Jump to content

I think my laptop might’ve been hacked


Recommended Posts

Something weird happened that I’ve never seen before. I had my notepad application open with a specific text in the background or it just wasn’t displayed on the screen while I was on the internet browser. Out of nowhere it just pops up in front of my browser on the screen. I click it’s icon on the bottom of the screen so that it’s not showing and a little while later it did the same thing. Honestly this made me super cautions because it was so abnormal and I started thinking what if someone hacked it because basically I bought some discord tokens from someone and so they gave me the script along with the tokens. I went to discord login on my browser and in dev tools I ran it in console. Multiple tokens, all logged in, all successful. Just that while I was logged in to the discord as I mentioned all of a sudden the notepad tab that I had running but not open (that notepad file has the token login script.) popped up in front of my browser. I was like wth?? I hid it and a little while later it pops up again without me clicking the notepad icon. I’m just so cautious as in dev tools while on the discord login page before you input anything, a script shows up that says something like “don’t put anything here as it can give hackers an entry point to attack. . . If you were told to paste anything here 11/10 you have been scammed” and the like. I know to a certain degree the devs who wrote that are probably just messing around a bit but I’m cautions as I’ve never seen that before and given the circumstances I’d rather be safe than sorry. I really need advice and help, please. I’m running a scan using malwarebytes as I type this. 

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

Hello @Mauna

Could just be how the focus windows call was happening. Please go ahead and run the following though and we'll see if we can find anything.

 

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

Thank you for  all your help, I really appreciate it.

I've attached the log of the custom scan I started while I was typing out my original post(titled as "Mb custom scan 1."), along with the standard scan.

I've also attached the Adw scan and clean logs. FRST.txt and Addition.txt are atached as well.

Again, I thank you greatly.

Mb custom scan 1..txt standard scan.txt AdwCleaner[S00] Scan.txt AdwCleaner[C00] Clean.txt standard scan.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Thank you.

It's quite late for me. I'll check back on you tomorrow, but please go ahead and run the following

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

 

Link to post
Share on other sites

21 hours ago, AdvancedSetup said:

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

I'm not sure where to find the MSERT.log. i checked in debug i did not find it. I'm not sure if i'm searching properly.

Link to post
Share on other sites

  • Root Admin

Please temporarily exit out of Malwarebytes and run the following

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

When you said

37 minutes ago, AdvancedSetup said:

Please temporarily exit out of Malwarebytes and run the following

Whn you mentioned this did you mean to turn off the real time threat protection? i downloaded Securitycheck and ran it as admin but my laptop told me it failed citing that i may not have proper permission or authority to do that. At the same time malwrebytes informed me that it quarantined Securitycheck.exe. it identified it as malware.

Link to post
Share on other sites

  • Root Admin

If you exit out of Malwarebytes it cannot detect anything. It would not be running to detect it.

Let me get the logs from Malwarebytes for Protection it will show if it's removing it or not

 

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

 

Link to post
Share on other sites

  • Root Admin

That is a False Positive. Our Research Team will remove that detection here shortly.

It is currently 19:49 UTC please wait a couple hours and then update Malwarebytes and then EXIT out of Malwarebytes and download and run the program again.

https://www.timeanddate.com/worldclock/timezone/utc

 

Link to post
Share on other sites

  • Root Admin

Please uninstall, update, or otherwise address the following as appropriate for your system.

 


---------------------- [ AntiVirusFirewallInstall ] -----------------------

McAfee LiveSafe v.14.0.12000 Warning! Download Update


--------------------------- [ OtherUtilities ] ----------------------------


Evernote v. 5.8.6 v.5.8.6.7519 Warning! Download Update


------------------------------- [ Backup ] --------------------------------

Dropbox 25 GB v.1.0.8.2 Warning! Download Update


-------------------------- [ IMAndCollaborate ] ---------------------------

Discord v.1.0.9003 Warning! Download Update

Zoom v.5.9.1 (2581) Warning! Download Update

 

-------------------------------- [ Media ] --------------------------------

iTunes v.12.12.2.2 Warning! Download Update
^Please use Apple Software Update tool.^

Audacity 2.1.2 v.2.1.2 Warning! Download Update


--------------------------- [ AdobeProduction ] ---------------------------

Adobe Shockwave Player 12.1 v.12.1.7.157 Warning! This software is no longer supported. Please uninstall it.

swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it. It has a setting in the Registry to prevent it from being shown int he Add/Remove

 

---------------------------- [ UnwantedApps ] -----------------------------

Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.

Harver System Checker 1.4.2 v.1.4.2 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!

 

 

Once that has been completed, restart the computer one more time. The click on Start and type in "Check for updates" and allow Windows to scan for and install any updates found.

 

Keep me posted on how that all goes and I'll check back on you again sometime tomorrow

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.