Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I my computer may be hacked through Yahoo! Mail


  • Please log in to reply
15 replies to this topic

#1 tristenkw5

tristenkw5

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 31 October 2010 - 11:11 PM

Ok, long story short, I'm trying to find a girlfriend right now, and while I feel like I'm knowledgeable enough to stay safe, I think one may have slipped through the cracks.

A girl claiming to be from craigslist emailed me and said she was interested. She sent pics, the scan didn't pic up on anything, I downloaded them. They were all .jpg files, and I figured only .exe or other weird extensions would be viruses or the like. After sending pics back and forth, I wanted her to prove she was real, and send I wouldn't send anything else until she did. She then said "That's fine..." and attached was a photo I *think* came from my computer. I haven't been able to find the photo in question on my computer, so it may mean they TOOK IT from my computer somehow, or some other explanation may be to blame.

For now, I'm assuming very bad hack. This is alot worse, because I do my banking online. While I know they have secure servers, I had some credit card info saved in temporary files I think. So now, I'm on my roommate's computer, I took my hacked computer offline, I'm running AVG Anti-Virus, Malware Bytes, and Spybot all at the same time, I deleted all my internet files (I pretty much only use chrome), and I obviously deleted all files related to the incident.

I found out after how easy it is to get someone's IP from a Yahoo email, so I saved one of the emails in case I want to trace back to the person doing this.

So, where you nice, nice people come in. I want to be able to confirm whether or not I've really been hacked, and if so, how far I need to go to get unhacked. My laptop is running Windows 7 Ultimate.

Edited by tristenkw5, 31 October 2010 - 11:13 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 31 October 2010 - 11:14 PM

If you send email from yahoo all that shows up is the yahoo IP address not yours.

Can you post the headers from the email that you saved along with the logs of the scans you ran?

#3 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 31 October 2010 - 11:20 PM

Here's the header:

From stacy anderson Mon Nov  1 02:53:29 2010
X-Apparently-To: tristenkw5@yahoo.com via 68.142.201.108; Sun, 31 Oct 2010 19:53:31 -0700
Return-Path: <stacy.anderson92@gmail.com>
Received-SPF: pass (mta1008.mail.sk1.yahoo.com: domain of stacy.anderson92@gmail.com designates 209.85.161.49 as permitted sender)
 IFdpbHNvbiA8dHJpc3Rlbmt3NUB5YWhvby5jb20.IHdyb3RlOgoKSSdtIG5vdCB0cnlpbmcgYm9zcyB5
 b3VyIGFyb3VuZCwgYnV0IHlvdSd2ZSBiZWVuIHRlbGxpbmcgbWUgdG8gZG8gd2hhdGV2ZXIgeW91IHdh
 bnRlZCB0aGlzIHdob2xlIHRpbWUsIGFuZCBJIG5ldmVyIGFza2VkIGZvciBtdWNoLiBJIGRpZG4ndCB0
 aGluayBpdCB3YXMgdGhhdCBoYXJkIAEwAQEBATEuanBnA2ltYWdlL2pwZWcDAzUy
X-YMailISG: kPlTb40cZAq8o.IUAwA4qtxQF_dNYaTrUx.gZkuTiNzEm3gt
 Gy58fOAMrGh7y8NHlxBjCgt3BxEGKfJ5YjSUwVNQtMD73AfQxF7_RiZ0YUgE
 0Sn0nLxdvlY923k.qYLvRrhZYHIoi9n01g6EvTwq0Mzl1PkPwNt8.Ft7z0Ap
 yhOMtrsCZc0_qJJjE21NgatLKAA4Q1kQYx09zBJPq8Jv1LQuwyWdPjwHuwt1
 wETsQa8HXrb9YimXuWIxUyY18ROZOWYYYn3tzlS_5lU2GRji4Q5TlewLu0li
 nK2CRwFli9xJJBEP.AlxQrYkty499kXDwZAbdzkVOSTtHwWXEzjNXF0Zonj0
 nYVoh7rngIUwcHvw6lj0QNAZOcw_sRPO4Pvm9ZdsBfRNIXtQ_Dv9v1nE0civ
 W4UsztYwkVolv6X0vqXrLFCECA168HnkQfYcBiQofdvHNskUNqyVP7B5fLqn
 s6e6sxPIbwvSOyuYYCsynnU3zdvhrwjslMWXcH2YppUdujgogr9xvdS8AyRH
 g.lFCiJUuzXm0EgrTuSjT3Ci5p_.jqhyn0_b..URko9okQZKbX0lM3YOXySG
 wzD0XA6TH04plf8lib.tLmEADDDZqUrzXdWAHE3KGTvpWZsCLUC0Vj0exOnf
 VGZ1trzi7ljTv4PWe7renXdv3_EOQGi7m4Fb7Mwm7hBXtOAebH8tk9D3qF7s
 ev5x5_zG9M8qV8abdtf35YPxlPVLa__ly7zFFh3hF6I9jDqiOlfmvhvpYS_j
 c9wrCP7uYGKH6YC4Y3JbpOi96Q_lvzN8sXblyc0cdqMFu_7gByeoYJaBA1VF
 6k9R4rOeBbRDEBFz5VaLqoTXcIAFoBMag7smWV6KmQzNb8rGxATQqMldyEv.
 oFW2XgceffHcPjHf4hiKopuchsqKNcMe.IuN6LzoSG.vI5Xz6pfCcbrPVbyX
 .oyejZSy1gnCvvrmgyT9ssK.sFYbVc1IeFG7vJOcirmw3Mq8CFMQkE1tGQx0
 OKNDd2UQRsTy1o7bWv0YVvgBKgtW00UWis3IDjHbIXp6TeGZJ6EaX3sjWY78
 KD06AEPtDFfNfQoB12ZFIPSVaMERj.kKkERyCixAlhVvjHJE3LwJEDf_m695
 MmCzpFlQdqtIeEKcYdFFKIUpT1c.pBbMoCEdN9oEHNon5Dxt8jHHcWlzujhO
 LBUd1KA.DrwPsOfQ.Moe3rnNvv_fLXl4MKc_zM4apLhAtCOiKnj8D89TKiqg
 PUj7H07NxLw15Qu3Zpf8lRv7YcNjEeOFnzVc_oSldHdxCpCWzJOFyybXe.42
 OW39qemHA2LAxPKQCrZohPn.2LOP
X-Originating-IP: [209.85.161.49]
Authentication-Results: mta1008.mail.sk1.yahoo.com  from=gmail.com; domainkeys=pass (ok);  from=gmail.com; dkim=pass (ok)
Received: from 127.0.0.1  (EHLO mail-fx0-f49.google.com) (209.85.161.49)
  by mta1008.mail.sk1.yahoo.com with SMTP; Sun, 31 Oct 2010 19:53:31 -0700
Received: by mail-fx0-f49.google.com with SMTP id 11so3629002fxm.36
        for <tristenkw5@yahoo.com>; Sun, 31 Oct 2010 19:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:in-reply-to
         :references:date:message-id:subject:from:to:content-type;
        bh=qVhE4MxaGiLW+cQcLZ/wpoFNYwA6lRlGMg1Dq1dqdGs=;
        b=SowMzvJiZmIgvb0uf/bKpZX0ZxUq77Q4JZHULP5q2ZKIQqZXsZNagCJMriWqGAJCDs
         FGT5NE+q4iImIHz733zOB/kExO64q/00dEkMsuTObXVD/54/aaiixi/HEBt5Eu1Cvbdb
         SLtHiGuxHYeCedMd+FZySkqAA7RWy8F1g9owE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=EBPbRHHoW0qxbrW81ADuE3HrJTFhSft4llq3RaB/6g6pAj4acgnUXSBG5RtQz43FPX
         pVw2PVVshbWkQk7EkYHLME5F57RtNb6Phh48L37Di+3uuk5r1kZIEA03hChxRdH6nwHH
         dEhCmOFN3oedYDnBMVkqpPxGogDHlapraFh94=
MIME-Version: 1.0
Received: by 10.223.79.72 with SMTP id o8mr2309542fak.83.1288580009292; Sun,
 31 Oct 2010 19:53:29 -0700 (PDT)
Received: by 10.223.105.147 with HTTP; Sun, 31 Oct 2010 19:53:29 -0700 (PDT)
In-Reply-To: <594092.49325.qm@web80202.mail.mud.yahoo.com>
References: <AANLkTimN23UVpKgoKBMfK0A-8dw2VLP_2T0wOHmntPU3@mail.gmail.com>
	<2476.62236.qm@web80201.mail.mud.yahoo.com>
	<AANLkTin+9KHpZHZmA3_jYVOz5YqWfx4Xc4MmetBhxMnB@mail.gmail.com>
	<172032.3675.qm@web80207.mail.mud.yahoo.com>
	<AANLkTimBi8-0-VBbS3exJ6cNbFqGAKB23skeRDiz+C4X@mail.gmail.com>
	<903828.77979.qm@web80206.mail.mud.yahoo.com>
	<AANLkTinPXHrZ+ipBJgyNuWVaxtuqkriz8-hMV7EXOQ88@mail.gmail.com>
	<807297.35615.qm@web80202.mail.mud.yahoo.com>
	<AANLkTim7hCUaj5ih596ydXWQ5PxbBJyOMU58Q10hWsH=@mail.gmail.com>
	<711533.86852.qm@web80204.mail.mud.yahoo.com>
	<AANLkTin4ybRre=M49hKSfoxhAP-o1TsmGkKYWcqqXn-9@mail.gmail.com>
	<709210.49342.qm@web80202.mail.mud.yahoo.com>
	<AANLkTikizFy4eT7AFQhp+nkYjnN0vmPmw_wM6k3=tKCX@mail.gmail.com>
	<880259.55322.qm@web80202.mail.mud.yahoo.com>
	<AANLkTi=qqna85a8Q7T5vqdCJbwU4uMgAbE7bE7LKZXRE@mail.gmail.com>
	<594092.49325.qm@web80202.mail.mud.yahoo.com>
Date: Sun, 31 Oct 2010 21:53:29 -0500
Message-ID: <AANLkTimJBkNFigVZiYm8ezbKeW6SovyoKTzEW=qMCoFE@mail.gmail.com>
Subject: Re: craigslist
From: stacy anderson <stacy.anderson92@gmail.com>
To: Keith Wilson <tristenkw5@yahoo.com>
Content-Type: multipart/mixed; boundary=20cf3054a6b9b7f38a0493f4e904
Content-Length: 74254

As for the logs, most of the scans are still running. Spybot is the only one that finished, but it seems to have not found anything. I can still get the log if you want though, just tell me how.

#4 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 31 October 2010 - 11:20 PM

Sorry, accidental double post. I can't find a delete post button though.

Edited by tristenkw5, 31 October 2010 - 11:22 PM.


#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 31 October 2010 - 11:28 PM

Only IP's listed are those of Gmail and Yahoo nothing about the persons IP address there.

#6 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 31 October 2010 - 11:34 PM

Alright, is there any other way he/she could've gotten access to my PC? Like I said, all the files were seemingly .jpg, and I never even OPENED any of them actually. I previewed them in yahoo, then downloaded and used the preview bar in Windows Explorer to view them. But I never actually double clicked on any of them.

P.S. AVG came back clean too.

Edited by tristenkw5, 31 October 2010 - 11:35 PM.


#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 01 November 2010 - 12:31 AM

What operating system do you have?

#8 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 01 November 2010 - 12:40 AM

Windows 7 Ultimate. I use wireless internet, fyi.

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 01 November 2010 - 11:20 AM

Well you could have downloaded an executable that was using a hidden file extension something like this: picture.jpg.exe you may want to show all extensions of known file types via Folder Options in Control Panel and View.

#10 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 01 November 2010 - 12:19 PM

Ok, Malware Bytes came back clean btw, and I set the option you mentioned. Except I'd have to download the attachments again to actually see if they have the hidden file type wouldn't I? Wouldn't that be risky? Also, like I mentioned, if I didn't double click on the possible .jpg.exe, could it still open? Or does the preview pane actually open it automatically?

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 01 November 2010 - 12:46 PM

It could still open as you viewed them from yahoo.

#12 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 01 November 2010 - 12:54 PM

So, to confirm I could have been hacked, go ahead and download the files, check for the extension, then delete permanently?

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 01 November 2010 - 01:22 PM

Dont download anything from anyone you do not know.

#14 tristenkw5

tristenkw5
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 01 November 2010 - 01:54 PM

That's....great...yeah, lesson learned. But I still don't know if I was hacked, or am still currently hacked. I really don't want to do transactions not knowing if my computer is secure, but I need to to pay bills.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:08 AM

Posted 01 November 2010 - 02:00 PM

If you want a more through analysis of your computer then do the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users