I may have been hacked recently

Discussion in 'Security' started by Kevin Maloney, May 29, 2015.

  1. Kevin Maloney

    Kevin Maloney

    Joined:
    May 29, 2015
    Messages:
    6
    Likes Received:
    0
    As the above post mentions, I was the victim of a hacking job recently. I logged onto my computer, discovered that all my desktop icons, documents, and bookmarks were missing, and when I finally got onto my mail, I got messages from Facebook and Chrome about login attempts from unknown locations. I immediately went into safe mode, did a MWB scan (found 2 PUPs), changed all my passwords on everything, and had my bank account disable my card.

    That being said, I'm trying to figure on what to do next:
    -I have MalwareBytes, and had a free trial of AVG. Should I bite the bullet and buy Premium of something?
    -VPN: good idea?
    -Facebook says that my current IP address is Hong Kong (spoiler: I don't live in Hong Kong). What is this, and how should I correct it?
     
    Kevin Maloney, May 29, 2015
    #1
    1. Advertisements

  2. Kevin Maloney

    Kevin Maloney

    Joined:
    May 29, 2015
    Messages:
    6
    Likes Received:
    0
    BTW, it's worth noting that everything appears to be restored on my computer. That being said, I still want to be absolutely certain it's secure.
     
    Kevin Maloney, May 29, 2015
    #2
    1. Advertisements

  3. Kevin Maloney

    TrainableMan ^ The World's First ^ Moderator

    Joined:
    May 10, 2010
    Messages:
    9,086
    Likes Received:
    1,588
    Location:
    PA, USA
    Just FYI, PUPs are rarely viruses. PUPs simply stands for Possibly Unwanted Program. It is often an assigned classification to things like joke programs, for example I had one that would pop up a box saying "click here to close" but when you moved the mouse towards the box the box would always run away.

    Your desktop icons being moved deleted could simply be a problem with your registry.

    It does sound like your online presence at Facebook & Chrome may have been attacked or even compromised but that information is online and they would not need access to your computer to attempt access to those.

    So no I don't think you need a paid version. I do suggest you actually use the free tools you do have though. Such as keeping them up-to-date and running a full scan once a week, maybe AVG Wednesday nights and MBAM on Saturday nights. Once things calm down you can maybe go every week or two.

    BTW, the only way to be absolutely certain a computer is secure is to unhook it from the web and never put a USB stick or DVD in to it. Since this is impractical, all you can do is be vigilant: be wary of sites you visit, be careful of email links, and of links or calls that say they can speed up your computer, and keep your AV up-to-date and run full scans.
     
    TrainableMan, May 30, 2015
    #3
  4. Kevin Maloney

    Shintaro Moderator

    Joined:
    Mar 1, 2012
    Messages:
    2,137
    Likes Received:
    252
    Location:
    Brisbane, Australia
    You could do the following:

    1. Download and run TDSSKiller.
      1. Accept the "End User License Agreement"
      2. Accept the "KSN Statement"
      3. Select "Change Parameters" and Select:
        • Verify file digital signatures
        • Detect TDLFS file system
        • Use KSN to scan objects
      4. When the scan is complete the log file is in C:\ It will have a name like "TDSSKiller.3.0.0.34_04.05.2014_08.05.16_log.txt"
    2. Install Malwarebytes (Free Version)
      1. Select "Threat Scan"
      2. When it is completed, please upload the log file from: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
    3. Please download and run Windows Defender Offline.
      1. Click "Next"
      2. Click "I Accept"
      3. Select Either: (Typically it is either CD/DVD or USB)
        • CD or DVD
        • USB
        • ISO file
      4. Click "Next"
      5. It will create a CD / DVD / USB and will boot and scan your hard drive offline.
     
    Shintaro, Jun 4, 2015
    #4
  5. Kevin Maloney

    Kevin Maloney

    Joined:
    May 29, 2015
    Messages:
    6
    Likes Received:
    0

    When I do all of the above, do you want me to post the logs on this thread?
     
    Kevin Maloney, Jun 4, 2015
    #5
  6. Kevin Maloney

    Shintaro Moderator

    Joined:
    Mar 1, 2012
    Messages:
    2,137
    Likes Received:
    252
    Location:
    Brisbane, Australia
    Yes mate, best to post the logs so that we can have a look.
     
    Shintaro, Jun 4, 2015
    #6
  7. Kevin Maloney

    Kevin Maloney

    Joined:
    May 29, 2015
    Messages:
    6
    Likes Received:
    0
    Here you go.

    I also tried running Windows Defender as requested, and followed its instructions. When I tried to restart the computer with the CD in, however, nothing of note happened-- I didn't see any Defender menu pop up at all.
     

    Attached Files:

    Kevin Maloney, Jun 5, 2015
    #7
  8. Kevin Maloney

    Shintaro Moderator

    Joined:
    Mar 1, 2012
    Messages:
    2,137
    Likes Received:
    252
    Location:
    Brisbane, Australia
    Those look ok. But you really should run Windows Defender. Maybe it is a function key that needs to be pressed? So that it boots from the CD?
     
    Shintaro, Jun 5, 2015
    #8
  9. Kevin Maloney

    Kevin Maloney

    Joined:
    May 29, 2015
    Messages:
    6
    Likes Received:
    0
    I did the following with Defender:

    -1. Created the CD Drive, as requested
    -2. Let it transfer/load all the necessary content onto this CD
    -3. Tried to restart from the CD drive. I looked at their Help section, and they described this as restarting my computer while the CD is in the CD drive. I did so. Nothing special happened.
     
    Kevin Maloney, Jun 5, 2015
    #9
  10. Kevin Maloney

    Shintaro Moderator

    Joined:
    Mar 1, 2012
    Messages:
    2,137
    Likes Received:
    252
    Location:
    Brisbane, Australia
    What is the brand and model number of your computer / laptop?
     
    Shintaro, Jun 5, 2015
    #10
  11. Kevin Maloney

    Kevin Maloney

    Joined:
    May 29, 2015
    Messages:
    6
    Likes Received:
    0
    Specific model, or series number? For series, its an Asus Aspire 4752.
     
    Kevin Maloney, Jun 5, 2015
    #11
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Jessie

    My email account has been hacked.

    Jessie, Sep 9, 2010, in forum: Windows 7 Support
    Replies:
    36
    Views:
    7,182
    irving
    Oct 19, 2010
  2. clifford_cooley

    Kaspersky download site hacked

    clifford_cooley, Oct 20, 2010, in forum: Security
    Replies:
    11
    Views:
    2,636
    Fire cat
    Oct 24, 2010
  3. clifford_cooley

    HFM.NET (Client Monitor) recently updated

    clifford_cooley, Oct 31, 2010, in forum: Folding @ Home
    Replies:
    1
    Views:
    1,960
    yodap
    Oct 31, 2010
  4. Mychael

    What Hardware have you been pleased with.

    Mychael, Jan 18, 2011, in forum: Off-Topic Discussion
    Replies:
    10
    Views:
    2,615
    catilley1092
    Feb 21, 2011
  5. Gadflea

    "Integration features have been disabled"

    Gadflea, Jun 21, 2011, in forum: Virtualization
    Replies:
    7
    Views:
    19,748
    pwfox
    Nov 25, 2011
  6. sarabell007

    I think i have a virus or hacked or something help

    sarabell007, Feb 7, 2013, in forum: Windows 7 Support
    Replies:
    1
    Views:
    1,225
  7. shiphen

    SOLVED HELP! I have been infected by "WEB CAKE 3.0"

    shiphen, Aug 1, 2013, in forum: Security
    Replies:
    7
    Views:
    8,225
    TrainableMan
    Aug 6, 2013
  8. Shabakthanai

    I may have made an incorrect change in the Registry.

    Shabakthanai, Feb 11, 2014, in forum: General Discussion
    Replies:
    1
    Views:
    737
    TrainableMan
    Feb 11, 2014
Loading...