Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was attacked, right?


  • Please log in to reply
10 replies to this topic

#1 thisguy135

thisguy135

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 August 2014 - 08:36 AM

So yesterday I was talking to a girl I did not know on a messenger program. I accepted a file from them and opened it. Yes, I know this was stupid of me, trust me.

 

The file seemed like a basic .mp4 and played fine. But after, I tried to delete it and it said that it was still running and it wouldn't let me delete it. I ignored it as my comptuer is a bit old so sometimes it's not running that smoothly.

 

A few minutes later she asked me to click on a link beacuse she wanted to show me a picture. I again stupidly did so (I'm really not this stupid guys, just yesterday) and it came to a webpage with my name, old address, old phone number and pictures of me that aren't even online, online on my computer. It was a big site that just said that I had but put on some sort of "predator watch". I quickly tried to X out of it and it popped right back up. In hindsight I wish I would have sat and read the site as I'm sure I would have been able to tell if I was hacked or not. The only thing I remember seeing is the words "in 48 hours" before clicking out of it. 

 

Now, I'm not a predator. But at the same time I don't want to be falsely accused of being one and actually being on some website whether its fake or not. I tried to find the website again but couldn't, but did find that there was a scam going on on Craigslist where guys would be set up as predators on Predatorwatch.com and unless they paid $99 there info would be there. But this had nothing to do with craigslist. I've searched my name and old information on a few search engines with nothing popping up.

 

I'm sure this was just some scam or elaborate trick, right? I'm not sure why I'm so nervous. I've never done anything wrong but obviously if you are accused of that sort of thing and it's on the internet that is not good. I ran my anti virus software and found 21 infected items including some trojans, one called backdoor.messa and multiple ones called "stolen data".

 

I'm not a computer wizard, but the file that I opened was entirely capable of being a program that would allow someone to steal my pictures (among other things) that are on my computer, correct?



BC AdBot (Login to Remove)

 


#2 thisguy135

thisguy135
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 August 2014 - 11:12 AM

Does anyone have any sort of opinion or comment?

#3 thisguy135

thisguy135
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 August 2014 - 02:29 PM

It makes me very nervous no one has heard of something like this.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 04 August 2014 - 03:17 PM

Well , Lets run these and see what we find and how it is after.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 thisguy135

thisguy135
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 August 2014 - 03:22 PM

Thank you. From what I said is it possible that's what happened? I don't know much about different viruses and usually I can Google what happened and it comes up but not this time.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 04 August 2014 - 03:40 PM

You opened an executable file.. What ever that file was loaded to execute you did. So now you need to see if here was malware.
If you still have that file you can have it scanned.

To get a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 thisguy135

thisguy135
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 August 2014 - 04:01 PM

I panicked and deleted the final so I do not have it.

#8 thisguy135

thisguy135
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 04 August 2014 - 10:19 PM

In the middle of running ESET. Thanks for all your help.

 

I know this isn't really a support form, but can someone tell me if they have seen this or if this is likely some stupid scam that will be forgotten soon? I can't stop thinknig of that sentence I brifely saw about 48 hours. I'm a bit neurotic so I'm kind of freaking out right now thinking something horrible is going to happen tomorrow.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 05 August 2014 - 09:03 PM

As I do not know exactly what we have here I cannot say that I saw this one . But it would not be the first time I have seen some install some malware on their machine thru another sending an executable hidden in another file.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:15 PM

Posted 05 August 2014 - 09:32 PM

Sorry for jumping in, I have been around chat for a few years, First Yahoo then Paltalk.
 

So yesterday I was talking to a girl I did not know on a messenger program.

What messenger? Yahoo is rubbish and Paltalk is not much better. Do you know her id?

 

Both these messengers have exploits and holes big enough to drive a truck thru. And some are 6 or more years old.

With PalTalk it is safer to use your browser. http://express.paltalk.com/ .

 

 

I know this was stupid of me

You are not the first and will not be the last to fall for this.

 

I do not know of this scam, and have no advice to give on how real or not the threat is.

I am never in favour of paying the ransom, It encourages them to try and scam you again.  Please note this is a personal opinion.

Without going into great detail, In the old days I used to Moderate and Admin on some  Anti Yahoo Anti PalTalk sites and know a bit about this stuff.

 

In my opinion

Your PC is hacked,  There may also be a key logger in that package, Do not use it for banking or anything important till it's cleaned, from a secure PC or by fone or in person change all your passwords


Edited by NickAu1, 05 August 2014 - 09:45 PM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 06 August 2014 - 09:59 AM

Posting the logs should reveal somethings.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users