My PC was remotely accessed.

[Kiwi109]

Hello,

Firstly, if relevent im from the UK.

Whilst going on a nostalgia trip me and two friends were playing Call Of Duty MW2 on Steam when my PC was remotely accessed. The game features a chat element where players can type to eachother and using this feature someone was typing under my username. It went as follows;

(Kiwi A = myself. Kiwi B = not me.)

kiwi B : *racist remark

kiwi A : "I didnt type that?"

kiwi B : "nah bro thats because i did, im in your computer do you like hentai?"

Now at first I didn't take this seriously, until my game closed on its own and my mouse was moving on its own. Then, whoever was controlling my mouse starting opening tabs but before they could even load I killed the power. I isolated myself from my networe and then booted back up, running a malwarebytes scan. nothing was found. My next actins was to contact my ISP. after explaing the situation over the phone they recommeded unplugging my router for a few hours as this would cause the exchange to "forget" my router and therefore assign me a new i.p address. Finally, i have carried out an FRST scan.  I apologise if im posting this in the wrong place and thank you for your time.

1st scan.txt FRST.txt Addition.txt

[kevinf80]

Hello Kiwi109 and welcome to Malwarebytes, I do not see any obvious Malware or Infection in your logs. Lets run an indepth scan to double check your system... Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Thanks, Kevin..

[Kiwi109]

Hello Kevin,

Thank you for taking the time to help me. I will carry out the actions you advised when I get home from work.

Thanks,

K109

[kevinf80]

Thanks for the update....

[Kiwi109]

Update.

Carried out the Sophos scan and it hasn't found any threats although i couldnt find a way of linking any report here.

On a seperate note,  I discovered the web address that they made an attempt to visit when this occured. i havent foloowed it as im unsure of whats on the other side.

Thanks again,

K109

[kevinf80]

Can you post the web address..

[Kiwi109]

sure,

https://www.bing.com/search?q=FGHYT453R2EW1QSaz|Xvbft432eqw1AS\ZXCDVFBGT45321QFB453T21QXz\&form=WNSGPH&qs=SW&cvid=eec7d297b176461d8e870e68367cccbe&pq=FGHYT453R2EW1QSaz|Xvbft432eqw1AS\ZXCDVFBGT45321QFB453T21QXz\&cc=GB&setlang=en-GB&nclid=1705D33793C69467F7C83EA532397FD6&ts=1566328932409&wsso=Moderate

 

[kevinf80]

VirusTotal gives that URL clean status..

https://www.virustotal.com/gui/url/19602affa6d9638f7119bebad2808f4bf3dadd587912b2622fa0d896a5f56de7/detection

Do you use and trust the following Gaijin.Net Agent is some kind of auto updater for War Thunder game, seems to be classed as suspicious at several sites I search with Google.

[Kiwi109]

Thank you for checking that.

Yes I do , I have warthunder installed and auto updates on so thats ok.

Im not sure where to go from here however, given the results of the scans and the actions ive taken such as changing passwords and email addresses im feeling satisfied that im clear, but you can never be too careful. 

If there is anything else you advise ill happily carry it out.

I really appreciate the time youve spent here helping me. Thanks,

K109

 

[kevinf80]

Although all of the scans we have done do not indicate any possible Malware or Infection it is still a concern how you appear to have been hacked. I would like you to reset your router and change DNS settings as one last precaution...

Reset your router, instructons available at the following link: http://setuprouter.com/networking/how-to-reset-your-router/ Follow those instructions very carefully. Next, Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary. Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper   Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run. rom the left hand pane select "Flush DNS" From the main interface select the dropdown under "Choose a DNS Server" From the list select either "Google Public DNS" or "Open DNS" From the left hand pane select "Apply DNS" When done re-boot your system.... Let me know your thoughts on completion, also if you have any remaining concerns..

 

[Kiwi109]

hi and sorry for the lack of update.

I carried out what you suggested last night and went then went to bed forgetting to post an update.

everrything seems to be running as normal after the reset and dns jump. My only final question is will the new dns evr need to be changed again?

youve been really helpful through all of this an i couldnt appriciate it more, thankyou again.

K109

[kevinf80]

Hello Kiwi109,

Thanks for the update on system status. Regarding DNS settings, really up to you, change them anytime you want, or just leave as is.. The only time to make changes is when needed.

If all ok we can clean up....

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\kiera\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

 

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks