I´ve also told you before that someone may abuse your origin account from somewhere else - it doesn´t have to be your local computer.
If for example I had the password, I coul log into your account from here in Central Europe, without even being in the near of your machine.
It lives in the boot sector? Well, than we should check that.
Attach the SSD and run aswMBR and TDSS-Killer:
Scan with aswMBR
Please download aswMBR ( 4.5MB ) to your desktop.
- Double click the aswMBR.exe icon, and click Run.
- There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
- When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
- Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
- Click the Scan button to start the scan once the update has finished downloading
- On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
There will also be a file on your desktop named MBR.dat
do not delete this for now. It is an actual backup of the MBR (master boot record
).Scan with TDSS-Killer
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.
and save it to your desktop
- Execute TDSSKiller.exe by doubleclicking on it.
- Press Start Scan
- If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
- Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
- Please post the contents of that log in your next reply.
I saw that someone else was logging onto my Origin account from another computer because when they log on I get a message and it kicks me offline.
The first time I saw that I changed the password on another computer then I reformatted windows on the SSD drive. I did the windows quick format in setup and put fresh windows on.
I had all my data on my 1 tb storage drive.
But after the reinstall and the password change I saw that the hacker logged into my origin account again.
So i thought that both my drives were infected. Then I saved a bunch of my data onto a flash drive and I changed my pass on another PC again. Then i reformatted both my drives and put windows on.
I took my data from the flash drive and put it onto the storage drive again. Thinking everything was fine. But then a few days later the hacker logged into my origin account again. Iam not using any funny programs on these clean installs iam only downloading programs from known popular sources so its not like iam re infecting myself stupidly by using an Exe or something. Iam actually doing nothing and waiting to see if I can spot him again.
So I started to get really aggravated and I took everything off my PC and had it on the flash drive and I didnt put the flash drive or any flash drive into the PC. I did a long format on my 1 tb drive and the only format I can do on the SSD is in the windows setup when you install new windows.
I totally installed a fresh copy of windows on the SSD and I had a totally formatted storage drive. And by 8 pm that night the hacker was already loggin into my origin account with a new password that I had changed a few hours before.
Its possible that the drive I have now is infected also.
The only way I can tell is if he loggs back onto my origin account. Because that is the only tell I have had that I even have an Infection.
Somehow he can take my password each time I type it into Origin and then he uses my account to play Battlefield 3.
He has some kind of Keylogger and he can probably read everything i just typed.
If I have this infection cleaned from this drive I think he still might be lurking.
iam worried about what he might be able to do If I plug that SSD back in.
If I did put it back into my machine I will have to unplug my 1tb drive that iam currently using for windows and then boot up with the SSD. And when i do that he will be able to have the control he had before.
And I believe he was able to block me out of that thread, And somehow that persists through the reformat and windows install. So its creepy its like he modified my router or modem to not load that page. I looked in my router settings and I didnt see any additions that would block out that web page but maybe he did it hidden.
And if he can do that who knows what he could do when I plug that SSD back in, he could totally block me from this website or others and it would persist.
So I dunno if I want to risk it lol.