Not what you were looking for? Ask our experts!
Reply
Regular Contributor
timboyboy
Posts: 115
Registered: ‎08-28-2011

virtualapp/didlogical; User name: 02gjsyynjqsc is a malware?

under credential manager, i saw a generic virtualapp/didlogical; User name: 02gjsyynjqsc

 

i tried to removed it but when i re login to windows , it auto create itself again with the  same entry

 

is it some kind of malware , keylogger or  backdoor hacking or something?



Regular Contributor
timboyboy
Posts: 115
Registered: ‎08-28-2011

Re: virtualapp/didlogical; User name: 02gjsyynjqsc is a malware?

did a search and found this

 

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/bb411d90-3efb-41de-a601-f3b9...

 

The Credential Manager creates the certificate VirtualApp/Didlogical via Messenger and Live Services. By disconnecting Messenger, the certificate disappears. This certificate was created by the FAKE Microsoft Update Certificate that has recently been addressed by Microsoft. They had to change the website for the Windows Update function. This means it was pawned all this time. The fake Windows Update site was administering Windows Updates as well as their own unsigned "Updates" marked as critical and NOT authored by Microsoft. One of these is KB951033 which installs itself into Office 12 files and works with Live services. This function is run by UC Online and ACP Partners of Microsoft Connect, according to a support email from Microsoft Connect. UC is University of California and ACP Partners is run by Mr. Oberoi, formerly of Goldman Sachs and a former partner of Madoff. These files were absolutely malicous and re-routed my internet traffic as long as I had Live Online services from Microsoft. redir and 1033 were in the url header and the certificate was TRUSTe. Closer look reveals that it is exactly the same as the legitimate cert of Microsoft Partner Network, but says Unknown and FAKE. In addition, I received an email from PayPal stating that an intruder into PayPal had taken over my account. The intruder was TX1033 and the fake certificates stated UT. At first I thought UT meant Utah, now I think it means University of Texas. This means the LAMBDA backbone network is involved in the Microsoft Windows Update heist. In addition, this ability allows them to:

A. Install malware and spyware as the hidden administrator

B. Ride all sessions on the Internet

C. Read and control Hotmail accounts

D. Steal documents



The latter, I found was being done via Task Manager, which created a search of the computer at log in and put all copies into folders which were renamed, the entire body of which was created into a link and the link went to Cyberlink Media Libary (without the r) in Chinese language. This Cyberlink Media Libary is a scheduled service via taskmanager. I have not yet identified the ports being used but a check with NetSparker Community shows Cross site scripting from an unknown file on the computer. Another network test showed 8 hops to get to msn.com via 3 stops along the way of Level 3.

There is no doubt whatsoever that KB951033 was being installed as part of Windows Updates using fake Microsoft TRUSTe certificates and this software is used to interfere with Partners and re-route Internet traffic. As for me, I was prevented for an entire year from using the Partner Network, my computer display was disabled, and I never had a chance to use my Partner Benefits, including Dev and Des software.

One last note: they create files using the computers own (Windows 7) Powershell and turn the computers effectively into clients the moment you go online and enable Windows Updates. It is far more severe and has done far more damage than has been expressed in these forums.

For information on how to manually download the newest Windows Update go to

http://support.microsoft.com/kb/949104

For information about how to remove the old Windows Update function first... see this step by step instruction from :

http://www.online-tech-tips.com/computer-tips/how-to-remove-and-reinstall-all-windows-updates/P.S. I have over 100 screenshots of this taken over the past 18 months of computer nightmare problems. At least, as a Microsoft Partner, I was re-directed against my will into Internet Security Research and Client side hardening, two subjects that are seriously lacking in solutions! :)





SendOfJive
Posts: 10,600
Kudos: 4,666
Solutions: 760
Registered: ‎02-07-2009

Re: virtualapp/didlogical; User name: 02gjsyynjqsc is a malware?


timboyboy wrote:

under credential manager, i saw a generic virtualapp/didlogical; User name: 02gjsyynjqsc

 

i tried to removed it but when i re login to windows , it auto create itself again with the  same entry

 

is it some kind of malware , keylogger or  backdoor hacking or something?





It is apparently a legitimate credential created by Windows Live.  Have you researched the various assertions made in the technet post that you quoted to determine if there is any independent evidence to support the claims being made?

Regular Contributor
timboyboy
Posts: 115
Registered: ‎08-28-2011

Re: virtualapp/didlogical; User name: 02gjsyynjqsc is a malware?

hi thanks for the info

 

i did googled but however some articles mentioned it was some kind of malware or backdoor hacking etc.

 

but i am glad that you clarified it for me.

 

so its 100% safe?

 

 

Newbie
haephrati
Posts: 1
Registered: ‎01-21-2012

Re: virtualapp/didlogical; User name: 02gjsyynjqsc is a malware?

From reading this topic it is still unclear whether it is a maleware or not. If it's not, why is the certificate appears to be fake. Shouldn't Microsoft fix that? Being a member of Microsoft BizSpark, I can address this issue to them.

Michael Haephrati, Information Security Expert