I think my computer has been hacked.

Post Reply New Topic

I got a security alert on my computer this morning. I haven't had Norton Antivirus redeemed for a year. It said that I couldn't go on the Internet, because it was "DANGEROUS" to go on without virus protection. It may have been Windows Defender, and it might not have been, considering it was asking me to pay an inordinate sum of cash to use the Net. The website for this new antivirus software from Microsoft definitely wasn't legit, given the layout. It was spelt Win 7 instead of Windows 7. Then again, the thing listed enough trojans, viruses and worms on my computer to bring down the Pentagon network. What's scarier is that they're capable, via my computer, to hack into the network of my house, stealing credit card information, planting files, and so on.

I'm scared.

actual hackings are exceedingly rare unless there is a specific reason or angle.

in most cases it would be malware and adware picked up on your "virtual travels"
even legit homepages can have malware.
run malwarebytes anti malware, its free and carries no malicious content itself if you get it from their own homepage.

http://www.rocketryforum.com/showthread.php?t=30032

This thread has suggestions on Free Antivirus programs to use.

Don't bother using Nortons, they are almost useless.
use malwarebytes dot 0 r g instead, it's free and works much better for the type of malware you have. it's also update able, and more user friendly.
the thing you have isnt a virus, its a theft program basically designed to make you pay them for their "program"
you can manually fix it through the registry using regedit, but it sounds like malwrebytes is more for you.

Nothing to worry about, just the classic fake anti-virus scam. It's unlikely any of those trojans are actually on your computer, the sole purpose of that program is to trick you into paying the scammers. Boot your computer in safe mode, install a free anti-virus (I suggest AVG), and do a scan to get rid of the faker.

Sometimes the rogue (fake) antivirus program will be "smart" enough to stop all scans that attempt to remove it. In that case, you really need to see a professional tech, who is expert in manual removal. The problem is, finding one who really knows what he's doing. The market is FULL of losers who leave your PC in worse shape than it came in. Some rogue AVs will even disable safe mode. If you find you can't get into safe mode or run a scan, you will need to call somebody.

That's why I suggested safe mode. If safe mode doesn't work, get into it using your Windows disk. You might even be able to do a system recovery to before the virus was installed.

If one's computer is that thoroughly rootkitted, I think his or her best course of action would be to just reinstall Windows.

Unless you are an Uber techie you should: backup your important files, wipe the disk, reinstall Windows, restore the files.

Malware bytes et.al. will often, almost always, tell you the system is clean when in reality it isn't. Your computer might be sending spam, or someone might be reading your disk RIGHT NOW, and you'd never know.

Best to be sure. Format and reinstall.

You were not targeted. That's exceedingly rare. Instead the machine got auto-infected by a web site you visited, through an Adobe Flash vulnerability, or SUN Java, or Adobe Acrobat.

For the future, the name of the game is prevention:

Make your account a regular user (not administrator). Use a separate administrator account to install software and make system changes.

DO NOT ever install any browser add-ons. Yes this means Adobe Flash too. Especially Adobe Flash. A lot of "browser" hacks are actually Flash hacks. Also do not install SUN Java.

Use an alternative PDF reader such as FoxIt.

Never ever install random crap from the Internet.

... and of course, dump Microsoft and install Linux.

All the other stuff I agree with, but that's a bit OTT. I personally have Flash on (but things like Java off), and I run NoScript to regulate when Flash, JavaScript, and a lot of other things are actually run on a page. That's the best defense against browser attacks (as long as you keep both your browser and OS up to date, of course).



You're rather paranoid, aren't you? If you install a good firewall, you can manage exactly which programs can send and receive data, and that'd alert you to this kind of stuff and ask if it's OK to connect, so you can deny any malware access, find out what it is, and make sure it's removed.



I, like yourself, am partial to UNIX based systems, but it's perfectly possible to keep a Windows system secure if you run it properly. Linux also has it's own problems, and it can be hard to get used to a whole new OS unless you're a techie. Plus, if something goes wrong on Linux, you're gonna need to know the command line to fix it.

Yep - fix once and forget.

If by PARANOID you mean I have had 10 years experience working computer security for a well known company, and you haven't, and I know precisely what these people are up to and you don't, then yeah I'm paranoid. Paranoia is by definition unwarranted fear. What these people are doing is clear and present danger to your privacy and likely to your banking account too.

To answer your paranoid charge. A local software firewall is worthless because first thing malicious software will do is turn the firewall off. Firewall is only effective if it's a separate device, such as those included in most home routers. And those would not be able to tell the difference between an e-mail you sent and an e-mail a hidden virus would send.

Besides, this isn't up for debate dude. This isn't theoretical. Compromized computers ARE being used to send spam, by the millions, and those millions of users are competely oblivious.

Here are some examples of what can be done.

Read this:

http://arstechnica.com/civis/viewtopic. ... &t=1161167

Guy's resume was stolen off his computer by someone he flamed on a discussion forum. Oh yes.

Read this:

http://www.computerworld.com/s/article/ ... researcher

Locheed Martin ended up rewriting F-35 fighter cockpit software due to that hack. And it all started by the Chinese hackers e-mailing malicious Excel files to four random non-privileged office workers at RSA Security.

Read this:

http://arstechnica.com/business/news/20 ... -claim.ars

HP printers can be remotely hacked to catch on fire.

Read this:

http://arstechnica.com/tech-policy/news ... rice.ars/1

One man's life ruined by Anonymous. (He had it coming though.)


Anyway...


Why do you think hackers gain access to your computer? What's their motive? What do they want?

1) They are looking for passwords to steal so they can get into your online banking accounts. To that end they have access to what you type, to the file system, and sometimes even the webcam and the microphone.

2) They are using your computer to send spam from. Type netstat at the command prompt and just watch all those connections on port 25.

3) They are using your computer to launch other attacks. Either as a part of a botnet, or to hide themselves from authorities. So you end up being raided by the FBI in the middle of the night.

Dilbert, I agree with that you're saying, I just think it's unlikely it's what's happened to the OP, and if it has happened to the OP, it's not because of the fake AV. Those fake AV programs, more often than not, are just financial scams that wouldn't go after your data. Of course, if it was installed through a backdoor, or "trojan.downloader" thing, then it's a whole other story, but we don't know this.

Redacted

Last edited by nat4200 on 19 Apr 2012, 5:23 am, edited 1 time in total.

my rules of malware

everyone no matter who has malware on their pc,

no matter what you do you will always get malware

most malware is not directly harmfull or dangeroius to the person they hit


im barely carefull with my win7 desktop,
my network is segregated into three vlans with, one for my main desktop, one for my wired and one for my wireless.
the desktop is then connected to both of the wired lans.
even if my main gets infected the chance of actually infecting the server is near zero thanks to both hardware and software firewalls, online armor has a free edition and supports HIPS