Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by WinShell ... ?


  • This topic is locked This topic is locked
22 replies to this topic

#16 NinjAzure

NinjAzure
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 18 April 2016 - 07:51 AM

Update: I uninstalled and deleted all Java related apps in my PC. Re installed it and it's working.

 

   So, now since WinShell is hopefully removed from my PC, do I need to format my PC to get sure that no one else is having hold on it ?



BC AdBot (Login to Remove)

 


#17 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:21 AM

Posted 18 April 2016 - 07:56 AM

Hi NinjAzure.

 

Great to know that your Java app is now working.

 

Please hold on there. I will reply with more instruction as soon as my instructor approves it.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#18 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:21 AM

Posted 19 April 2016 - 07:57 AM

Hi NinjAzure.
 

I really don't know much about all this and hence I am here. I tried looking up and I found some articles on what I want to say:
 
https://www.learn2crack.com/2013/06/hack-a-computer-only-with-just-a-ip-address-in-easy-steps.html
http://cerockers.blogspot.in/2012/02/hacking-any-pc-using-ip-address.html

 
That's not related to our issue here and not related to webcam in anyway. To be honest, hacking is not that easy and I don't think that friend has any intention to really perform any hacking on you. Try to think, why does your friend want to hack you? Any reasons?
 
 
 

As what I came to know in last week, my laptop was hacked in Dec 2014 when I cammed / was online on skype with someone who happen to be associated with the - so called friend - of mine who is trying to monitor my laptop/ fb/ finding me online in IRC channels.

Please show me the evidence then, why you think you got monitored? Change in text sequence, cannot change Facebook's visibility or something like that is not a proof that you got hacked. Could you please explain everything in clear?
 

But still I don't understand how can someone track you in every IRC channel or any of your throwaway reddit account ?
I found myself tracked even when I was using Tor browser which changes your ip address. (In the last month or this month)
This makes me think - something has to do with my laptop.

That's NOT possible at all, tracing in Tor is impossible. It has to be an explanation. Again, why you think you are being traced?
 
 

 

 

Well, skype can be acting like it has syncing issue. The whole deal is that after my laptop got hacked in Dec 2014, which we can assume, since that is what this - so called friend - tried to tell me before I blocked this person, I had a word document of some of my usernames and passwords including gmail and yahoo and other places like skype and forums. I know this is the most lame thing anybody can do with their account security to keep a word document in any folder in their PC. But, as I said, I suspected it the least that such thing can happen with me, like any regular victims and so now I understand this - so called friend - had all access to whatever I was doing since one whole year. 
And the sequence of change of text messages were happening not just on skype but even on yahoo messenger.

Yes, I agree that this is not a good security practice. But how does he know where you keep that file? And again nothing can change text sequences. Computer time is the biggest suspects here.
 
 
 

 

 

As you can see, when I tried to go over the the link to end all login sessions, it's showing my location - unknown. Usually I remember - an ip address or location name is shown.
 
Infact, I am login into this forum via my fb. I just changed my password of fb, but this visibility control issue hasn't resolved.

Again, please contact Facebook on this issue. I can't do anything to resolve that for you.
 

 

 To be honest, I haven't found any sort of unusual activity anywhere - although given the fact that this - so called friend - had access to many things.

Just this fb visibility of my shared posts which I can't see by myself, altering the sequence of the text messages, tracking me online and yes the cursor issue. All these issues are the same.

Maybe he's not even tracking you, internet today is smart and maybe he found you via "possibly you may want to know this person" suggestion in social media sites.
 
===========
 
The big question is, how do you know you're being traced, and why he would bother tracing you?
 
We also found no malware in your computer, and could assume your machine is absolutely clean.
 
Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#19 NinjAzure

NinjAzure
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 19 April 2016 - 10:02 AM

Hi Sirawit,

 

 

I am sorry I cannot explain further "how" &"why" this - so called friend - hacked & is tracking me even on Tor, monitoring my laptop. I think if this forum had any kind of relationship section - I would have posted this sort of info there. I am already ignoring all this creepy and psychopathic stuff.

 

 

Now, assuming that my PC got hacked, am thinking of formatting my PC.

I want to know - do I need to do anything else ?

 

Thank you.

 

 

NinjAzure



#20 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:21 AM

Posted 20 April 2016 - 09:51 AM

Hi NinjAzure.

 

Really, I can't find any evidence of someone hacking into your computer. Also, since you told me you were "hacked" around Dec 2014 and you reinstalled Windows on Jan 2014, there shouldn't be anything bad left on your computer, so reinstalling again now won't really help you.

 

To be honest I don't think you were hacked. Your friend's scary sayings about hacking etc. maybe be just for fun.

>>>Text message sequences can't be changed by hacking or by any means except computer time issue.

>>>You can't tell me how you were being tracked, so I can't help you about that. But believe me, finding someone online is very easy and doesn't even required hacking.

>>>Post visibility on Facebook is also out of hands for me, most likely it was caused by Facebook itself and no hacking can't messed that up, you better contact Facebook for help. That's the only people who can help you.

>>>Your cursor issue can be hardware issue, did you ever find another set of mouse and keyboard and tried to use those instead of current ones? Did you try to reinstall your internet browser? These maybe able to help you.

 

Please inform me about any issue you think you might be having, but for me, your computer is absolutely clean right now.

All malware scanners came up clean too.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#21 NinjAzure

NinjAzure
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 20 April 2016 - 12:25 PM

Hi Sirawit,

 

I happen to stumble upon this link :

https://in.answers.yahoo.com/question/index?qid=20120814143837AAURIwG

 

A significant info from the above link:

 

A backdoor program is a remote administration utility that, once installed on a computer, allows a user access and control it over a network or the Internet. A backdoor is usually able to gain control of a system because it exploits undocumented processes in the system's code. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they are also frequently used by attackers to gain control of a user's machine without their knowledge or authorization.

A typical backdoor consists of 2 components- client and server. An attacker will use the client application to communicate with the server components, which are installed on the victim's system. Depending on how sophisticated a client is, it can include such features as:

Sending and receiving files
Browsing through the hard drives and network drives
Getting system information
Taking screenshots
Changing the date/time and settings
Playing tricks like opening and closing the CD-ROM tray
and so on.

A backdoor's server components can be installed on an unsuspecting user's system in numerous ways - as part of a worm or trojan payload, as an email attachment, as a tantalizingly-named file on peer-to-peer networks, etc. Once installed, the server component will open a network port and communicate with the client, to indicate that the computer is infected and vulnerable. An attacker can then use the backdoor's client to issue commands to the infected system.

In other words, hackers use programs called RATs that can control your computer. Normally, they're crypted so they're fully undetectable by Anti-Viruses. Not much you can do except use sandboxie for each program you open since chances are they'll have an anti-sandboxie which will cause sandboxie to give an error saying it can't open then in fact it's 100% a crypted RAT.

 

And here's another link:

http://security.stackexchange.com/questions/32645/how-can-i-detect-backdoors

 

Although the question asked in the above link is related to mac os and not windows, but some relevant info I would like to highlight:

 

If some people have put some hidden backdoors in your system, and if they were competent at it, then you won't be able to find them. "Competence", here, means "having an Internet access and typing 'rootkit mac os x' in Google". See e.g. this. It is theoretically impossible to completely hide a backdoor, but only in the same sense that it is theoretically possible to write software without any bug. In other words, it is hard.

 

Alternatively, reformat the hard disk, then reinstall from scratch. Very few malware can survive that.

 

 

To be honest I don't think you were hacked. Your friend's scary sayings about hacking etc. maybe be just for fun.

 

 

Just a humble reminder, I never addressed this person who hacked my PC as my friend. I always said - so called friend. Fun is a very subjective thing, I understand it varies from person to person.

 

Also in one of your previous posts, I noticed that you assumed this hacker to be male. I am not sure how you concluded such thing.

 

 

>>>Text message sequences can't be changed by hacking or by any means except computer time issue.

>>>You can't tell me how you were being tracked, so I can't help you about that. But believe me, finding someone online is very easy and doesn't even required hacking.

>>>Post visibility on Facebook is also out of hands for me, most likely it was caused by Facebook itself and no hacking can't messed that up, you better contact Facebook for help. That's the only people who can help you.

>>>Your cursor issue can be hardware issue, did you ever find another set of mouse and keyboard and tried to use those instead of current ones? Did you try to reinstall your internet browser? These maybe able to help you.

 

 

Regarding fb, it's not that important since my fb account is just some pseudonym.

 

Learning from the info which I posted from the very first link which I shared, I think yes changing computer time can change the message sequence. I am not aware of the exact algorithm but I can imagine having access to you PC someone can go & change the time setting and them mess up with the messages.

 

Somehow I remember, this - so called friend - in one of the chat rooms, enumerating all the names of rat cartoon characters while I was chatting in some main chat room. Yes, this can be for fun, but now I am understanding what the real fun is. So, I cannot  deny the possibility that my PC might be having some program like RATs. And again, from the info posted from the first link, such programs are encrypted and are not detected by anti virus.

 

I am not sure, how and when exactly the hack went on. I assume it was multi steps, me being unaware of all this is thinking it might be related to webcam, but not just webcam was used , I think I even received some picture of a furry pet picture, and yes licked on some link. So, you know, all this is beyond my understanding and hence I cannot exactly tell "how and "why" my PC got infected.

 

I still have this cursor issue. I happen to login into some of my other social media and yes this - so called friend - was there trying to manipulate which I ignored by all means.

 

If someone wants to have fun, it's their life they can live how ever they want to. Everyone is free to live on their own. I just want my freedom and privacy.

 

 

 

All malware scanners came up clean too.

 

 

Yes, but just for my own satisfaction, I am going to reformat and reinstall everything, as soon as I can.

 

 

Thank you.

 

NinjAzure



#22 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:21 AM

Posted 21 April 2016 - 09:03 AM

OK. Up to you then. Since you not longer needed help I will close this topic.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#23 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:21 AM

Posted 21 April 2016 - 09:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users