Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help from an expert, tried everything...


  • This topic is locked This topic is locked
4 replies to this topic

#1 GuyMillennium

GuyMillennium

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 23 January 2017 - 02:44 PM

Some things are happening to my pc that I can't explain. It all started a couple weeks ago, or maybe that's when I only started noticing the signs.

Here are the series of events:
1. I was scrolling through facebook and I was suddenly logged out of my account. The box saying "Please log in to continue" just showed up. It was really unusual so I logged in and changed my password immediately and selected Log out from all devices.
2. Probaby a couple nights later, I saw a facebook message sent by me to a friend which I do not remember sending at all. This was the time I was online on Facebook. I was almost sure I got hacked but I remember I had just changed my password (note: my mobile security code generator for log in approvals was on) so I didn't believe it was possible. The first thing that went to mind was that if there was someone who did this, the person could not only access my account but my whole pc.
3. Ran malwarebytes, combofix, tdsskiller, AVG, Smadav, ESET online scanner and all that crap and came clean somewhat. I made sure I cleaned the pc. I'm a beginner in this so really wasn't sure about what I was doing.
4. A couple days again after, it happened again. Someone sent a message on facebook using my account that I did not. Figuring I did what I could, I just let it be.
5. Four days later, it freaking happened again. Not knowing what to do, I brushed it off. I installed a keylogger to monitor my pc and to know if it was just me.
6. The messages have stopped but just very recently again, I was scrolling through my newsfeed and I was logged out AGAIN suddenly. I just had it. I stopped logging into my online accounts on the pc.
7. Here's the weirdest part: I suddenly noticed that a New Folder was created in the desktop. I checked what time it was created. 11:44 AM. I absolutely do not remember creating any folder. I instantly checked my keylogger. It says I booted my computer at around 11:50 AM and the keylogger started recording at around the same time. 6 MINUTES after the said folder was created. Is this possible? My pc was turned off, wtf?

Any help? I'm a bit desperate here.

BC AdBot (Login to Remove)

 


#2 GuyMillennium

GuyMillennium
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 23 January 2017 - 08:56 PM

Some things are happening to my pc that I can't explain. It all started a couple weeks ago, or maybe that's when I only started noticing the signs.

Here are the series of events:
1. I was scrolling through facebook and I was suddenly logged out of my account. The box saying "Please log in to continue" just showed up. It was really unusual so I logged in and changed my password immediately and selected Log out from all devices.
2. Probaby a couple nights later, I saw a facebook message sent by me to a friend which I do not remember sending at all. This was the time I was online on Facebook. I was almost sure I got hacked but I remember I had just changed my password (note: my mobile security code generator for log in approvals was on) so I didn't believe it was possible. The first thing that went to mind was that if there was someone who did this, the person could not only access my account but my whole pc.
3. Ran malwarebytes, combofix, tdsskiller, AVG, Smadav, ESET online scanner and all that crap and came clean somewhat. I made sure I cleaned the pc. I'm a beginner in this so really wasn't sure about what I was doing.
4. A couple days again after, it happened again. Someone sent a message on facebook using my account that I did not. Figuring I did what I could, I just let it be.
5. Four days later, it freaking happened again. Not knowing what to do, I brushed it off. I installed a keylogger to monitor my pc and to know if it was just me.
6. The messages have stopped but just very recently again, I was scrolling through my newsfeed and I was logged out AGAIN suddenly. I just had it. I stopped logging into my online accounts on the pc.
7. Here's the weirdest part: I suddenly noticed that a New Folder was created in the desktop. I checked what time it was created. 11:44 AM. I absolutely do not remember creating any folder. I instantly checked my keylogger. It says I booted my computer at around 11:50 AM and the keylogger started recording at around the same time. 6 MINUTES after the said folder was created. Is this possible? My pc was turned off, wtf?

Any help? I'm a bit desperate here.


Edit: It makes more sense that the New Folder's date of creation was.modified deliberately, instead of my pc being accessed while turned off. But this is just a speculation. I have now disconnected my ethernet cable from the cpu.

Edited by GuyMillennium, 24 January 2017 - 04:16 AM.


#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:21 AM

Posted 27 January 2017 - 05:40 PM

Hi, GuyMillennium! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

With regards to the folder, it is indeed most likely that the time of creation was modified, although considering where said folder was created, I'm not sure what changing the time would accomplish...

 

On the topic of the keylogger, it's possible it wouldn't even pick up anything the person (most likely) controlling your PC typed in, since it's being done remotely on his or her end.

First, let's run a scan with FRST to get some more information. I'll use this information to see what might be going on with your PC.

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. If you are using Windows 8 or above, Windows will most likely attempt to block the program from running; if this occurs, click More info and then Run anyway. Once it opens, accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and Addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:21 AM

Posted 30 January 2017 - 06:52 PM

Hi,

It's been three days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:08:21 AM

Posted 03 February 2017 - 01:58 AM

This topic is now locked due to the lack of feedback.

If you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users