Computer Hacked, Then Hijacked [Closed]
Posted 15 January 2013 - 12:52 PM
Show in folderRemove from list
Show in folderRemove from list
Show in folderRemove from list
That is all I could get to copy--saw no option to download to anywhere. Will try again.
Posted 15 January 2013 - 01:10 PM
all your rootkits are belong to us [*]
GMER is an application that detects and removes rootkits .
It scans for:
hidden disk sectors (MBR)
hidden Alternate Data Streams
hidden registry keys
drivers hooking SSDT
drivers hooking IDT
drivers hooking IRP calls
At a loss--I tried to copy and save the scan but now that it has run, those buttons do nothing. I tried a screenshot but it didn't take. I cannot find the filename area, but have what little I posted previously on the desktop.
GMER says it found system changes due to rootkit activity--with that message over the scan results, I can do almost nothing--keys do not respond. I cannot delete the message or rerun the scan.
When the hacker sees these files, she will go ballistic and take it out on my computer--I know her personally.
I am keeping logmein open minimized for now,but it is risky because it gives her time. She bought me some speakers in an effort to keep the computer on all day (I did not fall for it--by changing this to 32 bits, most music wouldn't play--she will go to any lengths. I suspect she is installing malware too.
Edited by traveler818, 15 January 2013 - 01:27 PM.
Posted 15 January 2013 - 01:30 PM
Posted 15 January 2013 - 01:37 PM
Then attach to your post
Posted 15 January 2013 - 02:02 PM
If run it from your system means from the above link, that is how I generated the report, but everything on that page except perhaps the menu upper left is frozen. I can't even close the window. save, copy, exit--no response. After trying to close the file, I can no longer turn it blue, though that was no help as ctrl-C and ctrl-V do not work. Copy is unresponsive. I have downloaded this file from every download link I could find--nowhere do I get the option to choose a location, or to create a txt file.
I have tried dragging it here. Won't budge.
I do not know what else to do. I considered deleting and starting over but I can't do that either. Help. I see no more options. Getting frustrated.
when I click on the 2 icons that made it to the desktop, I am asked if I want it to make changes. I click No. They both have different names--random numbers and letters.
Edited by traveler818, 15 January 2013 - 02:46 PM.
Posted 15 January 2013 - 02:46 PM
Download and Install Combofix
Download ComboFix from one of the following locations:
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Posted 15 January 2013 - 03:35 PM
Posted 15 January 2013 - 04:12 PM
I clicked a combofix link but despite having disabled Norton, the scan stopped saying it detected antivirus and firewall. The hacker has been busy. Norton will no lnger take my password--I used it successfully once, and will not disable anything until I can figure out a way in. I find no password reset anywhere. I am beginning to wonder if it is time to wipe the system clean again (for the 3d time).
Or the logmein file is still open--I need to give name & password--the usual--it appears to be Toshiba's version of Logmeinrescue.
I cannot enlarge the type-my guess is she followed me in here--if I leave, I do not know if I can get back.
Edited by traveler818, 16 January 2013 - 11:52 AM.
Posted 15 January 2013 - 04:14 PM
This woman is smart and fully educated and fully equipped to do damage and willing. She stole food I saved for homeless dogs and a small gift for an elderly lady--thus is her character.
The Toshiba logmein file serves a different purpose. LogmeinRescue IS on this computer but hidden. Should I try rerunning combofix? First I need to see if a system restore took me back to before I created a Norton password. I cannot get to the Norton website as it is now only set to scan but doesn't. I can't access most desktop files from the desktop.
I just learned of a website called AMMY Admin, which appears to be like LogmeinRescue.
Edited by traveler818, 16 January 2013 - 12:33 AM.
Posted 15 January 2013 - 04:49 PM
I am also working the human angle trying to get those who know her to help.
We were both overdue for a break, but if we are interacting, I do not want to miss a word: Would you let me know when you are done with a session? I didn't know how long to wait. We put in a lot of hours, so it was time, but I waited some time to be sure.
The hacker has a full-blown acct as far as I can tell, which makes her undetectable as malware. I found many files in the computer. Each one contained the permissions, but not the full page. She has "Users"--me, "SYSTEM"--the computer's owner, and "Authenticated Users." When I try to remove Authenticated Users, it says someone else may be in there who would also lose due to inherited permissions. A R click is supposed to open it to show who the users are, but it is not working. If I could get in there, I think I might regain my administrator status and remove her. It would be a start but you know a lot, me not much.
Ie COMBOFIX: Before I read the warning not to rerun it, I hopefully didn't because 2 of the 3 times, there was no scan, only the one, that failed to complete. The first ones said it could not scan because it detected antivirus and a firewall. I had disabled both in Norton. It gave me the red AT RISK window, but Combofix detected them and sent me to remove them twice. Then my password to Norton stopped working. I uninstalled the remains of Norton, and downloaded the trial version of Norton 360, which found 2 threats the old Norton missed. Should I also have malwarebytes or antispyware? Anyway with Norton gone, the COMBOFIX scan ran until the window appeared over the scan saying it had detected modifications to the system. I got the impression I had to take action on the spot to unlock anything, but you said not to so I did not explore the site that thoroughly.
Toshiba sends people's computer info (without their knowledge) who refuse their expensive help to a local tech--when an error occurs, he gets a signal, and I get a nasty phone call because I will not allow remote access--though that is how I learned about AMMY Admin. It is similar to LogMeInRescue, which was on this computer but is a logical first one to hide. I don't trust the source for AMMY, but the site could be good.
Edited by traveler818, 16 January 2013 - 06:13 AM.
Posted 16 January 2013 - 09:05 AM
I would like you to uninstall Norton
Install Avast Free
And if you are happy I will link to your system via Avast
Let me know how you feel before we progress... As an aside Avast can be password protected
To start Remote Assistance, the person wanting help just opens the avast! user interface and clicks on the “Allow Remote Control” button. This generates a unique code which is sent to the avast! “helper-friend”, enabling the recipient to have remote access to the other computer. The session is routed through the AVAST servers, bypasses potentially blocking firewalls, and can be ended at any time by the initiating person. The only requirement is for both computers to be turned on and have active internet connections.
“People want to be able to get or give help, but they want to make sure they are not creating a security risk at the same time,” said Mr. Steckler. “This is why Remote Assistance can only be triggered by the person wanting help and each code is limited to a single session.”
Posted 16 January 2013 - 12:21 PM
PS Avast free does not seem to have a firewall. Should I check/turn on Windows Defender?
Here is the code Avast said to give you: KJYK-7MKC
Edited by traveler818, 16 January 2013 - 12:26 PM.
Posted 16 January 2013 - 12:25 PM
Be right back as I need to get on a system that is not running a beta version
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users