Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware / virus / or somthing


  • Please log in to reply
2 replies to this topic

#1 anarchics

anarchics

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 13 February 2017 - 12:36 PM

this is to do with https://www.bleepingcomputer.com/forums/t/636741/help/ that i made

 

all the info is on the other thread. but i think i have found part of them issue, some one has been hacking in to my pc, i found this in the event viewer 

 

Capture.png

 

Workstation Name: WIN-7AO3J1U1AP4

Source Network Address: 192.168.253.128

Source Port: 49168
 
 
we have no pc called "WIN-7AO3J1U1AP4", so basically what do i do now how can i stop these people to keep gaining access to my computer
 
its not just one attempt i can see dozens of events

Edited by anarchics, 13 February 2017 - 12:44 PM.


BC AdBot (Login to Remove)

 


#2 anarchics

anarchics
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 13 February 2017 - 01:03 PM

what i was ask to do in other thread, i can not see add attachment, so i post log here

 

ix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by corsair (13-02-2017 17:47:24) Run:1
Running from C:\Users\corsair\Desktop\security\zip files  & installers\New folder
Loaded Profiles: corsair (Available Profiles: corsair)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-752912108-1733215214-1741079133-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
Reboot:
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-752912108-1733215214-1741079133-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9937149 B
Java, Flash, Steam htmlcache => 51271086 B
Windows/system/drivers => 69828508 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 328236430 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 84537 B
LocalService => 33058 B
NetworkService => 33058 B
corsair => 167899217 B
 
RecycleBin => 1235401952 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:47:36 ====


#3 anarchics

anarchics
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 13 February 2017 - 01:24 PM

what makes it worse, i put comodo on paranoid mode, and had a program called netsh, trying to change settings looked it ud team viewer desperately trying to access the Internet, then had mobile sync also trying to accesses the Internet.

 

i have defiantly got something bad on my pc, but i get it even if i format my pc with a windows 7 dvd rom, idk what to do, but that "WIN-7AO3J1U1AP4" is using a local addresses so its some one that lives near me?

 

edit, my pc went crazy trying to contact the net all kinds of programs was coming up on comodo hips, so i turned off my wireless on my router, and it all stoped, if there is some one that lives in the aera that keeps hacking in to my router/pc what can i do about it?


Edited by anarchics, 13 February 2017 - 02:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users