Generic Credential - Added by Windows Virtual PC?
-
quinta-feira, 20 de agosto de 2009 11:13Greetings,
I've noticed that Windows Credential has stored a "generic credential" for something called "virtualapp/didlogical". Has something to do with the Windows Virtual PC?
Regards
W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;)- Editado Reckon - J. Devesa quinta-feira, 20 de agosto de 2009 11:38
Todas as Respostas
-
sexta-feira, 21 de agosto de 2009 08:12If you were running 7 while it was still in RC before the RTM was available you were likely running the beta version of both the Virtual PC and XP mode at the time. Since then the RC version of each has been released. A few new things are now seen in the RCs like the support for usb flash drives not seen in the beta releases.
-
sexta-feira, 21 de agosto de 2009 08:56
Hello eyeCpc,
probably you are right. Anyway, such a critical security topic, like automatically create a "Generic Credential" and add it to the Windows Credential, should be documented anywhere.
I'd like to have an official word on this. I don't like the idea of having applications able to access/create credentials there.
Regards and thanks.
W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;) -
terça-feira, 25 de agosto de 2009 09:24Hello again,
sorry for bothering, but I'm really concerned about this generic credential. I can see it now too in a laptop.
Is anyone seeing this?
Regards
W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;) -
quarta-feira, 26 de agosto de 2009 05:24Moderador
Hi,
Thank you for your posts.
I also check the clean-installed Windows 7 computer here, and found this item is not in Credential Manager; therefore, I suspect this item should be related to some specific software or website.
We will perform some further researches to check this and if we get some information about this, we will share with you.
Thanks.
Nicholas Li - MSFT- Marcado como Resposta Nitin.GargModerator terça-feira, 16 de fevereiro de 2010 09:25
-
quarta-feira, 26 de agosto de 2009 08:10
Hi,
Thank you for your posts.
I also check the clean-installed Windows 7 computer here, and found this item is not in Credential Manager; therefore, I suspect this item should be related to some specific software or website.
We will perform some further researches to check this and if we get some information about this, we will share with you.
Thanks.
Nicholas Li - MSFT
Thanks Nicholas. I can provide more details about what I have installed. To avoid any suspect all the software in the computer is legal and genuine. I have some free utilities as well.
I use Windows Media Center and a Xbox 360 as a Extender.
Regards
If it was helpful, please vote! ¡Si te ayudó, por favor vota!
W7 RTM x64 running along with Office 2010 x64 TP -
quarta-feira, 25 de agosto de 2010 05:03
Hi Reckon - J. Devesa
I found virtualapp/didlogical in my Control Panel as a "generic credential" also after several days of odd behavior using my computer with the Microsoft Networks. I just removed it from the vault due to the post about this same subject at:
It is described as a hacker and keylogger on that thread, which references this thread on the same subject.
If you find out anything more please post it. I subscribed to the alerts on this page. I was blocked from accessing one of my own files.
http://social.answers.microsoft.com/Forums/en-US/w7security/thread/40467173-a75a-44b2-8617-5aa7a0479925
"In the future we will all die from hearsay." -
sexta-feira, 12 de novembro de 2010 10:30
H i all ,
first off i noticed this virtualapp/didlogical aswell , my first instinct , keylogger , when i did a search for "did logical" in win 7 start menu search it found a whole bunch of files in a folder stored in my storage hdd that folder contains vb6 setup, now I downloaded vb6 from a TORRENT !!!! website and had vb6 before i got windows 7, I've Had win 7 for a few months and never really checked out this GENERIC CREDENTIALS and when i did yesterday i removed from vault today i checked again,It was there again so i did the search in start again and it come up in a different folder, I must of saved the vb6 setup folder twice.
so now i will remove the folder and wait few hours or tommorow and post if it comes back
i also noticed in win 7 task manager alot of files auto start up but cant see what programs they are as they start then stop.
Generic credentials
Generic credentials are defined and authenticated by programs that manage authorization and security directly instead of delegating these tasks to the operating system. For example, a program might require that a user enter a user name and a password that the program provides. Or, a program might require that a user produce a certificate to access a Web site.
