Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible hijacking


  • This topic is locked This topic is locked
6 replies to this topic

#1 Damien88

Damien88

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 22 April 2016 - 06:39 PM

I have a HP Pavilion running Windows 8.1 64-bit system. I have AVG free version installed and I use C-Cleaner before and after each session. I also have run Malwarebytes and Emisoft anti-virus scanners at regular intervals which do not show up any infections.

However, I believe I may have been hijacked. Downloads recently have become very slow or often 'hang' both with Firefox and Chrome. It does not appear to be the ISP. Occasionally I get a message about DNS server issues or 'connection was reset'. I also recently received a phishing email related to a financial account I access (I never do any online banking -- ever!)

System Explorer shows my computer accessing a site related to w2.hackademix.net (60.229.50.166   69.195.158.198)
www.robtex.net shows these addresses located in Kansas City MO United States.
Since I am based in Australia I am concerned here.

I may just be dealing with some DNS resolution issues on my computer. But a hijacking may have occurred.

Can you help, please.

Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Damien88

Damien88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 22 April 2016 - 08:28 PM

And where is that, please....



#3 Damien88

Damien88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 23 April 2016 - 05:29 AM

I've searched hard and I still can't find where the issue has been reposted. Can you tell me please?



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:11 AM

Posted 23 April 2016 - 10:02 AM

You posted in Windows 8.

When the topic was moved to Am I Infected, a placeholder was left in Windows 8.

You click on the topic title in Windows 8 and are automatically taken to your topic, which is now in Am I Infected.

The "repost" is NOT a "repost".

If you look at the first post in this topic, you will see what you originally posted.

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,757 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:11 PM

Posted 23 April 2016 - 01:26 PM

Please post the Malwarebytes log in your topic.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
================
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
Post this in your topic.
 
================

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 23 April 2016 - 01:28 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Damien88

Damien88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 23 April 2016 - 06:18 PM

Arachi, many thanks for your help.

TDSSKiller does not have a CURE option. Only copy to quarantine, skip and delete.

For the various logs, do I post them here or in the special Malwarebytes log forum?

 

 

 

UPDATE -- logs have been posted in Malwarebytes forum


Edited by Damien88, 23 April 2016 - 10:48 PM.


#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:11 AM

Posted 24 April 2016 - 08:48 AM

Logs have been posted HERE in Malware Removal Logs board.

 

This topic is closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users