Hacked Computer

[unionrdr]

I don't know how it happened,but my desktop & files are all gone. They're in memory,but access is denied? My book was almost done,but now I got a temporary desktop from windows. My wife's partition on the hardrive had something go wrong with services,bad logon failure,taking out mine as well? Anyone know how to use adminastrative tools to get it all back? I'm not very good with all the stuff in that little event log window. There's no button to fix or restore logged errors??? File backup won't work either. Some kind of denial. Please help me get back my files for my book,pics,etc!! *Malwarebytes found a malware program that hijacked my start up menu file. The files I'm missing are in memory,but I can't acess them. How to fix start up menu file??

 

[Newsman]

I don't know how it happened,but my desktop & files are all gone. They're in memory,but access is denied? My book was almost done,but now I got a temporary desktop from windows. My wife's partition on the hardrive had something go wrong with services,bad logon failure,taking out mine as well? Anyone know how to use adminastrative tools to get it all back? I'm not very good with all the stuff in that little event log window. There's no button to fix or restore logged errors??? File backup won't work either. Some kind of denial. Please help me get back my files for my book,pics,etc!! *Malwarebytes found a malware program that hijacked my start up menu file. The files I'm missing are in memory,but I can't acess them. How to fix start up menu file??

The malware hid your start menu and probably your whole profile. There's a tool you need to run to unhide that stuff. Sorry, but it's been too long since I had that one, so I don't recall what it was.

 

[unionrdr]

I'll have to try & remember what it was. I did it once before. It's in there,just can't put it back in.

 

[Newsman]

I'll have to try & remember what it was. I did it once before. It's in there,just can't put it back in.

Take a look at this: http://www.bleepingcomputer.com/for...-a-introduction-as-to-what-this-program-does/

 

[unionrdr]

OMFG!!! It worked dude! Idk what this hacker used to hijack my start menu,but so far,it looks like I got everything back. It worked really fast too! When I can,I wanna send you a beer haul. you're a lifesaver. My book & all! I can't thank you enough for such a great site! Any of you guys having similar problems,use the link newsman posted. You def won't be sorry! This is so great,I have no words! So much easier than trying to do it all manually,as some file names are very criptic.

 

[day_trippr]

Yeah, well, stay out of those porn sites from now on...

Cheers!

 

[unionrdr]

I got the internet back on last Friday,but didn't pay for my new malware/anti-virus program right away. The next day,the hacker got me. Something else odd,though. Internet symbol (the little screens with the globe thing in the bottom toolbar) isn't showing,even though it's on?

 

[Newsman]

OMFG!!! It worked dude! Idk what this hacker used to hijack my start menu,but so far,it looks like I got everything back. It worked really fast too! When I can,I wanna send you a beer haul. you're a lifesaver. My book & all! I can't thank you enough for such a great site! Any of you guys having similar problems,use the link newsman posted. You def won't be sorry! This is so great,I have no words! So much easier than trying to do it all manually,as some file names are very criptic.

No worries, my friend! That's just the geek in me. As the link says, they make copies of all the shortcuts into a hidden directory then delete the original shortcuts. Now, either go buy a portable hard drive and/or sign up for a cloud storage backup! That way, you can keep all your important things in at least two different places! I keep all my pictures on three different external hard drives.

 

[Newsman]

I got the internet back on last Friday,but didn't pay for my new malware/anti-virus program right away. The next day,the hacker got me. Something else odd,though. Internet symbol (the little screens with the globe thing in the bottom toolbar) isn't showing,even though it's on?

Try this free anti-malware: http://www.microsoft.com/security/pc-security/microsoft-security-essentials.aspx

Gotta figure if anyone knows the security holes in Windows, it's gotta be Microsoft.

 

[unionrdr]

No worries, my friend! That's just the geek in me. As the link says, they make copies of all the shortcuts into a hidden directory then delete the original shortcuts. Now, either go buy a portable hard drive and/or sign up for a cloud storage backup! That way, you can keep all your important things in at least two different places! I keep all my pictures on three different external hard drives.

I saw something on the microsoft site about on-line storage too. But their site doesn't always work so well. I am thinking of an external hard drive though. It'll need to be a few gigs at least to mirror my PC.

 

[Newsman]

I saw something on the mocrosoft site about on-line storage too. But their site doesn't always work so well. I am thinking of an external hard drive though. It'll need to be a few gigs at least to mirror my PC.