Programs use credentials management functions to prompt users for credentials that are defined by the program. These credentials may take the form of a user name, a password, a certificate, or a smart card. The credentials that the user enters are returned to the program for authentication.sourced from
http://support.microsoft.com/kb/913485
-
sábado, 13 de novembro de 2010 05:13
i checked earlier to see if the virtualapp/didlogical was in Generic credentials after removing it from the vault and also from the search in the folder
and it was back in there when i checked earlier, Im still wondering what it is,
-
sábado, 21 de maio de 2011 21:41I checked this also and everytime I sign onto Hotmail the credential shows back up in the Generic list, so in the control panel I clicked on Internet Options, then click on the Programs Tab, then click Manage Add-ons, disable Windows Live I D Sign-in Control. After that so far it has not shown up again
-
domingo, 11 de setembro de 2011 04:03
The Credential Manager creates the certificate VirtualApp/Didlogical via Messenger and Live Services. By disconnecting Messenger, the certificate disappears. This certificate was created by the FAKE Microsoft Update Certificate that has recently been addressed by Microsoft. They had to change the website for the Windows Update function. This means it was pawned all this time. The fake Windows Update site was administering Windows Updates as well as their own unsigned "Updates" marked as critical and NOT authored by Microsoft. One of these is KB951033 which installs itself into Office 12 files and works with Live services. This function is run by UC Online and ACP Partners of Microsoft Connect, according to a support email from Microsoft Connect. UC is University of California and ACP Partners is run by Mr. Oberio, formerly of Goldman Sachs and a former partner of Madoff. These files were absolutely malicous and re-routed my internet traffic as long as I had Live Online services from Microsoft. redir and 1033 were in the url header and the certificate was TRUSTe. Closer look reveals that it is exactly the same as the legitimate cert of Microsoft Partner Network, but says Unknown and FAKE. In addition, I received an email from PayPal stating that an intruder into PayPal had taken over my account. The intruder was TX1033 and the fake certificates stated UT. At first I thought UT meant Utah, now I think it means University of Texas. This means the LAMBDA backbone network is involved in the Microsoft Windows Update heist. In addition, this ability allows them to:
A. Install malware and spyware as the hidden administrator
B. Ride all sessions on the Internet
C. Read and control Hotmail accounts
D. Steal documents
The latter, I found was being done via Task Manager, which created a search of the computer at log in and put all copies into folders which were renamed, the entire body of which was created into a link and the link went to Cyberlink Media Libary (without the r) in Chinese language. This Cyberlink Media Libary is a scheduled service via taskmanager. I have not yet identified the ports being used but a check with NetSparker Community shows Cross site scripting from an unknown file on the computer. Another network test showed 8 hops to get to msn.com via 3 stops along the way of Level 3.
There is no doubt whatsoever that KB951033 was being installed as part of Windows Updates using fake Microsoft TRUSTe certificates and this software is used to interfere with Partners and re-route Internet traffic. As for me, I was prevented for an entire year from using the Partner Network, my computer display was disabled, and I never had a chance to use my Partner Benefits, including Dev and Des software.
One last note: they create files using the computers own (Windows 7) Powershell and turn the computers effectively into clients the moment you go online and enable Windows Updates. It is far more severe and has done far more damage than has been expressed in these forums.
For information on how to manually download the newest Windows Update go to
http://support.microsoft.com/kb/949104
For information about how to remove the old Windows Update function first... see this step by step instruction from :
http://www.online-tech-tips.com/computer-tips/how-to-remove-and-reinstall-all-windows-updates/
P.S. I have over 100 screenshots of this taken over the past 18 months of computer nightmare problems. At least, as a Microsoft Partner, I was re-directed against my will into Internet Security Research and Client side hardening, two subjects that are seriously lacking in solutions! :)
"In the future we will all die from hearsay."- Sugerido como Resposta femtobeam domingo, 11 de setembro de 2011 04:04
-
domingo, 11 de setembro de 2011 04:24I hope you looked at just how old this thread is.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram. -
segunda-feira, 12 de setembro de 2011 04:43
Colin,
Yes indeed! From August 20, 2009 until today, September 11 2011, I have been plagued by this issue which was never solved nor answered. If the Windows Update website change does not solve it, then the 12,144 views to this page have been in vain.
"In the future we will all die from hearsay." -
quarta-feira, 21 de setembro de 2011 22:21So, what's the answer to this "virtualapp/didlogical; User name: 02gjsyynjqsc"? I cannot see the password, as it's blocked-out!
-
sábado, 26 de novembro de 2011 06:30It is Windows Live Essentials and very likely Windows Live messenger. Something to do with old problem windows had with hacked windows update. Windows live programs put it there and all we can figure is they say its ok and not keyloggers or anything but they are tight lipped about talking about it too much. What I found on this virtualapp/didlogical in credential manager, searching for hours is we are all wasting our time and you can delete or keep it and it will just come back if you use windows live programs. But its harmless. Now I am really getting curious why they just dont have straight answers for all that want to know wtf this is doing there. But everywhere I found is DON'T worry its put there by windows live so DON'T WORRY. LOL SURE PS: now im worried or at least very curious and will check this out more now than before.
-
sábado, 26 de novembro de 2011 13:28Straight answers in a public forum might also give the bad guys too much information.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.- Editado Cbarnhorst sábado, 26 de novembro de 2011 13:28
-
sábado, 21 de janeiro de 2012 22:35
All these explanations are here, on virtual paper, in forums but, regardles of whether x64 was cointermingled with Office 2010, or any of that other crap; why does this generic credential have a user ID, and a password, that I cannot interpret; on MY COMPUTER?
ROONEY - primorjr@viewfromthehood.net
-
sábado, 21 de janeiro de 2012 22:47Please start a new thread with your question fully stated.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram. -
sábado, 14 de abril de 2012 17:28
vitualapp/didlogical
( Internet or network address )User name: 02@@@@@@@at
pass: @@@@@@@@
Persistence: Local Machine
I also would love a straight answwer to this QUESTION, WHO OR WHAT IS "vitualapp/didlogical" AND WHY ARE THERE SO MANY threads for such a simple question???
