none
Generic Credential - Added by Windows Virtual PC?

    Question

  • Greetings,

    I've noticed that Windows Credential has stored a "generic credential" for something called "virtualapp/didlogical". Has something to do with the Windows Virtual PC?

    Regards
    W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;)
    Thursday, August 20, 2009 11:13 AM

Answers

  • Hi,

     

    Thank you for your posts.

     

    I also check the clean-installed Windows 7 computer here, and found this item is not in Credential Manager; therefore, I suspect this item should be related to some specific software or website.

     

    We will perform some further researches to check this and if we get some information about this, we will share with you.

     

    Thanks.


    Nicholas Li - MSFT
    Wednesday, August 26, 2009 5:24 AM
    Moderator

All replies

  • If you were running 7 while it was still in RC before the RTM was available you were likely running the beta version of both the Virtual PC and XP mode at the time. Since then the RC version of each has been released. A few new things are now seen in the RCs like the support for usb flash drives not seen in the beta releases.
    Friday, August 21, 2009 8:12 AM
  • Hello eyeCpc,

    probably you are right. Anyway, such a critical security topic, like automatically create a "Generic Credential" and add it to the Windows Credential, should be documented anywhere.

    I'd like to have an official word on this. I don't like the idea of having applications able to access/create credentials there.

    Regards and thanks.


    W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;)
    Friday, August 21, 2009 8:56 AM
  • Hello again,

    sorry for bothering, but I'm really concerned about this generic credential. I can see it now too in a laptop.

    Is anyone seeing this?

    Regards
    W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;)
    Tuesday, August 25, 2009 9:24 AM
  • Hi,

     

    Thank you for your posts.

     

    I also check the clean-installed Windows 7 computer here, and found this item is not in Credential Manager; therefore, I suspect this item should be related to some specific software or website.

     

    We will perform some further researches to check this and if we get some information about this, we will share with you.

     

    Thanks.


    Nicholas Li - MSFT
    Wednesday, August 26, 2009 5:24 AM
    Moderator
  • Hi,

     

    Thank you for your posts.

     

    I also check the clean-installed Windows 7 computer here, and found this item is not in Credential Manager; therefore, I suspect this item should be related to some specific software or website.

     

    We will perform some further researches to check this and if we get some information about this, we will share with you.

     

    Thanks.


    Nicholas Li - MSFT

    Thanks Nicholas. I can provide more details about what I have installed. To avoid any suspect all the software in the computer is legal and genuine. I have some free utilities as well.

    I use Windows Media Center and a Xbox 360 as a Extender.

    Regards
    If it was helpful, please vote! ¡Si te ayudó, por favor vota!
    W7 RTM x64 running along with Office 2010 x64 TP
    Wednesday, August 26, 2009 8:10 AM
  • Hi Reckon - J. Devesa

    I found virtualapp/didlogical in my Control Panel as a "generic credential" also after several days of odd behavior using my computer with the Microsoft Networks. I just removed it from the vault due to the post about this same subject at:

     

    It is described as a hacker and keylogger on that thread, which references this thread on the same subject.

    If you find out anything more please post it. I subscribed to the alerts on this page. I was blocked from accessing one of my own files.

    http://social.answers.microsoft.com/Forums/en-US/w7security/thread/40467173-a75a-44b2-8617-5aa7a0479925
    "In the future we will all die from hearsay."
    Wednesday, August 25, 2010 5:03 AM
  • H i all ,

     

    first off i noticed this virtualapp/didlogical aswell , my first instinct , keylogger , when i did a search for "did logical" in win 7 start menu search it found a whole bunch of files in a folder stored in my storage hdd that folder contains  vb6 setup, now  I downloaded vb6 from a TORRENT !!!! website and had vb6  before i got windows 7, I've Had win 7 for a few months  and never really checked out this  GENERIC CREDENTIALS and when i did yesterday i removed from vault today i checked again,It was there again so i did the search in start again  and it come up in a different folder, I must of  saved the vb6 setup folder twice.

    so now i will remove the folder  and wait few hours or tommorow and post if it comes back

    i also noticed in win 7 task manager alot of files auto start up but cant see what programs they are as they start then stop.

     

     

    Generic credentials

    Generic credentials are defined and authenticated by programs that manage authorization and security directly instead of delegating these tasks to the operating system. For example, a program might require that a user enter a user name and a password that the program provides. Or, a program might require that a user produce a certificate to access a Web site.

    Programs use credentials management functions to prompt users for credentials that are defined by the program. These credentials may take the form of a user name, a password, a certificate, or a smart card. The credentials that the user enters are returned to the program for authentication.

    sourced from

    http://support.microsoft.com/kb/913485

     

     

    Friday, November 12, 2010 10:30 AM
  • i checked  earlier to see if the virtualapp/didlogical was in Generic credentials after removing it from the vault and also from the search in the folder

    and it was back in there when i checked earlier, Im still wondering what it is,

    Saturday, November 13, 2010 5:13 AM
  • I checked this also and everytime I sign onto Hotmail the credential shows back up in the Generic list, so in the control panel I clicked on Internet Options, then click on the Programs Tab, then click Manage Add-ons, disable Windows Live I D Sign-in Control.  After that so far it has not shown up again
    Saturday, May 21, 2011 9:41 PM
  • The Credential Manager creates the certificate VirtualApp/Didlogical via Messenger and Live Services. By disconnecting Messenger, the certificate disappears. This certificate was created by the FAKE Microsoft Update Certificate that has recently been addressed by Microsoft. They had to change the website for the Windows Update function. This means it was pawned all this time. The fake Windows Update site was administering Windows Updates as well as their own unsigned "Updates" marked as critical and NOT authored by Microsoft. One of these is KB951033 which installs itself into Office 12 files and works with Live services. This function is run by UC Online and ACP Partners of Microsoft Connect, according to a support email from Microsoft Connect. UC is University of California and ACP Partners is run by Mr. Oberio, formerly of Goldman Sachs and a former partner of Madoff. These files were absolutely malicous and re-routed my internet traffic as long as I had Live Online services from Microsoft. redir and 1033 were in the url header and the certificate was TRUSTe. Closer look reveals that it is exactly the same as the legitimate cert of Microsoft Partner Network, but says Unknown and FAKE. In addition, I received an email from PayPal stating that an intruder into PayPal had taken over my account. The intruder was TX1033 and the fake certificates stated UT. At first I thought UT meant Utah, now I think it means University of Texas. This means the LAMBDA backbone network is involved in the Microsoft Windows Update heist. In addition, this ability allows them to:

    A. Install malware and spyware as the hidden administrator

    B. Ride all sessions on the Internet

    C. Read and control Hotmail accounts

    D. Steal documents

    The latter, I found was being done via Task Manager, which created a search of the computer at log in and put all copies into folders which were renamed, the entire body of which was created into a link and the link went to Cyberlink Media Libary (without the r) in Chinese language. This Cyberlink Media Libary is a scheduled service via taskmanager. I have not yet identified the ports being used but a check with NetSparker Community shows Cross site scripting from an unknown file on the computer. Another network test showed 8 hops to get to msn.com via 3 stops along the way of Level 3.

    There is no doubt whatsoever that KB951033 was being installed as part of Windows Updates using fake Microsoft TRUSTe certificates and this software is used to interfere with Partners and re-route Internet traffic. As for me, I was prevented for an entire year from using the Partner Network, my computer display was disabled, and I never had a chance to use my Partner Benefits, including Dev and Des software.

    One last note: they create files using the computers own (Windows 7) Powershell and turn the computers effectively into clients the moment you go online and enable Windows Updates. It is far more severe and has done far more damage than has been expressed in these forums.

    For information on how to manually download the newest Windows Update go to

    http://support.microsoft.com/kb/949104

    For information about how to remove the old Windows Update function first... see this step by step instruction from :

    http://www.online-tech-tips.com/computer-tips/how-to-remove-and-reinstall-all-windows-updates/

    P.S. I have over 100 screenshots of this taken over the past 18 months of computer nightmare problems. At least, as a Microsoft Partner, I was re-directed against my will into Internet Security Research and Client side hardening, two subjects that are seriously lacking in solutions! :)


    "In the future we will all die from hearsay."
    • Proposed as answer by femtobeam Sunday, September 11, 2011 4:04 AM
    Sunday, September 11, 2011 4:03 AM
  • I hope you looked at just how old this thread is.
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Sunday, September 11, 2011 4:24 AM
  • Colin,

    Yes indeed! From August 20, 2009 until today, September 11 2011, I have been plagued by this issue which was never solved nor answered. If the Windows Update website change does not solve it, then the 12,144 views to this page have been in vain.


    "In the future we will all die from hearsay."
    Monday, September 12, 2011 4:43 AM
  • So, what's the answer to this "virtualapp/didlogical; User name: 02gjsyynjqsc"? I cannot see the password, as it's blocked-out!
    Wednesday, September 21, 2011 10:21 PM
  • It is Windows Live Essentials and very likely Windows Live messenger. Something to do with old problem windows had with hacked windows update. Windows live programs put it there and all we can figure is they say its ok and not keyloggers or anything but they are tight lipped about talking about it too much. What I found on this virtualapp/didlogical in credential manager,  searching for hours is we are all wasting our time and you can delete or keep it and it will just come back if you use windows live programs. But its harmless. Now I am really getting curious why they just dont have straight answers for all that want to know wtf this is doing there. But everywhere I found is DON'T worry its put there by windows live so DON'T WORRY. LOL SURE  PS: now im worried or at least very curious and will check this out more now than before.
    Saturday, November 26, 2011 6:30 AM
  • Straight answers in a public forum might also give the bad guys too much information. 
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    • Edited by Cbarnhorst Saturday, November 26, 2011 1:28 PM
    Saturday, November 26, 2011 1:28 PM
  • All these explanations are here, on virtual paper, in forums but, regardles of whether x64 was cointermingled with Office 2010, or any of that other crap;  why does this generic credential have a user ID, and a password, that I cannot interpret; on MY COMPUTER?

    ROONEY  -  primorjr@viewfromthehood.net

    Saturday, January 21, 2012 10:35 PM
  • Please start a new thread with your question fully stated. 
    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.
    Saturday, January 21, 2012 10:47 PM
  • vitualapp/didlogical
    ( Internet or network address )

    User name: 02@@@@@@@at

    pass: @@@@@@@@

    Persistence: Local Machine

    I also would love a straight answwer to this QUESTION, WHO OR WHAT IS "vitualapp/didlogical" AND WHY ARE THERE SO MANY threads for such a simple question???

    P.S. DON'T TELL BILL  tm r c sm

    Cbarnhorst

    Retired

    12,535 Points

    Straight answers in a public forum might also give the bad guys too much information.  THIS IS MOST LIKELY BS FROM MS


    Please start a new thread with your question fully stated.                                                    why, to add to the confusion???  again >>>THIS IS MOST LIKELY BS FROM MS

    Saturday, April 14, 2012 5:28 PM
  • Now I understand why PayPal reported an unauthorized attempt to use my account and why they shut my account down.  This has happened 2 times (at least).  Looks like some E-bay sellers may be involved here ?  because I only use PayPal on E-bay.

    And again - no help from Microsoft - and I have been paying them $19.95 for more than 20 years now !  (msn subscriber).

    Sunday, April 22, 2012 8:13 PM
  • There is also a common phishing scam that purports to be from Paypal and claims that an unauthorized attempt has been made to use the user's account and threatens to shut the account down.  I have referred a dozen of those to spoof@paypal.com.  (Just commenting for others)

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Sunday, April 22, 2012 8:23 PM
  • im having d same problems, if u know how it happened to get onto my laptop r how to get rid, cud u plz let me knw, thnx.
    Wednesday, April 25, 2012 8:59 PM
  • You are not texting here.  For heaven's speak plain English.

    Colin Barnhorst Windows 7 Ultimate x64 on DIY with 6GB ram.

    Wednesday, April 25, 2012 9:04 PM
  • Greetings,

    I've noticed that Windows Credential has stored a "generic credential" for something called "virtualapp/didlogical". Has something to do with the Windows Virtual PC?

    Regards
    W7 RTM x64 running along with Office 2010 x64 TP hope my computer won't crash! ;)

    This is a deceptively simple Question, is this real? Needs only one answer a YES or a NO, it does not matter what system etc. it is either real, or it is not real.

    i also asked this Question { i found this answer, see link below, or what seems to be an answer, IF IT IS NOT A REAL ANSWER IT SHOULD BE REMOVED }

    http://social.technet.microsofthttp://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/bb411d90-3efb-41de-a601-f3b97944fdb5/#f55f8978-583d-44a8-8b62-c1eaee7fc564     { It will take you to a post by an ms employee } it will jump to the page, then to the specific post

    If this is indeed an answer by a Microsoft employee it should show up as the FIRST AND LAST post to all these questions i.e. if someone quotes it, then it should automatically repost itself as the last post {non quotable with link back to first post so that is always the FIRST AND LAST word on the subject / while still allowing additional questions to be quoted, that is asked, at the first post} With a notation that the new question will be sent on to that employee. If a poster abuses this privilege / they can always be BLOCKED.

    ___________________________________________________________________________________

    i have grudgingly accepted that this is a sub-contractor to ms, but i used:

                    Control Panel\All Control Panel Items\Credential Manager

    Remove from vault option, and then i used:

                    Control Panel\All Control Panel Items\User Accounts\Link Online IDs

    after clicking on:

                    Link Online IDs i signed in to Live.com {or hotmail, msn, etc.}

    While this probably makes little difference it is actually now an ms id and {on my computer} it created two tokens in addition to the live id.

    ___________________________________________________________________________________

    Here is my original Question / with Two Responses

    http://social.technet.microsoft.com/Forums/en/w7itprovirt/thread/9013ca10-e788-418e-bded-419611d64efe

    vitualapp/didlogical

     ( Internet or network address )

    User name: 02@@@@@@@at

    pass: @@@@@@@@

    Persistence: Local Machine

    I also would love a straight answer to this QUESTION, WHO OR WHAT IS "vitualapp/didlogical" AND WHY ARE THERE SO MANY threads for such a simple question???

    -----------------------------------------------------------

    Cbarnhorst

    Retired

    12,535 Points

    Straight answers in a public forum might also give the bad guys too much information.

    -----------------------------------------------------------

    >>>> THIS IS MOST LIKELY BS FROM MS

                    i really do not think most of us are looking for a “tech” filled answer just a simple YES or NO, how does that help these “bad guys”

    Needs only one answer a YES or a NO, it does not matter what system etc. it is either real or it is not real. <<<<

    -----------------------------------------------------------

    Please start a new thread with your question fully stated.

    -----------------------------------------------------------

                    WHY, to add to the confusion??? 

     again >>>THIS IS MOST LIKELY BS FROM MS

    Needs only one answer a YES or a NO, it does not matter what system etc. it is either real or it is not real. <<<<

    This Does Not Work well.

    Simple solutions. Simply applied. Simply work.

    Don’t tell Bill!!!  He will “fix it.”

    ©®™℠ J So9-10 at Live Dotcom







    • Proposed as answer by j so Tuesday, February 12, 2013 9:36 PM
    • Edited by j so Wednesday, February 13, 2013 12:29 AM
    Tuesday, February 12, 2013 8:43 PM
  • Thank you for your post and info I notice every time when automatic update occur this virtualapp/didlogical  also appeared in my control panel.  In light of the "big brother" snopping issues just exposed the news issues I also deleted it and turned off automatic updates. However, there may be some good or necessary intent, that's why I'm here. I will read the link you've posted.

    Saturday, June 22, 2013 12:24 AM
  • I noticed this after I got off a long virtual meeting with tech support. I thought it had something to do with the application they used to remotely access my computer.

    SevenForums said its just credentials automatically generated for windows live programs.

    • Edited by Dragosant Friday, September 20, 2013 6:49 PM
    Friday, September 20, 2013 6:41 PM