There are a ton of online storage sites... some of them (i.e. Google Drive, Dropbox, etc) have free accounts. 'Course they limit it to like 5-10 gigs, but for some folks, that would be enough. 'Course it's like a drug dealer... the first hit is always free... then when you want more you have to pay for it.

Hit me up later and I'll give you a referral link to copy.com, which should be sufficient to get you started. Note that you'll have to have an app running on your PC to make it work. All these "cloud storage" sites want you to run an app on your PC to automagically copy things to the cloud for you. I'd send you the link now, but I'm at work and don't have access to that site.

 

[unionrdr]

Thanks,I'd like to have a look at it. I had drop box at one time,but never got around to using it. Not sure I still have it. I also can't get my stuff back in Beersmith 2.1. So I loaded BS 2.2.07,but same. Got error5: access denied for everything,recipes,equipment,etc.

 

[Newsman]

Thanks,I'd like to have a look at it. I had drop box at one time,but never got around to using it. Not sure I still have it. I also can't get my stuff back in Beersmith 2.1. So I loaded BS 2.2.07,but same. Got error5: access denied for everything,recipes,equipment,etc.

Sorry, no ideas there. :/

 

[unionrdr]

I contacted Brad Smith at Beersmith's site about my Beersmith problem. His reply was "Beersmith uses Internet Explorer as a plugin under windows to display the preview screen. I would guess that you still have some kind of malicious script or messed up setting in IE that's preventing it from displaying the preview windows using IE. Please try running IE by itself first & get rid of any scripts,extra plugins,etc that the hacker may have installed. once you have it running cleanly then try running Beersmith again. Also I suggest making a backup copy of your documents/Beersmith2 folder as this is where all of your data resides for Beersmith". I have a backup copy there,but no go.
At boot up,I get this little window saying it can't find Faxman server data? Couldn't find it in a search either.

 

[Newsman]

I contacted Brad Smith at Beersmith's site about my Beersmith problem. His reply was "Beersmith uses Internet Explorer as a plugin under windows to display the preview screen. I would guess that you still have some kind of malicious script or messed up setting in IE that's preventing it from displaying the preview windows using IE. Please try running IE by itself first & get rid of any scripts,extra plugins,etc that the hacker may have installed. once you have it running cleanly then try running Beersmith again. Also I suggest making a backup copy of your documents/Beersmith2 folder as this is where all of your data resides for Beersmith". I have a backup copy there,but no go.
At boot up,I get this little window saying it can't find Faxman server data? Couldn't find it in a search either.

Two things to do then... First, download and install Malware Bytes (www.malwarebytes.org) and update/run it. Second, go to http://www.vipreantivirus.com/live/ and follow the instructions there. You'll need to install it and then reboot into safe mode, command-prompt only and run it. If you STILL have issues, let me know. There's a couple apps that you can download and run prior to running Malware Bytes, etc that will stop "TSR" apps ("Terminate and Stay Resident" -- i.e. running in the background) from running. Off the top of my head, I don't recall what they are. I'd have to search for them.

 

[unionrdr]

I have Malwarebytes PRO & ran it. It found nothing new. Just the hijacker thing that started it all,plus other corrupted "PUPs",files that have malware atatched to them. There are two IP addresses in the ignore list. But it'll only delete them. Idk if this means deleted from the computer entirely,or just from the ignore list? **I just went on bleepingcomputer.com & asked if they could help with these particular problems as well.

 

[Newsman]

Unionrdr -- This is the app I was thinking of.. http://www.bleepingcomputer.com/download/rkill/

You may need to download one of the other filenames if you can't get the EXE to run. As they say, some malware will stop the "rkill.exe" from running, so you have to try one of the other variants, or just rename the file from rkill.exe to something else that fools the malware.

 

[Newsman]

I have Malwarebytes PRO & ran it. It found nothing new. Just the hijacker thing that started it all,plus other corrupted "PUPs",files that have malware atatched to them. There are two IP addresses in the ignore list. But it'll only delete them. Idk if this means deleted from the computer entirely,or just from the ignore list?

Try the live "Vipre" antivirus. It's pretty good. I'd go ahead and remove everything that MalwareBytes says to. Also, you can reboot into safe mode and run MalwareBytes and it might catch some more things. To do that reboot and keep hitting the F5 key and a menu should pop up. Select "safe mode" or "safe mode with network" (using arrow up/down keys) and then run Malware Bytes again.

 

[unionrdr]

I can't get Rkill to download! I hate this hacker crap.

 

[Newsman]

I can't get Rkill to download! I hate this hacker crap.

Try one of the other variants??? If that doesn't work, I'll be glad to download it, rename it, zip it up and send it to you to get around that issue.

 

[TallDan]

What is going on here? Troubleshooting someone's PC problems doesn't belong in Announcements and Feedback, don't threadjack!

 

[unionrdr]

Sorry,but I couldn't get on here & all. And newsman gave me a link to fix nearly everything. I've been away from programming class in college for too long to be as good as others on here are. Since it has to do with HBT & BS2 functionality,it sort of does belong?...that's getting feedback,isn't it?

 

[Homercidal]

I have split this into it's own thread in the General Chit Chat forum. The Feedback forum is to give feedback to HBT about issues with the site, not about issues with a personal computer.

 

[unionrdr]

Thanks for the clarification. I was desperate for any help I could get. Didn't intend to hijack or anything...I was already hijacked early Saturday morning. The link to bleepingcomputer.com helped a lot. But I still have issues with BS2 & nbcnews.com,my home page. The rest works,but some are slow,a couple don't work at all yet. Sorry for any troubles...

 

[Homercidal]

More than likely there is still some crap going on. I've cleaned many a computer and I can tell you that it's sometimes a LOT of work to clean them up and it takes an experienced person a lot of time, sometimes, to do it right. Sometimes it's not worth the effort and a backup/reinstall is the best/fastest way to get results. Sometimes even my favorite malware software is not up to the task and a manual search and destroy is in order once the problem is identified.

I don't have a good solution for you. Taking a computer to a computer repair shop can be as bad as doing nothing. In a lot of cases they try very little before wiping the drive, reinstalling Windows, and charging you an arm and a leg. And your backup? Whoops!

You may wish to preform a restore to a previous point in time if you can. Search for Windows Restore Points. Sometimes it's only a matter of figuring out the cause by searching on the symptoms and merging a downloaded Registry Entry into your registry to repair one that was damaged by the virus.

These things are usually caused by clicking on a link in a fake email, or clicking on a fake browser window alert, or downloading a fake file, such as when you click on a link that looks like it leads to a movie. If the movie file extension is not a legitimate movie file extension, don't click on it! For example, hornyteenparty.avi.exe is an EXE file (executable), not an AVI (video) file. The last extension on the filename is the only part that matters.

 

[unionrdr]

Windows restore or restore files wouldn't work. Restore wouldn't complete,retore files gave me the "error5: access denied" bit,just like BS2. But that was before I used that hijack fix program on bleepingcomputer.com. Not sure if I should try it again? It happened early Saturday morning & I've had the DT's ever since. At least I got it all fixed well enough to pay bills & such. Just home page & BS2 need more work so far. The mod on bleepingcomputer.com asked for my HJT log. I guess he knows what to do with/in it? It can take days for their teal to get down to you on the list though. They create all kinds of software to fix a lot of different things. My head's swimming already...& yeah,forget the geek squad. They do just as you described a couple times early on. I only know the hacker got me because & hadn't paid for Malwarebytes last Friday when I got the internet service going again. Idk if the kids downloaded something or what. But 99% of the time,it's always something they did.

 

[passedpawn]

The following is what I do to deal with Windows wackiness,entropy, malware, hardware failures, and even fire. I sleep well at night knowing everything, including all work data, family pictures and video, are backed up. Consider that every hard drive will eventually fail.

1. Keep EVERYTHING you do under My Documents
2. Install a separate internal hard drive and move My Documents to that drive. Better yet, install 2 hard drives and configure them as a RAID1 mirrored set.
3. Have an external hard drive and use software to back up My Documents every night. I like CrashPlan, which is free and has a simple path to going to cloud storage when you decide to do that.
4. Once a month, backup everything to another drive that you keep in a box somewhere, preferably at your neighbors house, office, etc. I installed a hot swap hard drive bay ( http://www.newegg.com/Product/Product.aspx?Item=N82E16817997016 ) so that I can take a bare 3.5" SATA drive, slide it into the bay, backup, then remove.

Every two or three years I install a new boot drive, install the newest version of Windows, and re-install my apps. The data stays put on those external drives and doesn't budge.

 

[unionrdr]

I've been seriously concidering an external hard drive. But the system is a couple of gigs,so it'd need a lot of space! But I need to get everything working right again first. These memory location names are very criptic & don't say what they do or are for,like a particular program. Like Faxman server data. I'm having trouble with that one,which I think might be part of the plugin BS2 uses for ther window at the bottom of the BS2 page through IE. Not to mention all the settings,recipes & such. My recipe names are there,but when I try to click on one,I get the "error5: access denied" bit.

