Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone logging into my mother's Facebook account after password change


  • Please log in to reply
3 replies to this topic

#1 JoeThing

JoeThing

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 07 February 2016 - 02:13 AM

Hello.

 

So the issue was first brought to my mother's attention when she shared a link on Facebook that she didn't actually share. There were also 3 games/apps that she has never used on her account and she removed them. I helped her by checking login locations and someone had logged in from Denver, Colorado. We live in New Mexico. She changed her password and activated login alerts, and then an alert had said someone logged in from Denver, CO again just 20 minutes later. This made me extremely worried that maybe there was a keylogger or something on the computer, so I added 2 step verification for both the email she uses and Facebook, as well as changing the passwords again and logging out of all sessions. Now they both require a code from her physical phone which only she has access to. So far, things have been fine and there have been no more login attempts, however I am worried about the fact that they logged in after we had just changed the password to a new one. If there is something keeping track of what we type, I'm worried about using that laptop for anything else. We are on our own home wi-fi so I'm unsure how someone could have gotten it.

 

The computer is running Windows 8.1. I've run a full Avast virus scan and it found nothing, but it did say some files were unable to be scanned because they were offline. They seemed to just be jpg files but I'm unsure if any of those were dangerous. I then scanned it with Malwarebytes and it also found nothing. I'm not sure if I should still be worried or if the scans are okay and the computer is fine? Thank you for any help!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:32 PM

Posted 07 February 2016 - 08:35 AM

If a password has been compromised then it is a good idea to not only change the password but the secret word such as the name of your pet, etc.

to prevent someone who has learned that info and is able to just claim he has forgotten the password and receives a new one through the email.

 

If someone is accessing the account information such as the email address associated with the account it is a good idea to create a new email account

to replace the existing one once you have changed the password and secret word(s).

 

If the computer is using a router then make sure the router is secured and updated. How to secure your home wireless network router.

 

Use the programs below to scan for adware, clean up the computer and check for programs needing updating.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JoeThing

JoeThing
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 07 February 2016 - 08:20 PM

Here are the requested logs. 
 
Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (48.0.2564.103) 
 Google Chrome (48.0.2564.97) 
````````Process Check: objlist.exe by Laurent````````
 emald_000 Desktop SecurityCheck.exe  
 EMALD_~1 AppData Local Temp\RarSFX1\SecurityCheck\Objlist.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
# AdwCleaner v3.310 - Report created 26/09/2014 at 18:57:19
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : OfflinePC - OURPC
# Running from : C:\Users\emald_000\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
[ File : C:\Users\emald_000\AppData\Roaming\Mozilla\Firefox\Profiles\tuvc64dr.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7224 octets] - [09/09/2014 17:31:45]
AdwCleaner[R1].txt - [5611 octets] - [26/09/2014 18:52:41]
AdwCleaner[S0].txt - [6078 octets] - [09/09/2014 17:34:36]
AdwCleaner[S1].txt - [5532 octets] - [26/09/2014 18:57:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5592 octets] ##########
# AdwCleaner v5.033 - Logfile created 07/02/2016 at 18:06:36
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : OfflinePC - OURPC
# Running from : C:\Users\emald_000\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\emald_000\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\emald_000\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\emald_000\AppData\LocalLow\Toolbar4
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\emald_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7087 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64 
Ran by OfflinePC (Administrator) on Sun 02/07/2016 at 18:15:27.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\emald_000\AppData\Roaming\sp_data.sys (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/07/2016 at 18:17:12.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#4 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:32 PM

Posted 07 February 2016 - 10:47 PM

Reset Google Chrome

You can reset your browser settings in Chrome any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. Open Chrome.
  2. In the top right, click the Chrome menu
  3. Click Settings.
  4. At the bottom, click Show advanced settings.
  5. Under the section "Reset settings,” click Reset settings.
  6. In the box that appears, click Reset.

 

Reset Firefox

  1. Click this Refresh Firefox button directly, if you are viewing this page in Firefox (it won't work if you are using a different browser). You will also find a Refresh button on the top right corner of the Firefox about:support Troubleshooting Information page.
  2. To continue, click Refresh Firefox in the confirmation window that opens.
  3. Firefox will close to refresh itself. When finished, a window will list your imported information. Click Finish and Firefox will open.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users