Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have we been hacked?


  • Please log in to reply
7 replies to this topic

#1 carolineevans

carolineevans

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 23 November 2016 - 06:41 AM

 Hi, last night our internet went down a little after midnight. Later, when I looked it was back, but there was a pop up on my desktop. The pop up said:

 

Security Alert

eas.outlook.com

 

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

 

x The security certificate was issued by  a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

x The security certificate has expired or is not yet valid.

x The name on the security certificate is invalid or does not match the name of the site.

 

I then clicked 'View Certificate' - got a new op up saying:

 

Certificate Information

Windows does not have enough information to verify this certificate. 

Issued to talktalkrouter.Ian 

Issued by: root.home

Valid from 09/08/2014 to 06/08/2024

 

I closed the 'View Certificate' and clicked 'no' on the Security Alert where it said 'Do you want to proceed'.

 

There is no one here called Ian. I am worried someone has tried/ successfully accessed my computer - any advice? I have very little knowledge on this subject.  :wacko:

 

Thanks!


Edited by carolineevans, 23 November 2016 - 07:45 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 23 November 2016 - 07:29 AM

Welcome to BC...

 

Was the bad spelling yours or did you copy exactly what was in the pop up?

 

Suggest you reset your router and then secure it. Found this for you:

TalkTalk Routers - Known issues

TalkTalk Help

 

Resetting your D-Link DI-624 router to the factory settings | FiOS Internet | Residential Support | Verizon

 

How to Make My D-Link Wireless Router Secure | Our Everyday Life

 

If D-Link is not your router's manufacturer then simply do a search for how to reset and secure your brand of router.

 

EDIT: LAN port. Alternatively referred to as an Ethernet port, network connection, and network port, the LAN port allows a computer to connect to a network using a wired connection.


Edited by buddy215, 23 November 2016 - 07:38 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 carolineevans

carolineevans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 23 November 2016 - 08:04 AM

Hi, thanks for your relply. Yes the typos were mine! I think I've managed to edit them now. 

 

I've reset the router. Next to reset the password...is it the wifi password that needs resetting - or specifically the one on the router?



#4 carolineevans

carolineevans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 23 November 2016 - 08:27 AM

Managed to changed both, cheers :)



#5 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 23 November 2016 - 08:31 AM

The reason I asked about typos is that often malware attempting to disguise itself in alerts has typos...one of the tells for knowing the alert is not from a reliable source.

 

Securing the router includes blocking remote access and insuring that its firewall is active. For further security measures read the info in the link I provided

in my first post....just changing the password isn't enough. Checking for updates for the router's firmware is a good idea, too.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 carolineevans

carolineevans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 23 November 2016 - 09:03 AM

Cheers - I turned remote access off - with the firewall there are 2 options - its currently on TALKTALK - have the option to turn to high - but is says the following:

 

The firewall is a security component that stands between the Internet and your network devices. It makes decisions about types of data that pose a threat to your devices. When the firewall is enabled, all data between the Internet and computer must pass through it, and the firewall filters out types of data that may pose a threat.

  • Firewall level:

    Set the firewall level to configure corresponding rules automatically.

    • TalkTalk:

      The firewall monitors and filters through some Internet activities. If you play network games and access entertainment services often without connecting to computers on the home network, select this level. You’ll be able to enjoy network applications with minimized vulnerability.When the level is TalkTalk, all active data packets are allowed to pass from the home network to the Internet.

    • High:

      The firewall monitors and filters through all Internet activities. If you have high security requirements, select this level. For example, if you often browse webpages on the Internet and demand high security, select this level. Certain legitimate network applications may also be blocked. Lower the level in this case.When the level is High, only FTP, DNS and HTTP data packets are allowed to pass between your home network and the Internet.



#7 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:56 PM

Posted 23 November 2016 - 09:33 AM

I'd go with the first choice. You could test using the more restrictive choice...and change back if it is too restrictive for your use.

 

Below are some programs you can use to clean the computer, remove malware and remove adware. If you haven't used these programs before

I suggest you do when you have the time. If they find anything and you want me to review their scan results....post the logs except for CCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 carolineevans

carolineevans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 04 December 2016 - 04:01 PM

Many thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users