I may have been hacked recently

[Kevin Maloney]

As the above post mentions, I was the victim of a hacking job recently. I logged onto my computer, discovered that all my desktop icons, documents, and bookmarks were missing, and when I finally got onto my mail, I got messages from Facebook and Chrome about login attempts from unknown locations. I immediately went into safe mode, did a MWB scan (found 2 PUPs), changed all my passwords on everything, and had my bank account disable my card.

That being said, I'm trying to figure on what to do next:
-I have MalwareBytes, and had a free trial of AVG. Should I bite the bullet and buy Premium of something?
-VPN: good idea?
-Facebook says that my current IP address is Hong Kong (spoiler: I don't live in Hong Kong). What is this, and how should I correct it?

 

[Kevin Maloney]

BTW, it's worth noting that everything appears to be restored on my computer. That being said, I still want to be absolutely certain it's secure.

 

[TrainableMan]

Just FYI, PUPs are rarely viruses. PUPs simply stands for Possibly Unwanted Program. It is often an assigned classification to things like joke programs, for example I had one that would pop up a box saying "click here to close" but when you moved the mouse towards the box the box would always run away.

Your desktop icons being moved deleted could simply be a problem with your registry.

It does sound like your online presence at Facebook & Chrome may have been attacked or even compromised but that information is online and they would not need access to your computer to attempt access to those.

So no I don't think you need a paid version. I do suggest you actually use the free tools you do have though. Such as keeping them up-to-date and running a full scan once a week, maybe AVG Wednesday nights and MBAM on Saturday nights. Once things calm down you can maybe go every week or two.

BTW, the only way to be absolutely certain a computer is secure is to unhook it from the web and never put a USB stick or DVD in to it. Since this is impractical, all you can do is be vigilant: be wary of sites you visit, be careful of email links, and of links or calls that say they can speed up your computer, and keep your AV up-to-date and run full scans.

 

[Shintaro]

You could do the following:

1. Download and run TDSSKiller.
   1. Accept the "End User License Agreement"
   2. Accept the "KSN Statement"
   3. Select "Change Parameters" and Select:
      • Verify file digital signatures
      • Detect TDLFS file system
      • Use KSN to scan objects
   4. When the scan is complete the log file is in C:\ It will have a name like "TDSSKiller.3.0.0.34_04.05.2014_08.05.16_log.txt"
2. Install Malwarebytes (Free Version)
   1. Select "Threat Scan"
   2. When it is completed, please upload the log file from: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
3. Please download and run Windows Defender Offline.
   1. Click "Next"
   2. Click "I Accept"
   3. Select Either: (Typically it is either CD/DVD or USB)
      • CD or DVD
      • USB
      • ISO file
   4. Click "Next"
   5. It will create a CD / DVD / USB and will boot and scan your hard drive offline.

 

[Kevin Maloney]

You could do the following:

1. Download and run TDSSKiller.
   1. Accept the "End User License Agreement"
   2. Accept the "KSN Statement"
   3. Select "Change Parameters" and Select:
      • Verify file digital signatures
      • Detect TDLFS file system
      • Use KSN to scan objects
   4. When the scan is complete the log file is in C:\ It will have a name like "TDSSKiller.3.0.0.34_04.05.2014_08.05.16_log.txt"
2. Install Malwarebytes (Free Version)
   1. Select "Threat Scan"
   2. When it is completed, please upload the log file from: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
3. Please download and run Windows Defender Offline.
   1. Click "Next"
   2. Click "I Accept"
   3. Select Either: (Typically it is either CD/DVD or USB)
      • CD or DVD
      • USB
      • ISO file
   4. Click "Next"
   5. It will create a CD / DVD / USB and will boot and scan your hard drive offline.

When I do all of the above, do you want me to post the logs on this thread?

 

[Shintaro]

Yes mate, best to post the logs so that we can have a look.

 

[Kevin Maloney]

Yes mate, best to post the logs so that we can have a look.

Here you go.

I also tried running Windows Defender as requested, and followed its instructions. When I tried to restart the computer with the CD in, however, nothing of note happened-- I didn't see any Defender menu pop up at all.

 

[Shintaro]

Those look ok. But you really should run Windows Defender. Maybe it is a function key that needs to be pressed? So that it boots from the CD?

 

[Kevin Maloney]

I did the following with Defender:

-1. Created the CD Drive, as requested
-2. Let it transfer/load all the necessary content onto this CD
-3. Tried to restart from the CD drive. I looked at their Help section, and they described this as restarting my computer while the CD is in the CD drive. I did so. Nothing special happened.

 

[Shintaro]

What is the brand and model number of your computer / laptop?

 

[Kevin Maloney]

Specific model, or series number? For series, its an Asus Aspire 4752.