Hacked Computer

[LLBeanJ]

I've gotta agree with Homer on this. Trying to clean that crud outta there is a fool's errand. Even if you think you got it all, you'll never really know if you did get it all, which you most likely didn't. Your best approach is to procure yourself an external hard drive, back up just the data you want to keep (My Documents, Beersmith files, Favorites, Desktop files and that's usually about it, but there could be more) then wipe the internal disk and do a clean install of Windows and your apps. Once that's done, copy back the backed up files from the external drive and rest easy knowing there's no crapware living in your system.

 

[Homercidal]

A couple of gigs really is nothing. You can get 64GB thumb drives for not much money. External hard drives are 500GB on up, with the Price/Value at about 1TB these days.

OR, buy an external enclosure and put your old hard drive in that. Buy an new Solid State Hard Drive and install a fresh copy of windows (use Magic Jellybean Keyfinder to get your current Reg Codes) and use your old drive as a backup. SSDs are a lot faster and might even speed up your computer noticeably.

 

[unionrdr]

This sounds like it's going to get complicated. Trying to find uncorrupted application files,my programs (BS2 seems corrupted),etc will be tough. He did a pretty thorough job of messing everything up. So would I have to fix it first,or try saving my programs & personal files/profiles with the kids stuff to a hard drive & then wipe it? I'm not sure how far to go with saving things to an external drive?

 

[plankbr]

Try booting in safe mode 1st and running malwarebytes from there. That should catch the rest that aren't residing in memory during normal mode operation. Do a complete system scan also.

 

[unionrdr]

That'll take a few hours. A full scan took a really long time to complete. Besides the fact that Rkill from bleepingcomputer.com is designed to find & list all those hacker files in a list that a program like Malwarebytes must be used to remove. The hacker hijack program will try to put up warning messages it hopes you'll heed to protect itself,according to bleepingcomputer.com's page about Rkill.

 

[Homercidal]

rkill is a good start. I also recommend Malwarebytes and a decent AV program like Avast, or AVG or whatever. No one software will do it all. And yes, a few scans from different software will take several hours.

And, as always, once you are able to get control of the computer, you really NEED to get a backup going. Even if it's just manually finding your favorite files and dragging them onto another hard drive or thumb stick. This will be much worse if you lose the data files you want to keep.

 

[Newsman]

Nope. RKILL just stops any malware that's hiding from running. Doesn't clean anything. THEN you run the MALWARE BYTES to clean anything that was hiding. Again, I also recommend the second "live" antivirus I sent you a link to. Install that, reboot into safe mode, command-prompt only, log in and go to C:\viprerescue\ and run "deepscan.bat" and it'll clean up just about everything MBAM left behind.

 

[Newsman]

As Homercidal and other have said.. once you "clean" it, there's no guarantee there isn't a time bomb ticking away that you didn't find. Best bet, back up your installable apps, nuke the drive and start over from scratch with a fresh copy of Windows and then reinstall your apps and copy your data back over. May have to get another copy of BeerSmith if your installable is corrupt.

 

[unionrdr]

Well,dang. Google drive sent newsman's copy of Rkill renamed to my e-mail. But IE9 isn't supported & chrome won't download. Ran malwarebytes in safe mode & found one more corrupt file for music viewer or other. Got rid of it,but problems remain. Can't download the file to run it.

 

[unionrdr]

Actually,the e-mail .zip file sent me to google drive. It says IE9 isn't supported,chrome dosen't dowload,no downloads from bleepingcomputer.com work either. & Broni on there says IE9 is fine & should work? Waiting for file in regular e-mail now...

 

[MindenMan]

Avast.com, great stuff for virus protection, free. I wonder whsat were you running that you got hit twice? Spybot.com great software, Ad-aware also free, terrific as well.
Dude, put your guard up as best you can, and offload the important stuff to a thumb drive. I just found out and tried, a bootable copy of windows can go on a thumb drive, with all your writing too. I learned the hard way to load as many good anti spyware/ bot killers as possible, because they all do relatively the same job, but since they are written by different companies, they all find different bad things. If you need more help, just ask.

 

[Homercidal]

I'm not actually sitting there in front of the computer to have a look, but at this point, without hands on access, I'd recommend a reinstall. Security issues are sometimes hard to fix without messing up other file security rights. I'd be tempted to do a mass ownership change and get control, then backup and reinstall. At that point your system is open to further attacks, but it's temporary and (hopefully) offline anyway. Once you get the back, reinstall the OS and copy your files back.

Installing an OS is generally not a hard thing for anyone to do. Modern versions of Windows leave very little to choose in options and the process is nearly automatic. The hardest part is probably going to be making sure the computer boots up off the Windows Install Disk. It's usually all set to do it, but once in a while a computer needs to be told which device to boot from (nowadays it's often F12 during the BIOS screen).

The only other issue you may have while installing is if you need to change the SATA controller mode. It's not hard and I think most system will be fine in AHCI mode. To change mode, simply boot into the BIOS settings (F12 during the boot and select system setup, SATA Controller (or somesuch)) and pick the mode and reboot.

I'm serious when I say almost any person in the world can do this with a few screen shots of what it looks like, and most people can fumble their way through it without. After all, you'll have a backup and can't really hurt anything.