 

[Newsman]

I have split this into it's own thread in the General Chit Chat forum. The Feedback forum is to give feedback to HBT about issues with the site, not about issues with a personal computer.

Thanks, Homercidal.

 

[Newsman]

I've been seriously concidering an external hard drive. But the system is a couple of gigs,so it'd need a lot of space! But I need to get everything working right again first. These memory location names are very criptic & don't say what they do or are for,like a particular program. Like Faxman server data. I'm having trouble with that one,which I think might be part of the plugin BS2 uses for ther window at the bottom of the BS2 page through IE. Not to mention all the settings,recipes & such. My recipe names are there,but when I try to click on one,I get the "error5: access denied" bit.

Trust me, a couple gigs is nothing these days. These days the smallest external drive you're likely to find is about half a terabyte or 500 Gigs.

I'll download and zip the rkill file for you and send it to you as a private message.
Edit -- I can't download RKILL here at work. I'll have to do it later from home. Sorry

 

[LLBeanJ]

I've gotta agree with Homer on this. Trying to clean that crud outta there is a fool's errand. Even if you think you got it all, you'll never really know if you did get it all, which you most likely didn't. Your best approach is to procure yourself an external hard drive, back up just the data you want to keep (My Documents, Beersmith files, Favorites, Desktop files and that's usually about it, but there could be more) then wipe the internal disk and do a clean install of Windows and your apps. Once that's done, copy back the backed up files from the external drive and rest easy knowing there's no crapware living in your system.

 

[Homercidal]

A couple of gigs really is nothing. You can get 64GB thumb drives for not much money. External hard drives are 500GB on up, with the Price/Value at about 1TB these days.

OR, buy an external enclosure and put your old hard drive in that. Buy an new Solid State Hard Drive and install a fresh copy of windows (use Magic Jellybean Keyfinder to get your current Reg Codes) and use your old drive as a backup. SSDs are a lot faster and might even speed up your computer noticeably.

 

[unionrdr]

This sounds like it's going to get complicated. Trying to find uncorrupted application files,my programs (BS2 seems corrupted),etc will be tough. He did a pretty thorough job of messing everything up. So would I have to fix it first,or try saving my programs & personal files/profiles with the kids stuff to a hard drive & then wipe it? I'm not sure how far to go with saving things to an external drive?

 

[plankbr]

Try booting in safe mode 1st and running malwarebytes from there. That should catch the rest that aren't residing in memory during normal mode operation. Do a complete system scan also.

 

[unionrdr]

That'll take a few hours. A full scan took a really long time to complete. Besides the fact that Rkill from bleepingcomputer.com is designed to find & list all those hacker files in a list that a program like Malwarebytes must be used to remove. The hacker hijack program will try to put up warning messages it hopes you'll heed to protect itself,according to bleepingcomputer.com's page about Rkill.

 

[Homercidal]

rkill is a good start. I also recommend Malwarebytes and a decent AV program like Avast, or AVG or whatever. No one software will do it all. And yes, a few scans from different software will take several hours.

And, as always, once you are able to get control of the computer, you really NEED to get a backup going. Even if it's just manually finding your favorite files and dragging them onto another hard drive or thumb stick. This will be much worse if you lose the data files you want to keep.

 

[Newsman]

Nope. RKILL just stops any malware that's hiding from running. Doesn't clean anything. THEN you run the MALWARE BYTES to clean anything that was hiding. Again, I also recommend the second "live" antivirus I sent you a link to. Install that, reboot into safe mode, command-prompt only, log in and go to C:\viprerescue\ and run "deepscan.bat" and it'll clean up just about everything MBAM left behind.

 

[Newsman]

As Homercidal and other have said.. once you "clean" it, there's no guarantee there isn't a time bomb ticking away that you didn't find. Best bet, back up your installable apps, nuke the drive and start over from scratch with a fresh copy of Windows and then reinstall your apps and copy your data back over. May have to get another copy of BeerSmith if your installable is corrupt.

 

[unionrdr]

Well,dang. Google drive sent newsman's copy of Rkill renamed to my e-mail. But IE9 isn't supported & chrome won't download. Ran malwarebytes in safe mode & found one more corrupt file for music viewer or other. Got rid of it,but problems remain. Can't download the file to run it.

 

[unionrdr]

Actually,the e-mail .zip file sent me to google drive. It says IE9 isn't supported,chrome dosen't dowload,no downloads from bleepingcomputer.com work either. & Broni on there says IE9 is fine & should work? Waiting for file in regular e-mail now...