Recently hacked

Discussion in 'Malware Help (A Specialist Will Reply)' started by Hotpotato, Feb 7, 2013.

  1. Hotpotato

    Hotpotato Private E-2

    Here I am once more with another problem (And a different account because i keep forgetting them).At least this time the problem is more interesting. It's a half networking half malware issue.

    There is a high possibility that my computer was hacked last night. The Internet had been laggy all day and even disconnected a few times. We dismissed it as the router needing a restart and restarted it at least 3 times throughout the day.

    When my boyfriend went sniffing he saw that there were multiple attempts at a connection to my IP address and by multiple I mean every 2 seconds. Wee found that all the foreign ips were from different parts of the world at the same time. Now my firewall (I use the free comodo firewall) picked up 244 outbound and inbound connections but wasn't blocking anything. I then noticed that Skype was the culprit with tons of ports sending information even though I wasn't using it. Spotify was also unusually taking up 90% of my CPU.

    I disconnected from the router and things immediately cleared up but I can't reconnect to the Internet. As soon as I reconnect it starts all over again even if comodo blocks all traffic. It brings up multiple tunneling adapters in my ipconfig.

    Anyway after that long story, my bf told me its likely I had something left on my computer. Like an easy backdoor or something. I ran avast and malware bytes but nothing has been picked up. I am currently running the rest of the tools and will attach the logs below. Also is comodo firewall just not cut out for things like this? Should I get a better firewall to prevent this from happening again in the future?
     
    Hotpotato, Feb 7, 2013
    #1
  2. Hotpotato

    Hotpotato Private E-2

    I didn't attach a malwarebytes log because it didn't pick up anything.
    I also didn't disable UAC because I'm afraid of restarting my computer. If you tell me its ok to restart and it won't lock me out or something I will rescan and repost the logs. I have no way of backing my files up to my cloud storage and I'd rather not be locked out of my computer like the last malware infection I had.
     

    Attached Files:

    Hotpotato, Feb 7, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Most frequently this occurs when you use or had been using torrent downloaders or any other P2P online file sharing/downloading tools as they open up your PC to everyone in the world. And you do have æTorrent installed.

    The start by uninstalling them ( at least for now ) as your logs are fairly clean. We will remove a few items but it is not looking like malware is your problem.

    We have also seen people have networking issues due to Steam.


    Comodo's Firewall is highly rated. The problems may be with what you have been doing. I see what appears to be an illegal copy of Adobe. You are bypassing the license checks by modifying your hosts files so the the Adobe site is not accessed Perhaps this is even why your are noticing networking issues when connected. Anything else installed that is not legal and that could be a source of malware or other problems?

    Did you knowingly install Teamviewer to allow someone to have remote access into your PC?


    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Files
C:\Users\Mika\AppData\Local\Temp\CTPBSeq.exe
C:\Users\Mika\AppData\Local\Temp\~2945.tmp
C:\Users\Mika\AppData\Local\Temp\~5092.tmp
C:\Users\Mika\AppData\Local\Temp\~9031.tmp
C:\Users\Mika\AppData\Local\Temp\~90D.tmp
C:\Users\Mika\AppData\Local\Temp\~B02C.tmp
C:\Users\Mika\AppData\Local\Temp\~DB43.tmp
C:\Users\Mika\AppData\Local\Temp\~F5AB.tmp
C:\Users\Mika\AppData\Local\Temp\*.*
C:\Windows\TEMP\*.*
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 9, 2013
    #3
  4. Hotpotato

    Hotpotato Private E-2

    I haven't actually used utorrent in quite a while and I probably won't use it again. I uninstalled it last night when I decided to clean out my computer. I deleted skype and spotify because my firewall actually blocked it this morning. i've also updated to the complete comodo internet package. I've had the adobe for a while now until I can afford a proper license. It has never really given me trouble before. I will run what you told me to do and get back to you.

    There are not many problems since I deleted the two programs. Interestingly enough I reconnected to the Internet yesterday. Then there were quite a few Dos attacks to a specific port which we blocked. I think it was 58749. It was from a google IP address.
     
    Hotpotato, Feb 9, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then likely they are where your problems came from. Just complete my previous instructions anyway.
     
    chaslang, Feb 9, 2013
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds