Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Home Premium SP2 - acting as if remotely controlled


  • Please log in to reply
1 reply to this topic

#1 SHOTGUN CHUCK

SHOTGUN CHUCK

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 27 January 2014 - 02:23 AM

Hello BC, some of you probably don't know me as My Computer is Pwned.  I didn't want to bother recovering the password to that account, and I'd rather use this name instead.  Also, this time, it's not my computer that's pwned.

 

You see, my mother has a problem with her Vista laptop.  Someone seems to have taken over control of it, or something.  Firefox randomly started flipping out, closing tabs she didn't close, randomly highlighting & unhighlighting text she didn't even go near, and so on.  When she went to check her history, a box came up that said "clear all history" instead.  When she went to view it from the menu bar, the menu disappeared and the highlight on the dropdown kept flashing irregularly, much like the highlighted text.  After disconnecting from the network and closing FF, the trouble seemed to continue on the desktop.  After removing the network adapter and rebooting, first in safe mode (had to reboot to install MBAM), the trouble seems to have stopped.

 

Also, a few hours ago, she heard a "click" sound effect while watching a video saved to the computer, even though she hadn't clicked on anything.

 

MBAM is scanning now, albeit with what it says is a 200+ day out of date database (even though I just downloaded it to a thumb drive off their site less than an hour ago), and now I'm afraid to put that thumb drive back in this computer, which is annoying because it has a lot of my files, many of which have no current copy elsewhere.

 

What even is this?  Has someone hijacked her computer or is did something just decide to stop working?


Edited by hamluis, 27 January 2014 - 06:15 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,038 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:47 AM

Posted 27 January 2014 - 12:59 PM

Hello, lets see what MBAM and these say then we will move along.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users