Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


multiple viruses/no experience with this...please help!

  • Please log in to reply
1 reply to this topic

#1 jun3bug


  • Members
  • 3 posts
  • Local time:01:35 PM

Posted 15 October 2014 - 12:14 AM

          Hello community. I am new here so please forgive me if I am slow or don't use correct wording. My issue first started back a few months ago when I got my 1st portable device. I bought a LG Gpad and started noticing things disappearing, then software upgrading and changing on its own. Thought nothing of it, being this was my 1st device, was kinda naive to the fact that there were in fact people out there to hack and be malicious. I thought maybe by changing passwords. Id be more secure....Nope. I started to then see my apps being deleted and then clones of them being put back in as a version 1.0. 


          I thought, ok, factory resetting would do the trick. I was wrong. The device got stuck in a power cycle and hasn't worked since. I tried running antivirus and antimalware software but nothing comes up.  I took it to LG to Geek Squad, nothing they can do to help. Called LG, nothing they can do either. It was mentioned to my earlier on that I should contact IC3 Cyber Task Force so, I filed a report with them. I also spoke to the FBI and filed a police report with local Police Department. I called LG to see about filing something, contacted Google to tell them about their apps being hacked, called Microsoft because my acct with them also was being hacked, took my now broken LG Gpad to a local PC Store and no one could do anything. Everyone just kinda said nothing they can do.


          I gave up on that device, right when that happened, the very next day in fact, my boyfriends phone (Galaxy Light SGH T399) was hacked and wiped. Later that day, about an hour or two later, his phone too got tampered with, and it stopped working. He could do nothing to get into it. We went and got him a new phone and me a new device. He got the exact same brand and model phone, I on the other hand got a Samsung Galaxy Note Pro 12.2, 32bit WHITE. I loved it.....for about 2 days, until the dreaded hacker attacked again. I have been running in circles with this guy. Shutting down apps, getting Anti Viruses, trying to learn coding myself, and to be quite honest, I'm Exhausted. There was even a point where this guy was communicating with me through the coding. He said he was doing this to me because he is good at it and enjoyed it way to much.


          This guy has hacked my email (at least 7 different ones on 3 different websites), he has stolen my free gifts that were given to me by Samsung for buying a new device with them. They send you a confirmation email with the gift redemption code to plug in on the websites, and that's all gone. He has changed my IP address, the build # on my device, changed my MAC address to add about 3 others to it. He has used my data on my network and I've even called my provider to stop it and they cannot do anything either. Hes back in my boyfriends phone and just last night was using my boyfriend's device as his own. We noticed on my boyfriends search history, this guy is doing all of his browsing on my bf device. We saw a search that said "How do you kick someone off their Data" and "using your computer to make phone calls on someone else's data plan". He blocked all of my boyfriends text messages from coming though and stopped incoming phone calls. When we saw that, I safe booted his phone and stopped anything that I saw that had GPS Tracing or Mobile locating but, the GPS Kept coming back up, his WIFI kept being turned on and he kept getting kicked from his own phone. I had been noticing for a while on my Note that, that had been happening to me too, but I thought that I was crazy to be seeing that happen.


          But, no, sure enough, we'd turned my device back on and there it was...the WIFI on and the GPS locating icon on. I also noticed certain apps are stopping me from uninstalling them such as Remote PC and SYNC 3.0 and others similar to those. As I stated earlier, I have been teaching myself to read code, so digging deeper, I've noticed apps that have coding to enable Cameras and Mics and make themselves administrator of my device. I've tried to delete folders that I've seen and found but have been unsuccessful because I don't have "permission" to do so. I've also found that I have hidden files I'm unable to locate even after I "unhide" them folder they are in. Then today, I see that I am unable to search things I've searched in the past. So, looking at search history, the Hack has disabled me & my boyfriend from being able to do so. Nor can we search anything via ".com" we must use ".net" addresses. 


          Reading further through things on these devices I have seen things like "Zbot", "Zeus", "doEvil", and others I cannot remember to be honest. Researching I've done has shown these to be Trojans and I have no idea what I'm doing so I need SERIOUS help. Not only has he hacked mine and my boyfriends devices but other computers and devices we have logged in through have been hit as well. I gave a friend of mine one of my old phones and they too have noticed things go wrong on their phone and other computers I've used to check email have been hit. Another friend had to have their whole computer redone since they couldn't stop the virus. Also, I've noticed when either my boyfriend or I try to Factory Reset our devices " #  MANUAL MODE  #, --Appling Multi-CSC..., Applied the CSC-Code  :  XAR, Successfully applied multi-CSC"


PLEASE HELP. I have no where else to turn and I am completely out of options. 

Edited by jun3bug, 15 October 2014 - 12:23 AM.

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:04:35 AM

Posted 18 October 2014 - 07:49 PM

Hello, sorry that you slipped through the pages.


First thing you need to do is work as much off line as you can, and totally change all passwords on the computer.


Try to download these programs to Desktop, and Copy and Paste any requested logs.


:step1:  Download Screen317 Security Check from Here or Here and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy/Paste the contents of that document.
NOTE. 1 :: If any security program requests permission to access the Internet, allow it to
NOTE. 2 : If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, restart computer and Security Check should run

If the program will still not run, please ignore it, and move to program #2 ......


:step2:  Next -

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)




:step3: Next -

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.
Do not reboot your computer until you complete the next step.

  :step4:  NOW :

  • Download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.


  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
    Copy and Paste the contents of that log in your next reply.



:step5:  If you have Malwarebytes Anti-Malware installed, please Update it and run a scan, if not, please see below.

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe) to install, then follow These instructions for doing a THREAT SCAN in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily Disable such programs or permit them to allow the changes.

  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.


    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

  • After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please include all of those logs in your next reply (or over several replies).


Thank You -

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users