Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked through 4 different routers & think they are still accessing my computer


  • This topic is locked This topic is locked
62 replies to this topic

#31 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 01 April 2014 - 07:00 PM

We have been crossing posts. In Post #20 I only want you to List Permissions, not unlock.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#32 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 01 April 2014 - 08:29 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by PC at 2014-04-01 21:07:12 Run:3
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\users\All Users\Microsoft\Windows\GameExplorer
C:\users\All Users\Microsoft\Windows\Ringtones
C:\users\All Users\Microsoft\Windows\Start Menu\Programs\Games
C:\users\All Users\Microsoft\Windows\Start Menu\Programs\NetZero
C:\users\All Users\Mozilla
C:\users\All Users\Norton
C:\users\All Users\WildTangent
C:\users\All Users\GNU
*****************

"C:\users\All Users\Microsoft\Windows\GameExplorer" => File/Directory not found.
"C:\users\All Users\Microsoft\Windows\Ringtones" => File/Directory not found.
"C:\users\All Users\Microsoft\Windows\Start Menu\Programs\Games" => File/Directory not found.
"C:\users\All Users\Microsoft\Windows\Start Menu\Programs\NetZero" => File/Directory not found.
"C:\users\All Users\Mozilla" => File/Directory not found.
"C:\users\All Users\Norton" => File/Directory not found.
"C:\users\All Users\WildTangent" => File/Directory not found.
"C:\users\All Users\GNU" => File/Directory not found.

==== End of Fixlog ====

GrantPerms by Farbar
Ran by PC (administrator) at 2014-04-01 21:24:26

===============================================
\\?\C:\users\pc\documents\my music

Owner: PC-PC\PC

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
PC-PC\PC FULL ALLOW (CI)(OI)(I)



================ End Of List ================


That appears to have unlocked that folder. Public folders are still locked. This is just weirdness....

#33 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 01 April 2014 - 08:34 PM

Can you play music from the unlocked folder?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#34 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 01 April 2014 - 08:45 PM

Truth is, I am frightened to...I had deleted the music out of there. Should I play it anyways?

#35 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 01 April 2014 - 08:48 PM

I think you will be OK but try this first. Right click on a music file and see if there is an option in the context menu to the right that allows you to scan that file with your antivirus program.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#36 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 01 April 2014 - 08:59 PM

Okay. It played. The structure of the folders appear that the sample music is in the public folder (which I think it should be), but we just unlocked the user account folder correct. There are shortcuts listed in the file structure that say my music, but there are no link properties. When you click on My Music, it takes you to somewhere else. Oh my...is there a way to list the file structure and properties to them...and to do this easily? It seems it is really scrambled. Actually, what folder do I need to leave for a default music folder...I'd like to delete everything else. (Same with the Videos, photos, etc.) What a disaster this thing is.

#37 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 01 April 2014 - 09:11 PM

In all honesty I think you are reading into things just a bit which is understandable because it can be confusing.
 

it takes you to somewhere else

 

The reason you are taken somewhere else is because what you are clicking on initially is simply a shortcut.  It doesn't look like a normal shortcut like you would see on your desktop but it is a shortcut just the same. 

 

While in Windows Explorer under the Libraries section expand Music by clicking the arrow.  Now right click on My Music and select Properties.  It will probably indicate the folder is "My Music" and under Location is should say C:\Users\PC.  So your default Music Folder is C:\Users\PC\My Music.

 

It was far easier in Windows XP, in my opinion, but this is simply how the newer operating system are structured.

 

Does this make sense at all?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#38 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 02 April 2014 - 11:59 AM

Yeah. Windows 7 is a DISASTER of an OS...HATE it. I do still have a Vista computer (and boy did I think I hated it! LOL)

I performed the following on the remaining locked folders:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by PC at 2014-04-02 11:07:49 Run:4
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\User\PC\Documents\My Pictures
C:\User\PC\Documents\My Videos
C:\Users\Public\Documents\My Music
C:\Users\Public\Documents\My Pictures
C:\Users\Public\Documents\My Videos

*****************

"C:\User\PC\Documents\My Pictures" => File/Directory not found.
"C:\User\PC\Documents\My Videos" => File/Directory not found.
C:\Users\Public\Documents\My Music => Moved successfully.
C:\Users\Public\Documents\My Pictures => Moved successfully.
C:\Users\Public\Documents\My Videos => Moved successfully.

