Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persona non grata may have hacked me.


  • Please log in to reply
9 replies to this topic

#1 tvc19

tvc19

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:nyc
  • Local time:02:02 AM

Posted 30 June 2016 - 10:57 AM

The guy who lived below me 5 or 6 years ago, who was a corporate security specialist, whom we were once friends, until a falling out, he moved, i moved twice, just whatsapped me 2 months ago. Had not heard from him until then. He knew my phone number but not my email, I don't think he did at least, anywho, about a week later, opened my computer to a very odd looking screen with all blue text and a very weird (script looking ) page layout. It said something about symantec security, which is the disk he gave me for my old computer, there was nothing from the old one transferred over to my current one. I shut it down immediately. Next day I booted in safe mode and ran malwarebytes and avast, found nothing.

Then timewarner sends me a warning about my computer sending out unwanted malware and that i needed to call there tech guy or else there shutting me down. So I unplugged and let it sit for a week, now back up again and ran R-kill, anti root kit, which found nothing, then  adwcleaner, but i have no idea which one looks suspicious or which to remove, any help would be greatly appreciated.

Tvc19

 

adwcleaner log:

 

      # AdwCleaner v5.200 - Logfile created 30/06/2016 at 11:06:05

# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username :
# Running from : C:\Users\\Desktop\adwcleaner_5.200.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Folder Found : C:\Users\MT\AppData\Local\Conduit
Folder Found : C:\Users\MT\Documents\Save
Folder Found : C:\Users\MT\Documents\ppt
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\ProgramData\uninstaller.exe
File Found : C:\ProgramData\Application Data\uninstaller.exe
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SEARCHPROTECT
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3682341872-1384960059-119969737-1000\Software\APN PIP
Key Found : HKU\S-1-5-21-3682341872-1384960059-119969737-1000\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{575DD6CD-7DAF-4BDF-BD27-D052C383219D}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7E62729-3B94-429D-984E-F25916ACD4F4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKU\S-1-5-21-3682341872-1384960059-119969737-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKU\S-1-5-21-3682341872-1384960059-119969737-1000\Software\Microsoft\Internet Explorer\SearchScopes\{575DD6CD-7DAF-4BDF-BD27-D052C383219D}
Key Found : HKU\S-1-5-21-3682341872-1384960059-119969737-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A7E62729-3B94-429D-984E-F25916ACD4F4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CltMngSvc
 
***** [ Web browsers ] *****
 
[C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.yahoo.com
[C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : android-transfer-for-windows.en.softonic.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [4910 bytes] - [28/06/2016 19:15:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [4809 bytes] - [30/06/2016 11:06:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4882 bytes] ##########
 


BC AdBot (Login to Remove)

 


#2 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 30 June 2016 - 11:07 AM

Time Warner sends you a message? How? Phone, email, postal mail? They only contact their customers if there is a billing issue or if their customer has been torrenting, and then it is usually via email or regular mail.

 

A lot of what you describe sounds a bit like a "Tech Support scam" to me. Can you be more descriptive regarding the "blue text screen with the script" and the Time Warner communication?



#3 tvc19

tvc19
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:nyc
  • Local time:02:02 AM

Posted 30 June 2016 - 12:40 PM

sorry - dentist.  It was a new screen that came up on my lap top. and yes, i had been using torrents, but no longer will, my bad. even with a good VPN they can still track your packets i believe, so i'm done with that.  



#4 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 30 June 2016 - 12:55 PM

The thing with torrents is...they make a great attack vector for viruses. Even if you are selective about what you torrent, avoiding any viruses from the actual torrent, it's still easy to get a virus from the torrent website.

 

For example, if your java or flash plugins are out of date somebody can execute an attack through the advertisements on the torrent site. It can happen while you are on the site, no need to click or install things.

 

Now it is time to actually check your computer for viruses. Virus scanners you can download do not always find tech support scam software, which I think you have.

 

I see that there are people watching this thread, so I am certain somebody will come by to help your computer. I would, but I am not qualified in this case. Good luck!



#5 tvc19

tvc19
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:nyc
  • Local time:02:02 AM

Posted 30 June 2016 - 01:02 PM

Thanks for your time, I did use adblock, which may have helped. any other scans or checks i can do would be very welcomed. thanks to anyone who may help.

Tvc19



#6 tvc19

tvc19
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:nyc
  • Local time:02:02 AM

Posted 30 June 2016 - 01:08 PM

how bout Hitmanpro? 



#7 tvc19

tvc19
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:nyc
  • Local time:02:02 AM

Posted 30 June 2016 - 01:30 PM

Hitmanpro nailed it, hopefully. 



#8 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 30 June 2016 - 02:19 PM

What did HitmanPro say?

 

FYI - It is not advisable to run AV software unless you are 100% it will work without adversely affecting your system. This virus could be designed with HitmanPro in mind, it could be brand new, it could even be undetectable by some AV software. You don't know unless you get a professional to diagnose.

 

If I were you, I would wait for a Malware Removal Specialist to chime in with instructions.



#9 tvc19

tvc19
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:nyc
  • Local time:02:02 AM

Posted 30 June 2016 - 02:44 PM

Ok, will do. 



#10 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 30 June 2016 - 03:03 PM

Good luck!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users