I Believe Someone Has Hijacked My System

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by joenobody211, Feb 5, 2016.

  1. joenobody211

    joenobody211 Private E-2

    I think someone has hijacked my system and is changing system settings. I looked at the event logs and saw several suspicious entries including turning off logging at certain times, enabling many files to change log files, turning on camera and microphone and deleting logs. I also saw several logs about user attempted to gain acces to profiles which, failing at finding a password for profile with no password. I have included the logs to be looked at by experienced users. Thank you!
     

    Attached Files:

    joenobody211, Feb 5, 2016
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am not seeing any malware. Are you on a network?
     
    Kestrel13!, Feb 5, 2016
    #2
  3. joenobody211

    joenobody211 Private E-2

    I am now apparently, it appears to be a lan with other computers in this house that I didnt set up
     
    joenobody211, Feb 5, 2016
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are there other computers in your house?
    Are you using wired or wireless?
     
    Kestrel13!, Feb 5, 2016
    #4
  5. joenobody211

    joenobody211 Private E-2

    wireless, only one other laptop that is rarely in use. it hadnt been used for days when these odd events started showing up in event handler. I just notice that yesterday I started some sort of media sharing network. I have been noticing random events like this, the logs that said certain files were given accesss to change and remove log files was what caught my attention. I have disconnected from the private lan and reconnected to the internet via a public wireless network.
     
    joenobody211, Feb 5, 2016
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do you know who your internet service provider is, and what physical hardware do you use to connect to the internet, ie: a dongle, a mobile internet, a modem or a router?
    And if so, do you know what your router is called and are you connected to the right one?
    This may seem a little patronizing but Windows will often connect to the first available connection.
     
    Kestrel13!, Feb 5, 2016
    #6
  7. joenobody211

    joenobody211 Private E-2

    its a modem and router - Realtek RTL8188EE Wireless LAN 802.11n PCI-E NIC is the router, it is the same one i have connected to in the time that I have been staying where I live now. I believe it it timewarner that is the provider.

    I am looking through the logs and seeing several user logons today in the information audit section of windows event manager, most are logon type 5 and 3, with a few today that are logon type 2, which i thought was a user controlled logon, and one type 0 which i have never heard of.
     
    joenobody211, Feb 5, 2016
    #7
  8. joenobody211

    joenobody211 Private E-2

    I am also noticing that since i diconnected from the lan that i have received several error reports about programs not being able to run, either because the file is corrupt or it is not hosted on this computer
     
    joenobody211, Feb 5, 2016
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    forget all the log ons and event viewer...some people try to be too clever ;) are you connected by a wire or not right now?
     
    Kestrel13!, Feb 5, 2016
    #9
  10. joenobody211

    joenobody211 Private E-2

    no, wireless
     
    joenobody211, Feb 5, 2016
    #10
    Kestrel13! likes this.
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I think you are connected to a public network or a neighbor by accident. Which would explain all of the mystery computers, and quite possibly you are leaving your own computer open to sharing....if you found a new computer on YOUR network, wouldnt you have a snoop and a play? Check your connected to your own connections.
     
    Kestrel13!, Feb 5, 2016
    #11
  12. joenobody211

    joenobody211 Private E-2

    the router name is the same and i had to logon a min ago and same password has me connected
     
    joenobody211, Feb 5, 2016
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I can only suggest at this point that you change the router password and then power cycle off and on and see if that prevents the other computers from connecting to your router. As said, I am not seeing any malware in those logs. I see some possible software issues but that is not my realm.
     
    Kestrel13!, Feb 5, 2016
    #13
  14. joenobody211

    joenobody211 Private E-2

    Im doing that now, thanks for the help
     
    joenobody211, Feb 5, 2016
    #14
  15. joenobody211

    joenobody211 Private E-2

    what would the best way to secure my router after password change ( in case someone breaking in was the case)
     
    joenobody211, Feb 5, 2016
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    A long and complicated password, you could also post in the software forum to seek advice on whether remote log in is enabled and how to disable it.
     
    Kestrel13!, Feb 5, 2016
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds