POSSIBLE HACK...PLEASE, PLEASE HELP!

[Root Kit]

On Fri, 25 Jul 2008 12:41:01 -0700, Annie
<Annie@discussions.microsoft.com> wrote:

>In doing this, I found a file I don't recognize. B's Recorder GOLD Library
>General Service. bgsvcgen.exe Is this something that should be uninstalled?
> (it's not in my add and remove folder) I have no idea what it's doing on my
>machine.

http://www.neuber.com/taskmanager/process/bgsvcgen.exe.html

 

[PA Bear [MS MVP]]

The "HJT guy" said:

<QP>
Port 2869 traffic is UPnP traffic, generated between your router and your
workstation. It is harmless, and certainly not coming from outside of your
computer system.

You can disable UPnP on the router, the client, or both, to stop the
traffic.
</QP>
Source: http://aumha.net/viewtopic.php?p=196621#p196621
--
~PA Bear


Annie wrote:
> I disabled UPnP in the router settings. Also disabled UPnP and SSDP
> Discovery Service on my computer. No more messages since I did this.
> Everything seems to be running smoothly right now.
>
> In doing this, I found a file I don't recognize. B's Recorder GOLD
> Library
> General Service. bgsvcgen.exe Is this something that should be
> uninstalled? (it's not in my add and remove folder) I have no idea what
> it's doing on my machine.
> The HJT guy said he didn't find any malware so I'm guessing it's OK to
> leave
> on.
<snip>

 

[Annie]

That's not my issue anymore. I already posted I disabled UPnP on router and
computer...everything is fine. I said 'thank you', too. I really, really
appreciate everyone's help here. BTW, I won't name name's but one of those
'guys' at aum....was very rude. Read many posts and he's obviously upsetting
a lot of people. Why do they allow that? Unexperienced people with computer
problems are there for help. Not to be yelled at. One little mistake in a
post and man, he's all over me! Not just myself. I, for one, won't be going
back there. I'm sticking to Microsoft for help. If I'm bugging you guys,
Sorry. I don't mean to be. Sheeesh.

From my previous post: "In doing this, I found a file I don't recognize.
B's Recorder GOLD Library
>General Service. bgsvcgen.exe Is this something that should be uninstalled?
> (it's not in my add and remove folder) I have no idea what it's doing on my
>machine. " This is my issue. I'm just now reading the info from the link RootKit gave me.




"PA Bear [MS MVP]" wrote:

> The "HJT guy" said:
>
> <QP>
> Port 2869 traffic is UPnP traffic, generated between your router and your
> workstation. It is harmless, and certainly not coming from outside of your
> computer system.
>
> You can disable UPnP on the router, the client, or both, to stop the
> traffic.
> </QP>
> Source: http://aumha.net/viewtopic.php?p=196621#p196621
> --
> ~PA Bear
>
>
> Annie wrote:
> > I disabled UPnP in the router settings. Also disabled UPnP and SSDP
> > Discovery Service on my computer. No more messages since I did this.
> > Everything seems to be running smoothly right now.
> >
> > In doing this, I found a file I don't recognize. B's Recorder GOLD
> > Library
> > General Service. bgsvcgen.exe Is this something that should be
> > uninstalled? (it's not in my add and remove folder) I have no idea what
> > it's doing on my machine.
> > The HJT guy said he didn't find any malware so I'm guessing it's OK to
> > leave
> > on.
> <snip>
>
>

 

[Tom [Pepper] Willett]

Google *is* your friend.

: From my previous post: "In doing this, I found a file I don't
recognize.
: B's Recorder GOLD Library
: >General Service. bgsvcgen.exe Is this something that should be
uninstalled?
: > (it's not in my add and remove folder) I have no idea what it's doing on
my
: >machine. " This is my issue. I'm just now reading the info from the
link RootKit gave me.
:
:
:
:
: "PA Bear [MS MVP]" wrote:
:
: > The "HJT guy" said:
: >
: > <QP>
: > Port 2869 traffic is UPnP traffic, generated between your router and
your
: > workstation. It is harmless, and certainly not coming from outside of
your
: > computer system.
: >
: > You can disable UPnP on the router, the client, or both, to stop the
: > traffic.
: > </QP>
: > Source: http://aumha.net/viewtopic.php?p=196621#p196621
: > --
: > ~PA Bear
: >
: >
: > Annie wrote:
: > > I disabled UPnP in the router settings. Also disabled UPnP and SSDP
: > > Discovery Service on my computer. No more messages since I did this.
: > > Everything seems to be running smoothly right now.
: > >
: > > In doing this, I found a file I don't recognize. B's Recorder GOLD
: > > Library
: > > General Service. bgsvcgen.exe Is this something that should be
: > > uninstalled? (it's not in my add and remove folder) I have no idea
what
: > > it's doing on my machine.
: > > The HJT guy said he didn't find any malware so I'm guessing it's OK to
: > > leave
: > > on.
: > <snip>
: >
: >

 

[PA Bear [MS MVP]]

Ya just gotta love...

<QP>
Pfft. I'm almost 13, and I know how to manipulate the registry easily.
</QP>
Source:
http://64.233.169.104/search?q=cach...d=73673+bgsvcgen.exe&hl=en&ct=clnk&cd=1&gl=us

<VBEG>


Tom [Pepper] Willett wrote:
> Google *is* your friend.
>
>>> From my previous post: "In doing this, I found a file I don't
>>> recognize.
>>> B's Recorder GOLD Library
>>> General Service. bgsvcgen.exe Is this something that should be
>>> uninstalled? (it's not in my add and remove folder) I have no idea what
>>> it's doing on my machine. " This is my issue. I'm just now reading the
>>> info from the link RootKit gave me.
<snip>

 

[Tom [Pepper] Willett]

Yep. I Googled for it when she first brought it up. It's everywhere -)

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:uMHGpBq7IHA.616@TK2MSFTNGP02.phx.gbl...
: Ya just gotta love...
:
: <QP>
: Pfft. I'm almost 13, and I know how to manipulate the registry easily.
: </QP>
: Source:
:
http://64.233.169.104/search?q=cach...d=73673+bgsvcgen.exe&hl=en&ct=clnk&cd=1&gl=us
:
: <VBEG>
:
:
: Tom [Pepper] Willett wrote:
: > Google *is* your friend.
: >
: >>> From my previous post: "In doing this, I found a file I don't
: >>> recognize.
: >>> B's Recorder GOLD Library
: >>> General Service. bgsvcgen.exe Is this something that should be
: >>> uninstalled? (it's not in my add and remove folder) I have no idea
what
: >>> it's doing on my machine. " This is my issue. I'm just now reading
the
: >>> info from the link RootKit gave me.
: <snip>
:

 

[~BD~]

You are obviously referring to Mr Castner, Annie. Ref:
http://aumha.net/viewtopic.php?p=196621#p196621

I, too, noticed that he upset/annoyed a lot of posters and at times I wondered if, in fact, there
was more than one individual providing 'solutions' under the guise of being
http://aumha.net/memberlist.php?mode=viewprofile&u=12522

Please don't fret though ........ 'he' was rude to me too! <wink>

I tried to find the answer to this question: If Mr Castner 'joined' AumHa 9/18/06, how come he was
giving answers to folk back in 2004? See here:
http://aumha.net/search.php?st=0&sk=t&sd=d&author_id=12522&start=8190

As the most profligate poster at AumHa, Robear Dyer (see
http://aumha.net/memberlist.php?mode=&sk=d&sd=d ) is here in this thread, perhaps he will explain
this apparent anomally to all of us.

Perhaps ...... maybe ........ all is not quite as it appears to be at first sight ............ 'over
there'!

Dave


"Annie" <Annie@discussions.microsoft.com> wrote in message
news:AED76AE7-564B-42C8-8B0C-A082F056A316@microsoft.com...
> That's not my issue anymore. I already posted I disabled UPnP on router and
> computer...everything is fine. I said 'thank you', too. I really, really
> appreciate everyone's help here. BTW, I won't name name's but one of those
> 'guys' at aum....was very rude. Read many posts and he's obviously upsetting
> a lot of people. Why do they allow that? Unexperienced people with computer
> problems are there for help. Not to be yelled at. One little mistake in a
> post and man, he's all over me! Not just myself. I, for one, won't be going
> back there. I'm sticking to Microsoft for help. If I'm bugging you guys,
> Sorry. I don't mean to be. Sheeesh.
>
<snip>

 

[Annie]

You hit the nail on the head, Dave! Don't think he should be allowed to
treat people like that.

Anyway. I did get my port problem fixed. Thanks, everyone. I've disabled
the B's Recorder.....file. I'll leave it at that for the time being. Yes, it
was everywhere on Google, guys. ) Just hadn't gotten that far in my
research yet. 13? Pretty good for 13!

I'm now working with Avast to clear up an updating problem. It's been one
thing after another since I connected with RoadRunner! Altho I love the
speed, the tech obviously made changes all over my computer without my
knowledge. Shoulda told me.



"~BD~" wrote:

