Possible Compluter Hack Or Similar

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by niceandspicy999, Sep 9, 2016.

  1. niceandspicy999

    niceandspicy999 Private E-2

    Hi
    Over a 6 month period, I have had: 2 unrelated credit/ debit cards used fraudulently (one business/ one personal), a business website repeatedly hacked, and recently my Facebook advertising account hacked and used. While it is possible these are coincidences, I'm more inclined to think that there is something hidden in my computers at work or at home.

    I am starting with analyzing my work PC as that is the one most used for the hacked website. My logs are attached.

    Just FYI, about once a month I run AVG Free, MalwareBytes and SuperAntiSpyware. I have just this week turned off AVG and using Windows Defender on Windows 10 and looking into something else.

    Many thanks for your assistance.
     

    Attached Files:

    niceandspicy999, Sep 9, 2016
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. :)

    Not seeing much to do...

    Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] (X64) HKEY_CLASSES_ROOT\Search.PugiObj -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-2392079216-797311349-2971197170-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-2392079216-797311349-2971197170-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.

    Same for this entry on the tasks tab:

    • [Suspicious.Path] \DSite -- C:\Users\Danielle\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

    ..and again for these on the files tab:

    • [PUP][Folder] C:\Users\Danielle\AppData\Roaming\DSite -> Found
    • [PUP][Folder] C:\Users\Danielle\AppData\Roaming\Mipony -> Found
    • [PUP][Folder] C:\Users\Danielle\AppData\Local\OpenCandy -> Found

    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Re scan with RogueKiller, (just a scan) upload new log.
    Same for Hitman Pro.
     
    Kestrel13!, Sep 10, 2016
    #2
  3. niceandspicy999

    niceandspicy999 Private E-2

    Thanks. I ran through all that, but had a power cut part way through one of the steps. I re-did it but I don't know if it affected something.

    I also could not find RKreport[2].txt after that step, and have done a computer search for it. I have attached everything else connected to these steps.
     

    Attached Files:

    niceandspicy999, Sep 13, 2016
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not seeing anything else to do :)


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Sep 13, 2016
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds