Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

definitely hacked


  • Please log in to reply
1 reply to this topic

#1 Zhivago

Zhivago

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 05 May 2011 - 12:12 PM

Hi folks. I am NOT tech savvy in the least. My computer was hacked, my documents & favorites were deleted, some trojans/viruses were added (I have removed those). I got function back by going to "restore to an earlier date". Still no documents or favorites (funny thing though, when I went to re-add one of my favorite sites PC message said "already exists by that name, do you wish to overwrite?").

I know I was hacked because the hacker bragged. I have been going to a certain sports message board for 10 years. Returning there after the hack, I noticed on my profile that it said "hacked by team Anim (can't remember last word as I quickly changed it - and my password)".... under where it's supposed to list my location (city). Obviously they hacked my user account to be able to change that. I have never had my computer hacked (nor my sports board account). I thought I was safe with my McAffee + router.

I have run two full scans (Mcaffee & Spybot) so it's clean. But how do I keep the hacker from coming back, and are my documents/favorites gone for good?

Any help would be much appreciated.

Not sure if I did this right, but here's that tcpview:

***********************************************************************************************************************************

iexplore.exe 3812 UDP 127.0.0.1 1192 * *
iexplore.exe 1840 UDP 127.0.0.1 1123 * *
iexplore.exe 2516 UDP 127.0.0.1 1314 * * 7 7 7 7
iexplore.exe 788 UDP 127.0.0.1 1086 * *
jqs.exe 464 TCP 127.0.0.1 5152 0.0.0.0 0 LISTENING
Kodak Software Updater.exe 3628 UDP 0.0.0.0 9370 * *
LEXPPS.EXE 1968 TCP 0.0.0.0 1025 0.0.0.0 0 LISTENING
lsass.exe 1072 UDP 0.0.0.0 500 * *
lsass.exe 1072 UDP 0.0.0.0 4500 * *
McAfeeDataBackup.exe 2848 TCP 127.0.0.1 9000 0.0.0.0 0 LISTENING
McSvHost.exe 548 TCP 0.0.0.0 6646 0.0.0.0 0 LISTENING
McSvHost.exe 548 UDP 192.168.0.101 6646 * *
McUICnt.exe 3376 UDP 127.0.0.1 1069 * *
msimn.exe 856 UDP 127.0.0.1 1304 * *
svchost.exe 1336 TCP 0.0.0.0 135 0.0.0.0 0 LISTENING
svchost.exe 1504 UDP 127.0.0.1 123 * *
svchost.exe 1504 UDP 192.168.0.101 123 * *
svchost.exe 1600 UDP 127.0.0.1 1900 * *
svchost.exe 1600 UDP 192.168.0.101 1900 * *
System 4 TCP 0.0.0.0 445 0.0.0.0 0 LISTENING
System 4 TCP 192.168.0.101 139 0.0.0.0 0 LISTENING
System 4 UDP 192.168.0.101 137 * * 15 750 12 600
System 4 UDP 192.168.0.101 138 * * 4 723 4

*******************************************************************************************************************

Going offline for ~12 hours, thanks in advance folks!

- Zhivago

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:17 AM

Posted 09 May 2011 - 03:21 PM

Looks clean. My guess is the site was hacked and not you in particular.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users