I think i've been hacked, what should i do?

[roadscum]

I have repeatedly scanned my machine for malware and found nothing, i've also checked my broadband (Virgin media fibre) and been assured that is all ok. Despite all this, web pages are often slow to load and sometimes appear to reload unexpectedly and my machine sometimes exhibits odd behaviour, especially when starting up. I log on as an admin, yet a number of files and folders will not allow me access and when checking the properties of some files i see that an unknown account with a name which is a string of letters and numbers sometimes shows up in the 'Security - Permissions' tab.

I only have a vague knowledge of how to use computers, but something looks a bit suspicious here, what should i do next?

[SpeedyPC]

Can you post a screenshot

[roadscum]

Believe me, my ability to use computers is very limited, screen shots are almost beyond me.

Almost , but not quite. Here's some odd looking stuff. Is there anything in particular you'd like me to try to get pictures of?

[roadscum]

Think i may be getting the hang of this screenshot thing, here's another one...

[jrace]

Check out this page for an explanation:
     http://forum.piriform.com/index.php?showtopic=34468

[roadscum]

Thanks for your reply, i still don't understand why that unknown account keeps cropping up, nor why i am locked out of stuff like 'Documents and Settings' despite being logged on as an admin. Am i just being thick and paranoid? Wouldn't be the first time!

(yet another screenshot attached)

[Pondus]

if you want a malware check....


follow guide and attach the requested logs  (not copy and paste)   http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done removal experts will be notified and check the logs for infections....

if trouble running any of the Tools, try run from safe mode..

[roadscum]

Ok, thanks for your help. I've read the instructions in the link you suggested and have attached logs for

AdwCleaner

MBAM

OTL

I'll attach the aswMBR log in my next reply.

Happy hunting!

[roadscum]

ah, looks like only one log attached, i shall try again!

[Pondus]

do you also have aswMBR log ?

[roadscum]

Just finished scanning with aswMBR, had some trouble posting the log just now, here goes with the second attempt!

[magna86]

Hi,
Additional account can be temporaly created by grafic driver. I don't see any malware traces. I will run additional checking;


FIRST


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

THEN



Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named



Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
  
• Click Scan button and wait until the full scan is complete;
  
• Click Save ... - save the report to the Desktop (named Gmer1 );
  
  
• Right-click wherever in the GMER's window and select Options > 3rd party - click the Scan button;
  
• Please wait until the full scan is complete;
• Click Save ... button and save report to Desktop (named Gmer2 );
  note: time scan for Gmer2 log may take some time
  
  
• Click the >>> and select Autostart card;
  
• After quick scan, click Copy button;
  
• Open notepad and Paste text. Save report to the Desktop (named Gmer3 )
  

> Attach here all Gmer logreports. (Gmer1; Gmer2 and Gmer3)

[boe323]

Im been having the same kind of things, odd behaviour, webpages reloading after a min or 2, sometimes things will close or minimise on there own, but theres no sign of virus, almost seems like theres a remote connection to my pc somewhere, but all remote access as been turned off, im on windows 8 pro 64.

[roadscum]

Yes, i strongly suspect someone's got remote access to my system and is scampering about behind the scenes, taking screenshots and getting up to all sorts of mischief. Which is odd, because i thought remote access was disabled. 

One thing that may be relevant: some time ago my ISP was BT and i had big problems with my broadband connection, kept repeatedly dropping out after increasingly short intervals. I spoke to BT tech support in India and they told me to turn off the router firewall. I was a bit nervous about the wisdom of this but they assured me the PC firewall would be sufficient on its own, so i went ahead and disabled the router firewall. The connection didn't improve much and some time later i started getting odd reports that my firewall was turned off when it appeared to be on, and that the Avast NDS driver (i think, i'm going from memory and mine is less reliable than many) was failing to load. I did two things - first i dumped BT and got a fibre connection with Virgin Media broadband, second i ran Lenovo One Key Recovery and restored the entire system from the original factory back up discs which i burned when i first got this machine (NOT the stuff on the partition on the hard drive). Before i did this i backed up various files (mostly RAW and JPEG photos) to my two external hard drives. This seemed to do the job for a whils, but i slowly noticed odd little things beginning to happen again; when booting up it would often sound like windows had started (the little chime noise) well before i'd finished putting my password in, web pages would load inexplicably slowly at times despite an apparently good broadband speed and videos and other stuff would sometimes hang for a moment or two, as if a screenshot was being taken.


So, after a while, i came here.

Now, Farbar logs are attached (too long to copy and paste), GMER is next once i've downloaded and run it.

Happy hunting chaps!

[roadscum]

Right, Gmer1 log is attached below, others to follow as they are too large to send all together.

One small point; remember i said i had two external hard drives? well i'd forgotten to plug them in when i ran Farbar, i can run it again if that's a problem. They were both plugged in and switched on when i ran Gmer.