Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Hacked?


  • This topic is locked This topic is locked
7 replies to this topic

#1 sea_summit

sea_summit

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 02 October 2014 - 05:55 PM

Hello. I have been trying for weeks to figure out what has been going on with my computer. I have been reading one post after another on here and trying a variety of tools. None of these have helped my problems. I have Webroot and Malwarebytes running. I use RKill and Roguekiller. I have noticed that when I use Malwarebytes and start a scan, the computer starts acting better as soon as the scan starts. But, it never finds anything.

 

Today, I tried a program called TCPView and it shows a ton of connections, especially when I leave the computer alone and running for a while. I do not know if this is malware or some sort of back door access. I am finally going to ask for help.

 

The symptoms have varied from slow computer to network connection problems. Any advice on where to start? I would appreciate any help!



BC AdBot (Login to Remove)

 


m

#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 05 October 2014 - 08:24 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, sea_summit

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

    ---------------------------------------------------------------------------------------------------

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    • When the tool opens, click Yes to disclaimer.
    • Press the Scan button.
    • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    • Please copy and paste the log in your next reply.
    Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

    ===================================================

    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
    ---------------------------------------------------------------------------------------------------

    On your next reply please post :
    FRST log
    aswMBR log



    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 sea_summit

sea_summit
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 07 October 2014 - 09:07 AM

Removed on request


Edited by Conspire, 20 October 2014 - 07:46 AM.
Removed on OP request.


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 07 October 2014 - 09:14 AM

Sure. I shall wait for it. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 sea_summit

sea_summit
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 07 October 2014 - 12:55 PM

Here is the aswMBR Log

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-07 07:52:15
-----------------------------
07:52:15.877    OS Version: Windows x64 6.2.9200
07:52:15.877    Number of processors: 8 586 0x3A09
07:52:15.877    ComputerName: JASON-I7-LAPTOP  UserName: Jason
07:52:18.061    Initialize success
07:52:18.311    VM: initialized successfully
07:52:18.342    VM: Intel CPU supported
07:52:38.121    VM: disk I/O iaStorA.sys
07:56:44.555    AVAST engine defs: 14100700
07:56:50.363    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000035
07:56:50.363    Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA60B Size: 610480MB BusType: 11
07:56:50.520    Disk 0 MBR read successfully
07:56:50.535    Disk 0 MBR scan
07:56:50.535    Disk 0 unknown MBR code
07:56:50.535    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
07:56:50.582    Disk 0 scanning C:\WINDOWS\system32\drivers
07:57:08.774    Service scanning
07:58:03.094    Modules scanning
07:58:03.094    Disk 0 trace - called modules:
07:58:03.173    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
07:58:03.173    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000c619c060]
07:58:03.188    3 CLASSPNP.SYS[fffff800dfb7527b] -> nt!IofCallDriver -> \Device\00000035[0xffffe000c3b28060]
07:58:05.071    AVAST engine scan C:\WINDOWS
07:58:09.758    AVAST engine scan C:\WINDOWS\system32
08:03:05.828    AVAST engine scan C:\WINDOWS\system32\drivers
08:03:29.394    AVAST engine scan C:\Users\Jason
11:10:33.125    AVAST engine scan C:\ProgramData
11:46:10.752    Scan finished successfully
11:54:39.494    Disk 0 MBR has been saved successfully to "C:\Users\Jason\Downloads\MBR.dat"
11:54:39.494    The log file has been saved successfully to "C:\Users\Jason\Downloads\aswMBR.txt"

 



#6 sea_summit

sea_summit
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 07 October 2014 - 01:02 PM

Here is the MBR File.

Attached Files

  • Attached File  MBR.zip   138bytes   1 downloads


#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 08 October 2014 - 08:45 AM

Hi,

I wish to help you here, but your log shows that you have pirated software running in your machine.

You have ( Vuze ), a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.

It would be best that if you could remove them before we can continue with this.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 15 October 2014 - 07:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users