Hacked !!! 2007

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by drstrangefunk, Jul 5, 2007.

  1. drstrangefunk

    drstrangefunk Private E-2

    hi,

    you helped me about a year ago and now i need your help again.

    i'm pretty sure i've been hacked, as Panda Active Scan found instances of Hack and Rootkit.

    i have performed all of the "Read And Run Me First" scans as well as running Hijack This. the logs are attached in this email and the following email.

    i used CounterSpy last year, so this time i used AVG Anti-Spyware. upon pressing the Report button, the prompt was "No Reports Available" and the Save Report As button was NOT lit.

    thank you,

    -dc
     

    Attached Files:

  2. drstrangefunk

    drstrangefunk Private E-2

    hi,

    here are the rest of my logs.

    thanks,

    -dc
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I'm not seeing any malware in your logs ....however, I would suggest that you uninstall:
    Kazaa Lite K++ v2.4.3
    Viewpoint Manager (Remove Only)"
    Viewpoint Media Player

    Do you know exactly what Panda was reporting?
    You can run an anti-rootkit program:
    GMER.
     
  4. drstrangefunk

    drstrangefunk Private E-2

    the items i remember seeing were:

    5 instances of Adware (not Adaware)

    and 3 instances of Hack/Rootkit which were:

    [2 instances of Smit..... (the rest was hidden)
    and 1 that said KillIt!]

    that's what i think i remember. i wish i had written it down, but i figured it would be in the log.

    ---------------------------

    i have not tried your suggestions yet. i have removed the Viewpoint items before, but they return everytime i visit an AOL site. is it crucial that i remove Kazaa Lite K++ v2.4.3 ? i find it to be a useful program and i haven't had any problems with it (that i know of).

    i will perform your suggestions later this evening.

    -thanks,

    dc
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The two instances of Smit are from false positives ----> it is not a problem.
    The hp/killit is only a nuisance ...it is not a problem!

    If you look at your counterspy log ...you will see why I suggest you remove Kazaa.

    You need not run GMER ....since the items you referred to are not malware.
     
  6. drstrangefunk

    drstrangefunk Private E-2


    i did not run Counterspy as i had already used it last year when you helped me, so this time i used AVG Anti-Spyware as indicated in my first post. upon pressing the Report button, the prompt was "No Reports Available" and the Save Report As button was NOT lit, so i didn't have a log for you to read over. i'm not sure that i would understand what i'm looking at even if i read the log, so could you explain it to me please ? should i scan with a different scanner that you could suggest ?

    ------------------------------------------

    Symptoms:

    the reason i am asking for your help this time is that i have been recieving emails with nearly exact quotes from my instant messages on AOL and other messengers. and these emails come almost as soon as i end my IM conversations. they are disguied as Viagra ads or p*nis enhancers, but contain quotes from my IMs.

    is it possible that my internet is tapped by someone ? these emails are NOT coming from my (various) friends. is there a way i can track the source of these emails ?

    thanks,

    -dc
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    My bad....some days the logs just seem to all run together ...it was a different poster that had a ton of "crap" in their logs from Kazaa....not you.

    I would imagine that your IM is hacked ...I would change user and passwords and see if you still have the problem. Aol is known to be prone to hacking.
     
  8. drstrangefunk

    drstrangefunk Private E-2

    is there a way that i can track the source of these emails ?

    thanks,

    -dc
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    With the email open / click file / properties / then the details tab / then you should see the path ....or click on source.
    You should report this to AOL.
     
  10. drstrangefunk

    drstrangefunk Private E-2

    thank you for your help.

    if there is no procederes that you think i need to run, should i close up the computer now ?

    any instructions for how to close up the settings that MG had me change -- ie. showing hidden files and the other preparations of msconfig and any other alterations that i made (that's all i can remember right now) ?

    should i close up and if so how ?

    thanks,

    -dc
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do our final steps:

    1. If we used Pocket Killbox during your cleanup, do the below
    * Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
    * go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
    * How to Protect yourself from malware!
     
  12. drstrangefunk

    drstrangefunk Private E-2

    do i NOT need to restore msconfig and hide systems files ?

    thanks,

    - dc
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Msconfig was supposed to be set to Normal Startup ....as it should be now. Start / run / type msconfig ....click on normal startup).

    To restore (hide files) ..right click start / explorer / tools / folder options / view /and click on do not show system files and folders ....and check hide protected operating files.

    Sorry ....:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds