, and welcome to Bleeping Computer!
My name is bloopie
and I'll be helping you with your problems as best I can!
Are you using a firewall on this computer? A good incoming firewall solution will help you track the IP's that may try to gain access to your computer. Also, if you think you've been hacked, it might be a good idea to go to a known clean computer and change your passwords just in case.
Aside from that, I'd like to get some logs to see the state of your machine:
Please download Malwarebytes Anti-Malware
and save it to your desktop.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
- Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
- Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
- If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes when done.
-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
==========Step Now, I normally don't recommend using Super Anti Spyware, but as you mention you think he's using a cookie tracker...SAS will find and remove those cookies to make it more difficult in the future (if you really do have a hacker).
Please download SUPERAntiSpyware Free
and follow these instructions
for performing a scan.
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
- Be sure to update the definitions before scanning by selecting "Check for Updates".
If you encounter any problems while downloading the updates, manually download them from here.
- If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY) under Select Scan Type.
To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
- Click the View Scan Logs button at the bottom.
- This will open the Scanner Logs Window.
- Click on the log to highlight it and then click on View Selected Log to open it.
- Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions
for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
And finally, a rootkit scanner:
- Please download TDSSKiller from here and save it to your Desktop
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
- Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
- If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
- Click Start Scan and allow the scan process to run
- If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
***Do NOT select Delete!
- Click Continue
- Click Reboot computer
- Please zip the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and attach it to your reply
==========In your next reply, please include the following:
- The MBAM log
- The SAS log
- The TDSSKiller log