P.S. DON'T TELL BILL tm r c sm
Cbarnhorst
Retired
12,535 Points
Straight answers in a public forum might also give the bad guys too much information. THIS IS MOST LIKELY BS FROM MS
Please start a new thread with your question fully stated. why, to add to the confusion??? again >>>THIS IS MOST LIKELY BS FROM MS -
domingo, 22 de abril de 2012 20:13
Now I understand why PayPal reported an unauthorized attempt to use my account and why they shut my account down. This has happened 2 times (at least). Looks like some E-bay sellers may be involved here ? because I only use PayPal on E-bay.
And again - no help from Microsoft - and I have been paying them $19.95 for more than 20 years now ! (msn subscriber).
-
domingo, 22 de abril de 2012 20:23There is also a common phishing scam that purports to be from Paypal and claims that an unauthorized attempt has been made to use the user's account and threatens to shut the account down. I have referred a dozen of those to spoof@paypal.com. (Just commenting for others)
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
-
quarta-feira, 25 de abril de 2012 20:59im having d same problems, if u know how it happened to get onto my laptop r how to get rid, cud u plz let me knw, thnx.
-
quarta-feira, 25 de abril de 2012 21:04You are not texting here. For heaven's speak plain English.
Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
-
terça-feira, 12 de fevereiro de 2013 20:43
Greetings,
I've noticed that Windows Credential has stored a "generic credential" for something called "virtualapp/didlogical". Has something to do with the Windows Virtual PC?
Regards
W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;)
This is a deceptively simple Question, is this real? Needs only one answer a YES or a NO, it does not matter what system etc. it is either real, or it is not real.
i also asked this Question { i found this answer, see link below, or what seems to be an answer, IF IT IS NOT A REAL ANSWER IT SHOULD BE REMOVED }
http://social.technet.microsofthttp://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/bb411d90-3efb-41de-a601-f3b97944fdb5/#f55f8978-583d-44a8-8b62-c1eaee7fc564 { It will take you to a post by an ms employee } it will jump to the page, then to the specific post
If this is indeed an answer by a Microsoft employee it should show up as the FIRST AND LAST post to all these questions i.e. if someone quotes it, then it should automatically repost itself as the last post {non quotable with link back to first post so that is always the FIRST AND LAST word on the subject / while still allowing additional questions to be quoted, that is asked, at the first post} With a notation that the new question will be sent on to that employee. If a poster abuses this privilege / they can always be BLOCKED.
___________________________________________________________________________________
i have grudgingly accepted that this is a sub-contractor to ms, but i used:
Control Panel\All Control Panel Items\Credential Manager
Remove from vault option, and then i used:
Control Panel\All Control Panel Items\User Accounts\Link Online IDs
after clicking on:
Link Online IDs i signed in to Live.com {or hotmail, msn, etc.}
While this probably makes little difference it is actually now an ms id and {on my computer} it created two tokens in addition to the live id.
___________________________________________________________________________________
Here is my original Question / with Two Responses
http://social.technet.microsoft.com/Forums/en/w7itprovirt/thread/9013ca10-e788-418e-bded-419611d64efe
vitualapp/didlogical
( Internet or network address )
User name: 02@@@@@@@at
pass: @@@@@@@@
Persistence: Local Machine
I also would love a straight answer to this QUESTION, WHO OR WHAT IS "vitualapp/didlogical" AND WHY ARE THERE SO MANY threads for such a simple question???
-----------------------------------------------------------
Cbarnhorst
Retired
12,535 Points
Straight answers in a public forum might also give the bad guys too much information.
-----------------------------------------------------------
>>>> THIS IS MOST LIKELY BS FROM MS
i really do not think most of us are looking for a “tech” filled answer just a simple YES or NO, how does that help these “bad guys”
Needs only one answer a YES or a NO, it does not matter what system etc. it is either real or it is not real. <<<<
-----------------------------------------------------------
Please start a new thread with your question fully stated.
-----------------------------------------------------------
WHY, to add to the confusion???
again >>>THIS IS MOST LIKELY BS FROM MS
Needs only one answer a YES or a NO, it does not matter what system etc. it is either real or it is not real. <<<<
This Does Not Work well.
Simple solutions. Simply applied. Simply work.
Don’t tell Bill!!! He will “fix it.”
©®™℠ J So9-10 at Live Dotcom
- Editado j so terça-feira, 12 de fevereiro de 2013 20:46 broken link
- Editado j so terça-feira, 12 de fevereiro de 2013 21:24 broken link
- Editado j so terça-feira, 12 de fevereiro de 2013 21:36 add copy and paste statement / broken link
- Sugerido como Resposta j so terça-feira, 12 de fevereiro de 2013 21:36
- Editado j so quarta-feira, 13 de fevereiro de 2013 00:19 broken link
- Editado j so quarta-feira, 13 de fevereiro de 2013 00:28 fixed broken link
- Editado j so quarta-feira, 13 de fevereiro de 2013 00:29
.png)