==== End of Fixlog ====




These two are the problems I was referring to:

"C:\User\PC\Documents\My Pictures" => File/Directory not found.
"C:\User\PC\Documents\My Videos" => File/Directory not found.

See screenshot. This is where the link properties show no target, but when I click, I get access denied. Just weird.

Attached Files

  • Attached File  1.jpg   149.12KB   0 downloads


#39 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 02 April 2014 - 12:31 PM

Those are normal folders created when a new User Profile is created but if you want to delete those please run this first.

===================================================

GrantPerms by Farbar

--------------------
  • Launch GrantPerms
  • Copy and paste the following in the edit box:

C:\User\PC\Documents\My Pictures
C:\User\PC\Documents\My Videos

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document.
  • A copy of Perms.txt will be saved in the same directory the tool is run.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Did the folders delete properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#40 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 02 April 2014 - 12:59 PM

GrantPerms by Farbar
Ran by PC (administrator) at 2014-04-02 13:49:36

===============================================
ERROR: Parsing the SD of <\\?\C:\User\PC\Documents\My Pictures> failed with: The system cannot find the path specified.


Operating system error message: The system cannot find the path specified.
ERROR: Parsing the SD of <\\?\C:\User\PC\Documents\My Videos> failed with: The system cannot find the path specified.


Operating system error message: The system cannot find the path specified.

================ End Of List ================

The links I referred to above I apparently missed the (s) in Users    C:\Users\PC\Documents\My Pictures  --access denied.   Trying again with this corrected.

 

-Second try Grant Permissions crashed.  

 

-Restarted and re-ran

 

 

GrantPerms by Farbar 
Ran by PC (administrator) at 2014-04-02 13:59:18
 
===============================================
\\?\C:\Users\PC\Documents\My Pictures
 
   Owner: PC-PC\PC
 
   DACL(NP)(AI):
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)(I)
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)(I)
   PC-PC\PC   FULL   ALLOW   (CI)(OI)(I)
 
 
\\?\C:\Users\PC\Documents\My Videos
 
   Owner: BUILTIN\Administrators
 
   DACL(NP)(AI):
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)(I)
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)(I)
   PC-PC\PC   FULL   ALLOW   (CI)(OI)(I)
 
 
 
================ End Of List ================


#41 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 02 April 2014 - 01:05 PM

Yes sorry, copied and pasted.  Are you now able to delete those folders?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#42 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 02 April 2014 - 01:16 PM

Okay I am gonna leave them for a bit.  I just found that subfolders are locked too.  Is there are Malware or virus that will lock everything down like this? 

 

Shall I repeat the process on all of these?  I have forgotten how to hide my "hidden" folders.  Can you assist me with that so that I don't unlock a system folder? 



#43 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 02 April 2014 - 01:22 PM

There are many folders/files that are locked by default.

===================================================

Hide Files and Folders Windows 7/Vista

--------------------
  • Click the Start button, then Control Panel
  • Click Folder Options
  • Select the View Tab
  • Under the Hidden files and folders heading select Show hidden files, folders. and drives.
  • Check: Hide extensions for known file types
  • Check: Hide protected operating system files (Recommended) option
  • Select OK
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Was that successful?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#44 sickofhackers

sickofhackers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 02 April 2014 - 01:22 PM

C:\Documents and Settings --access denied. 

 

I promise, after all your help, I will spare you the photos of what this thing looks like after I drop it from a bridge!  :smash:



#45 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 02 April 2014 - 01:26 PM

LOL,

Let's try to run this. We are going to give your computer the full treatment!

===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the icon and select Run
  • Continually click Next, then Finish
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 2 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Check Disk (If Needed) box
  • Once that is done then go to Step 3 and click Do It under System File Check
  • Go to Step 4 and click Create under System Restore, then Backup under Registry Backup
  • Go to Start Repairs tab and click Start button.
  • Please make sure the following items are checked

Reset Registry Permissions
Reset File Permissions (1)
Register System Files
Repair WMI
Repair Windows Firewall
Remove Policies Set By Infections
Repair Missing Start Menu Icons Removed By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair MSI (Windows Installer)
Repair Windows Snipping Tool
Repair .lnk (Shortcuts) File Association
Restore Important Windows Services
Set Windows Services To Default Startup

  • Click on box next to the Restart/Shutdown System when Finished
  • Click on Restart System
  • Click on Start
  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste the contents of the log in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • All in One log
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users