|
Phantom Logger
|
|
Member
|
29. November 2007 @ 03:01 |
Link to this message
|
|
Hey
Today when I got home from school my mum asked did you somehow log into the computer. I answered no and asked why she then said. She was listening to the radio and then it just cut out when she wen to check my account was logged on and under her name there were 30 programs running. She then turned off the computer. Now I'm worried that we have been hacked and that it might happen again. Could someone please explain whats happening.
Thank you
Max
|
|
Advertisement
|
|
|
|
Member
|
29. November 2007 @ 06:11 |
Link to this message
|
Quote:
we have been hacked
nobody can hack a computer without some "inside" help already on it.
updated on windows patches? you have updated Antivirus, anti-malware apps? i suggest a online scan or a second anti-malware app and a hjt log.
people have a habit of not replying back in this forum , so let me know if you want to proceed.
echoreply
|
Member
|
29. November 2007 @ 06:39 |
Link to this message
|
I downloaded Spybot 1.5 today and scanned my comp. It found 9 things. 3 of them were security settings changed, One said that my firewall ports were opened. So I'm worried that my computer is vulnerable. So any help I can get will be greatly appreciated. By the way I have Norton antivirus 2005.
Thank you
Max
|
Member
|
29. November 2007 @ 17:18 |
Link to this message
|
ok, post a hjt log to help see whats going on:
Download HiJackThis log - Trend Micro HijackThis 2.0.2
http://www.trendsecure.com/portal/en-US/.../HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log in next reply.
|
Member
|
30. November 2007 @ 02:35 |
Link to this message
|
Hey heres my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:07 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINNT\vVX3000.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\LUKA\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1173487526953
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6359 bytes
Today I got another problem. When i turned on the computer my Norton Anti-Virus was turned off and in the bottom right of my screen where the mute and everything is there was a SpyBot icon and when I ran my mouse over it it said there were 56271 processes blacklisted. Whats that mean ?
Thank you
Max
This message has been edited since posting. Last time this message was edited on 30. November 2007 @ 03:24
|
Member
|
30. November 2007 @ 06:11 |
Link to this message
|
hi,
thanks for the info. hjt log looks ok as far as malware goes. that spybot icon in the tray is part of spybots real time protection running in the background (tea timer) right click on it for more info or check the help file from the main spybot window.
not sure why your norton would be "turned off" its up to date?
oks it looking on your end now??
echoreply
|
Member
|
30. November 2007 @ 06:35 |
Link to this message
|
|
Ok thank you a lot.
If anything else happens I'll let you know.
Thank you again
Max
|
Member
|
30. November 2007 @ 17:20 |
Link to this message
|
your welcome. if spybot and your av are coming up clean, good idea to make new restore points. like this:
One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore points)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore point on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
keep spybot and your av updated.
echoreply
|
Member
|
1. December 2007 @ 18:11 |
Link to this message
|
|
Hey
Since I'm very paranoid I re-installed Windows just to be safe. But now I have this process called MU_LLogin.exe but when I type it in googl no one nows what it is.Any ideas ?
Thank you
Max
|
Member
|
1. December 2007 @ 18:48 |
Link to this message
|
hi,
Quote:
this process called MU_LLogin.exe
dont't know, where/how are seeing this process?
echoreply
|
Member
|
1. December 2007 @ 20:04 |
Link to this message
|
|
It was in Task Manager Process tab, but now its gone and I have another problem lol. Before I re-installed Windows. I made a backup of all the documents using the backup tool. I backed it up into my Ipod. But now when I go to restore the documents and folders the icon of that backup file has changed to the icon when theres no program assigned to it and theres no back up tool at all. I'm on SP2 and I don't know what to do.
Thank you
Max
|
Member
|
2. December 2007 @ 08:24 |
Link to this message
|
|
hi,
cant help you with the backup/ipod issue. have never used windows backup feature nor a ipod.
as for malware; doing a reformat (not a reinstall)will wipe out any malware. you should also get anti-virus and anti-malware apps back on the computer as soon as possible and visit windows update.
echoreply
|
Member
|
4. December 2007 @ 03:01 |
Link to this message
|
|
Ok what I did is. I deleted the partition that was currently being used and made a new one and formatted it with FAT32 and then windows loaded some files and then I had to format that new partition again and then windows was installed but then I found out I was supposed to format it with NFTS so I converted it to NFTS using the cmd. Is that what I was supposed to do ?
Thank you
Max
|
Member
|
4. December 2007 @ 18:39 |
Link to this message
|
|
hi,
you have to boot from the original windows install cd or the recovery cd might work for a reformat, dont know-- i have never used a 'recovery cd'. you do want NFTS file system. i would pay a visit to your PC makers website and have a look around, most are very good at providing that kind of help. pull off what you want to keep first, as a reformat will wipe your hard drive.
echoreply
|
Member
|
6. December 2007 @ 03:38 |
Link to this message
|
|
Hey,
Yeah thats what I done. I deleted the partition and made a new one and then formatted it with FAT32 but later converted to NFTS. Thank you for all your help. I was just wondering. If its not too much trouble could you teach me how to read those Hijack this logs ?
Thank you again
Max Kreeger
|
Member
|
6. December 2007 @ 20:45 |
Link to this message
|
hi,
glad to see its all good now.
Quote:
how to read those Hijack this logs
really all a hjt log does is display certain info in a nice log. its info you can find yourself on a computer if you spent time looking and know where to look.
NOTE: hjt is not a stand-alone cleaning tool. It does not scan the entire system and only certain areas are scanned to help diagnose the presence of undetected malware in some places it might be hiding. never rely on hjt as a indication that your computer is clean without running updated antivirus and antimalware apps.
heres some websites that provide info on hjt items:
http://www.malwarehelp.org/understanding...eting-hjt2.html
the guy that developed hjt:
http://www.spywareinfo.com/~merijn/htlogtutorial.php
echoreply
|
|
Advertisement
|
|
|
Member
|
7. December 2007 @ 03:05 |
Link to this message
|
|
Thank you again. You have been great help.
Thank you again
Max Kreeger
|
