Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Laptop act form itself "Am I infected?"


  • Please log in to reply
8 replies to this topic

#1 Chadi20

Chadi20

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 12 June 2016 - 07:51 AM

My Laptop was on home while I was at work and when I tried to log to my Laptop via "Team Viewer" I found my browser open and the "PayPal" website, but there was no information to log in 'cuz I just changed my OS. But I used "LastActivityView" software and "Event Viewer" and I found that there was an action on my lap top in my work hours and no one home to do such thing.
Plz help me what should I do, Thx.



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:06 AM

Posted 12 June 2016 - 09:34 AM

Hi :welcome: to BleepingComputer

 

It seems you are a victim of the latest Security problem affecting TeamViewer that isn't exactly clear what happen.

 

 

There is a guide here about what you should do to secure your TeamViewer access.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 Chadi20

Chadi20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2016 - 04:27 AM

Sorry for late respond'n, many thanks @SleepyDude.
But my IP shows me another location differ than my location, How could it be ?!!!!



#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:06 AM

Posted 13 June 2016 - 06:08 AM

Are you checking the external IP? in most cases you computer have an internal IP like 192.168.xxx or 10.xxx

 

Confirm the IP using https://www.whatismyip.com/ for example


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 Chadi20

Chadi20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2016 - 06:53 AM

Thx SleepyDude

I used https://www.whatismyip.com/ but it gives me an IP but it's a different City and State from the one that I live in !!



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:06 AM

Posted 13 June 2016 - 08:21 AM

Thx SleepyDude

I used https://www.whatismyip.com/ but it gives me an IP but it's a different City and State from the one that I live in !!

 

Don't worry about the City and State its only an approximated information many time is related to the record done by the ISP you are using not for your specific connection.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 Chadi20

Chadi20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2016 - 08:31 AM

Ok, many thanks to you.
I'll give it a week to check if there's any suspicious events or action and I'll reply here to close the topic.

 

Thank you SleepyDude
Thx www.Bleepingcomputer.com 



#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,049 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:12:06 AM

Posted 13 June 2016 - 10:29 AM

:thumbup2:


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 Chadi20

Chadi20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2016 - 02:43 PM

Is this ok !

==================================================
Action Time       : 6/13/2016 9:38:48 PM
Description       : Run .EXE file
Filename          : sethc.exe
Full Path         : C:\Windows\System32\sethc.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Accessibility shortcut keys, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:48 PM
Description       : Run .EXE file
Filename          : AtBroker.exe
Full Path         : C:\Windows\System32\AtBroker.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Windows Assistive Technology Manager, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:43 PM
Description       : Run .EXE file
Filename          : LASTACTIVITYVIEW.EXE
Full Path         : C:\Users\Chad\Desktop\LASTACTIVITYVIEW.EXE
More Information  : NirSoft, LastActivityView, LastActivityView, 1.16
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:38:35 PM
Description       : Run .EXE file
Filename          : Taskmgr.exe
Full Path         : C:\Windows\System32\Taskmgr.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Task Manager, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:35 PM
Description       : Run .EXE file
Filename          : dllhost.exe
Full Path         : C:\Windows\System32\dllhost.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, COM Surrogate, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:35 PM
Description       : Run .EXE file
Filename          : dllhost.exe
Full Path         : C:\Windows\System32\dllhost.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, COM Surrogate, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:35 PM
Description       : Run .EXE file
Filename          : CONSENT.EXE
Full Path         : C:\WINDOWS\SYSTEM32\CONSENT.EXE
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Consent UI for administrative applications, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:38:32 PM
Description       : Run .EXE file
Filename          : DWM.EXE
Full Path         : C:\WINDOWS\SYSTEM32\DWM.EXE
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Desktop Window Manager, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:38:32 PM
Description       : User Logon
Filename          : 
Full Path         : 
More Information  : WORKGROUP\DWM-1
File Extension    : 
==================================================

==================================================
Action Time       : 6/13/2016 9:38:31 PM
Description       : Run .EXE file
Filename          : dllhost.exe
Full Path         : C:\Windows\System32\dllhost.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, COM Surrogate, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:26 PM
Description       : Run .EXE file
Filename          : WerFault.exe
Full Path         : C:\Windows\System32\WerFault.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Windows Problem Reporting, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:26 PM
Description       : Run .EXE file
Filename          : svchost.exe
Full Path         : C:\Windows\System32\svchost.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Host Process for Windows Services, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:38:26 PM
Description       : Software Crash
Filename          : dwm.exe
Full Path         : C:\WINDOWS\system32\dwm.exe
More Information  : dwm.exe, 10.0.10586.0, 5632d756, KERNELBASE.dll, 10.0.10586.306, 571af331, e0464645, 0000000000071f28, 40c, 01d1c5a025515fec, C:\WINDOWS\system32\dwm.exe, C:\WINDOWS\system32\KERNELBASE.dll, 348a2934-eb26-4b4d-affb-1e1a6a9825b5, , 
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:33:10 PM
Description       : Run .EXE file
Filename          : dllhost.exe
Full Path         : C:\Windows\System32\dllhost.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, COM Surrogate, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:30:14 PM
Description       : Run .EXE file
Filename          : WmiPrvSE.exe
Full Path         : C:\Windows\System32\wbem\WmiPrvSE.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, WMI Provider Host, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:30:05 PM
Description       : Run .EXE file
Filename          : INTELWIDIUMS64.EXE
Full Path         : C:\WINDOWS\SYSTEM32\INTELWIDIUMS64.EXE
More Information  : Intel Corporation, Intel® WiDi, Intel(R) User Mode Service, 6.5.47.0
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:29:59 PM
Description       : Run .EXE file
Filename          : SPPEXTCOMOBJ.EXE
Full Path         : C:\WINDOWS\SYSTEM32\SPPEXTCOMOBJ.EXE
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, KMS Connection Broker, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:29:59 PM
Description       : Run .EXE file
Filename          : SPPSVC.EXE
Full Path         : C:\WINDOWS\SYSTEM32\SPPSVC.EXE
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Microsoft Software Protection Platform Service, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:29:59 PM
Description       : Run .EXE file
Filename          : TASKHOSTW.EXE
Full Path         : C:\WINDOWS\SYSTEM32\TASKHOSTW.EXE
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Host Process for Windows Tasks, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:29:22 PM
Description       : Run .EXE file
Filename          : rundll32.exe
Full Path         : C:\Windows\System32\rundll32.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Windows host process (Rundll32), 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:28:31 PM
Description       : Run .EXE file
Filename          : INTELWIDIUMS64.EXE
Full Path         : C:\WINDOWS\SYSTEM32\INTELWIDIUMS64.EXE
More Information  : Intel Corporation, Intel® WiDi, Intel(R) User Mode Service, 6.5.47.0
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:27:59 PM
Description       : Run .EXE file
Filename          : IGFXTRAY.EXE
Full Path         : C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
More Information  : 
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:27:58 PM
Description       : Run .EXE file
Filename          : IGFXEXT.EXE
Full Path         : C:\WINDOWS\SYSTEM32\IGFXEXT.EXE
More Information  : Intel Corporation, Intel(R) Common User Interface, igfxext Module, 6.15.10.4279
File Extension    : EXE
==================================================

==================================================
Action Time       : 6/13/2016 9:27:58 PM
Description       : Run .EXE file
Filename          : rundll32.exe
Full Path         : C:\Windows\System32\rundll32.exe
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Windows host process (Rundll32), 10.0.10586.0 (th2_release.151029-1700)
File Extension    : exe
==================================================

==================================================
Action Time       : 6/13/2016 9:27:58 PM
Description       : Run .EXE file
Filename          : WUDFHOST.EXE
Full Path         : C:\WINDOWS\SYSTEM32\WUDFHOST.EXE
More Information  : Microsoft Corporation, Microsoft® Windows® Operating System, Windows Driver Foundation - User-mode Driver Framework Host Process, 10.0.10586.0 (th2_release.151029-1700)
File Extension    : EXE
==================================================







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users