> You are obviously referring to Mr Castner, Annie. Ref:
> http://aumha.net/viewtopic.php?p=196621#p196621
>
> I, too, noticed that he upset/annoyed a lot of posters and at times I wondered if, in fact, there
> was more than one individual providing 'solutions' under the guise of being
> http://aumha.net/memberlist.php?mode=viewprofile&u=12522
>
> Please don't fret though ........ 'he' was rude to me too! <wink>
>
> I tried to find the answer to this question: If Mr Castner 'joined' AumHa 9/18/06, how come he was
> giving answers to folk back in 2004? See here:
> http://aumha.net/search.php?st=0&sk=t&sd=d&author_id=12522&start=8190
>
> As the most profligate poster at AumHa, Robear Dyer (see
> http://aumha.net/memberlist.php?mode=&sk=d&sd=d ) is here in this thread, perhaps he will explain
> this apparent anomally to all of us.
>
> Perhaps ...... maybe ........ all is not quite as it appears to be at first sight ............ 'over
> there'!
>
> Dave
>
>
> "Annie" <Annie@discussions.microsoft.com> wrote in message
> news:AED76AE7-564B-42C8-8B0C-A082F056A316@microsoft.com...
> > That's not my issue anymore. I already posted I disabled UPnP on router and
> > computer...everything is fine. I said 'thank you', too. I really, really
> > appreciate everyone's help here. BTW, I won't name name's but one of those
> > 'guys' at aum....was very rude. Read many posts and he's obviously upsetting
> > a lot of people. Why do they allow that? Unexperienced people with computer
> > problems are there for help. Not to be yelled at. One little mistake in a
> > post and man, he's all over me! Not just myself. I, for one, won't be going
> > back there. I'm sticking to Microsoft for help. If I'm bugging you guys,
> > Sorry. I don't mean to be. Sheeesh.
> >
> <snip>
>
>
>

 

[PA Bear [MS MVP]]

Annie, you should know that ~BD~ was banned from AumHa Forums, several other
forums, an ISP, and at least one Usenet server for his bizarre and sometimes
harrassing behavior. By jumping in here, he's taking advantage of you in an
effort to further his agenda, not to assist you.

@Annie only: Bill's AumHa profile was "horked" due to a server problem in
Sept-06. His posts from 18 Sept-06 and earlier were associated with the
"horked" profile. Bill is a well-respected, longtime MS MVP and has been an
AumHa VSOP and Moderator for many years cf. http://aumha.org/vsop.htm.

Participation in many AumHa Forums requires a certain level of computer
proficiency but we attempt to assist all comers. (I did suggest other
forums to you.) You may find Computer Haven forums (where ~BD~ is also
/personna non grata/, I believe) more to your liking:
http://www.computerhaven.info/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Annie wrote:
> You hit the nail on the head, Dave! Don't think he should be allowed to
> treat people like that.
>
> Anyway. I did get my port problem fixed. Thanks, everyone. I've
> disabled
> the B's Recorder.....file. I'll leave it at that for the time being. Yes,
> it was everywhere on Google, guys. ) Just hadn't gotten that far in my
> research yet. 13? Pretty good for 13!
>
> I'm now working with Avast to clear up an updating problem. It's been one
> thing after another since I connected with RoadRunner! Altho I love the
> speed, the tech obviously made changes all over my computer without my
> knowledge. Shoulda told me.
<snip>

 

[~BD~]

Answer below

"Annie" <Annie@discussions.microsoft.com> wrote in message
news:B10E2E07-DA8A-4CDB-BF9F-E8C0997B15D2@microsoft.com...
> You hit the nail on the head, Dave! Don't think he should be allowed to
> treat people like that.
>
> Anyway. I did get my port problem fixed. Thanks, everyone. I've disabled
> the B's Recorder.....file. I'll leave it at that for the time being. Yes, it
> was everywhere on Google, guys. ) Just hadn't gotten that far in my
> research yet. 13? Pretty good for 13!
>
> I'm now working with Avast to clear up an updating problem. It's been one
> thing after another since I connected with RoadRunner! Altho I love the
> speed, the tech obviously made changes all over my computer without my
> knowledge. Shoulda told me.

I'm really pleased to hear that you've succeeded in fixing things, Annie.

Robear is correct when he tells you I have been banned by AumHa - for asking difficult questions
............. and banned from Annexcafe.com for the very same reason. The folk at
hxxp://www.computerhaven.info/ have not (to my knowledge) banned me, but I noted that some were the
same as the 'helpers' on Aumha so haven't felt comfortable there.

I have NEVER been banned by 'an ISP, and at least one Usenet server' - that is a lie.

I posted this note in another thread recently:-

***************************************************

Hello PA Bear!

As you have dropped by, I wonder if you can tell me why it is that if I type www.Aumha.com into my
browser address bar I'm whisked off to this URL - http://downloadprograms.biz/?rid=544620

Many here will know that you are one of the resident experts at www.Aumha.net and that
www.Aumha.org is a well established site for helping those wishing to learn about PC's and security.
I find it surprising that the .com domain isn't 'owned' by Mr James E. Eshelman, a man of great
experience, as explained here: www.aumha.org/resume.htm

TIA

***************************************************

I didn't receive a reply! Perhaps someone else reading here will know the answer.

As far as a "horked" profile is concerned, I'd have thought that it would be easy for such clever
folk to correct the false information.

I used to trust people once!

Dave

 

[Root Kit]

On Sat, 26 Jul 2008 10:03:25 +0100, "~BD~" <BoaterDave@nospam.invalid>
wrote:

>You are obviously referring to Mr Castner, Annie. Ref:
>http://aumha.net/viewtopic.php?p=196621#p196621

Honestly, based on this thread alone I see no sign of rudeness. He
answers a question (correctly) and reminds about forum rules. That's
not being rude unless one is too sensitive.