ripe network coordination center. hmhf.. how peculiar?
RIPE Network Coordination Center
The RIPE NCC engages in a range of activities that can be defined as “Internet governance”. These activities include working with the technical community, governments, regulators, civil society and law enforcement agencies.
what do? this is quite possibly the craziest shit ive ever seen happen to a computer.
21 comments
8 [deleted] 2013-02-07
[deleted]
1 TheWiredWorld 2013-02-07
highlights?
4 TheTruthWasOutThere 2013-02-07
Can you block the IP address at your router?
4 GitEmSteveDave 2013-02-07
You did a clean install of windows 7 and when you first connect it bogged you down? Simple explanation: Windows was doing it's software updates as was all the other programs that windows installs with itself. One of the things I hate about doing clean installs or working on a computer that has been offline for months. As soon as they get an active connection, and "automatically download and install updates" is selected in windows updates, it tries to download all the updats.
-1 ronintetsuro 2013-02-07
But his computer wasn't offline for months. It was online shortly before he did the reinstall. Your point is valid, but the whole thing is curious.
5 GitEmSteveDave 2013-02-07
Unless it's a live updating CD, the clean install would put you back to whatever version was on that CD/DVD, so at least a few months out of date.
4 sunshine-x 2013-02-07
You're not using whois correctly. Learn the difference between ARIN and RIPE, and try again.
0 [deleted] 2013-02-07
[deleted]
3 sunshine-x 2013-02-07
Take those IPs and use the RIPE whois tool to query RIPE. ARIN and RIPE have jurisdictions. ARIN is telling you to go ask RIPE.
Also, turn everything else in the house off. change your external-facing IP, and run your experiment again. See if the results are the same. My guess - you were torrenting something recently and the traffic you see is residual incoming attempts to download by the torrent swarm. Or did you say they were outbound? What kind of packets? SYNs? Did the 3-way handshakes complete?
1 [deleted] 2013-02-07
[deleted]
1 sunshine-x 2013-02-07
wireshark has everything you need, good luck
3 DaZese420 2013-02-07
This is really interesting did you try contacting to company?
0 [deleted] 2013-02-07
[deleted]
1 Mini-Rukus 2013-02-07
Have you tried perusing the wide web seeing if any other W7 users have experienced similar or the same event?
I have to say, though. It does sound quite fishy. I try to take everything with a grain of salt and be as unbiased as possible, but this definitely piques one's curiosity, especially if it's seemingly related to said subject matter.
1 DaZese420 2013-02-07
What was the conversation like
3 igobyalexis 2013-02-07
thats fucked
0 StopBanningMe4 2013-02-07
Sounds like either a virus or your computer just sucks. Have you contacted anyone yet, or looked up your issue on google?
Couldn't have come from the person with whom you were conversing. He had none of your personal information at all and no connection to your computer.
0 DadoFaayan 2013-02-07
I wish my trouble tickets at work came in with this much info.
1 [deleted] 2013-02-07
e-mail broken!
0 ronintetsuro 2013-02-07
please reset my unlock, i have presentation in 90 seconds...
-7 [deleted] 2013-02-07
FYI OP you might want to spout less crazy in your conversations, you come across as an edgy fourteen-year-old who spends too much time on /pol/ and not enough time with real people.
0 ronintetsuro 2013-02-07
I am always very cautious of people who can only call total strangers on the internet crazy to dismiss their points.
-17 bamshoulddie 2013-02-07
You were definitely being targeted. Watch the skies in the coming days. They will probably start chemtrailing your neighborhood. The gangstalking will start, too. If you see a car driving by your house or people at the same store as you, it's probably them gangstalking you. This is how they go after high-profile subversives like you.
5 [deleted] 2013-02-07
[deleted]
1 They_Call_Me 2013-02-07
Why the sarcasm? Did you even read op's comment or even go to the RIPE link he provided? That company is doing real deal shit, things that can change the internet as we know it..
Did you see some of the projects they are working on or what they even offer?
Its pretty dismissive of op's concerns to assume hes a nut job hiding in his closet, he could be just an average guy who noticed something strange and investigated. One should never just dismiss someone's claims just because you cant understand it, not understanding dose not mean its not real.
Op I don't know what to tell ya, I don't know what your into or what sites you go to or what you download, but that shit is strange. But to say there is nothing to your claim would be false.. All of you should watch this
http://www.pbs.org/wgbh/nova/military/spy-factory.html
It will give you an understanding of how much everything on the internet is watched.
Op you should look for people who have posted similar stories on the internet and see what you can gather, post your findings its very interesting.
Also, the guy you were talking too, very strange, in his AMA he was politically correct but in his other post he is pretty vicious.. He shits all over a lot of different people, cultures and countries. I wonder if his comments are a microcosm of his culture, being that when the cameras are on they say one thing but when they are off its a completely different ball game.
0 Disco_Killer 2013-02-07
What is it about attacking people on the Internet that turns you on buddy? Just had a look through your comments on other articles and it looks like you signed up to reddit for the sole purpose of trying to make out that everyone else is stupid. I'd say you fit the profile of a shill but I don't want a trademark "bamshoulddie" tongue lashing. And if you wondered why I looked, someone else pointed out your strange habits elsewhere in the comments...