 

[Newsman]

I'm not actually sitting there in front of the computer to have a look, but at this point, without hands on access, I'd recommend a reinstall. Security issues are sometimes hard to fix without messing up other file security rights. I'd be tempted to do a mass ownership change and get control, then backup and reinstall. At that point your system is open to further attacks, but it's temporary and (hopefully) offline anyway. Once you get the back, reinstall the OS and copy your files back.
/QUOTE]

Yeah, I have to agree with Homercidal here... sometimes it's just better to take off and nuke it from orbit. Definitely should back up your documents, etc before. Get a thumb drive or something and back up. The hardest part is probably going to be device drivers. Most computers will come with a separate "driver disk" and "reinstall" disk (if it comes with a reinstall disk at all -- Microsoft in their infinite wisdom came to the conclusion that a restore partition would be good enough!) Since you seem to have access to your documents, etc. I'd recommend backing up and wiping the system, then restoring.
One other suggestion -- DO NOT MAKE YOURSELF AN ADMINISTRATOR!!! Set up a separate "admin" account for installing apps, etc. Yes, it's a pain, but it makes it harder to seriously infect your computer if you're not an admin.

 

[unionrdr]

I got Rkill to download,unzip & run in safe mode with networking. Then Malwarebytes took out 3 entries. One a vafmusic something or other,for the 2nd day in a row. Then two hijackthis registry entries. Rkill fixed some .exe, com,etc stuff too. Had to switch back to normal mode to remove the infection files. But I can't paste the Rkill.txt or MBAM notepad documents on bleepingcomputer.com reply??? Maybe have to do that in safe mode with networking as well? God,I just want this nightmare to end. It's e-check month too,so I can't spend a ton of money & time on this. Need exhaust,oil & filter change & front brake pads so idiot light goes out. Any idiot lights & you fail. So for the moment,I need cheap fixes.

 

[smccarter]

I'm an IT guy. I wouldn't call what happened to you "hacked". You're computer got a virus of some kind.

My advice to you would be to think about wiping your entire hard drive, and re-installing Windows from scratch. Saving all of your files off to an external drive of course.

I'd take it to a computer store and let them handle it though. Ask the tech who works on your computer to scan the files on the external as well.

The idea is that if a virus exists on your computer, it may still be there and could re-infect it later on. With some of these things you really have to find the offending file or files and delete them. So by wiping the entire drive - removing all partitions and reformatting the drive - you are effectively deleting any potential threat.

I run Linux on all of my computers now. Got tired of Windows and all of the virus issues, cost associated with running MS software, licensing issues, etc...

After you've re-installed Windows, install a good virus checker. I used Avast. I always used the free version. It's a really good program.

A couple of really good practices to get into... Unsubscribe from any spam email you're getting, or set your email program to move that email to your spam folder, and clear that folder periodically. Never open an attachment in an email message unless you absolutely know the sender, and you've verified that the sender actually sent you the file. Never install an application from a web site unless you know that it is abolutely reputable. Always let your virus checker scan an installation file(s) before installing an application.

I hate viruses, and hate anyone who writes such malicious software. They should all be hunted down and thrown in prison.

 

[Newsman]

Yep. SMCCarter... I'm a former IT guy... now doing telecom. I understand exactly what you're saying. I, too, would recommend linux, if it were a little more user friendly.. that being said, if the OP wants to try it, I'd strongly recommend Ubuntu as it's much more user-friendly than most versions.
My only difference of opinion, and that's all it is, would be to use Microsoft Security Essentials... after all, who better than Microsoft to know where the security holes are? It's free as well.

 

[elsphinc]

yep, linux and brewtarget. what else do you need. Oh and a mash tun, and a few other things.

 

[Newsman]

Unionrdr -- I'll be happy to burn you a bootable "live" CD if you want to try linux.

 

[iaefebs]

Tried linux for awhile. I had no issues, but the wife and son were less enthusiastic. Every change takes a little effort to get everything to play together. I gave up trying to convince everyone that it was a better system.

 

[DrunkleJon]

I just got my laptop back up and running from an obnoxious virus I loaded. Bad me. Being an IT guy I advocate two things. First and foremost a nuke and reinstall is your best bet always. Viruses make weird little changes and are nearly impossible to entirely recover from.

I suggest if it is useable attaching an external storage device and backing up anything you want to keep, then since it is a laptop and then use the inbuilt system recovery program to bring it back to the way it was when you first bought it. Then the next thing you want to do is download antivirus. There is no excuse for not having antivirus as there are solid free ones available (Avast, Avira, Microsoft Security Essentials [which I use], etc). After that is installed and up to date, reconnect the external storage to recover your files but hold down the shift key when plugging it in until you get the what do you want windows to do prompt (this keeps any autorun viruses from running just in case). From there you just need to set things back up and go from there.

If you must have your computer as is there is one other thing you can do. I have had luck with going to avira.com and in their download section under utilities (from a clean computer) download and burn their Avira Rescue System to a cd. Boot to this CD and let it scan for you. Basically what this is, is an offline virus scanner that does not let the viruses load before the AV and hide themselves. You still need to be careful afterwards with internet settings, proxies and other little changes to tick you off.

Sorry if i got a little geeky there, I just have fixed too many infected computers when I supported the construction superintendant guys's porn virus riddled laptops a couple years ago.

 

[Newsman]

DrunkelJon... Thanks for the tip about the bootable CD antivirus. I'll keep that in mind for my two IT clients who I see semi-regularly.

 

[IslandLizard]

To the OP.

How old is your computer? Maybe it's time to think about a new one? Faster, clean start, newer OS, but I recommend to stay the f#@k away from Windows 8. Although that last one may be tough.

 

[unionrdr]

Well,vista home premium is from 2007,so maybe my computer is 2006? Can't afford a new one being retired. But I did think about that last night. Maybe just a new tower? Being e-check month,I have a brake idiot light on & no idiot lights or test fail. