1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MY PC got HACKED!

Discussion in 'BlackHat Lounge' started by AffGuy08, May 8, 2009.

  1. AffGuy08

    AffGuy08 BANNED BANNED

    Joined:
    Nov 14, 2008
    Messages:
    875
    Likes Received:
    491
    Guys, I don't know what happened but my desktop PC got hacked, someone is using my msn and sending spam messages to my friends, sometimes sends links that contain virus. I just finish changing all my passwords and reinstalled the pc again but guess what, when I login to the internet, I get this message from norton that someone tried to "attack" my PC and they manage to stop it.

    In their message which they classified as "high risk", they detects the threat coming from this IP address - 60.48.76.131 . Where is it from and what can I do to hit this guy back?

    And why after reinstalling the whole C drive I still getting attack? The threat was from system32 folder, an exe. file there that I can't delete because Windows message "Protected File" stuff.

    What should I do? Heeeelp needed!
     
  2. saran23

    saran23 BANNED BANNED

    Joined:
    Jan 2, 2009
    Messages:
    22
    Likes Received:
    64
    your not getting attacked, its called a scan. a botnet is scanning your ip range. As long as you have up to date pc, with the latest patches, you should be fine.

    Also the msn thing, you were infected with the bot and you started sending out spam without you noticing.
     
  3. goins

    goins Regular Member

    Joined:
    Dec 8, 2007
    Messages:
    234
    Likes Received:
    62
    reformat your pc thats the easiest way. and back all you important files up
     
  4. saran23

    saran23 BANNED BANNED

    Joined:
    Jan 2, 2009
    Messages:
    22
    Likes Received:
    64
    that would not do anything, if you know about ddos then you should know what he is experiencing -.-

    and no reformating would do nothing, its just a scan on your ip. Just have your firewall and norton up.
     
  5. AffGuy08

    AffGuy08 BANNED BANNED

    Joined:
    Nov 14, 2008
    Messages:
    875
    Likes Received:
    491
    @idkfawin32 - I searched his IP and he seems to be using an anoy proxy, what can I do?

    @saran23 - You mean a bot that is safe doing this? Why am I not getting the same thing on my laptop? A bot that sends out spanish spam messages with URLs? How is that possible?

    @goins - I did reformat my C drive and still got the attack...


    Can this be keylogger stuff?
     
  6. bigspade

    bigspade Junior Member

    Joined:
    Mar 13, 2009
    Messages:
    114
    Likes Received:
    125
    Occupation:
    Silver Hat Entrepreneur wannabe
    Location:
    Warzone
    That's the reason why I stop downloading torrents and free warez. I have once check out a hacker forum, and one guy mention that he can create a trojan that no other anti-virus software can detect. Just the thought of it, keeps me at bay from the temptation of downloading free stuff.
     
    • Thanks Thanks x 1
  7. slacker

    slacker Newbie

    Joined:
    Sep 21, 2008
    Messages:
    24
    Likes Received:
    8
    Occupation:
    Fuck corporate america!
    ddos wont do much unless you have the whole ***** backing you up. lol, plus your isp will take you down.
     
  8. saran23

    saran23 BANNED BANNED

    Joined:
    Jan 2, 2009
    Messages:
    22
    Likes Received:
    64
    Your laptop can have a different ip or might already be infected.

    What is happening is that when you uninstalled the bot from your computer, the other bots in the network grabbed your ip and started trying to find holes in your security so you could become part of them again.

    You cant do anything about it but wait it out. The msn spam is programmed into every bot now days. It installs on you and then sees if you have msn, if so it takes control of it and sends out links to your friends so they can get infected to. It sends something like,

    " Hey did you check out this pic of me naked? http://nakedpics.com/index.php?=naked-img.com"

    when the person clicks on the link, he will download a file called naked-img.com (which is an executable, dont be fooled cause its extension is a .com).

    I suggest if you want to track them down, opening your firewall and your norton. Then you can get infected, use wireshark to track it back to the server the bot is connecting to and go in there and cause some trouble (find the login for the bots and remove them all). or you can simple post the info online somewhere and people will rape the shit out of the server and cause it to die.
     
    • Thanks Thanks x 1
  9. saran23

    saran23 BANNED BANNED

    Joined:
    Jan 2, 2009
    Messages:
    22
    Likes Received:
    64
    lol that is about what 100% of virus are now days. All viruses, if they are good, have to get passed all the avs, if they dont they wont and cant be sold on the black market.
     
  10. Knoxgates

    Knoxgates Supreme Member

    Joined:
    Aug 9, 2008
    Messages:
    1,266
    Likes Received:
    918
    You have to format your whole system to get rid of that bot. Formatting C drive doesn't help.
     
    • Thanks Thanks x 1
  11. turner

    turner Registered Member

    Joined:
    Jan 31, 2009
    Messages:
    89
    Likes Received:
    92
    hi
    dunno if this is old hat haha
    flash the bios, update it
    remove harddrive to old, very old pc
    and do low level format

    Turner
     
  12. AffGuy08

    AffGuy08 BANNED BANNED

    Joined:
    Nov 14, 2008
    Messages:
    875
    Likes Received:
    491
    Oh man God Bless me! Lol :)

    Ok I got this simple advice from my friend, he suggested me to get ZoneAlarm, clean my PC with Avast or Kaps AV and fireup ZoneAlarm (do this offline), then get online and change the msn password.

    I hope that does the trick, what you guys think?
     
  13. callmelucid

    callmelucid Regular Member

    Joined:
    Feb 15, 2009
    Messages:
    487
    Likes Received:
    446
    be sure to start your computer in safe mode before you do a virus scan. i also like using spybot s+d to disable all startup .exe's except the main windows ones
     
    • Thanks Thanks x 1
  14. sonobby1

    sonobby1 Regular Member

    Joined:
    Mar 3, 2009
    Messages:
    236
    Likes Received:
    31
    Location:
    Uk
    Ive got the same problem with my live messenger, occasionally I am told I have sent links to my friends, even when im not online, and I also recieve these links from my friends. Ive tried every program out there to remove this thing, but nothing shifts it. My problem is ive got like 100gb off data on here that would take ages to put on to discs, hence not formatting. I just live with it until something comes along.
    Si
     
  15. 94FBR

    94FBR Registered Member

    Joined:
    Feb 25, 2009
    Messages:
    67
    Likes Received:
    24
    it's a malaysian ip...
    lat:3.167 long:101.7
     
  16. AffGuy08

    AffGuy08 BANNED BANNED

    Joined:
    Nov 14, 2008
    Messages:
    875
    Likes Received:
    491
    Yeah maybe he is using an anoy proxy..damn!
     
  17. preedge

    preedge Junior Member

    Joined:
    Nov 24, 2008
    Messages:
    196
    Likes Received:
    43
    Run your antivirus in safe mode.

    For deleting protected files, use Unlocker. It's a freeware.
     
    • Thanks Thanks x 1
  18. HaRRo

    HaRRo Elite Member

    Joined:
    Oct 29, 2005
    Messages:
    2,676
    Likes Received:
    13,447
    Occupation:
    Self Employed
    Location:
    Miami, FL
    Change your routers mac address, turn off modem get new ip.

    Or if your not using router or something do similar Just reset your ip.
     
    • Thanks Thanks x 1
  19. aмillionaírе

    aмillionaírе Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 20, 2008
    Messages:
    532
    Likes Received:
    358
    You don't have comodo firewall? Get that too.
     
    • Thanks Thanks x 1
  20. AffGuy08

    AffGuy08 BANNED BANNED

    Joined:
    Nov 14, 2008
    Messages:
    875
    Likes Received:
    491
    I'll have to ask my ISP for an IP change because it's static and dial up.
    Thanks Harro!