My Facebook Page Was Taken Control Of

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by shivonne, Mar 22, 2024.

  1. shivonne

    shivonne Private E-2

    Hello. I am not very technical, so speak as to a chimp. Someone had been putting likes on my public FB page impersonating me. I checked and only one other person has a user name spelled exactly like mine, and I'd put that person on my blocked list long ago. When I post that the like didn't come from me, they put another 'like'. I cannot unlike these likes or otherwise remove them. I reported to FB help and support, lol; and they walked me thru change of password. Which did nothing. When I went back to 'help and support' and tried to click on the links it gave me I was unable to; I would click and nothing happened. Other things have happened over time. To me it seems a black hat hacker can do whatever he wants on my computer. Hired a local tech repair person to trace if possible, and remove said hacker. The tech told me I wasn't being hacked as there were no entries in my entry logs......... I kinda thought someone who could keep me from using links, impersonate me, etc. might be able to hide or by pass log ins. I just want to eliminate this intruder from my computer and hope to find help here. I ran the free trial of MalawareBytes premium [i'd already had the free] and it found nothing. Have removed that as it was slowing me. Ran Spybot, Hitman. Nada. What to do. Also, after posting on my site about this, most of the likes he'd posted disappeared, but not all. Had problems on other sites too that I used always and had not had previous problems. Any help appreciated.
     
    shivonne, Mar 22, 2024
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome to the Major Geeks Malware Forum.

    Please do this

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Right click on FRST64, select Save Link As..., and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================
    Things I would like to see in your next reply.

    • Attached reports
     
    Oh My!, Mar 22, 2024
    #2
    shivonne likes this.
  3. shivonne

    shivonne Private E-2

    Gary, I did the Farbar, but didn't know how to use it. When I clicked on Fix, nothing happened. Maybe just go for a temp remote control and let you do all the work? What would be the charge? During this same time frame my Walmart page became unusable as the search function was unusable. Had a Walmart plus account and got deliveries twice a week. I am retired, had an intestinal injury, and had certain food requirements Walmart understood and it was a very important relationship. Called Walmart many times but nothing changed. Finally cancelled the account. My neighbor's walmart page worked fine. The day after I posted on FB about the likes, the Walmart page suddenly worked. Coincidence? Also in this time frame could not sign in to a media news site I'd posted on for years. I am not interest in going after anyone beyond getting them the heck off my computer.I don't want to have to worry about making enemies and having future problems. But no one has a right to be on my computer without permission and I need to protect myself from these incursions.
     
    Last edited: Mar 22, 2024
    shivonne, Mar 22, 2024
    #3
  4. shivonne

    shivonne Private E-2

     
    shivonne, Mar 22, 2024
    #4
  5. Oh My!

    Oh My! Malware Expert Staff Member

    We don't offer direct login type help.

    You need to click Scan rather than Fix.
     
    Oh My!, Mar 23, 2024
    #5
    shivonne likes this.
  6. shivonne

    shivonne Private E-2

    I have never done this before. I hope it worked . Its in the file below called Addition.txt. I am a senior, whatever I learned about computers was on my own, sorry.
     

    Attached Files:

    shivonne, Mar 29, 2024
    #6
  7. shivonne

    shivonne Private E-2

    The Walmart site looked like it was working the last couple of days so I tried to make another account but it said my account was closed and to follow the instructions in an email they sent. But there is no email and they don't send anymore. So i made another email account and when I went to make the account on walmart, before I'd even done anything I saw that their page was again in the same non functioning way that it had been before. What else can I think than that someone is able to see what I am doing. Other people's Walmart is working. What happened with Walmart is that suddenly last month their site's search bar space stopped working. The search space shrunk into a little rounded thing and when you tried to type into it nothing appeared. Called them many times but problem continued, so finally cancelled my Walmart plus account. I went with another not as good and not working as well and with that one the food delivery I'd ordered never arrived tho I received a msg. from them saying it did. Called and got refunded. But now out of things I need and don't drive. I don't understand what is going on. After I made the new email and went back to Walmart to make a new account tonight, their site which had been normal for some days and today, again had the same shrunken search space and when you typed into it nothing appeared, like I said. I have been having a lot of things go wrong for a few months now. And right now I just need to get the products I need as I am out of things.
     
    Last edited: Mar 29, 2024
    shivonne, Mar 29, 2024
    #7
  8. Oh My!

    Oh My! Malware Expert Staff Member

    We are half way there. Do you see a FRST.txt file in the same location as the Addition.txt file? If so, please attach FRST.txt
     
    Oh My!, Mar 29, 2024
    #8
    shivonne likes this.
  9. shivonne

    shivonne Private E-2

    Not sure what to get. Not sure what magic is letting me upload this. If you need to gain access to my download file where these are let me know. By the way, I called a different Walmart number today and they were able to reopen my account., The search function worked and I made an order and got in the food and products I needed. Now tho I went to get something and the search space is once again shrunken and when you type into it nothing appears. This after advocating for Israel. I'm an Independent, advocate for what I think is right. On either side. It seems since I've been vocal about this issue the problem is close to the time frame of my advocacy. Really, I don't know what is going on.
     

    Attached Files:

    Last edited: Mar 30, 2024
    shivonne, Mar 30, 2024
    #9
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the report and information.

    You are running Windows 7 which is no longer supported. Security related vulnerabilities are no longer being identified and fixed by Microsoft through Windows Update.

    There is no evidence of malicious software on your computer, specifically a Backdoor Trojan, the means through which personal information is obtained from a computer. Although I don't believe it is necessary, if you believe information is being accessed from your computer the only sure remedy would be to completely wipe the hard drive then reinstall the operating system and programs.

    I don't know how your personal information may have been obtained but data breaches are very common now and sometimes the source of leaked information.

    Let me know your thoughts.
     
    Oh My!, Mar 30, 2024
    #10
    shivonne likes this.
  11. shivonne

    shivonne Private E-2

    I was a frequent poster on Fox and elsewhere. I never post under my real name. Being retired I am on some government programs. I don't understand why the Walmart website works for others in my area, but suddenly stopped working for me. Now the problem comes and goes. What could be a possible explanation for that? Also not being able to log in to sites I've posted on in past. My posts weren't against anyone's community standards. I am told I am an effective poster, not to be prideful but to give info. My posts usually reflect the historical or scientific basis for whatever I am advocating for. But again, I don't know why this is happening. Did you see anything that would be generally helpful to me t in the uploaded files? Could you give me more info about what you saw? Thank you.
     
    Last edited: Mar 30, 2024
    shivonne, Mar 30, 2024
    #11
  12. Oh My!

    Oh My! Malware Expert Staff Member

    Let's clear out some things and check the overall health of your system.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X] 
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X] <==== ATTENTION 
S3 Imf8HpRegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\ImfHpRegFilter.sys [X] 
S3 ImfHpFileFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\ImfHpFileFilter.sys [X] 
S3 MFE_RR; \??\C:\Users\org\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION 
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X] 
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X] 
Task: {1BC67B0F-831E-43D5-AE2F-2398670357C4} - System32\Tasks\{416D86BE-2E64-4A15-A51A-26297C2A510A} => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe  (No File) 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File] 
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] 
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} =>  -> No File 
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} =>  -> No File 
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} =>  -> No File 
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} =>  -> No File 
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} =>  -> No File 
ContextMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} =>  -> No File 
Task: {1BC67B0F-831E-43D5-AE2F-2398670357C4} - System32\Tasks\{416D86BE-2E64-4A15-A51A-26297C2A510A} => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe  (No File) 
StartupDir:  <==== ATTENTION 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION 
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2022-04-07] <==== ATTENTION (Points to *.cfg file) 
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2022-04-07] <==== ATTENTION 
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X] <==== ATTENTION 
S3 MFE_RR; \??\C:\Users\org\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File] 
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] 
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: 
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] 
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] 
Emptytemp:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
    ===================================================

    Farbar Recovery Scan Tool Registry Search

    --------------------
    • Launch FRST
    • Copy/paste the following in the Search Field
    Code:
    StartupDir
    • Click the Search Registry button
    • When completed click OK and a SearchReg.txt document will open on your desktop
    • Copy and paste the contents of that document your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
    • SearchReg.txt
     
    Oh My!, Mar 30, 2024
    #12
  13. shivonne

    shivonne Private E-2

    "Oh my", I'm sorry. I had some minor surgery and still recovering. This is more than I want to try to learn to do today. Someone just took control of my computer while on fb after I made a comment they didn't like. Supposition, no proof but I don't want to go back and forth with these various things. With respect, I know what is happening and don't wish to try further things to look at other causes as I have done that.
     
    shivonne, Apr 4, 2024
    #13
  14. Oh My!

    Oh My! Malware Expert Staff Member

    Very good, thank you for letting me know.

    Hope your recovery goes well.

    Gary
     
    Oh My!, Apr 4, 2024
    #14
  15. JonahWales

    JonahWales Staff Sergeant

    makes all posts private
     
    JonahWales, Apr 5, 2024
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds