Has my computer been compromised by foolish teen.

Discussion in 'Majorgeeks Welcome Center' started by NoTechB, Apr 26, 2009.

  1. NoTechB

    NoTechB Private E-2

    Hello,

    I am not sure if this is the right place to ask, but don't have many options. I am very careful with my computer security, but am very frightened that my foolish grandson has done something that might cause me problems with my computer being compromised.

    He went some places he should not have gone on my computer and I found some "films" he purchased. I do run a full security suite, but obviously it did not prevent him from pulling this stunt.

    I have run my anti-virus and spyware. I looked through the site controls on my security suite and most of the items there look pretty familiar.

    But I am afraid that I might have some sort of program that could have stolen information or will steal information from my computer.

    This is deeply distressing for me. I am not technically inclined and am so careful. It never occurred to me that he would do such a thing. But, I cannot undo it, I just need to find out if there is a problem in my computer, that is not obvious to me.

    It appears to be running fine. I have run full security checks with my suite, also with spybot, I downloaded HiJackThis... but have not done anything with it... because I don't know what I am doing.

    Except, I thought if I asked here, perhaps someone would look at a log and tell me if they see anything that leaps out as a problem. Thank you in advance for any help.
     
  2. joey off the street

    joey off the street Lounge Lizard No.1

    Hello, B, and welcome to MGs :wave
    Ideally, you should start here: READ & RUN ME FIRST. Malware Removal Guide.

    http://forums.majorgeeks.com/forumdisplay.php?f=35

    It might look like a daunting task, but be patient and you'll get through it. I had to clean my PC when I first arrived here, and the results are well worth it. I'm in the same boat as you as far as tech ability is concerned. But there are some really good tech support advisors here who will guide you. Good friendly people (for the most part LOL)
     
  3. hrlow2

    hrlow2 MajorGeek

    Welcome to Major Geeks.
    If the "films" were downloaded to your hard drive, you could transfer them to a USB stick or external hard drive, if not too large, for cleaning and inspection. Then delete originals from your hard drive.
    If already run before you caught them, too late. Any "surprises" are already delivered.
    Then I would disable ALL guest accounts and password protect the entire Admin account.
     
  4. wildwolf220

    wildwolf220 Oracle of Doom

    :wave and welcome to MG's..
    As joey has advises, Go through the READ & RUN ME FIRST guide.
    Then post the required logs in the malware forum.
    One of the malware team will be able to answer any questions you have.

    Good luck.
     
  5. hrlow2

    hrlow2 MajorGeek

    Hopefully you caught it before any possible damage could be done.
    Good luck.
     
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    a warm welcome to the forums :)
     
  7. NoTechB

    NoTechB Private E-2

    Thank you very much
     
  8. NoTechB

    NoTechB Private E-2

    Thank you for your kind thoughts
     
  9. NoTechB

    NoTechB Private E-2

    Well, I Think I found the Read and Run me first file that I was told to. But I am not sure. I do know that either Microsoft or my CA Suite, which is part of my ISP, blocks downloading all .exe files... turning them into EFW. It just did it to SpyWare Blaster. I was able to download Search and Destroy, but I had to snooze my CA antivirus AND (shuddering the whole time) turn off my CA firewall. I also have a router firewall, and I did it very quickly... but it was hard for me to permit myself to do it. I am not blocked from updating at CA or Microsoft.

    When I looked at the Malware Removal Site. I read the rules about who could use it, I think I failed the test because it did NOT appear that I was a person with sufficient knowledge to use that forum. I wish I knew more about this. I appreciate your suggestions.
     
  10. NoTechB

    NoTechB Private E-2

    Hello,
    I am quite certain they were run before I found them as I was going through my hard drive and deleting files.
    I don't have any guest accounts, as far as I know. I have Windows XP, could you tell me where I would find them? Of course hind sight is 20/20, I wish I had password protected the whole computer if that is possible... but I don't know how to do that either.
     
  11. NoTechB

    NoTechB Private E-2

    Hello,
    This was a very comforting post. I appreciated it. I hope I am up to performing what ever tasks are suggested. So far everyone has had kind supportive things to say... The only thing that is a little mystigying is why I look like an angry WW l soldier in my Icon... when I started out looking like I feel Sad and Purple... LOL
     
  12. hrlow2

    hrlow2 MajorGeek

    Start, Control Panel, User Accounts, Manage Accounts.
    Create your password and click OK.
     
  13. NoTechB

    NoTechB Private E-2


    Oh Dear, I am afraid I did some posting incorrectly, because I misunderstood quick reply. I apologize for my mistake. I am using "quote" now, and I think it is correct. Thank you for your patience.
     
  14. NoTechB

    NoTechB Private E-2

    Hello,

    I read this, but it took me a bit to realize that you were explaining how to create a password... I guess for my whole computer or which ever accounts I wanted to control.

    Thank you very much.
     
  15. NoTechB

    NoTechB Private E-2

    Hello,

    Thank you for the instructions... I did read the rather stern notice on the malware forum about it not being for the unskilled. So I hesitated about doing anything there, since I did not wish to upset anyone.

    I have gone through and looked at all the instructions on the site, about protecting yourself and maintaining your computer and have been doing all of these things regularly all along, with the unfortunate exception of the passwords. I have always been fairly terrified of the Internet, hence the caution.

    I guess the big problem for me right now is my inabiity to download one suggested program, spy blaster. I will give it another try. I am working my way through a couple of the lists that were very detailed... but I am not sure that there are things I can manage... but I am going to try.

    I appreciate your note and will keep working on it.
     
  16. LauraR

    LauraR MajorGeeks Super-Duper Administrator Staff Member

    Hi and welcome :)

    The Read and Run Me is for all skill levels. I'm not sure where you read it wasn't for the unskilled. It could be that you were reading about helping out in there as only authorized malware helpers can aid those looking to clean their computers.

    If you are having a problem installing spyblaster, I would suggest posting in the software forum with your exact problem and seeing if anyone has any suggestions for you.
     
  17. wildwolf220

    wildwolf220 Oracle of Doom

    All you need to worry about at the minute is the READ & RUN ME FIRST guide.

    You can deal with installing Spyware blaster after your PC has been cleaned.
    Just try installing.

    SUPERAntiSpyware.

    Malwarebytes Anti-Malware

    combofix.exe

    And MGtools for now.
     
  18. NoTechB

    NoTechB Private E-2

    Thank you for the advice, I did install Spyware blaster. Malwarebytes... BUT, my question is... since I don't seem to be having a problem with the computer. Could an expert tell by looking at a HiJackThis Log... if there is something lurking that can steal data?
    All the best...
     
  19. wildwolf220

    wildwolf220 Oracle of Doom

    Yes they can. along with the rest of the logs from combofix and such:)
     
  20. NoTechB

    NoTechB Private E-2

    Hi,

    This is what I read at the Malware Forum... which made me hesitate to attempt to do anything there.

    I don't seem to be having a problem with my computer... it is my FEAR that there is something there that is distressing me.

    I just wanted someone to look at the HiJackThis Log... I really don't know what to do at this point.

    Thank you for your advice.


    Special notes about posting HijackThis log files on MajorGeeks.Com

    Note: This is not a HijackThis log reading forum. It is a malware cleaning forum, and there is much more to cleaning malware than just HijackThis.

    Malware cannot be completely removed just by seeing a HijackThis log. If you need our help to remove malware DO NOT simply post a HijackThis log which will be deleted. You must follow the instructions in the below link.

    READ & RUN ME FIRST Before Asking for Support

    You will notice that no where in this procedure does it ask you to attach a HijackThis log. This is because it is embedded within our procedures. When you follow them properly, a HijackThis log will automatically be obtained from a properly installed HijackThis progam. And the log will be put into a MGlogs.zip file with a few other required logs. This MGlogs.zip will then be attached to a message. This in all explained in the READ ME.

    Below this point is a tutorial about HijackThis. This is not meant for novices. And it does not mean that you should run HijackThis and attach a log. It is a reference for intermediate to advanced users. etc
     
  21. wildwolf220

    wildwolf220 Oracle of Doom

    I understand your fear.
    But the only way to be sure there is nothing bad hiding on your PC, is to go through the Read & Run me guide

    Sadly HijackThis alone wont show everything that is on your PC.
    Malware can hide from malware scanners.
    Thats why the other scans are need to check your system.

    Dont be afraid of the cleaning guide, it can look daunting at first.
    But if you take your time you will be fine.
     
  22. NoTechB

    NoTechB Private E-2

    I will try...

    I have CA Security, provided by my ISP... I cannot remove it, but I can snooze it AND I can turn off the software firewall. It that sufficient to allow me to download and run all of the programs listed?

    I have already done Malwarebytes and Spybot (by snoozing and shutting off software fire wall, which terrifies me to do, but I feel quite desperate.

    I know I cannot/should not, run two antivirus programs at the same time. But, I don't think the things I must run are anti-virus programs.

    Kapersky refuses to download, even with my anti-virus snoozed and my software FireWall shut off.

    If I CAN download and use these programs by snoozing AV and turning off software firewall (I have a router firewall also)...

    Do you think I can do this OK? I don't want to risk contamination by having the software firewall turned off, I hope the router I have will still protect me.

    You are very nice and I appreciate the time you have taken to look at my posts. This is so stressful for me that I have not been able to sleep for several days.
     
  23. joey off the street

    joey off the street Lounge Lizard No.1

    Trust me, notech. I was in exactly the same position. Scared to death that I was going to do something to the PC. It took me a bit of time, but came out the other side clean and with a bit more knowledge. But if you have got a nasty in there, you need it out.

    Take your time and you'll be fine. Don't forget, there are people here who are yearning to help the likes of you and me. They thrive on it.

    Don't worry, just have faith in your own abilities. The least you can do is put your mind at ease.
     
  24. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Also you now need to ensure that you are directing questions regarding the R&R at the person who takes on your thread in malware removal and not really here in the welcome centre.

    Don't be nervous :) There's no need.. you are in good hands.
     
  25. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    hi :)

    we cannot dig deep enough for malware just by looking at a HJT log. Malware is very good at hiding and often times you will see a clean HJT but there is LOTS more lurking ;) If you are having problems and need to remove malware at this point you will need to run ALL of the requested tools, update > scan > and attach the 4 requested logs into the malware removal forum

     
  26. chookers

    chookers Staff Sergeant

    Hi NoTech! :)

    I'm assuming that it's this bit that has you thinking that you shouldn't be doing the things in the Read and Run Me guide but this refers to the HijackThis tutorial where this comment is found. Major Attitude is warning that ONLY people with at least intermediate knowledge on computers should be using the HijackThis tutorial and playing around with HijackThis by themselves. Everyone else is quite safe to follow the instructions in the Read and Run Me cleaning guide, and that is the place that you need to start for your situation:
    http://forums.majorgeeks.com/showthread.php?t=35407

    Don't install anything that you aren't told to in the guide (the link above) and the related pages of that cleaning guide.

    You are quite correct that you should only be running one antivirus program but it's okay to have others on the computer. The key point is that only one should be RUNNING/ACTIVE at a time and you are also correct that the programs you are asked to use in the guide are not going to conflict with your antivirus program because if you need to shut one down, the guide would tell you.

    As to being unable to download the exe files, there are two possibilities that can get you around that which don't involve shutting down your security:

    1. Try changing the file name before you download the program, such as changing combofix.exe to combofix.geeks and then changing the name back when it is downloaded. Rename it at the point when your web browser asks you where you want to save it. (Is this perhaps what you meant was happening when you said they were being turned into EFW? That they were being renamed to end in EWF? If so, just changed the EFW back to .exe and you should be able to use the files.)

    2. Download the file on a computer that won't stop you, such as at an online centre or a library and take it home on a flash drive/memory stick.

    It's also possible that you can "whitelist" Major Geeks in your security software but someone else would have to give you that information because I haven't used the programs you mentioned.

    Anyway, don't be daunted - I'm sure you can follow step-by-step instructions carefully and that's the level of expertise needed for the cleaning guide. :)

    Welcome!! :wave

    EDIT: Oops! I forgot to say that if you don't know what whitelisting means, it means telling a program such as a web filter program that a particular site is to be trusted.
     
    Last edited: Apr 29, 2009
  27. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    A correction:

    dr.m
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds