Author Topic: I think i've been hacked, what should i do?  (Read 9312 times)

0 Members and 1 Guest are viewing this topic.

roadscum

  • Guest
Re: I think i've been hacked, what should i do?
« Reply #15 on: July 30, 2013, 05:50:22 PM »
The other two Gmer logs are attached below.

Happy hunting!

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4239
    • Ambulanta MyCity Forum - ASAP Member
Re: I think i've been hacked, what should i do?
« Reply #16 on: July 30, 2013, 08:52:34 PM »
@roadscum

You can relax, because you are malware free. Nothing malicious isn't loaded on your system.

Re-run OTL and click on CleanUp! button. This will remove all used tools here.


Just for test, go to contol panel > administrative tools > computer managment

In computer managment from the left side under 'Local users and Computers' > Users, make a screenshot of right part of the screen.
There you may locate all user and admin accounts.

Find uknown accound > right click > properties. Hid anather screenshot.
« Last Edit: July 30, 2013, 08:55:08 PM by magna86 »

roadscum

  • Guest
Re: I think i've been hacked, what should i do?
« Reply #17 on: July 30, 2013, 09:20:26 PM »
Thanks for your help.

i'm afraid i'm not completely reassured. Ok, there's no malware on my machine, but is it open to remote access? What does that mysterious unknown user account relate to? I am not sure that my computer is properly secure, how do i check this?

I tried to follow your instructions about user and admin accounts and didn't end up where you suggested i would, a screenshot is attached.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4239
    • Ambulanta MyCity Forum - ASAP Member
Re: I think i've been hacked, what should i do?
« Reply #18 on: July 31, 2013, 04:47:41 PM »
Hi,

i'm afraid i'm not completely reassured.

Ok, I'll will rephrase my sentence.  ;D
First you have avast antivirus. Then you have been checked with Malwarebytes.
Both of these programs use different routines to detect malware. Your whole system was checked by these two programs.

As additions, you have been run OTL and aswMBR.

OTL is tool that lists varius loading point. If any malware is loaded, it must use some loading point. Computer's hardware, programs, files, and running environment...etc.
All known loading points are legit. Non of them are malicious origin.

aswMBR is a anti-rootkit scanner and it's working at the kernel level (the highest system level) that searchs your computer for Rootkits that infect the Master Boot Record.
A rootkit is a malware program that is designed to hide itself or other computer infections on your computer.

How it works on the highest system levelt, it prevalent malware from hiding itself and displays it (so to say).

All logs are clean! Then I spent my extra time and asked additional checks. FRST and Gmer

FRST is powerfull tool that will display detailed information about the Windows Registry loading points, services, driver services, Netsvcs entries, known DLLs, drives, and partition specifications. It will also list some important system files that could be patched by malware. Is similar to the OTL, and that's why I called it an additional check.

Gmer is the strongest and best anti rootkit tool that exists. None of Gmer should not be hidden. GMER is also anti-rootkit scanner.
Gmer uses a variety of tricks that other tools do not own (driver at kernel) to detect malware. If malware present Gmer make it 99% listed in logs.


This volunteer work I doing this since 2006. I am experienced and when I say that there is no active malware You can be sure.

There is no:

malicious processes
malicious threads
malicious modules
malicious services
malicious files
malicious ADS
malicious registry keys

There is no malicious:
hidden processes
    hidden threads
    hidden modules
    hidden services
    hidden files
    hidden disk sectors (MBR)
    hidden Alternate Data Streams
    hidden registry keys
    drivers hooking SSDT
    drivers hooking IDT
    drivers hooking IRP calls
    inline hooks



Your system is malware free.  ;)



Hacking that you know only posible at movie. For some bad gay to have control over your computer must have some loaded file ( malware ) that will allow him to remote you.
As I mentioned before, this accaunt is possible leftover for some legitimate software. Not everything malware related.

For example, read this:
http://nvidia.custhelp.com/app/answers/detail/a_id/3067/~/what-is-nvidia-%E2%80%99updatususer%E2%80%99%3F



-------------------------------


In screenshot you don't have loacl users and computers.
You are using Windows 7 Home Premium and this edition does not have the right of checking/creating additional accounts. It's only available if you have Windows 7 Business or Ultimate.




roadscum

  • Guest
Re: I think i've been hacked, what should i do?
« Reply #19 on: July 31, 2013, 05:13:47 PM »
Thanks for being patient with my paranoia, and thanks for all the hard work. It is reassuring to know there's nothing on my system that shouldn't be there.

But...

You have seen how limited my knowledge of computers is; is it possible that i may have some setting or completely legitimate software set up in such a way as to give someone remote access to my machine? For example, i have e-mail accounts with Yahoo, Gmail, Hotmail and Virgin Media, i access all of these via my web browser (firefox on my laptop and whatever my HTC Wildfire S phone uses with Android). I think i remember hearing that it was possible to hack this sort of e-mail and that there was a particular problem with Yahoo, possibly involving Flickr too. Is this something i can check up on? I suppose i should Google it and see what i can find out. If you could point me toward any useful information or websites that would be a great help.

Once again, thanks for your help!