Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Likelihood that i was hacked or am being hacked?


  • Please log in to reply
7 replies to this topic

#1 ionblue

ionblue

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 10 February 2015 - 10:09 AM

Hi guys,

 

Last night i my mouse/screen froze up suddenly for about 5 seconds randomly and then i noticed my internet seemed a bit slower.

 

Call me paranoid but for some reason i started worrying about a hacker, did some research and now i am petrified.

 

I'm running Windows 7 and i did scans with Malware Bytes, Super Anti Spyware and boot time scan with Avast which all showed clean.

 

After i restarted my router/computer things returned to normal. I have Windows firewall running and i am behind a router.

 

The reason i am concerned is that i hadn't patched my Windows 7 OS security updates in ages (have done so now), and i know hackers can exploit these.

 

My question is, would a hacker hack my PC directly and is it possible to view my files remotely without installing malware or a RAT?

 

In other words, what are the chances someone had exploited my PC, took my files but after i restarted they were gone because there was no RAT installed?

 

Please forgive me if this is a dumb question..



BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:08:50 AM

Posted 10 February 2015 - 11:32 AM

Hi ionblue :)

The chances that you were hacked are really slow. It happens on every system and device that sometime, a process crashes, slowing down the whole system and that rebooting it allows it to restart normally. There's nothing wrong with that. This situation is way too common and the possibilities are way too broad to say that you were hacked. In my opinion, you just encountered a random crash, slowness and restarting your system allowed it to restart properly. Simple as that.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 10 February 2015 - 03:15 PM

I second Aura.

 

Do you know if your router has uPnP? Or forwards ports to your machine (that's something you would have explicitly configured)?

 

Because if not, then network connections to your machine can not be initiated from the Internet.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 AM

Posted 10 February 2015 - 04:36 PM

I reside in a rural area and Verizon's towers are not very close. All too often I experience similar symptoms with my Internet connection because of this. In some cases, it stops completely and I either have to reboot the computer or reset the wifi modem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:50 PM

Posted 10 February 2015 - 04:50 PM

The chances of this being a hack are slim, but they are non-zero. This sort of crash can be quite common and the chances are it was non-malicous in cause, one thing i would ask though is what site you were on when the crash happened, that may provide some clues about what went on, it could just have been a crash caused by a large piece of content (a video perhaps) loading.

Scanning with multiple antiviruses was your best course of action, though to be further sure i would suggest giving yourself a scan with ESET online scanenr as well, just to get a fourth opinion.

As far as what a hcaker COULD do, yes he could read and copy all your fiels remotely without needing to install malware but what he WOULD do is read the files first and then install malware anyway so as to get a chance of doing more damage/making more money. I struggle to imagine why a hacker who had taken all the evil steps required to break into someone's system would be content to simply read their files when the hacker could do so much more.

Give your machine another scan with a different product (i would sugest ESET online scanenr or kaspersky virus removal tool, both take a few hours but are very detailed, don't let them remove things automatically though as they might detect false positives, IF they find anything report back here what it was and someone should be abke to advise you.) just to be sure, don't worry too much unless you see some other suspicous sign in future.

Edited by rp88, 10 February 2015 - 04:50 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:08:50 AM

Posted 10 February 2015 - 09:26 PM

Just for the record rp88, he didn't scan with multiple Antivirus, the only Antivirus scan he ran was avast!, Malwarebytes and SUPERAntiSpyware. Doing multiple "Antivirus" scan would imply to uninstall your current Antivirus, and install another one to run the scan, or do not uninstall your current one and take the risk of your system becoming unstable due to the presence of two Antivirus present on the system, which we don't want to happen.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 ionblue

ionblue
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 February 2015 - 09:44 AM

I second Aura.

 

Do you know if your router has uPnP? Or forwards ports to your machine (that's something you would have explicitly configured)?

 

Because if not, then network connections to your machine can not be initiated from the Internet.

 

I'm not sure, i haven't altered any settings or enabled forward porting ever.

 

I understand however i read about hackers being able to gain access to your machine through OS exploits if you aren't patched (which i wasn't).

 

Or does what you said still apply and they still couldn't connect from the internet?



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 PM

Posted 11 February 2015 - 02:06 PM

Yes, it still applies.

However, that is not the only way your machine can become compromised.
If you surf the Internet or read e-mails, then you can visit malicious websites or open malicious attachments that will compromise your machine.
To prevent that, it's important to use sound judgement on what you do on the Internet, patch your OS and software, and use AV.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users