network renamed/hacked through Magicjack?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rwilles, Jun 3, 2012.

  1. rwilles

    rwilles Private E-2

    Started over at the networking thread: http://forums.majorgeeks.com/showthread.php?t=259761

    Tried to start the malware removal process and lost the internet connection and bluescreen. Restored system to the end of May and want to know how to proceed.

    Have deleted and re-installed the MJ software on the computer. The MJ drive itself updated and reloaded the software. MJ, router/modem and internet and wireless network all seem to be working again.

    Need enough direction to be able to finish and reconnect. Win7 home prem SP1, Dell 3 GHz Pentium dual core. 4 GB memory installed with a 16GB thumb drive. 64 bit OS.

    Thanks,

    REW
     
    rwilles, Jun 3, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    If you suspect that Majicjack is the source of your problems, begin by uninstalling it!

    Actually, from what you describe, I'm not sure that you are having malware problems, but let's check a few things. Please follow the instructions below.

    Please do the below so that we can boot to System Recovery Options to run a scan.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.



    Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
    Now from the READ & RUN ME FIRST, only run MGtools and attach the C:\MGlogs.zip file that it creates.
     
    chaslang, Jun 3, 2012
    #2
  3. rwilles

    rwilles Private E-2

    Thanks for the instructions...

    To be more specific: I don't always activate the Magicjack desktop because it is a pain. Pops up at the most inconvenient time and has advertisements running regularly. It was in this condition when the network was compromised. Is it effectively a hard drive without protection or operating system then?

    I had a new network window from comodo (network 4) last night. I ignored the msg and activated the MJ desktop, everything went back to normal. i ran the scans without the MJ desktop running.

    While running your scans i had two options for user: Owner and HomeGroupUsers$. I don't know where HGU$ came from.

    The computer did not sleep at all today. The screen would dim but the harddrive and internet were doing 1 second blips.

    Scans attached. i uninstalled comodo. disabled avast and super-anti-spyware.

    At you command, Sir!
     

    Attached Files:

    rwilles, Jun 5, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure what you are saying. You have protection ( Avast and Windows 7 Firewall right now) and you have an operating system ( Win 7 ).

    Your logs are clean.
     
    chaslang, Jun 5, 2012
    #4
  5. rwilles

    rwilles Private E-2

    The inactivated Magic jack seems to be an open door that crud can get through.

    My network renamed to a random name and disabled my ability to log into my modem/router. Once I ran the MJ desktop and reinitialized the MJ (it had to complete 2 updates), without changing anything on my modem router, i could get to the login page and my original name for the network and passwords worked!?!

    The majic jack is currently listed as, 'Windows has stopped this device because it has reported problems'. (Code 43). It used to be drive* by tiger-jet. If i start the desktop it corrects the error. if i leave i off long enough it will corrupt the network. weird.

    What about the homegroupusers$? never set up a different user on this system.
     
    rwilles, Jun 6, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I repeat, remove all aspects of Majic Jack if you believe it is a problem. It has not been considered malware but it is not something I would install.

    It is a user group created and used by Windows. It is not a problem.
     
    chaslang, Jun 7, 2012
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds