Broadband Tech > Security > Security Cleanup > I got hacked!

I got hacked!

Hi Scilicet

Since you can't open any other programs, this will require access to an uninfected, properly working system.

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.
The download is in ISO format.
If you are not sure how to burn an image, please read »www.bleepingcomputer.com/tutoria···114.html

If you need a FREE utility to burn the ISO image, download and use ImgBurn available at:
»www.imgburn.com

Download the Kaspersky Rescue Disk:
»support.kaspersky.com/viruses/re···ownloads

- You can find these instructions with graphics at:
»support.kaspersky.com/8093
- Burn the Kaspersky Rescue Disk ISO image to CD.
- Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
- Once the program starts, you will be prompted to press any key to enter the menu.
- Select your language.
- Press "1" to accept the End User License Agreement
- Select Kaspersky Rescue Disk. Graphic Mode
- If you have more than one bootable drive, you may be asked to select your operating system, then click OK.
- In the "Scan your computer" menu that opens, click the "My Update Center" tab.
- Click "Start Update" (it may take a while to complete updating the database).
- When the update is finished, click the "Objects Scan" tab.
- Select all the hard drives available (Disk boot sectors and Hidden startup objects will already be selected by default).
- Click the "Start Objects Scan" button
- When finished (you may need to let it run overnight), click "Report" at the top of the window.
- Click the "Detailed report" button.
- Click the "Save" button, and in the "Save As" window select a drive to save the report to, enter KRD.txt as the file name, and click "Save".
- Close the Detailed Report window, click "Close" again, select Exit, and click "Yes" to confirm.
- Click the "K" in the far left of the toolbar at the bottom of the screen and click "Restart" and "Yes" to confirm to reboot your system.
- Please post the contents of KRD.txt in your next reply.

Can you now download, run and post the logs from MBAM, OTL, and Security Check?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Thanks for the input. At any rate, I went with the 'nuke and pave' technique. There's no telling what this clown did to my system. I wiped everything, rewrote all the drives with 0's, changed passwords from the laptop, and did a new install of the OS. I think that this is the only way to be somewhat sure that there are no back doors left open. I lost everything except what I had stored on flash drives. What a pain in the butt because I don't believe that you can really recover after this sort of attack. Logs can be rewritten and you can no longer trust what you think the system tells you. What I need to do now is look into ways to prevent this sort of malicious crap from happening again, if that is truly possible.
--
Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. ~ Nikola Tesla

The only absolute way to guarantee that it won't happen is to not get online, and not use commercially distributed programs because a virus can inadvertently infected their duplication system. There are ways to minimize it though.

For a general way to protect your data, back it up regularly. You may want to consider a good backup program that supports system recovery like Paragon Software's Backup & Recovery 2012 Free or Marcium Reflect Free Edition. Both are available in 32 and 64 bit versions, both support system recovery through use of a bootable recovery CD, and both have been updated for Windows 8 support.

To help keep malware off your system:
- Keep Windows updated at Windows Update or Microsoft Update.
- Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
- Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
- Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
- Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
- Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
- Don't click on links received in instant message programs.
- In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
- A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm
- A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html
- Malwarebytes' Anti-Malware is an excellent free stand alone malware scanner (the paid version can provide real-time protection and block some known malicious sites).
- Remember there is no such thing as an absolutely trusted site as any site can become infected or host an infected ad from an ad server (there is a difference between a legitimate site and a trusted site). People have even been infected visiting the NY Times web site.
- I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p···ic=60955
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Thanks. I always do most of the stuff that you've suggested, but I will look into the links that you posted. I think that I will look into a good network analyzer as well. One thing I have found with Firefox is that updates usually don't include my Norton and Constand Guard add-ons so I get excluded from their DNS servers. So I am not warned about bad sites or bad downloads. Version 16.0.2 allows them, but v17.0.1 does not. This is a real problem for me with Firefox. Nevertheless, I always use noscript and adblock plus. I need a browser that doesn't have these incompatibilities and, as you know, Windows Explorer doesn't stop scripts. This particular hacker managed to get past all these, so called, security features anyway.
--
Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. ~ Nikola Tesla

reply to Scilicet

Re: I got hacked!

Norton Safe Web, which was what I mentioned, is a web page you go to and enter the address you want to check to see if they assess it as safe (just like the McAfee link I gave). It's not a plug-in. Firefox can update and break many plug-ins, but either site to check to see if a specific page is safe will still work.

Here are the links again:
»safeweb.norton.com/
»www.siteadvisor.com/
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

reply to Scilicet
Pardon the intrusion, but in one post you mention Constant Guard and Norton. Those are the products offered by Comcast so assume you are a Comcast customer.

ConstantGuard is the generic name of their entire suite of protection software, as well as the name of the Comcast specific programs. The Norton Security Suite Comcast offers is specific to Comcast.

The Norton Toolbar will work with Firefox 17. Check your version of Norton. It should be 20.2.0.19. If you do not have the mosr current version, then run Live Update as many times as needed, rebooting required, until it return no updates.

If you have other issues with ConstantGuard, then I suggest you post them on the COmcast Help Forums, here: »forums.comcast.com/comcastsupport/

As a general rule, when a new version of Firefox is released, do not up-date to it until the Comcast version of Norton is updated if you want the toolbar to function. You'll have to check the Comcast forums for that information.

Thanks. Yes, I have the latest version of Norton v20.2.0.19 and I did manage to get the Norton Toolbar enabled:
Firefox-->Tools-->Add-Ons-->Enable Norton Toolbar & Norton IPS-->Restart.