Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got hacked many times continuesly - Help me


  • This topic is locked This topic is locked
4 replies to this topic

#1 rajeevrrs5

rajeevrrs5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 19 January 2018 - 03:27 PM

Hi,

This happening to me from past 2 months. I am managing 20 sites and every site getting hacked. I have shifted 6 different server & hosting provider but result same.

My site are hosted in wordpress and I use some plugin. I'm not sure how they are hacking. They have injected my PC or the plugin of the wordpress is injected.

 

Kaspersky and Malwarebyte installed in my PC and both are licensed.

Plugin that i use :

1. wordpress.org/plugins/comment-link-remove/
2. wordpress.org/plugins/my-html-post-widgets/
3. wordpress.org/plugins/insert-headers-and-footers/
4. WP-automatic ( Download Link : www46.zippyshare.com/v/6qp7GUqy/file.html ) (VirusTota; : virustotal.com/#/file/406a435eb83f77e26c6c99e3a4bf765854069d6c48395e2e1447f5288f2e970d/detection ) Downloaded from Online forum

Themes

5. SocialViral Themes ( Download link : www112.zippyshare.com/v/7Cqm4LpA/file.html ) (VirusTotal : virustotal.com/#/file/50062f86108ab68f33a97b1a4b216d473055b99ffc994a1684aa33ba1df6cb33/detection

 
These 4 Plugin are common that i use in all my site.
---------------------------

My PC Scan :

WEEDIAGNOSE created by JoshuTee :www.pastebin.com/g4iFNeHK
AdwCleaner  : www.pastebin.com/9dFMt1H2
aswMBR : www.pastebin.com/g0F0Sxhq
FRST : https://pastebin.com/WYFnKaLY
FRST Additional : https://www.pastebin.com/aCSGg1QW

Please Help me to fix the issues. Thank you.




 


Edited by hamluis, 19 January 2018 - 03:37 PM.
Fixed FRST links - Hamluis.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 22 January 2018 - 12:55 PM

Hi rajeevrrs5 :)

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text into your replies to me.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

Let me know if you have any questions.
 
polskamachina



#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 23 January 2018 - 06:05 PM

Hi rajeevrrs5,
 
Good job posting all your logs but in the future you will need to copy and paste them directly into your reply message window. :thumbup2:

What follows is some important information that you need to review:

In order to keep your websites and system secure, it is very important to use strong passwords That being said, please change all your passwords now! Also, make sure you are using the latest versions and/or patches of your WordPress software.

Going over your logs I noticed that you have μTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall μTorrent, however that choice is up to you. Directions for removal are below.

  • Open Computer and click on the Computer tab, then click on Uninstall or Change a Program.
  • A list of programs installed will be populated (this may take a bit of time).
  • If they exist, uninstall the following one at a time by clicking the below entries and selecting Remove:
  • µTorrent (Version: 3.5.1.44332 - BitTorrent Inc.)
  • µTorrent (Version: 3.5.0.43916 - BitTorrent Inc.)

Additional instructions can be found here if needed.

Next:

I noticed in your logs there is evidence of pirated software. These pirated programs are a good source of malware infection as you do not know what was included when the original product was patched/pirated. Ethics aside, it may be illegal depending on the cyber law of your country. We at Bleeping Computer strongly recommend you to avoid using cracks, keygens and such. If you decide to keep the cracked software you risk infecting your computer. Also note that some of your cracked software may be removed by the tools we use.

Next:

The following fix will delete your stored temporary files, internet cache, and recycle bin contents. If you need to save anything, now is the time to retrieve it.

  • Highlight the text below and press Ctrl-C to copy it
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2766568034-3981997856-901821736-1002\...\Run: %5Bipjingling%5D => C:\Users\UpdatusUser\Desktop\ipjingling\ipjingling.exe -h
C:\Users\UpdatusUser\Desktop\ipjingling
EmptyTemp:
End::
  • Run FRST64
  • This time click Fix
  • After the fix has completed, you will be asked to restart your computer
  • Click OK to restart your computer
  • When your system has restarted, a file named Fixlog.txt will appear in the same folder from which you ran FRST64 which is: C:\Users\RRS-KING\Downloads\Programs
  • Copy and paste that log into your next reply to me

Next:

Looking at your AdwCleaner log, it appears that after the scan was completed, you may not have cleaned the found objects. Please do the following:

In addition to the AdwCleaner scan log I need to see the AdwCleaner clean log.

  • Please run AdwCleaner again
  • Click the Logfiles button
  • Click on the Clean tab
  • You should see an entry for the time and date you performed the cleaning. If you see an entry there, then copy and paste that log into your next reply to me
  • If you don't see an entry there, then continue with the rest of these steps
  • Click on Scan
  • After the scan has completed, click on Clean
  • Close all other open programs
  • Click Ok to restart the computer
  • When the computer completes the restart, the AdwCleaner log, AdwCleaner[CX].txt, should appear which will indicate which entries were deleted
  • Please copy and paste that log into your next reply to me

In summary I will need from you:

  • Did you change your passwords?
  • Whether or not you uninstalled your torrent software
  • Whether or not you removed your pirated software
  • Fixlog.txt
  • AdwCleaner[CX].txt
  • How is your computer performing now?

Let me know if you have any questions.
 
polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:48 AM

Posted 26 January 2018 - 06:19 PM

Hi rajeevrrs5 :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 PM

Posted 29 January 2018 - 03:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users