1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible spyware?

Discussion in 'BlackHat Lounge' started by dgusic, Sep 4, 2015.

  1. dgusic

    dgusic Regular Member

    Joined:
    Feb 28, 2015
    Messages:
    330
    Likes Received:
    175
    Hey there,

    so, some time ago, few months I believe I downloaded something called Auto Facebook Poster or something like that from the downloads section. Fast forward to today and I have to clean some shit from my PC. I find that this little shit has been sitting in my PC for some time now.

    I ran multiple viruses checks and nothing, scanned it with few anti-spyware programs and still nothing, could it be that this little shit with the /hide command could have fucked up my PC and my privacy?

    Also, this software was free and it was coded by one of you guys I believe, not really sure about the last one but I know it was free!
     
  2. Shardy

    Shardy BANNED BANNED

    Joined:
    Aug 7, 2015
    Messages:
    100
    Likes Received:
    25
    What av u using? try malwarebytes.
     
  3. WizGizmo

    WizGizmo Super Moderator Staff Member Moderator Jr. VIP Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    4,050
    Likes Received:
    55,720
    I seem to recall deleting that because there was no Virustotal scan done on it,
    it was posted in the wrong section, and you were not using one of our preferred
    file sharing sites.
     
  4. Tabaza

    Tabaza Registered Member

    Joined:
    Jul 26, 2015
    Messages:
    68
    Likes Received:
    13
    Gender:
    Male
    Hi,

    Tip #1.

    the only way to debug this issue and to know what is happening on your computer is to download wireshark. install it, open it and run the sniffer.

    close all websites, all internet related software's like skype, and other softwares. make your PC 100% idling.

    now, keep on reading the output of wireshark and see where is your computer connected, what is sending and receiving.
    if you are not familiar with wireshark, see some youtube videos


    Tip#2

    when you closed all websites and software's and PC is 100% idling wait for 3-5 minutes, then open CMD.exe and run
    netstat -n |find "ESTABLISHED"
    or
    netstat -a |find "ESTABLISHED"

    and keep doing it every 1-2 mins and see where is your PC connected when it is 100% idling. if you found no Established connections, means your computer is SAFE.



    EOF.
     
    • Thanks Thanks x 2
  5. HelloInsomnia

    HelloInsomnia Jr. Executive VIP Jr. VIP

    Joined:
    Mar 1, 2009
    Messages:
    1,825
    Likes Received:
    2,936
    Tabaza's advice is pretty good, this way you will be able to detect something like a RAT when your AV may not. You will have to do some research on how to find it in Wireshark but it't not that hard. Then learn how to block the connection in your host file. This won't remove it but rather block it.

    I would reinstall the OS personally, some see this as an extreme measure but to me it's the only way to know you're clean.

    Then setup a virtual machine and Sandboxie inside of that. The next time you want to run a program like that then do it there and it will be safer (but nothing is ever 100% safe keep that in mind).
     
    • Thanks Thanks x 1
  6. dgusic

    dgusic Regular Member

    Joined:
    Feb 28, 2015
    Messages:
    330
    Likes Received:
    175
    Thank you Tabaza!

    I did not find any "ESTABLISHED" connections to my PC. Look like it only has -hide function and I can't find it in the %appdata% folder where it is supposed to be. But looks like my PC is clean...