Jump to content

A bit stressed - being remotely hacked


Recommended Posts

Hello,

 

[Sorry if I posted this in the wrong section!]

I usually do not register on forums and solve most if not all issues by myself and google searching or forum lurking.

I find myself to be in a mess and I really don't know where to turn to.

It seems, after executing a certain exe. which instantly installed some sort of remote assistance tool ? I am being remotely "assisted". Had something to do with a VPN sort of tool - SoftEther VPN was called.

At any rate, I think at that time I also had a laptop on (from which I am now writing) connected to the same network as my desktop (the infected one) through WLAN. Would it be possible that also my laptop was infected in the process ?

As counter measures I've reinstalled my desktop and also reset my IP (I got that sort of internet provider that gives you another IP if you unpower and repower the router) but to my surprise, after I got on the new windows, suspicious activity was still recorded. Things like, I did not have permission to move a certain file on C, or  "remote desktop connection" was seen in the start menu after a couple of minutes (as far as I know, this is no default option upon windows reinstall).

So having a persistent visitor even after format does upset me a bit. As far as my limited computers knowledge helps, they can track you either through IP, or MAC address of the hard drive. In this case - if, let's say I would get another HDD and renew my IP address with the trick I mentioned earlier (on-off router, new ip) and a fresh windows install, would that prevent further unwanted visits ? What about changing my actual MAC address and keeping my HDD, any suggestions?

To be honest, I really don't know how to tackle this issue, as this is my first real confrontation with such an attack. What would you guys recommend I should do?

Thank you in advance for your time helping me out!

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large, then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable, it is unlikely, but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to clean up all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 

STEP 01
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program, please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.