1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My computer is hacked.. Help!!!

Discussion in 'BlackHat Lounge' started by aemc310, Oct 20, 2010.

  1. aemc310

    aemc310 Regular Member

    Joined:
    Oct 23, 2008
    Messages:
    282
    Likes Received:
    57
    Hey

    My PC is hacked and someone is making yahoo email accounts from my pc. How I came to know this, bcoz I always see a window opens automatically in which some is creating creating yahoo accounts again and again. Then window disappears and appears again in somtime..
    I have norton internet security 2010 but it doesn't help. Ive scanned whole PC but norton is unable to find it. How can I come over this problem? I have many important files in PC, which would lead in big loss if the info is leaked.
    I dont know how to stop this all. I am thinking to just format my drive, in which window is installed. I'll reinstall again. but Is there any other way? or I just have to format it all?:(
    Your help will be really appreciated. Plz reply fast.

    Thanks
     
  2. White Wolf

    White Wolf Newbie

    Joined:
    Feb 18, 2007
    Messages:
    0
    Likes Received:
    1
    ESET.xom

    Best virus protection and firewall.
     
    • Thanks Thanks x 1
  3. alexandraM

    alexandraM Junior Member

    Joined:
    Aug 4, 2010
    Messages:
    136
    Likes Received:
    39
    Malwarebytes, Super-Antispyware, Microsoft Security Essentials

    Install, Update and run them all. Norton is garbage, which is why it's on all new computers cuz nobody would pay for it
     
    • Thanks Thanks x 1
  4. Sanitarium

    Sanitarium Regular Member

    Joined:
    Sep 27, 2008
    Messages:
    312
    Likes Received:
    648
    Occupation:
    I guess making love to your eyes since you're read
    Location:
    In your mind.
    new HD for internet, transfer files...firewall.
     
    • Thanks Thanks x 1
  5. Blare

    Blare Regular Member

    Joined:
    Aug 20, 2009
    Messages:
    413
    Likes Received:
    105
    Go here:
    HTML:
    http://housecall.trendmicro.com/
    Click Download Housecall 32 bit or 64 bit. Which ever you have.
    Install it and run it. It will find the virus. Do a full system scan.
     
    • Thanks Thanks x 1
  6. xtopzi

    xtopzi Regular Member

    Joined:
    Sep 28, 2010
    Messages:
    291
    Likes Received:
    205
    I second that. Microsoft SE will take ages to scan but worth every second plus it's free.
     
    • Thanks Thanks x 1
  7. positivcriss

    positivcriss Power Member

    Joined:
    Mar 30, 2010
    Messages:
    680
    Likes Received:
    328
    Occupation:
    Photoshop
    Location:
    Black Hat World
    Try Kaspersky internet secirity 2010. I use it for 2 years so far and i had no viruses / malware. I use one method that give me 2000 days until licence expire :).
     
    • Thanks Thanks x 1
  8. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    If you can't gain control of the system to run these anti-malware solutions after using safe mode then I suggest you boot with a Ultimate Boot CD and recover your data. Any malware cannot run if you boot off the CD and your data will be clean to backup.
     
    • Thanks Thanks x 2
  9. ExtraWinner

    ExtraWinner BANNED BANNED

    Joined:
    Jun 18, 2010
    Messages:
    2,346
    Likes Received:
    3,463
    Delete Norton, I am working for them right now (I am actually in their office :p )

    http://www.speedtest.net


    Use Avira, Malwarebytes and Hitman Pro. Nothing will survive :)
     
    • Thanks Thanks x 3
  10. HIENA

    HIENA Registered Member

    Joined:
    Oct 18, 2010
    Messages:
    77
    Likes Received:
    4
    Occupation:
    IT SERVICE
    Location:
    On The Moon
    Home Page:
    try kis 2010 (kaspersky internet security ) is verry good
     
    • Thanks Thanks x 1
  11. dunhill

    dunhill Power Member

    Joined:
    Nov 15, 2009
    Messages:
    532
    Likes Received:
    117
    Occupation:
    Fulltime IM
    Location:
    Bermuda Triangle
    maybe your pc is infected by RAT or trojan horse.. :) try to use trojan remover.. for antivirus , please DELETE Norton.. Avira/bit defender/NOD32 should be ok..
     
    • Thanks Thanks x 1
  12. terry56

    terry56 Junior Member

    Joined:
    Aug 8, 2009
    Messages:
    126
    Likes Received:
    280
    Occupation:
    Electrical Engineer
    Location:
    Camarillo,CA.
    Sounds like your browser might me Hijacked...follow the advice here:
    Code:
    http://www.computing.net/answers/security/ie-hijacked/24810.html
    It helped me recover just last week.

    Good luck!!
     
  13. navycliper1

    navycliper1 Regular Member

    Joined:
    May 6, 2010
    Messages:
    254
    Likes Received:
    43
    you can try any of the above or contact ur isp, somebody is using ur pc through RDP.
     
    • Thanks Thanks x 1
  14. mangoman

    mangoman Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 29, 2010
    Messages:
    432
    Likes Received:
    75
    interesting. never heard of someone using a net to create accounts but I guess its possible. Its almost worth having someone sniff around to see how he is connecting (possibly irc server) . Run netstat -n to check for connections in command prompt
     
    • Thanks Thanks x 1
  15. aemc310

    aemc310 Regular Member

    Joined:
    Oct 23, 2008
    Messages:
    282
    Likes Received:
    57
    I was really thinking that norton is best, bt I was wrong. Just installed Avira, Malwarebytes and Hitman Pro and scanned my PC. More than 20 viruses(including worms, malware, trojan etc etc) were found and deleted. scan is still going on. ********ing norton is CRAP. I am shocked to see norton didn't detect them all and reporting my system virus free.
     
  16. Nexonkiller

    Nexonkiller BANNED BANNED

    Joined:
    Apr 21, 2010
    Messages:
    188
    Likes Received:
    12
    I'm actually a member from hackforums. Dont flame me, because it wasn't me.
    Since I know how all of these RATs/Loggers work I found anti viruses completely useless.

    I know of one program, Hijack this. It pretty much shows you a bunch of files and IF you can manually locate the virus it will delete it, no questions asked.
    I have used it on numerous friends computers as well as my own.

    Hope it help :)

    - My 2 cents
     
    • Thanks Thanks x 1
  17. aemc310

    aemc310 Regular Member

    Joined:
    Oct 23, 2008
    Messages:
    282
    Likes Received:
    57
    I am also the member of that forum, but I rarely go there, so I decided to ask this question here. I'll try the program your talking about.

    Thanks
     
  18. sirgold

    sirgold Supreme Member

    Joined:
    Jun 25, 2010
    Messages:
    1,260
    Likes Received:
    645
    Occupation:
    Busy proving the Pareto principle right
    Location:
    A hot one
    Aside from all the excellent suggestions you got here you might want to download from the site sysinternals (now part of M$) the utility autoruns that lists all the apps started at boot time and see what the offending program is.

    It might also be hidden as a fake system process, have a look at that in the appropriate tab of autoruns. If the offending program hasn't an extra layer of protection (Dll hooking, mem injection or other techniques..) you should be able to identify it and get rid of it with relative ease.

    Giving it a try doesn't hurt if anything else fails and before formatting the entire box.
     
  19. Krippleintime

    Krippleintime Registered Member

    Joined:
    May 12, 2010
    Messages:
    96
    Likes Received:
    13
    Location:
    Graphic Location Unknown
    Well, I doubt that you have a Rat in which the user can see your files and what not, you most likely have a virus which is just basically creating email accounts. I would first delete Norton, and download Avira Anti-Virus, free edition is fine. Disconnect form the internet and do a full scan of that, then a full scan with Malwarebytes (keys can be found online if you want the full version). If you still see the emails being created then I would do a full backup of your hard drive, and then reinstall windows on your PC. Should clear everything up, and then you can scan the hard drive files and try to find the virus again, then transfer files back to your fresh clean PC.
     
  20. thevil

    thevil Junior Member

    Joined:
    Aug 17, 2010
    Messages:
    190
    Likes Received:
    189
    You are most likely infected with a RAT (Remote Access Trojan) which allows someone complete control over your computer.

    First things first, goto
    Code:
    http://www.bleepingcomputer.com/forums/topic308364.html
    
    Download RKILL.exe and run it. It will kill any known malware processes and do not reboot computer yet.

    Then goto Kaspersky dot com and download kaspersky internet security.

    Then goto
    Code:
    http://forum.kaspersky.com/index.php?showforum=19
    
    Then follow the directions there (stickys) located here
    Code:
    http://forum.kaspersky.com/index.php?showtopic=84003
    
    Run the getsysteminfo tool and when you create the report, make a new thread on kasperskys forum and follow the directions.

    The report will list very detailed info on everything on your computer.
    From there the people at kaspersky can isolate and remove the program through scripts.


    How can you prevent this from happening again?

    Don't download programs that arent trustable
    Always run any untrusted software in a Virtual environment (Dummy computer, Sandboxie, VMWare, VirtualBox)
    Always run an Antivirus (Kaspersky IS 2010 or ESET) Norton is garbage, so is most any other AV.
    Install Malwarebytes, and Microsoft Security Essentials and a Firewall (Comodo)


    You ALWAYS need to run a double+ layer of protection. One antivirus is not enough. You should have layers of protection.

    A good setup would be (if you have enough RAM)
    KIS 2010, COMODO Firewall, Sandboxie (or VMWare), AntiLogger, APPGuard

    You need protection from known malware and exploits and you need another layer of protection against 0day attacks. Which are basically exploits and virus' that have not been analyzed yet. Even if you have a good antivirus running, you are still prone to getting infected by a 0day exploit, especially a 0day drive by download. (Basically a unknown exploit unknown to the software author (I.e. Firefox) that allows malicious code to be run just by visiting the website, (I.e. a trojan being download and run without you knowing).