Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

modem hacked


  • Please log in to reply
14 replies to this topic

#1 DottieR

DottieR

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 06 May 2016 - 08:57 PM

While on the internet I got a pop-up that said my computer was frozen (it wasn't) and I should call microsoft right away because of a virus. The number turned out to be to Delray Technologies who, it turned out after about an hour of them poking around my computer, wanted to sell me $99.00 worth of anti-something software. I did find out it was the network that had been hacked, the modem evidently. I have 7 extra computers using my system. So what do I do. I found some vague mentions of changing setting, but nothing I can use step by step. Windows Defender had been turned off, not by me. Attempts made to get into gmail, so I changed my password. The OS was installed only yesterday, new hard disk. I have Avira, free version. Windows 7. Zoom modem by Zoom Telephonics, Century Link wireless service who could not help because its not their equipment.

 

 

 



BC AdBot (Login to Remove)

 


#2 TheTripleDeuce

TheTripleDeuce

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:06:15 PM

Posted 06 May 2016 - 09:00 PM

just curious why you think it was the modem and the network that was hacked, it is more than likely just a scare tactic used by the malware/virus on the main infected PC. if the modem is indeed infected its just a matter of contacting your ISP



#3 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 06 May 2016 - 09:25 PM

Because the tech guy said so. He found extra computers using the network. Like I already said.



#4 TheTripleDeuce

TheTripleDeuce

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:06:15 PM

Posted 06 May 2016 - 11:09 PM

The same tech guy who tried to sell you the $99 plan? It's not rare for scam artists to lie. Just because a scam artist says their is 7 computers connected doesn't mean their really is but if you want to get snarky at someone trying to help you your best bet is call the scammer back

#5 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 06 May 2016 - 11:24 PM

I saw it on screen. There were 10 computers using my connection. What else can I say? I gave the name of the company, It serves microsoft as well as others. I think what he said was valid although I did not like their mode of operation.



#6 TheTripleDeuce

TheTripleDeuce

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:06:15 PM

Posted 07 May 2016 - 12:23 AM

I can tell you right now what he showed you was more than likely to scare you into buying his $99 service. Do not believe what he "showed" you. I'll tell you what call Microsoft and tell them what happened they'll say the same thing I'm saying. Someone was feeding you bullbleep to sell their snake oil. You believed them enough but not enough to believe they could fix your issue (which I don't believe exists)

If anyone else is reading this please back me up in saying the scammer was simply showing a list of normal connections to servers for regular computer use

If you could post a picture of what he showed you we could tell you with 100% certainty what is going on but your so far just telling us you believed a scam artist

#7 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 PM

Posted 07 May 2016 - 04:12 AM

Hi DottieR
 
What you are descriping so far does indeed sound like a scam as TheTripleDeuce said. I take it they installed some remote control program on your computer?
Can you describe what exactly did they show you?
 
:step1:
 Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Remove Selected.
    • If you are prompted to restart computer click Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan double click it.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
:step2:

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Member of the Bleeping Computer A.I.I. early response team!


#8 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 May 2016 - 08:45 AM

I typed into the cmd prompt, "netstat -spTCP". I repeated it this morning and found more open connections, but I don't know how to save the file.

 

I did change my modem password last night. Now I can't get internet on the old computer which has XP. 

 

I am downloading from the links you sent.

 

I ran Avira last night, found 2 items. that file is attached.

 


Free Antivirus
Report file date: Friday, May 06, 2016  21:42


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Professional
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : Dorothy
Computer name   : DOROTHY-PC

Version information:
build.dat       : 15.0.17.273    92152 Bytes    4/4/2016 17:07:00
AVSCAN.EXE      : 15.0.17.264  1258544 Bytes    4/5/2016 00:07:23
AVSCANRC.DLL    : 15.0.17.269    55480 Bytes    4/5/2016 00:07:23
LUKE.DLL        : 15.0.17.264    68864 Bytes    4/5/2016 00:07:30
AVSCPLR.DLL     : 15.0.17.264   130712 Bytes    4/5/2016 00:07:23
REPAIR.DLL      : 15.0.17.264   640544 Bytes    4/5/2016 00:07:23
repair.rdf      : 1.0.17.4     1608029 Bytes    5/6/2016 00:25:14
AVREG.DLL       : 15.0.17.264   350584 Bytes    4/5/2016 00:07:23
avlode.dll      : 15.0.17.264   722920 Bytes    4/5/2016 00:07:23
avlode.rdf      : 14.0.5.36      94056 Bytes    4/5/2016 00:07:23
XBV00009.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00010.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00011.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00012.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00013.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00014.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00015.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00016.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00017.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00018.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00019.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00020.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00021.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00022.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00023.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00024.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00025.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00026.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00027.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00028.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00029.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00030.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00031.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00032.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00033.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00034.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00035.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00036.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00037.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00038.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00039.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00040.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00041.VDF    : 8.12.37.66      2048 Bytes  12/17/2015 00:07:35
XBV00048.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:54
XBV00049.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:54
XBV00050.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:54
XBV00051.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:54
XBV00052.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:54
XBV00053.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00054.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00055.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00056.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00057.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00058.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00059.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00060.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00061.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00062.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00063.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00064.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00065.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00066.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:55
XBV00067.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00068.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00069.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00070.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00071.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00072.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00073.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00074.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00075.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00076.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00077.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00078.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00079.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00080.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:56
XBV00081.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00082.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00083.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00084.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00085.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00086.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00087.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00088.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00089.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00090.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00091.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00092.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:57
XBV00093.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00094.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00095.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00096.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00097.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00098.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00099.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00100.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00101.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00102.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00103.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00104.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:58
XBV00105.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00106.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00107.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00108.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00109.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00110.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00111.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00112.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00113.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00114.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00115.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00116.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00117.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:38:59
XBV00118.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00119.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00120.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00121.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00122.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00123.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00124.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00125.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00126.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00127.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00128.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00129.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00130.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:00
XBV00131.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00132.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00133.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00134.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00135.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00136.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00137.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00138.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00139.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00140.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00141.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00142.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00143.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:01
XBV00144.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00145.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00146.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00147.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00148.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00149.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00150.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00151.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00152.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00153.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00154.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00155.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00156.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00157.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:02
XBV00158.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00159.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00160.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00161.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00162.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00163.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00164.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00165.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00166.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00167.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00168.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00169.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00170.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:03
XBV00171.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00172.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00173.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00174.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00175.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00176.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00177.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00178.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00179.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00180.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00181.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00182.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00183.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00184.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:04
XBV00185.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00186.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00187.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00188.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00189.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00190.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00191.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00192.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00193.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00194.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00195.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00196.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00197.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:05
XBV00198.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00199.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00200.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00201.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00202.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00203.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00204.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00205.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00206.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00207.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00208.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00209.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00210.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00211.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:06
XBV00212.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00213.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00214.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00215.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00216.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00217.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00218.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00219.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00220.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00221.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00222.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00223.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00224.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:07
XBV00225.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00226.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00227.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00228.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00229.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00230.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00231.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00232.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00233.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00234.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00235.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00236.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00237.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00238.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:08
XBV00239.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00240.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00241.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00242.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00243.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00244.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00245.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00246.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00247.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00248.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00249.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00250.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00251.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:09
XBV00252.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:10
XBV00253.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:10
XBV00254.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:10
XBV00255.VDF    : 8.12.88.34      2048 Bytes    5/6/2016 13:39:10
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 00:07:35
XBV00001.VDF    : 7.11.237.0  48041984 Bytes    6/2/2015 00:07:35
XBV00002.VDF    : 7.12.37.36  16452096 Bytes  12/17/2015 00:07:35
XBV00003.VDF    : 8.12.44.142  3948032 Bytes    1/9/2016 00:07:35
XBV00004.VDF    : 8.12.52.208  4036096 Bytes    2/2/2016 00:07:35
XBV00005.VDF    : 8.12.62.184  2779136 Bytes   2/26/2016 00:07:35
XBV00006.VDF    : 8.12.71.186  2191360 Bytes   3/19/2016 00:07:35
XBV00007.VDF    : 8.12.80.192  3617280 Bytes   4/13/2016 00:24:29
XBV00008.VDF    : 8.12.88.34   4358144 Bytes    5/6/2016 13:38:53
XBV00042.VDF    : 8.12.88.36     42496 Bytes    5/6/2016 13:38:54
XBV00043.VDF    : 8.12.88.38     26624 Bytes    5/6/2016 15:38:16
XBV00044.VDF    : 8.12.88.40     19968 Bytes    5/6/2016 15:38:16
XBV00045.VDF    : 8.12.88.42     32256 Bytes    5/6/2016 17:38:40
XBV00046.VDF    : 8.12.88.44     31232 Bytes    5/6/2016 21:38:19
XBV00047.VDF    : 8.12.88.46     48128 Bytes    5/6/2016 21:38:20
LOCAL001.VDF    : 8.12.88.46  154402816 Bytes    5/6/2016 21:39:03
Engine version  : 8.3.38.46
AEBB.DLL        : 8.1.3.0        59296 Bytes    4/5/2016 00:07:22
AECORE.DLL      : 8.3.12.4      247720 Bytes    4/5/2016 00:07:22
AEDROID.DLL     : 8.4.3.362    2717608 Bytes    5/6/2016 00:24:12
AEEMU.DLL       : 8.1.3.8       404328 Bytes    4/5/2016 00:07:22
AEEXP.DLL       : 8.4.2.172     300968 Bytes    5/6/2016 00:24:08
AEGEN.DLL       : 8.1.8.98      539496 Bytes    5/6/2016 00:23:46
AEHELP.DLL      : 8.3.2.10      284584 Bytes    4/5/2016 00:07:22
AEHEUR.DLL      : 8.1.4.2284  10205096 Bytes    5/6/2016 00:24:06
AEMOBILE.DLL    : 8.1.8.10      301936 Bytes    4/5/2016 00:07:22
AEOFFICE.DLL    : 8.3.3.30      468904 Bytes    5/6/2016 00:24:07
AEPACK.DLL      : 8.4.2.14      805744 Bytes    4/5/2016 00:07:22
AERDL.DLL       : 8.2.1.42      813928 Bytes    4/5/2016 00:07:22
AESBX.DLL       : 8.2.21.4     1629032 Bytes    4/5/2016 00:07:22
AESCN.DLL       : 8.3.4.6       141216 Bytes    5/6/2016 00:24:07
AESCRIPT.DLL    : 8.3.0.120     600944 Bytes    5/6/2016 00:24:08
AEVDF.DLL       : 8.3.3.4       142184 Bytes    4/5/2016 00:07:22
AVWINLL.DLL     : 15.0.17.264    27680 Bytes    4/5/2016 00:07:24
AVPREF.DLL      : 15.0.17.264    53944 Bytes    4/5/2016 00:07:23
AVREP.DLL       : 15.0.17.264   223400 Bytes    4/5/2016 00:07:23
AVARKT.DLL      : 15.0.17.264   230080 Bytes    4/5/2016 00:07:22
AVEVTLOG.DLL    : 15.0.17.264   202776 Bytes    4/5/2016 00:07:22
SQLITE3.DLL     : 15.0.17.264   459752 Bytes    4/5/2016 00:07:34
AVSMTP.DLL      : 15.0.17.264    80200 Bytes    4/5/2016 00:07:23
NETNT.DLL       : 15.0.17.264    16880 Bytes    4/5/2016 00:07:30
CommonImageRc.dll: 15.0.17.269  4307832 Bytes    4/5/2016 00:07:31
CommonTextRc.dll: 15.0.17.269    68352 Bytes    4/5/2016 00:07:31

Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files (x86)\Avira\Antivirus\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Skipped files.......................:

Start of the scan: Friday, May 06, 2016  21:42

Start scanning boot sectors:
Boot sector 'HDD1(C:)'
    [INFO]      No virus was found!
Boot sector 'HDD0(D:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'svchost.exe' - '116' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'spoolsv.exe' - '96' Module(s) have been scanned
Scan process 'sched.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'taskhost.exe' - '45' Module(s) have been scanned
Scan process 'Dwm.exe' - '34' Module(s) have been scanned
Scan process 'Explorer.EXE' - '195' Module(s) have been scanned
Scan process 'avguard.exe' - '127' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '139' Module(s) have been scanned
Scan process 'avgnt.exe' - '122' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '156' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'taskhost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'SecUPDUtilSvc.exe' - '21' Module(s) have been scanned
Scan process 'usp02pi.exe' - '22' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '59' Module(s) have been scanned
Scan process 'avcenter.exe' - '142' Module(s) have been scanned
Scan process 'avscan.exe' - '78' Module(s) have been scanned
Scan process 'avscan.exe' - '122' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '26' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '71' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1117' files ).


Starting the file scan:

Begin scan in 'C:\'
The Protection Cloud scan of file 'C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe' completed with the error code 0x490. SHA256 = 5B0863433681E213E6783438AEA05564387806EE27E3AA76DBB345FB98CC359B
C:\Users\Dorothy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40VPYCVJ\aip[2].exe
  [DETECTION] Contains patterns of software PUA/Systweak.Gen4
C:\Users\Dorothy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FYZW1ZCS\aip[1].exe
  [DETECTION] Contains patterns of software PUA/Systweak.Gen4
Begin scan in 'D:\'

Beginning disinfection:
C:\Users\Dorothy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FYZW1ZCS\aip[1].exe
  [DETECTION] Contains patterns of software PUA/Systweak.Gen4
  [NOTE]      The file was moved to the quarantine directory under the name '51a8d8c7.qua'!
C:\Users\Dorothy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40VPYCVJ\aip[2].exe
  [DETECTION] Contains patterns of software PUA/Systweak.Gen4
  [NOTE]      The file was moved to the quarantine directory under the name '493ff742.qua'!


End of the scan: Friday, May 06, 2016  22:13
Used time: 19:49 Minute(s)

The scan has been done completely.

  14761 Scanned directories
 137039 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      2 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 137037 Files not concerned
   3460 Archives were scanned
      0 Warnings
      2 Notes
 421036 Objects were scanned with rootkit scan
      0 Hidden objects were found
 



#9 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 May 2016 - 09:00 AM

I did ask the guy why I should trust someone I contacted from a pop-up. He sent me to this website. http://www.delraytechnologies.com/   I will contact them.



#10 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 May 2016 - 09:02 AM

The callback number he gave was the contact number for that website.

I think their software probably is good. I am just not going to buy it. Can't afford it.



#11 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 PM

Posted 07 May 2016 - 09:16 AM

Hi DottieR

I do not suggest you contact them yet.

The command you used only shows what connections you have open in your computer and are not bad entries itself. They are created every time you do something that requires internet connection like go to website with your browser(to be more specific, it lists programs that use TCP).

Those popups you receive from internet have no way of knowing the state of your system and therefore should not be trusted.

I will take a closer look at that site you provided. Until then I recommend you don't do anything drastic. Meantime please follow the instructions I provided you with.

Edited by Slurppa, 07 May 2016 - 09:23 AM.

Member of the Bleeping Computer A.I.I. early response team!


#12 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 May 2016 - 09:33 AM

I removed the 2 programs they used to see into my computer.

 

One other strange thing. They found a phone number in there somewhere which I had never called and who has never called me. I found it is the number of a software program owner whom I had emailed earlier in the day, but had received no answer.

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Mozilla Firefox (46.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
 Malwarebytes Anti-Malware mbamresearch.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/7/2016
Scan Time: 7:03 AM
Logfile: MBAM scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.07.03
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dorothy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267835
Time Elapsed: 10 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#13 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 PM

Posted 07 May 2016 - 04:00 PM

Hi DottieR

Can you tell the names of the program you deleted?

Malwarebytes came out clean, but given that you had your computer remotely controlled I suggest you create new thread in Malware Removal Logs section to make sure they didn't install anything that our automated tools might not pick up or alter the security of your machine otherwise.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Member of the Bleeping Computer A.I.I. early response team!


#14 TheTripleDeuce

TheTripleDeuce

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:06:15 PM

Posted 07 May 2016 - 04:47 PM

I removed the 2 programs they used to see into my computer.

 

One other strange thing. They found a phone number in there somewhere which I had never called and who has never called me. I found it is the number of a software program owner whom I had emailed earlier in the day, but had received no answer.

 

do you have the phone number and email address? have you googled them to see who they belong to? it is quite possible the results will list even more evidence that it was indeed a scam.

 

please remember that any pop ups are simply there to try and sell you something that you don't need, I seen someone on here liken it to a doctors office, a doctors office wont just call you out of the blue to tell you are sick because they have no way of knowing. please ba cautious allowing people to connect to your computer as it is very rarely that they will make things better. especially when you call the number from a pop up and they claim to be a sub contractor for Microsoft, AFAIK if they are a sub conctractor for Microsoft they will have a contract number that you can call Microsoft to verify with.

 

Rule #1 is DO NOT believe everything you read on the internet and always approach it like they are out for their best interest and not your best interest



#15 DottieR

DottieR
  • Topic Starter

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 May 2016 - 05:37 PM

Done. Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users