dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4002
share rss forum feed

Larliand

join:2012-12-29

I got hacked

Hello, guys I did open an msdos file on my PC which I downloaded and I just didn't do anything about it. That was like 3 weeks ago...Yesterday a guy started typing stuff in my chat windows while I was chatting with friends, and then he oppened a chat windows on my PC and said he's got all the passwords and so on. What's a sure way to remove him from my PC? I don't feel safe doing anything on my PC at all now. Althought I've reinstalled windows.



Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13

1 recommendation

said by Larliand:

What's a sure way to remove him from my PC?

follow steps
»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2012/13

BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

1 recommendation

reply to Larliand

Well for the paranoid, you would wipe the os partition, shutdown to make sure anything didn't remain in memory, and then have done a clean install of the os, and any other executable you had stored on other devices/partitions that were not read only might be considered tainted if it were sophisticated enough.

If you just did a repair install, and didn't wipe the os partition then I wouldn't begin to trust it. Just like you can't trust system restore to actually remove malware even when taken to an earlier date.
--
I distrust those people who know so well what god wants them to do because I notice it always coincides with their own desires- Susan B. Anthony
Yesterday we obeyed kings, and bent out necks before emperors. But today we kneel only to the truth- Kahlil G.



owlyn
Premium,MVM
join:2004-06-05
Newtown, PA

1 recommendation

reply to Larliand

Sorry to hear. Hope you get it cleaned out. Do you use any anti-malware programs? If so, which one? It would be nice to know which one missed it.


Larliand

join:2012-12-29
reply to BlitzenZeus

So basically, just installing fresh windows OS which deletes all the previous stuff that has been in the PC before will do it right?



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

1 recommendation

said by Larliand:

So basically, just installing fresh windows OS which deletes all the previous stuff that has been in the PC before will do it right?

In this case, I'd say that it would be the best route to take. It's called the "Nuke and Repave" method for a reason, it leaves nothing of the old system left and you replace it with all new system data.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)

Larliand

join:2012-12-29

Well I've just done that, I've deleted everything and I've got new OS running. Althought when the hacker openned the chat panel he said that non antivirus will help me because it's some ip2 to ip connection or whatever? But I guess he was just saying stuff since he saw I'm installing anti-malware and it founds the logs of keeylogger and all the stuff and I cleaned it out. Also what antivirus would you reccomend?



dellsweig
Extreme Aerobatics
Premium,MVM
join:2003-12-10
Campbell Hall, NY
kudos:1

said by Larliand:

Well I've just done that, I've deleted everything and I've got new OS running. Althought when the hacker openned the chat panel he said that non antivirus will help me because it's some ip2 to ip connection or whatever? But I guess he was just saying stuff since he saw I'm installing anti-malware and it founds the logs of keeylogger and all the stuff and I cleaned it out. Also what antivirus would you reccomend?

Microsoft security essentials (free)

»windows.microsoft.com/en-US/wind···download
--
Nothin' left to do but smile smile smile


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

1 recommendation

And layer it with MalwareBytes AntiMalware.



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

1 recommendation

Good security should be treated as a layered approach. What one doesn't get, the other security products on your machine (hopefully) will get.

And yes, I do recommend paying for MalwareBytes.

Though, if you want to pay for an antivirus software, I'd stay away from Norton and the like. I myself have been running Webroot for awhile and it's a very decent AV package. I hardly see it running on my machine.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)


Larliand

join:2012-12-29
reply to Larliand

Well thanks. So it's sure my PC is safe now right? After clean install and also formatting whole hdd. I'm just scared to log in to Facebook on my PC or my email. There's no chance he's still there right? Since he mentioned antivirus won't help me. But I think it was crapping only tho. I just want to make sure.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

2 recommendations

reply to Larliand

After your computer had been infected, depending on how the infection(s) operated, it's possible that antivirus alone wouldn't have helped much at that point, so his claim had some possible validity. Formatting the whole hard drive and clean installing the OS will eliminate any kind of software virus/malware that might have made its way into the system during the episode. The very rare forms of "firmware" viruses that are known to exist are highly unlikely to be involved, particularly in the case of a hacker who brags directly to you about his prowess.

What you do need to be careful about are possibly restoring any personal/data files from storage media from right before or during the infection... you don't want to reinfect the system. So check anything like that very carefully first on a rigorous file-scan basis. All of your commercial software install CD's, etc should all be safe, though.

A final thing to consider is to revisit all the online "log-in" places you may have visited while infected and change those passwords - just in case he actually harvested anything while the infection existed.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

said by Blackbird:

Formatting the whole hard drive and clean installing the OS will eliminate any kind of software virus/malware that might have made its way into the system during the episode.

Well viruses can hide in the Master Partition Table so a simple "format" of a drive may not remove it.

I'd recommend overwriting the whole drive with zeroes, repartition and reformat (often done by the O/S install these days), then reinstall the O/S.
--
Don't feed trolls--it only makes them grow!

dsilvers

join:2009-05-17
Canyon Lake, TX
reply to Larliand

said by Larliand :
I'm installing anti-malware and it founds the logs of keeylogger and all the stuff and I cleaned it out.

With a key logger on board be sure to change your passwords and watch for any credit card activity, perhaps get them reissued. If you bank online alert your bank. Do this from a known clean machine.

I am having trouble following the time line. Did the AV find the key logger after you nuked and paved it? If it did you may still have a problem.

Larliand

join:2012-12-29

Nah, I formated and installed fresh OS just got malwarebyte pro and scanned with it, it didn't find anything anymore. I think it's clean now.


peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON

1 recommendation

reply to Larliand

said by Larliand:

...said he's got all the passwords and so on.

There's the pertinent info. You could get a whole new computer but it won't solve this problem. If he was diligent he got all your personal info as well as passwords so watch for identity theft as well.

Larliand

join:2012-12-29

I've managed to get on my Laptop asap and changed all my passwords so I'm all safe with that I've scanned the Laptop it wasn't infected at all.



vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3

1 recommendation

reply to Larliand

You should consider trashing your backups.
--
CMKRNL


Larliand

join:2012-12-29

I have no backups made



vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3

1 recommendation

Why?



dauthiatull
Premium
join:2003-08-06
Toronto, ON
reply to Larliand

what chat window? what app were you using that he opened an new chat window.
--
a birth certificate is also proof of death, eventually


mousepad123

join:2012-12-29

1 recommendation

reply to Larliand

Woah, woah, woah. Everyone calm down. Don't go format crazy just yet. First, you need to find out everything you can about him. Do you notice your desktop background changing to black when he types? How about any desktop resolution changing (screen getting bigger or smaller)? If so, he could just be using a version of Symantec pcAnywhere, VNC Viewer, or just Microsoft Remote Desktop Connection. All three types of remote software are bad, because they have large vulnerabilities (the first thing I do when I pen test for companies is test for the MS12-020 vulnerability, a vulnerability Microsoft made a patch for. It allows remote code to DDOS and crash a remote system with as little as 240 bytes of code). Anyway, go download a copy of HijackThis and paste the log on here. Another thing, which version of Windows are you using?
--
Jon Vincent
Network/IT Administrator
Ghost Planet Services



vukodlak75
Nisam Ti Dude
Premium,MVM
join:2001-10-27
Willoughby, OH

1 recommendation

said by mousepad123:

Woah, woah, woah. Everyone calm down. Don't go format crazy just yet.

too late:

said by Larliand:

Nah, I formated and installed fresh OS just got malwarebyte pro and scanned with it, it didn't find anything anymore. I think it's clean now.

--
Money can't buy you happiness ... But it does bring you a more pleasant form of misery.

mousepad123

join:2012-12-29

Well, I hope you have a recent backup (I've been caught several times without one, on the same day that my hard disk decides to just die on me for no particular reason). Make sure you get some other protection too. I recommend AVG Anti-Virus. Even the free version does it's job like it should. Quick question, where did you get that MS-DOS file from? I'd like to know so I can make a request to have the website it came from marked as unsafe.
--
Jon Vincent
Network/IT Administrator
Ghost Planet Services



caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

1 recommendation

reply to Larliand

Lets not forget that the router password could have been compromised too, which means more than Windows, IMO.

Bottom line is, you don't sound like you know computers or the Internet all that well, which means people who do can get ya.

Unless you have layers of security (firewall, router, a/v, etc.) to prevent it:

* Always use a hardware router w/ a firewall
* Don't download and click everything you see.
* Use a safer browser like Firefox with Adblock and NoScript add-ons.
* Keep your OS and software up to date.
* don't trust everything on the Internet
* get backup software and a external USB drive, only connect it when you make a backup. That way it can't be infected.

GL...

--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

2 recommendations

reply to mousepad123

He also said he doesn't have any backups.



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to caffeinator

said by caffeinator:

... a external USB drive, only connect it when you make a backup. That way it can't be infected.

why do you say this?
--
* seek help if having trouble coping
--Standard disclaimers apply.--

johnq2
Johnq2

join:2002-10-23
Mississauga, ON
reply to Larliand

Unless you format, files that were saved under the suspect OS can remain on the disk, ready to be activated. You have to copy all your user files to another media. Make sure to copy all drivers. Verify your copied data before you format the new OS partition and do a thorough malware scan on all the copies, preferably on hen another secured computer.



caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4
reply to AVD

said by AVD:

said by caffeinator:

... a external USB drive, only connect it when you make a backup. That way it can't be infected.

why do you say this?

Because, if you can be reasonable sure that you are clean when you are going to backup your files, back them up, and then don't leave it connected. How can it get infected?

Put simply, if you never know if you're infected or not, then you're better off with a nuke and pave about once a month.

--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

If your system is infected, what assurances do you have that an external usb device won't get infected when you plug it in?
--
* seek help if having trouble coping
--Standard disclaimers apply.--