Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potentially infected PC


  • Please log in to reply
7 replies to this topic

#1 pudge5508

pudge5508

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 17 January 2018 - 09:56 PM

Hi guys,

I've resorted to posting here as I'd like to have a second opinion. I'm fairly aware on how to manage computers, however I want to make sure no intrusion was made. A couple of months ago an unknown request to withdraw money from my credit card was made online and some emails mysteriously disappeared from my email along wither other suspicious activity, my fear here is that someone might be remotely connected to my computer/hidden rat or rootkits, I've tried using Wireshark but I don't fully understand it, I've also tried the netstat command in command prompt and didn't really see anything out of the ordinary but I really want to make sure everything is secured.

I currently have ESET, Malwarebytes Free and HitmanPro installed however I need to change both ESET and HitmanPro as their licence will be expiring soon. 

Thanks to anyone that reads/responds to this.



BC AdBot (Login to Remove)

 


#2 yankeelady2015

yankeelady2015

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 PM

Posted 17 January 2018 - 10:52 PM

Hi Pudge,

 

First of all I need to know the following in your reply:

 

1)  Which windows version do you have? 

2) How are you connected to the internet (cable modem/router; wireless? or hard wired?).

3) What kind of suspicious activity are you seeing that leads you to believe that "someone" is remotely connected to your PC?

4) which net stat command did you use?

 

Thanks,

 

Julie



#3 pudge5508

pudge5508
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 17 January 2018 - 11:04 PM

Hi Julie,

Thanks for the fast response.

I'm currently on the latest version of Windows 10 (Fall update) - Turns out the fall update was stuck for quite a while so I was stuck on the Anniversary update all this time, luckily I've fixed this. 

I'm connected through an ethernet cable at the moment, I also have a wireless router.

Firstly I'm not sure how someone obtained my entire credit card details, it's possible they might have found it on my pc or through a website of some sort, I was also unsure on why my emails were tampered with (I even contacted Microsoft support about it, they told me no one else accessed the account which was very odd.) Apart from that, I tend to receive these odd emails from users on somewhere that I Administrate, these users end up getting banned since we tie them with someone they're trying to impersonate, some details in their email seriously make me feel as though they were "listening in" to my conversations somehow, I do talk with friends often over a VoIP program. Mind you, it could be me just being paranoid because some of these details could be found publicly but they're still rather odd. 

netstat -a I believe is the one I used. 

Thank you. :)
 


Edited by pudge5508, 17 January 2018 - 11:12 PM.


#4 yankeelady2015

yankeelady2015

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 PM

Posted 17 January 2018 - 11:30 PM

In addition to the above, (after thought) have you added any new programs? addons? to your browser and which browser are you using?

 

Thanks,

 

Julie

 


Edited by yankeelady2015, 17 January 2018 - 11:35 PM.


#5 yankeelady2015

yankeelady2015

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 PM

Posted 17 January 2018 - 11:38 PM

The wireless router belongs to you or the cable company?  Which router do you have (make and model)?

 

I hope you changed your password(s) with regards to your credit card and emails.

 

Thanks,

 

Julie



#6 pudge5508

pudge5508
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 17 January 2018 - 11:39 PM

In terms of programs, nothing too out of the ordinary. I used to use this browser addon that I ended up removing, wasn't anything bad but didn't need it anymore. For reference I mainly use Google Chrome.Speaking of browsers I've recently added uBlock Origin for more security if that helps.

I do have some old test clients of this software I was using, I doubt any of it is malicious since the company that made it is all fine but given that the emails come from this area I'm not sure if having those old clients lying on the pc might be doing anything wrong since I use them from time to time.

The only suspicious software I've ever had was downloaded from a certain site, it was basically like a licence key for this software, my antivirus had pinged it and I had deleted it but this odd behaviour has continued even after removing that piece of software. 

The wireless router belongs to me, the main modem/router belongs to my ISP/cable company. The wireless router I have is an MSI 108M Wireless router.

I've actually added 2FA to my emails and had cancelled the credit card on the day of that occurrence.

Thanks.


Edited by pudge5508, 17 January 2018 - 11:41 PM.


#7 yankeelady2015

yankeelady2015

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 PM

Posted 18 January 2018 - 12:17 AM

Do you know if your router's firmware is up-to-date? (this is the cable company's responsibility).

 

After reading your information I have conclusion that you are dealing with a PUA (potential unwanted application). 

 

A PUA (Potentially Unwanted Application) is a program that may be unwanted, but was installed with user consent. PUAs commonly include toolbars, cleaners, and search plugins. They are often bundled together with other software a user intended to install. They are not harmful in the same way as malware, but can be a hindrance.

It is important to remember to download all software only from the official or original source for that software. We do not recommend downloading any software from large/generic download sites if there is a direct source available, as this is how programs are most commonly bundled with PUAs.

Please follow the steps below to clean out any unwanted software from your system and internet browsers.

 


Note: this option is only available for some toolbars, if the PUA is a toolbar.

  1. Follow the correct steps for your Operating System.

    Windows XP:
    • Click Start, then click Run. In the Run window, type "appwiz.cpl" (without quotes), then press Enter on your keyboard.

    Windows Vista/Windows 7:
    • Click Start, or the Windows icon. In the Search field, type "appwiz.cpl" (without quotes), then press Enter on your keyboard.

    Windows 8, Windows 8.1 and Windows 10
    • Move your cursor to the bottom right of the screen to open the Charm Bar menu. Click Search, type "appwiz.cpl" (without quotes), and then press Enter on your keyboard.
  2. This will open your Control Panel to the list of all programs currently installed on your computer.
     
  3. Scroll down the programs list until you see the software you want to remove.

    Note: You want to uninstall any programs that have been installed recently (you can check this with the Install Date column) that you do not recall installing or that you do not need.
     
  4. Click the software entry once to select it, then click Uninstall/Remove.
     
  5. Confirm any messages to uninstall the program.
     

After removing any programs, there may be additional steps to take to remove any changes made by a PUA.

-- -- -- -- -- -- --

Part 2: Remove the software from your browser

These steps should be used for certain PUAs that affect the browsing experience. We recommend removing any add-ons or toolbars you don't currently use.

Choose the correct steps for your Internet browser.

For Internet Explorer:

  1. Open Internet Explorer.
  2. Navigate to Tools > Manage Add-ons.
  3. Select “Toolbars and Extensions” from the left column.
  4. Uninstall everything related to the unwanted software from the list on the right.
  5. Click “Search Providers” from the left column.
  6. Right-click the search engine you want and click Set as Default.
  7. Now select the unwanted software and click the Remove button to uninstall it (lower right corner of the window). Once you have gone through this list, you can close the Manage Add-ons window.
  8. In Internet Explorer, navigate to Tools > Internet Options > General.
  9. Under Home page, click "Use Default" or enter your desired homepage, e.g. www.google.com
  10. Click OK to save the changes.

For Google Chrome:

1. Click the Menu button (the three lines in the upper right), then click Settings.
2. Under Search, click "Manage search engines…"
3. Remove any listings for the unwanted software, then click OK to save the changes.
4. Under “On Startup,” click "Set pages".
5. Remove any listings for the software, then click OK to save the changes.


Next, there are steps to reset Internet Explorer. You only need to follow these steps if you use Internet Explorer to browse the web.

Again, if you use Internet Explorer, it is highly recommended you also follow the steps below to reset your web browser. This helps correct many, many issues with Internet Explorer, even slowness.

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Part 3: Reset Internet Explorer

In some cases, add-ons in Internet Explorer can cause issues with the way pages are shown. Resetting Internet Explorer to the default settings may resolve such problems. It can also speed up your Internet browsing.

Keep in mind that resetting Internet Explorer can reset your home pages, browsing history, form data, passwords, toolbars, etc. We will explain below how to prevent this.

To use the Reset Internet Explorer Settings feature from Control Panel, follow these steps:

  1. Exit all programs, including Internet Explorer (if it is running).
     
  2. Follow the correct instructions for your operating system:

    For Windows 10:
    • Move your cursor to the bottom left of the screen and Right Click to open the Start menu and click on Run.
    • And type: inetcpl.cpl
    • Now press the ENTER key.

    The Internet Options dialog box appears.
     
  3. Click the Advanced tab.
     
  4. Under Reset Internet Explorer settings, click Reset.
     
  5. In the window that appears, ensure that the "Delete personal settings" box is NOT checked. This will prevent your home pages, etc. from being removed. Now click Reset again.
     
  6. When Internet Explorer finishes resetting the settings, click “Close” in the Reset Internet Explorer Settings dialog.
     
  7. Start Internet Explorer again. You may receive a "Welcome to Internet Explorer" message. You may choose to follow the prompts, or you may click Cancel. The message will not appear again in either case.
     

Once you have completed these steps, you should no longer have any PUAs on your system and any unwanted effects should be reversed. If you still experience any unwanted or suspicious behavior, please reply with detailed descriptions of the behavior(s).

 

Good Luck!

 

Julie



#8 pudge5508

pudge5508
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 18 January 2018 - 09:05 AM

I'm not sure if it's up-to-date to be honest with you.

I just followed the steps you provided, I don't use Internet Explorer and there was nothing odd there. In terms of Chrome, there were a lot of links from my search history listed in "other" which I simply deleted but nothing else was there.

There also wasn't any suspicious software installed.

Could there be anything else we could run to make sure this is the case?

Thanks.


Edited by pudge5508, 18 January 2018 - 09:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users