Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

week old laptop seems to have viruses already


  • Please log in to reply
9 replies to this topic

#1 norsebrah

norsebrah

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 September 2013 - 04:03 AM

Even after I tried to be super cautious and install my anti virus and malware bytes before it ever first connected to the internet. Now tho I believe I have some kind of backdoor and my laptop is allowing remote connections. Im pretty sure the NSA is after me for some reason, but I dunno for sure. 

 

What should I run to provide you with logs to see if my theories are correct?



BC AdBot (Login to Remove)

 


#2 norsebrah

norsebrah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 September 2013 - 04:10 AM

also is it common to have my HD broken up into so many peices like this?

 

loTV5Q8.png

 

(Im using the net in a linux live CD until I find out if my windows 8 is safe or not)


Edited by norsebrah, 04 September 2013 - 04:12 AM.


#3 buddy215

buddy215

  • Moderator
  • 13,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:29 PM

Posted 04 September 2013 - 11:10 AM

Some manufacturers do create several partitions on the hdd. If that is what you are referring to.

 

Use the three programs below.

 

  • download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • Download & SAVE to your Desktop RogueKiller Download

     

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

 

Scan your computer using Free ESET Online Antivirus Scanner

Allow it to remove whatever it finds. Post the log back here if it finds anything.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 cparky

cparky

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 04 September 2013 - 11:19 AM

You can disable remote connection on windows, you would know if someone was connecting in.  What makes you think you have a virus/malware?  What are the "symptoms?".   Set up your firewall so that only the connections you want are allowed i.e. outgoing http https.  Block all incoming connections simple.



#5 cparky

cparky

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 04 September 2013 - 11:21 AM

Check the event viewer in windows, that will show whats been happening.  



#6 norsebrah

norsebrah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 September 2013 - 11:27 AM

Check the event viewer in windows, that will show whats been happening.  

Ive done that and its one of the reasons why I think this laptop has been hacked. My house was completely taken over by hackers (all pcs on the network PLUS all our android devices!) a few weeks ago and the skills these hackers have leads me to believe its the government lol  

 

Anyway, this laptop has never been on that network (tho it has been within range of bluetooth which they seem to use to spread their garbage around) and I could be just very paranoid

 

Here's the log from the adwcleaner

# AdwCleaner v3.002 - Report created 04/09/2013 at 10:14:05
# Updated 01/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jeff - PC
# Running from : C:\Users\Jeff\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [586 octets] - [04/09/2013 10:14:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [645 octets] ##########
 

 

and the RougeKiller app wouldnt open on windows 8 even running as administrator and allowing it through smartscreen(which initially blocked it)

 

Thanks for your help thus far!



#7 norsebrah

norsebrah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 September 2013 - 11:39 AM

Here's one of the events (that are happening about every 2 mins) that have got me concerned

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/4/2013 10:30:59 AM
Event ID:      4672
Task Category: Special Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      pc
Description:
Special privileges assigned to new logon.
 
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
 
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4672</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12548</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2013-09-04T16:30:59.421099800Z" />
    <EventRecordID>5787</EventRecordID>
    <Correlation />
    <Execution ProcessID="912" ThreadID="928" />
    <Channel>Security</Channel>
    <Computer>pc</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">SYSTEM</Data>
    <Data Name="SubjectDomainName">NT AUTHORITY</Data>
    <Data Name="SubjectLogonId">0x3e7</Data>
    <Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
  </EventData>
</Event>


#8 buddy215

buddy215

  • Moderator
  • 13,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:29 PM

Posted 04 September 2013 - 12:19 PM

You should be able to use it on Windows 8. Be sure to exit all security programs before running.

What about the Eset scan? Did it find anything?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 norsebrah

norsebrah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 September 2013 - 12:20 PM

okay sorry to keep bumpin this thread but Im certain Im hacked now.

 

Check out the stats on my firewall (this laptop is only 3 days old)

 

 IPjNZUs.png

 

The details say the firewall is blocking tons of ips from hitting every port possible and when I went into the help file for my firewall, I noticed all the bits about turning off notifications had been read by someone (not me) and the notifications were turned off!



#10 buddy215

buddy215

  • Moderator
  • 13,123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:29 PM

Posted 04 September 2013 - 12:32 PM

That just means that the firewall is doing its job. I wouldn't want to be notified everytime my firewall blocked or 

ignored a probe.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users