Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hack via TeamViewer


  • Please log in to reply
15 replies to this topic

#1 UtterNutter

UtterNutter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 15 April 2017 - 08:26 AM

Hi all, feeling very silly. My hubby too! My laptop was accessed by a so-called BT engineer who said our broadband had been hacked. He ask my hubby to use TeamViewer to show him where to see the hacks. He and I never knew that TeamViewer was a safety risk. I've uninstalled TeamViewer and have run virus checks with F Secure, Super AntiSpyware and MalwareBytes. I'm in the process of changing my passwords on another laptop.

 

How can I find out if I have malware and how do I get rid of it?

 

Please be patient with me if I'm slow as I have dyspraxia.

 

Cheers,

Alex


Edited by hamluis, 15 April 2017 - 10:29 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:57 PM

Posted 15 April 2017 - 11:31 AM

UtterNutter:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil . May I address you by your first name?

TeamViewer software is not, of itself, in any way dangerous. I have it installed on both of my computers and I use it routinely to remote into client computers to assist them with their computer issues. What is DANGEROUS is permitting someone use to TeamViewer, or any other similar remote access application, when you do not know them or their intentions.

I think that we should run a few preliminary security scans on your computer and see what turns up.

.

:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Copy and paste the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.1.2.1733-10139.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

If I haven't responded to your reply in 48 hours, please send me a personal message.

Thank you and have a great day.

Regards,
-Phil
 


Member of the Unified Network of Instructors and Trusted Eliminators


#3 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 15 April 2017 - 12:54 PM

Many thanks, but right clicking on the F Secure icon shows no Unload action. I turned off everything in F Secure settings except the firewall. Is that enough?

 

In the scan page you gave me there's no "Yes, I accept the Terms of Use" checkbox and not "Start" button. I think there's a stage missing!  So I've had to stop there.

 

I'm on IE.

 

Cheers,

Alex


Edited by UtterNutter, 15 April 2017 - 12:56 PM.


#4 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 15 April 2017 - 05:07 PM

Well, I ran the online scan, although it was just a click of the Scan Now button. It came up with the following, including one on my external hard drive:

 

C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\lavasofttcpservice.dll.vir  a variant of Win32/Packed.Komodia.A suspicious application   

C:\Users\user\Desktop\Old Firefox Data\gbqt3c24.default\extensions\ffxtlbr@zonealarm.com\uninstall.exe                Win32/Toolbar.Montiera.B potentially unwanted application     

C:\Users\user\Desktop\Old Firefox Data\gbqt3c24.default\extensions\ffxtlbr@zonealarm.com\content\mtstart.js                Win32/Toolbar.Montiera.AK potentially unwanted application  

F:\Alex1\IT\camstudio.exe         a variant of Win32/InstallCore.AIK potentially unwanted application

 

Cam Studio is a screen recorder. ZoneAlarm is antivirus software. Are they suspicious software?

 

Cheers,

Alex



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:57 PM

Posted 16 April 2017 - 09:20 AM

Alex:

 

Thank you for permission to address by your first name.  Some anti-malware scanners do report "false positives"; however, that said, some malware masquerades as legitimate software or actually injects malicious code into legitimate files, thereby "capturing" them for use by the malware and thus trying to avoid detection.

 

It is possible to restore files that were quarantined by ESET sometimes after you have closed the online ESET online scanner.  See this link for more information.

 

If you can "un-quarantine" the files, you could upload them to VirusTotal and scan each one of them.  Make sure that you do upload the files one by one and press the "Scan It!" button for each file to get fresh results for your individual files.

 

I know that you stated that you had run Malwarebytes before asking for help here, but I would like see the results of a fresh Malwarebytes scan.  Please follow the instructions in Step :step2: of my previous post, particularly the instruction to turn on anti-rootkit scanning.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 18 April 2017 - 02:19 AM

Hi Phil,

 

Thanks for all your help, but I've decided to do a Restore, so hopefully that'll remove any malware.

 

This has been a very informative conversation and has taught me much!

 

Have a lovely day,

Alex



#7 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 18 April 2017 - 02:26 AM

Oops, one more question, lol! How do I ensure my external hard drives are safe? Could they have been infected with the hacking software?

 

Cheers,

Alex



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:57 PM

Posted 18 April 2017 - 07:56 AM

Alex:

 

Thanks for your posts.  It is your computer, so you decide what you want to do.  Your computer is not now showing any signs of infection.

 

If your external hard drives were not connected, then I doubt that they were infected.  You can always connect them and do "custom" scans with your anti-virus and anti-malware applications, just to be sure.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 20 April 2017 - 03:52 PM

Many thanks Phil. I did do a restore. Live and learn!

 

Over and out. :)



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:57 PM

Posted 21 April 2017 - 07:03 AM

Alex:

Thank you for your post. I am glad that the system restore worked for you. It doesn't always work, as I learned personally a few a weeks ago when a Windows 10 update "borked" my main computer. Fortunately, I am "anal-retentive" and do full system images of both of my computers every Friday (yep, today's the day), and I always keep four such images.

 


. . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; for instance Microsoft Security Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.


On behalf of the Bleeping Computer Community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 21 April 2017 - 07:59 AM

Very many thanks! That's marvellous. I do have lots of specialist software for astrophotography, but always from a trusted source, or checked with VirusTotal before download.

 

How do you take full system images?



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:57 PM

Posted 21 April 2017 - 08:52 AM

Alex:

 

Thank you for your post.  Personally, I have purchased both Easeus Todo Backup Home and Macrium Reflect.  There are free versions of both, but they lack some features, though the free versionls are still completely reliable and functional.

 

I alternate between both programs weekly so that I always have two sets of Drive 0 images of all partitions created by both products (four images).  A new image could be infected by a "zero-day" virus that was not detected at the time of the imaging, so having one image is NOT enough.

 

As I told you, I am anal-retentive, so I believe in LOTS of redundancy.  In my work here, and in other Forums, as well as helping folks in my small community with their computer issues, I have learned, first-hand, how important doing regular backups is!  People have their lives on their computers, but just assume that a computer will never fail.  It will; it is only a question of when?  So many, have lost, so much, because they did not have a backup ... and that was before the explosion of ransomware!

 

I worked on one local woman's computer a couple of years ago, and she had almost 20,000 family photos on that computer ... and no backup!  Her computer was infected and I cleaned it.  Fortunately, it was not ransomware, or she might have lost it all.  Also hard drives just quit or get zapped with power surges.  Failing to take the time to backup your computer on a regular basis is a recipe for impending disaster, in my view.

 

You only have to browse the Forums here; or the computer Forums at other sites, to realize how many people have lost their irreplaceable information because of malware or computer failure.

 

I formerly used Acronis years ago, but they issued an update that "borked" both of my computers.  Ironically, I had to restore from Acronis backups, and then I had to go and hack my registry to remove the mandatory "run" key that they had left orphaned without a corresponding driver file.  That was the end of me using Acronis, although it is still a highly-regarded backup product.  This is ALL just my PERSONAL opinion and experience.  It does NOT reflect the views of Bleeping Computer.

 

As I told you in my previous post, a Windows update "borked" my computer about a month ago.  It would not boot, but I could get into recovery options.  The restore points would not restore, Windows could not repair whatever it was that got mangled, so I was left to boot off my Easeus Todo Backup Home recovery CD (it was the most recent image that I had) and restored my entire computer in 30 minutes to the condition it was in four days before, all 130 GB plus.  I copy all of my changed data files to another drive as files are changed, so within an hour, it was if nothing had happened to my computer.  I sleep well at night! :)  I re-dowloaded the update, after a DISM command found and fixed some issues, and the Windows update went in successfully.

 

So, you can well understand why I stress the importance of backing up your OS and data drives on a regular basis.  You need only ask yourself: "Can I afford to lose what is on my computer?"

 

End of sermon! :)  Stay safe in cyberspace, Alex, and make regular backups ... in case something goes wrong.  I always say that, with computers, you are ALWAYS only one click away from a potential disaster!

 

Have a great weekend.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 21 April 2017 - 01:09 PM

Wow! You're so knowlegeable! I do backup to two 3TB external drives. I tried Macrium Reflect but couldn't get it to work and the team tried to help but didn't make sense as I'm not very IT literate. Can you give me a link to Easeus Todo Backup Home recovery?

 

Very, very many thanks!



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:57 PM

Posted 21 April 2017 - 02:22 PM

Alex:

 

Thank you for post and for your kind words.  Of the two, I personally prefer Macrium Reflect (MR) - it is a tad faster and has some pretty impressive enhanced features (most of which I don't use).  That said, I usually recommend Easeus Todo Backup Home (ETBH) to most of the people that I assist here in town, who are generally older, because it is SO easy to use, and the price is cheaper than MR.

 

This is the link to the free ETBH product.

 

I do get frequent email offers from Easeus for their range of paid products.  In fact, I have two different, limited time, offers right now in my InBox.  One offer is for ETBH Version 10 for $10.15 US; the other is for up to 65% off for lifetime upgrades.  The paid version is significantly faster than the free version, and it comes with essentially lifetime support by their Technical Support staff, via their Forums which I visit daily.

 

I have the lifetime ETBH upgrade package for which I paid just about full price a year ago.  The lifetime upgrades are cheaper in the long run.  You do want your backup software to keep pace with the major version releases of Windows 10, which I understand will be done semi-annually henceforth, in March and September.

 

Should you be interested in purchasing the ETBH product at a discount, then please send me a Private Message with your personal email address, and I will forward both offers on to you and you can decide whether to go free, or paid, or not at all.

 

AGAIN, I want to emphasize that the foregoing are MY opinions ONLY!  My opinions do NOT represent the views of Bleeping Computer, which has no official position on the merits of the various backup software applications available, free or paid.  I am just passing on my experience and my personal recommendations because you asked.  It is also important to note that I have NO connection to Easeus, other than being a customer and a participant in their Forums, as I am on many other Forums, including this one.

 

Have a great weekend, Alex.  I will be interested in what you decide to do.  Please let me know.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#15 UtterNutter

UtterNutter
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 23 April 2017 - 08:54 AM

Hi Phil,

 

I tried to email you but I'm getting a failure message.

 

I've tried to pay for the full version of Todo Backup Home from the link you gave me, and the price is more! The initial page says the cost was $50.00 reduced to  $35.40 but when I went to pay it said the original price was $70.80 reduced to $42.48. I'm confused!

 

Cheers,

Alex






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users