Jump to content

Recommended Posts

Hi,

 

my computer is hacked.
This is what I had noticed:
--

Roboform :
I have to login again while i was already logged in.
Malwarebytes: 
not activated
Mouse moves on it's own
and looks at different icons on screen
Paypal:
Wrong login. login again
Youtube:
made a post and got 4 to 5 post of the same instead of one.

Are this not the the signs that I'm jacked
 

Share this post


Link to post
Share on other sites

Hi,

Is the mouse one that is wireless ?   if so, did you check the battery ?

Have you done a scan with Malwarebytes for Windows ?   if not, then do so ?

Have you scanned with a antivirus ?

Hacking / jacking is something easy to assert.   However, good security tools need to be used and the results reviewed,

IF the machne is really truly  badly compromised, then perhaps you want to think about backing up your personal information, files & documents, and then 

wiping / erasing this drive and rebuilding Windows from scratch AND re-installing and building your apps from scratch.

.

IF you want one-to-one help to scan this system for potential malware, then see and do as listed here 

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

Share this post


Link to post
Share on other sites

Hi , 
the mouse is a USB mouse.

I have scanned with MB .(clean:)

scanned with mcaffee
scanned with 360 Total security
 
The mouse is definitely under external control 
Shall I follow the link you sent me/
Thanks

Share this post


Link to post
Share on other sites

See about switching from the wireless mouse to one that is corded.   I do think the mouse thing is a hardware or mouse driver issue.   Not one of being "possessed".

Tell me, where did this "Fixlog" come from?  Are you getting help elsewhere ?  or are you doing things on your own ?

.

This pc has Malwarebytes for Windows version 3.8.3.   I would like for it to have the much newer version 4.0.4

Please try uninstalling and reinstalling Malwarebytes for Windows using the Malwarebytes Support tool. 

Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install.

Let me know if this run clears up the issue or not.

Share this post


Link to post
Share on other sites

 That's what I said in my response.
I downloaded the farbar program Then opened it to run and at once there was a message that said 'Done' Fixlog created and showed me the frst. txt..(which i named -fake).
All that on it's own doing 
I have not done anything myself. This fixlog was suddnely there.
Then i opened farbar again and now ran it and that generated the frst.txt and the Addition.txt files.

My mouse is not wireless., but a usb mouse which is corded. 

Share this post


Link to post
Share on other sites

Tried to install the tool but i have to login as administrator. 
3 or 4 days ago i had to change my password which I did, and now the password isn't recognised.
Also the old one doesn't work.
I can't install the tool.
And I am sure it's the correct password, I wrote it down a paper.



 

Share this post


Link to post
Share on other sites

Lets go slow & careful & do this special run one time.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
  
 

Share this post


Link to post
Share on other sites

Hi,

Yes , tried this as well. But I can't install it because it wants me to login as administrator.
And it says the password is not correct. I can't go any further.

Share this post


Link to post
Share on other sites

The MBAR does not "install".  It is a standalone executable program.   It does not ask for a "password".

If the download was saved,  you should try restarting the machine into SAFE mode and try to run MBAR from in Safe mode.

This article is a how-to on how to get to safe mode for Windows 10

· Windows 10: http://windows.microsoft.com/en-gb/windows-10/start-your-pc-in-safe-mode

 

Share this post


Link to post
Share on other sites

I'd done exactly what you've said. 
enable safemode. ( How can i see that i am in safe mode?)

Only the bakcground was different and no internet connection.
So that's safe mode?

But it doesn't matter. 
I still had to login to my user acc. and also when I tried to run the Mbar program.
It wants a password.
 

Share this post


Link to post
Share on other sites

I regret all the trouble you are having.

I noticed that you had had a case December of 2018.  And I believe a Fixlist.txt file was provided.  To prevent any potential mis-step, I would like you to look at your system, looking for FIXLIST.txt   and if found, lets go ahead and delete it.

I do have a new FIXLIST.txt attached with this reply.  It is intended for use with the very special procedure below.

For your information, Safe mode does not have internet connection.  When in Safe mode, you ought to have seen text saying "Safe mode" on the screen corners at the time of login.

.

The reason you had run into access rights/administrator prompts IS that the account you picked to login and work with is a LIMITED rights account.

You truly, honestly need to login into Windows with the account " newadmin:.   Lets please be sure to do that.   Do a logout of current one & log in with newadmin.

IF you happen to find that not possible, go ahead and do what follows in any event.

 

 

Now, I would like for you to do a very special procedure.  Please do this when you have very quiet time.

The infection on this machine has locked a number of folders.   No doubt that is at the heart of the current problems.

 

Please do the following:

The next part of the process involves using a different computer to download a file and transferring that file onto a USB drive.

 

please save FRST64.exe and the attached FIXLIST.txt  to a USB stick, then we'll use that on the infected PC once it is booted into the Recovery Environment of Windows

Download FRST64.exe from the following  link > save to a USB
Download link for 64-Bit Version Windows



The instructions appear to be intimidating, but if you work through the steps you will be able to do it.

Select the Windows key and X key together, from the xmenu select Command Prompt (Admin)

At the prompt either type or copy/paste the following commands, select enter after each command:

bcdedit.exe /set {bootmgr} displaybootmenu yes
bcdedit.exe /set {default} recoveryenabled yes
Exit

Now we need to boot to the recovery environment and remove the infection from there:

IF you cant do this last part,  KEEP going down this list in any event.   Do all that follows below.

NEXT

(Note: do not insert the USB into the infected PC until you are successfully booted to the recovery Environment.

Boot to the Recovery Console's Command prompt in the infected computer. (this is not the same as safe mode)

To enter the Recovery Environment 

1. Right click the windows logo lower left corner of your screen > choose Command Prompt (Admin)
2. Type the command below, and press Enter.
shutdown /r /o /f /t 00
The PC will now boot to the recovery options
Click Troubleshooting and then Advanced options to bring up the repair options.

Now click on command Prompt

choose your account to continue and enter the password to log into the account (if you use one.)

Insert the USB drive containing FRST64.exe and the Fixlist.txt

At the command prompt > type in notepad and press enter 

when the notepad opens > Under File > select Open > Select "This PC" and find your flash drive letter and close the notepad.
Now back in the command window type e:\frst64.exe and press Enter 


Note: Replace letter with the drive letter of your flash drive.

The tool will start to run. Now, there are 2 procedures to do, both with FRST64
A ) press the Scan button. That will deactivate the rootkit.

B } once the scan is finished, now press the Fix button.

These actions will make two logs, a Fixlog.txt and a FRST.txt log in the flash drive.Please attach those once booted back to normal mode.

If you have trouble getting into the recovery environment with these instructions, try the following batch file:

Please download boot_into_RE.bat using this link  .

Open your Downloads folder.
Right-click boot_into_RE_2.bat and select Run as administrator to run the file.
Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.

 

A black Command Prompt window will appear.
When prompted to consent, type Y and press Enter on your keyboard. Repeat again when prompted.
Your computer will automatically boot into the Recovery Environment.


Once in the Recovery Environment, click Troubleshoot.
Click Advanced Options followed by Command Prompt.
Select your account and enter your password if you have one.

Now inset the USB stick where the FRST64 program is saved.

Follow the remaining instructions above.

Regards.

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Good morning.  I have sent you a PM about the Windows login-accounts.   Please be sure to see that.

Share this post


Link to post
Share on other sites

Not to overwhelm you, but rather to help further.   Beyond the PM  and the previous replies above....

Could you please take some time out  and study this online video about how to "unlock" a folder

https://www.youtube.com/watch?v=NfpSUN39sFM

 

Apply that set of tips to the folder C:\Users\newadmin

You need to have that folder unlocked.

Share this post


Link to post
Share on other sites

Hello.

Are you at all able to click the  Advanced button  ?   Give that a good try

 

.

 

Share this post


Link to post
Share on other sites

I am referring to the actuality on your machine.  

and if that is a no go, then before we do anything else, I honestly wanted you to do as I outlined at this post

https://forums.malwarebytes.com/topic/256505-hacked-reports/?do=findComment&comment=1361811

 

It is worth it to give it a go.   It will not take a whole lot of time.

Share this post


Link to post
Share on other sites
On 2/11/2020 at 6:03 AM, Maurice Naggar said:

For your information, Safe mode does not have internet connection.  When in Safe mode, you ought to have seen text saying "Safe mode" on the screen corners at the time of login.

I had tried this part and the reason I asked was because after selecting "enable safe mode' the pc restarted but there was no sign of being in safe mode.
I'm familiar with that , but it wasn't there. Even after the reboot I had to login again and could only login with the 'Act" account.
Continuing with this part was not possible.

 

On 2/11/2020 at 6:03 AM, Maurice Naggar said:

The reason you had run into access rights/administrator prompts IS that the account you picked to login and work with is a LIMITED rights account.

You truly, honestly need to login into Windows with the account " newadmin:.   Lets please be sure to do that.   Do a logout of current one & log in with newadmin.

IF you happen to find that not possible, go ahead and do what follows in any event.

There is no 'newadmin' choice . 
I'm going to try to make a video with my camera, and get back to you.
Of course i have tried the dirst parts of the instructions.


 

Share this post


Link to post
Share on other sites

Before starting on this next part, Find all your personal files, documents, images, videos etc  and COPY them to a clean USB-thumb-flash drive.

Then saved that away.

 

This plan is to essentially rebuild the whole operating system.

You will need a separate USB-thumb drive   ( a new one / different from the one where you saved your parents files).

It needs to be at least 4 GB in storage capacity.

The Media Creation tool will be used to make a Windows 10 installation  media source.  The stuff will come from Microsoft.

Afterwards, you will set the BIOS on this system to be set to boot from USB.

You would then reboot  the machine  once after you have that built-up USB inserted.

You would then follow a set of directions.

.

1   Get a new USB   and make the "Media Creation tool".

The link for this tool is at the page cited below.

You will pick 'Create installation media for another pc"

Next, you will select "USB flash drive "

When completed, and the run was good,  the USB  will have all that is needed to do a clean new fresh setup of Windows 10.

Keep that USB safe.

This link ( the top of it ) is a good guide  https://www.thewindowsclub.com/windows-10-media-creation-tool-create-installation-media-upgrade

 

One other note by the way, do not start the actual new-install process until you are well rested and have a block of quiet time.

Share this post


Link to post
Share on other sites

Looking ahead, after you have the Windows 10 rebuilt,  It should be made clear that Windows 10 has a very strong & good antivirus named Windows Defender.

For sure do NOT install 360 Total a/v.   It causes issues with Malwarebytes.

The Windows Defender is the only antivirus needed.   Unless you already have a paid-for subscription like Eset.

Also, BACKUP is your best friend.    I will have more tips, later.

Share this post


Link to post
Share on other sites

Hi.   I hope you are doing well.

These are added tips for your benefit, before I close out this case.

Backup is your best friend.   Do regular periodic backups of your system to offline media.

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.