Jump to content

People commented on what I'm doing when on social media. They can see me.


Recommended Posts

Hi,

Could I please get some help. I've had this issue for a few years. I think my bios is infected with a type of spying software. When I try to force a bios upd. It refuses to update. I need help to identify the infection so it can be removed & so I can identify if it reinfects my system from backups. I did have someone disable it once but I didn't act fast enough before another person connected remotely & reactivated the software. I have people that can track everything I do online & I can't remember when my life belonged to me. It's not a fair fight when people can watch everything a person does by remotely accessing a computer.  I've don a spybot rootkit scan & run the MWBs support tool. 

Thanks for your time & consideration.

Phill

mbst-grab-results.zip

Link to post
Share on other sites

@Digio First install a proper, updated version of Malwarebytes.  https://downloads.malwarebytes.com/file/mb4_offline

Next,

Something either blocked the download of FRST (part of the support tool) or you may have some type of issue with your networking setup.

Please manually download and run the tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Edited by Porthos
Link to post
Share on other sites

Hi,

I'm presumed that turning all filtering off in MWB Firewall (latest version) is like turning off the windows firewall, because if I stop the MWB Firewall app, the windows firewall won't turn off.

I disabled the windows virus protection

Created a custom firewall OUT rule for MBWSetup.exe on port 443 using TCP to address ark.mwbsys.com or 54.85.98.136 in the MBWs Firewall >Didn't work.

I created an IN rule with the same info. in the MWBs Firewall using TCP on port 443. >Didn't work.

I turned wifi off, kept the vscanner & the MWBs Firewall off & tried the offline installer. Each & every time I try to install MWBs app. it stalls at 12%.

I uninstalled the VPN I was using >No joy.

I would be beneficial if I could identify this infection, so I know whether or not a fresh install is infected.

What's the best time to try & contact you on the forum?

Thanks for your time & consideration.

Phill

Link to post
Share on other sites

  • Root Admin

Hello @Digio

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @Digio

Please run the following

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites

  • Root Admin

That scan found no issues.

Please run the following scanner, but RESTART the computer first.

 

 

Please run the following ESET Online Scanner and perform a Full Scan

 

Click the following link to save the installer for ESET Online Scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started. 
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Please attach the ESET scan log you saved at the end to your next reply

 

Link to post
Share on other sites

Hi, 

Prior to seeing your instructions I ran MalWarebytes Anti-Exploit Beta & it reported:

C:\PApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe               infected with  Spyware.stealer

I was able to see what was listed in quarantine when I restarted the app. There were nine files it wasn't able to clean.

The quarantined files were:

X:\Windows\SysWow64\hidcon64.exe

X:\Windows\SysWow64\hiderun.exe

X:\Windows\SysWow64\hidcon.exe         win32/hidcon    This was noted. (Possibly a 32bit instead of 64 bit app.?)

X:\Windows\system32\hidrun.exe

X:\Windows\system32\hidecon64.exe

X:\Windows\system32\hidcon.exe

C:\PApps\PortableApps\IObitUninstallerPortableable\App\Uninstaller\iush.exe    variant of IOUninstallerAQ

C:\PApps\PortableApps\IOBitUninstallerPortable\IObitUninstallerPortable.exe     variant of IOUninstallerAE

C:\PApps\PortableApps\IObitUninstallerPortable\feedback.exe                              variant of IOUninstallerAF

 

 

Link to post
Share on other sites

Hi, 

Since running the Malwarebytes Anti-Exploit Beta, I'm unable to boot the system from it's ssd & have been trying to repair the Windows installation. I ran SFC /scannow from Windows10 PE ver. 2004 x64, but no joy.

I can't believe how many things have gone wrong. Things like eset scanner not taking my email address to known working copies of Windows PE stalling after loading the boot.wim file. Mounted volumes that suddenly disappear. Being unable to write to a sd card after formating it. The mouse cursor disappears. Streaming video doesn't seem to buffer normally. There's 15gigs of ram on this damn thing! Every thing I try there's something unexpected & out of the ordinary occurs. I'm on a constant path working around obstacles that shouldn't be happening. I really would like to find a way to identify & remove this infection. If I can't the storage & hardware.is a source of reinfection. This is the second lap top I've purchased. The screen on the other one stopped working & I couldn't justify the cost of replacing it. Are you familiar with anything that infects the rundll32.exe? It's to the point that continually dealing with the problems isn't worth the time or the cost. 

Thanks for your time & consideration.

Phill 

Link to post
Share on other sites

  • Root Admin

Perhaps it's time to do a Clean install of Windows and be done with all of those issues

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

 

Link to post
Share on other sites

  • Root Admin

You as the user are the #1 to help keep the system safe. Practice good, safe, computing practices. Don't install risky software, don't install hacked, cracked, or any other type of pirated or stolen software, Etc.

I've been doing computing now for over thirty years and have never been infected except one time where I infected a production computer on purpose to test something.

 

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.