Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have Gotton No Response Off 2 Other Sites. Please Tell Me At Least That I;m Not Creay


  • Please log in to reply
6 replies to this topic

#1 jjaninokes

jjaninokes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 13 February 2007 - 05:29 AM

Hi,
I have something going on with my desktop. The operating system is Windows XP.
I have been trying to research this myself, and what I am finding makes me think I am going crazy.
I think that my computer may have been hijacked and whoever did it is using Intel to do a clone of some sort. I'm not very technical, and no one believes me.
Please see this attachment showing a file composed on 2/7 on my computer, it wasn't me.
I believe someone is accessing my computer from a remote location.
Please advise if I should go ahead with the programs listed before running The Hijack This Program.



WebmailSkip to Main Content | Skip to Webmail Actions | Skip to Mailbox Navigation
User Options
Comcast.netHelpSign Out
Actions
Get email
Get emailCompose
ComposeVideomail
VideomailReplyReply allForwardPrintReport as spamDeleteEmail Storage[view details] Search
Search Mail Mailbox: xxxxxxxxxxxxxx INBOX: Email 9 of 110 Move to Folder INBOX Draft Screened Mail SentMail Trash < Previous | Next >
Read Message
From:membership@kodakgallery.com
[Add to Address Book]

To:xxxxxxxxxxxxxxxxx
Subject:Your album has been shared!
Date:Tuesday, February 13, 2007 12:29:23 AM
[View Source]
Thank you for sharing your KODAK EASYSHARE Gallery album!
Here is a copy of the email that was sent with the album.

Subject: View my photos




Jani has shared photos with you.




Can you check out this slideshow made on my computer on 2/5/2007 and let me know what you think??


- Jani





WebmailSkip to Main Content | Skip to Webmail Actions | Skip to Mailbox Navigation
User Options
Comcast.netHelpSign Out
Actions
Get email
Get emailCompose
ComposeVideomail
VideomailReplyReply allForwardPrintReport as spamDeleteEmail Storage[view details] Search
Search Mail xxxxxxxxxxxxxxxxx INBOX: Email 9 of 110 Move to Folder INBOX Draft Screened Mail SentMail Trash < Previous | Next >
Read Message
From:membership@kodakgallery.com
[Add to Address Book]

To:xxxxxxxxxxxxxxxxx
Subject:Your album has been shared!
Date:Tuesday, February 13, 2007 12:29:23 AM
[View Source]
Thank you for sharing your KODAK EASYSHARE Gallery album!
Here is a copy of the email that was sent with the album.

Subject: View my photos




Jani has shared photos with you.




Can you check out this slideshow made on my computer on 2/5/2007 and let me know what you think??


- Jani




My New Album
(1 album)


Do more with these photos!

Buy Kodak prints Create a collage Create a mini photo book Create mugs








If you can't see the link, copy and paste the following directly into your browser:
http://www.kodakgallery.com/I.jsp?c=6rpgu7ck.2cz48op8&x=1&y=woho0e
Questions? Visit http://www.kodakgallery.com/Help.jsp.
© 2007 Kodak Imaging Network, Inc. All rights reserved. KODAK EASYSHARE Gallery is trademark of Eastman Kodak Company.


INBOX: Email 9 of 110 Move to Folder INBOX Draft Screened Mail SentMail Trash Back to Top | < Previous | Next > Navigation
Message CenterINBOX 36Draft Screened Mail SentMail Trash 24[empty]My Folders
[edit]My Mailboxes
xxxxxxxxxxxxxxxx on TrueswitchAddress BookMailbox ManagerPreferencesVoice MailAdd Comcast ServicesDigital CableDigital Video RecorderDigital Voice®High Definition TV
Ask ComcastWhat's NewIdeas and SuggestionsComcast.net
© 2007 Comcast Cable Communications, LLC. All rights reserved. Privacy Statement Terms of Service

Comcast.net


Mod Edit: E-mail address was removed for your safety. Please, do not post your E-mail address in an open forum. This could lead to a lot more SPAM in your inbox, than you might want. ~tg

Edited by tg1911, 13 February 2007 - 06:02 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 13 February 2007 - 05:41 AM

I would post your HJT log in the HijackThis Logs and Analysis forum, where the experts will take a look at it. Before you post your log read: Preparation Guide for use before posting a HijackThis Log
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:08:58 PM

Posted 13 February 2007 - 05:45 AM

You should also remove your email address from your post.

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:58 AM

Posted 13 February 2007 - 06:38 AM

First of all :

What kind of steps have you undertaken to find out whether you have been hijacked yes or no. The source ( kodak) seems to be legitimate and only could be spam related rather than hijacked

My suggestions would be :

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.

1. Detects and removes malware ( viruses, worms, trojans, etc. )
2. Detects and removes grayware and spyware
3. Restores damage caused by malware to your system.
4. Notifies about vulnerabilities in installed programs and connected network services.
5. Multi-platform support for: Windows, Linux, Solaris.
6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.

To be safe you should consider your personal info stored on that computer to be comprised. Immediately disconnect from the internet and change all your passwords and access info for internet banking and sites such as ebay on another computer

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 13 February 2007 - 09:46 AM

Hi Jani and welcome to BC. I understand that you are not very technical so I'm happy you have chosen us for help, since we aim to help people like you especially. So I hope you'll understand when I say that I don't believe this is at all malware related and the result of a misunderstanding of how photo sharing websites work.

What you have posted is an automated notice that the Kodak Easy Share website sends to you when you share photos with someone. This link you posted in big bold letters is what a person you want to share those photos with would click to get to the site to see them: http://www.kodakgallery.com/I.jsp?c=6rpgu7...=1&y=woho0e

It is not a dangerous link at all, I've clicked it. But there are no photos in the album. It seems to me that you must have been exploring the Kodak site and clicked the link to share photos without actually entering photos to share or email addresses of who you wanted to share with. Regardless, the Kodak site will send you a notice that you shared your album with a copy of the email that was sent. If you don't enter your own message it will send a form that sounds as if they are putting words in your mouth. This is what it seems to me you've posted.

Please read this part of Kodak's help: http://tinyurl.com/244gkq

So let's not panic, OK? It won't hurt anything to run the online scanners and post a HijackThis log as there may be something else on your system that needs to be fixed. But I doubt if it will have anything to do with Kodak.

So can you confirm that you've signed up for the Kodak EasyShare service and that you may have been exploring how to use it? If this is all it is we can help you learn how to use it in another forum and if you have questions about what I am saying don't hesitate to let me know.

The thing about people

is they change

when they walk away.--Mipso


#6 jjaninokes

jjaninokes
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 13 February 2007 - 04:40 PM

I had moved the images to the Kodak website myself and thought I was sending a link to access them because I didn't see any way to attach a file here.

This is where I found the gif file on my computer. Is there way to put an attachment on this that I'm not seeing??

(C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\common\images\action_img)

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 13 February 2007 - 07:56 PM

Sorry, basic members are not allowed to attach files.

Sorry also that I guess I've misunderstood you as well. I do still think you have found something to worry about that you shouldn't, but that remains to be seen as it's not very clear exactly what the problem is. At this point, I think it would be best if you followed the advice of Budapest.

I would post your HJT log in the HijackThis Logs and Analysis forum, where the experts will take a look at it. Before you post your log read: Preparation Guide for use before posting a HijackThis Log


A log will give us some much clearer information--may not explain everything, but it's a start. Be sure to post your log in the following forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Please don't post it in this thread because we will then have to close it. We do tho need to get a description from you as to what is happening to make you think you've been hijacked. Post that along with your HijackThis log, and then come back here and post a link to your log.

I do understand that you were trying to show us an illustration thru the Kodak file sharing service. I do see an image, but there is no way to click on it to enlarge so I can see it better. What you can do is upload that image to a image sharing service that provides links to post in a forum--Kodak doesn't do that. See this page for details: http://www.bleepingcomputer.com/forums/t/14738/inserting-an-image-within-a-post/

Read that post carefully and I suggest you post back here with a thumbnail.

So now tell me if the following assumptions are correct:

You found an image files on your computer at this location: (C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\common\images\action_img)

You then uploaded that image to the Kodak service to show to us?

Is what is depicted in that image the sole reason you believe you are hijacked? Or is something else going on? Like massive popups, sudden slowness, your CD tray pops open, you get multiple warnings from an anitvirus or other security program, etc. Please describe other symptoms you may have.

I'll reserve commenting on what I believe is going on till I hear back from you. Other than to say that GTek is not known to do anything bad and is probably associated with your ISP.

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users