Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

14 Hackers! Help! [Solved]


  • This topic is locked This topic is locked

#1
Joey23

Joey23

    Member

  • Member
  • PipPip
  • 16 posts
Hey,
I received a notification message on my browser tonight apparently saying I need to call 1800 508 252 to fix a virus. I tried to close the message but it kept reoccurring. So I gave the number a go, and it sounded like a reliable source. They did a search on my laptop and found that there was over 400 Trojans and 14 hackers... And my email is hacked. She also said that the hackers stopped many programs running and it was only a matter of time before they completely turn off my laptop. So I need help. Not sure if what she's saying is true, but I would love your advice!
I bought this laptop a few months ago but I didn't get around to re-installing antivirus software. I don't mind factory resetting the laptop since I just copied everything to my hard drive. Any option is fine, as long as it all gets fixed! I'm typing this through my phone at the moment. Please, please reply as soon as you can.

Thank you!!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have just fallen for a scam, how much did they rip you off for ?

They have probably installed other software on your system whilst they had control

Now I can attempt to clean the system for or you can reset the computer to factory settings the choice is yours

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Joey23

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thank you for such a fast reply!!

Haha, it was something like $280... I told her I'd call her back. Had a weird gut feeling about it. Thanks to you EB, I now know that it is a scam.

 

Here are the logs from Farbar: Attached File  FRST.txt   470.06KB   96 downloads Attached File  Addition.txt   33.8KB   126 downloads

 

The log from the aswMBR is here: Attached File  aswMBR.txt   2.76KB   85 downloads

 

Thank you!! This means a lot!


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get at it... Did you install the Unified Remote 3.1 programme ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2015-05-21 22:11 - 2015-05-21 22:11 - 00000000 ____D () C:\ProgramData\elsi..tion_d291612c4dce6913_0005.0002_24bdd5ce1a41bab3
2015-05-22 00:56 - 2015-01-15 19:49 - 00000000 ____D () C:\Users\Joesphine\AppData\Local\SafeWeb
2015-05-22 00:42 - 2015-01-14 00:04 - 00000000 ____D () C:\Users\Joesphine\AppData\Local\SoftonicAssistant
2015-05-21 23:14 - 2015-05-22 00:44 - 00003432 _____ () C:\Windows\System32\Tasks\Hotoehulmle
2015-05-21 23:14 - 2015-05-21 23:14 - 00000000 ____D () C:\ProgramData\Hotoehulmle
HKU\S-1-5-21-1114628362-224951515-1471456577-1001\...\Run: [SoftonicAssistant] => C:\Users\Joesphine\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1835976 2015-03-25] ()
Task: {0F2CCBB1-969C-4232-BBCF-99E6A5196C9B} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe [2015-05-05] () <==== ATTENTION
Task: {08B7F581-FDF3-40BE-8DBD-D953BDAE4E7D} - System32\Tasks\Hotoehulmle => C:\ProgramData\Hotoehulmle\1.0.1.0\ioevefau.exe [2015-05-21] ()
C:\ProgramData\NetEngine
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Joey23

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi,

 

I recall installing Unified Remote my phone, but I'm not aware if I installed it on my laptop.

 

Here's the Fix log: Attached File  Fixlog.txt   8.77KB   92 downloads

 

Here's the Adw Cleaner log: Attached File  AdwCleanerS0.txt   3.5KB   139 downloads


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Any apparent problems ?
  • 0

#7
Joey23

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Everything seems to be working well! Haven't had random browsers open on their own yet, which I think is a good sign.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There now that was not so painful :)

If you have any problems like that again, then come here and we will help you out

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP