Hack Suspected...not Sure From Where? Please Check Logs!

Discussion in 'Malware Help (A Specialist Will Reply)' started by insan_art, Mar 10, 2017.

  1. insan_art

    insan_art Private First Class

    Hi there! I always want to say "nice to be back" but, of course, if I'm here, there's an issue! UGH!

    I will try to make this short. About 2-3 weeks ago I noticed my computer wouldn't sleep. Ran a power config request through DOS and it showed an active remote server request. The only remote services I have on this computer is Dropbox. I turned off Dropbox at start-up and that seemed to solve the sleep problem. Now, this may or may not be related but around the same time I had a security email from Twitter saying someone was trying to log into my account. I haven't used Twitter in years, have no need for it at this time, so I changed my password and deactivated my account.

    This morning (well, late morning, around 11AM) I get on my email and see that there was another attempt to log in to my Twitter account at 7:09 AM - also at 7:09 AM a second email came through saying my account had been reactivated! I'm very concerned about this because I'm not sure how someone could have accessed the security code to reactivate the account from the security email provided by Twitter. Just FYI I have an email through my website host (1&1) and serve the email to my system via Thunderbird. I don't have the account connected to any other devices....not even my phone. Everything on my phone goes through Gmail.

    So, I changed my Twitter password AGAIN and deactivated the account AGAIN. Also uninstalled Dropbox because that's the only remote access I had knowingly installed on this system and it was freaking me out!

    I've had no other issues at this time with the functionality of my system. The logs all came up pretty clean with the exception of some sh*t on IE - I don't use IE, haven't used it since the one time I used it on day one with this computer to download Firefox. :) That doesn't mean it's not been compromised, I guess, right?

    So, please check my logs. I'm thinking maybe I need to check into whether my email server (on 1&1's side) has been compromised as well, but I figured I'll run scans first and go from there.

    Thanks in advance! Logs are attached.
     

    Attached Files:

    insan_art, Mar 10, 2017
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not seeing any malware in your logs. However, if you continue to have these issues, use a different computer that you know is clean and change your passwords.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Mar 10, 2017
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds