Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me determine if I have been hacked by spyware.


  • Please log in to reply
6 replies to this topic

#1 notalk

notalk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 27 March 2011 - 10:52 PM

I am running Windows XP, with all updates. I am running AVG Free 8.5 and Malwarebytes. I think a third party tried to download software on my computer. It is a laptop running on electricity (without the battery attached). I immediately unplugged the computer to instantly shut if off without turning off Windows. I noticed I am getting poor internet connection notices since. And, I went to log off while the computer hibernated. The computer asked if I wanted to shut down as another user was also using the computer.

Maybe I'm paranoid. But, I hope someone can help me. Thank you.

BC AdBot (Login to Remove)

 


#2 notalk

notalk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 27 March 2011 - 11:20 PM

Small update. I ran TCPView, as suggested in the How to Receive Help. I noticed while I was reading the log, some lines would highlight in red and then disappear. Don't know if that means anything or not. Thanks.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 AM

Posted 28 March 2011 - 08:49 AM

What are your reasons to think someone downloaded something to your computer?

#4 notalk

notalk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 28 March 2011 - 09:58 AM

While on the internet, I saw a window pop up saying a cleansing software was loading. That's when I unplugged the laptop. I disconnected the modem (using a Linksys wireless router for the laptop). I erased out all cookies, webpages, visiting history, etc., in case I hadn't stopped the malware. Then, I plugged in the modem, and downloaded Malwarebytes and AVG updates. Ran both for full scans, and both came up clean.

Then, after the laptop had been hibernating, I went to shut down and the "awakening" screen asked if I wanted to shut down because another user was on the computer. That's why I wonder if someone has hacked into my computer. I ran TCPView, as suggested in the How to Receive Help. I noticed while I was reading the log, some lines would highlight in red and then disappear.

I know I'm supposed to wait for instructions. But, I ran Rkill last night and nothing came up. Ran a full Malwarebytes scan afterward and nothing came up. But, this morning, I booted and ran Rkill again. Here's the log.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/28/2011 at 6:38:04.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE


Rkill completed on 03/28/2011 at 6:38:33.

I thin rapimgr.exe is part of MS ActiveSync, and I run a Windows phone. I haven't sync'd in at least a week. And, I don't know why Rkill caught it this morning, but not last night. Hope this helps. Thanks very much for your help with this. Anything else you want me to run and log? Thanks again.

Edited by notalk, 28 March 2011 - 10:03 AM.


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 AM

Posted 28 March 2011 - 01:33 PM

Yeah those are not problem entries. My guess is that you saw a web pop-up ad trying to push a crapware product on your computer.

#6 notalk

notalk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 28 March 2011 - 08:30 PM

Thank you. Is there a way to see if they were successful before I was able to unplug the computer? I'd hate to prepare my tax return knowing (its bad enough just thinking) all the data was available to a hacker.

Its the alert asking if I wanted to shut down because another user is on the computer that scares me.

#7 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 19 April 2011 - 01:46 PM

Hello notalk,

The message that popped up was notifying you that a user account was logged into the computer, and notifying you that it could result in the loss of work. You can easily see if there actually is another user logged into your computer by pressing CTRL + ALT + DEL together, or running taskmgr.exe. Then click the users tab, and you will see who is on the computer at that time.

Theres nothing to be worried about, maybe look into a pop-up blocker or ad-blocked to stop these crapads from appearing :)

Hope I was of assistance, take care!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users