Someone logged into my Facebook account-what should I do?

[Mizgal]

Someone from Taiwan logged into my Facebook account. Which means, that he gained my password. 
I scaned computer with malwarebytes anti-malware and AVG, and they both detected nothing. What else should I do to check if my computer isn't infected?

[kevinf80]

Do you still need help?

[Mizgal]

Yes i would appreciate it, I dont know if my computer is secure. 

[kevinf80]

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....
  

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
• Post back the report which should also be located here:
  

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP


Let me see those logs in your reply....

Thank you,

Kevin...
 

[Mizgal]

Malwarebytes Anti-Malware
www.malwarebytes.org


Data skanowania: 2015-08-10
Czas skanowania: 00:06
Raport: 
Administrator: Tak


Wersja: 2.1.8.1057
Baza szkodliwego oprogramowania: v2015.08.09.05
Baza danych rootkitów: v2015.08.06.01
Licencja: Darmowa
Ochrona przed złośliwym oprogramowaniem: Wyłączony
Ochrona przed szkodliwymi stronami: Wyłączony
Samoobrona: Wyłączony


System operacyjny: Windows 8.1
Procesor: x64
System plików: NTFS
Użytkownik: Olek


Typ skanowania: Dokładne skanowanie
Wynik: Zakończono
Obiekty przeskanowane: 346953
Czas, który upłynął: 7 min, 16 s


Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Włączony
Heurystyka: Włączony
PUP: Włączony
PUM: Włączony


Procesy: 0
(Nie wykryto zagrożeń)


Moduły: 0
(Nie wykryto zagrożeń)


Klucze rejestru: 0
(Nie wykryto zagrożeń)


Wartości rejestru: 0
(Nie wykryto zagrożeń)


Dane rejestru: 0
(Nie wykryto zagrożeń)


Foldery: 0
(Nie wykryto zagrożeń)


Pliki: 0
(Nie wykryto zagrożeń)


Sektory fizyczne: 0
(Nie wykryto zagrożeń)




(end)


RogueKiller V10.9.4.0 [Jul 30 2015] od Adlice Software
e-mail : http://www.adlice.com/contact/
Komentarze : http://forum.adlice.com
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com


System operacyjny : Windows 8.1 (6.3.9200 ) 64 bits version
Uruchomiono : Tryb normalny
Użytkownik : Olek [Administrator]
Uruchomiony z : C:\Users\Olek\Desktop\RogueKiller.exe
Tryb : Skanowanie -- Data : 08/10/2015 00:37:13


¤¤¤ Procesy : 0 ¤¤¤


¤¤¤ Rejestr : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\RK_Olek_ON_D_8887\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Znaleziono
[PUM.SearchPage] (X86) HKEY_USERS\RK_Olek_ON_D_8887\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Znaleziono


¤¤¤ Zaplanowane zadania : 0 ¤¤¤


¤¤¤ Pliki : 0 ¤¤¤


¤¤¤ Plik hosts : 0 ¤¤¤


¤¤¤ Rootkity : 0 (Driver: Nie załadowano [0x20]) ¤¤¤


¤¤¤ Przeglądarki : 0 ¤¤¤


¤¤¤ Sprawdzenie MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SHSS37A120G ATA Device +++++
--- User ---
[MBR] c1a84b6bc997f444709c1acbaad5c11b
[bSP] 5e2b501b3a827763da811cd736796499 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 114121 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


+++++ PhysicalDrive1: ST1000DM003-1ER162 ATA Device +++++
--- User ---
[MBR] de162284bea1c995a282dc8a40e57ed2
[bSP] 7bb2a941d1f7291bfe1062514ea75f18 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409602048 | Size: 200000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 819202048 | Size: 553866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


+++++ PhysicalDrive2: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] c9795eeb96bef37f789827d6d3d30c13
[bSP] a1031a6751ec99804f5b02a819fb4836 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 853861 MB
User = LL1 ... OK
User = LL2 ... OK

 

FRST.txt was too long to paste it into this post. 
 

Addition.txt

[Mizgal]

I am sorry for post under post but i made a mistake in attaching FRST.txt. 

FRST.txt

[kevinf80]

There is no malware or infection showing in your logs, the system is clean. Facebook is a web based, as such hackers do not need access to your PC to gain access to your Facebook account. 

Open facebook and change your account password, because FB is not 100% secure is a good idea to change passwords on a regular basis, maybe every week....

I personally use LastPass as my password manager, is very good. There is a free version if you only have and use one PC, the premium version allows access through multiple devices, PC, smart phones, ipads etc etc. Is a small yearly payment maybe $10.

Have look here: https://lastpass.com/

 

Unless you have any remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
     
• Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
     
• Reset system settings
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thank you,

 

Kevin..
 

[Mizgal]

Thank you very much for your help. 

[kevinf80]

You`re very welcome, comeback anytime....

 

Take care and surf safe,

 

Kevin...

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!