Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer was hacked


  • Please log in to reply
5 replies to this topic

#1 Rosily78

Rosily78

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 22 November 2004 - 01:03 PM

I hope someone can help with this:
I was chatting on yahoo yesterday & got a prompt from Norton that someone was trying to access files from my computer. I clicked to block the intrusion but then my computer froze. I opened messenger again, then i got tons of windows which said things like "Rosily, I OWN you." I can't use messenger anymore because all the windows pop up. I ran a virus scan & nothing showed, & when i tried to turn on the Intrusion Alert...it said I could not do that & to make sure my Windows account was not restricted. I'm afraid of what else this person can do having access to my computer.
ANY SUGGESTIONS? I'm a newbie & just don't know what can be done.
Thanks :thumbsup:

BC AdBot (Login to Remove)

 


#2 JackTheHaack

JackTheHaack

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Location:Queensland, Australia.
  • Local time:09:49 PM

Posted 22 November 2004 - 02:24 PM

Try posting this in the security section of this forum. I'm sure someone there will be able to help you.

Good Luck :thumbsup:

JTH
JTH

#3 g45

g45

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 22 November 2004 - 10:20 PM

Consider downloading HiJack This. It is a small, free program used to nuke hijackers. But be cautious in extremis about how you use this very powerful and "sharp edged" program. Try to read up first (Google) and be absolutely certain to follow the instructions.

If you have lost the ability to download, do not panic. Seek out the help of a friend. The entire HiJack This program will fit on a floppy. Also, I promise you will enjoy the screen icon.

Good luck! and let us know if you succeed in destroying your attacker. I hope you DO.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:49 AM

Posted 22 November 2004 - 10:39 PM

One thing, about the use of HijackThis, you must NEVER attempt to fix stuff using HijackThis, until someone who is experienced at reading the log outputs has a chance to review it.

Fixing the wrong items can make a computer unbootable. Not recognizing CoolWebSearch
varients, can just make things reinstall, and there are very many subtle items that can only
be recognized with experience

Spaces, extra characters, spelling, file location, plus numerous other subtle changes,
all make the difference between a good or bad file entry.

Some say HijackThis is an excellent utility for removal of Browser Hijackers.
This is a definite misconception. How do you think that a 150KB program can contain the
database, removal instructions, and tools that takes Norton Antivirus or Spybot Search
and destroy 15MB plus to accomplish?
Hijack this is an ennumerator. It lists what is found in certain areas of the registry, or
system files, in an easily accessible manner, so that those familiar with the use and reading
of HijackThis logs, and windows programs, can determine what is infecting the machine, and
how to remove it.

The Hijack this page, although a great description of what hijack this detects, perpetuates
the authors misconception that it is a removal tool . It will indeed remove the entries
listed, but that does not cure the underlying problem. The problem must be properly
identified first, and cured, prior to removing the entries with HJT. Otherwise you leave the
infection, and remove the keys which are needed to identify, and remove it .

I cringe at the frequent advice to allow hijack this to fix things (especially based on the "you
do not recognize" reasoning). This removes any hope of having a professional, or another
removal tool, identify and remove the problem.

Hijack this should only be used to clean up the entries left behind, after you have properly
removed the offending program, file, trojan, worm, hijacker etc. And this usually requires
help.

Disable System Restore:
right click MY COMPUTER / PROPERTIES / SYSTEM RESTORE / put a check in "Turn off System Restore' / APPLY / OK

Then run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Are you using these basic programs?
aČ free-a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
Ad-Aware-A good program similar to SpyBot S & D.
Spybot S&D-Detects and removes spyware, of different types, from your computer.
SpywareBlaster-A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard-A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

Re-enable System Restore

If that doesn't help, then:

Download the latest version of HijackThis (HJT), from here.

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here
Follow the directions, EXACTLY! This is important!

Then, run a log, and post it in the HJT forum here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Edited by tg1911, 22 November 2004 - 10:40 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 g45

g45

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 22 November 2004 - 11:27 PM

Appreciate the wisdom of tg1911. Though we are not in total agreement, tg1911 raises important points.

In particular something I wish I had considered and mentioned earlier:

OP states he did a virus scan. I took that to the bank too quickly. OP needs to be certain his anti-virus program is 100% UP TO DATE! If it is, then Housecall (a good utility I use myself) should not be needed. BUT, I agree with tg1911 it NEVER HURTS to run Housecall, and I WOULD do that prior to using Hijack This. I did not think of Housecall, thrown off the track no doubt by OP's mention he already had scanned for virus, etc..

As for Hijack This itself, only can say some pretty smart propeller heads I respect think it is valuable. Obviously, opinions vary. I continue to like the program, but most importantly continue to urge extreme caution in its use, as I did above.

To be a little more specific, the same guy who suggested Hijack This to me wrote the following page, which might also be of help to the OP:

http://securitytango.com/tango.php

Dance the Tango and solve the problem. But above all, good luck!! (and good night)

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:49 AM

Posted 23 November 2004 - 07:15 PM

g45,

Appreciate the wisdom of tg1911. Though we are not in total agreement, tg1911 raises important points.

What are we not in agreement on, and why?
Just curious.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users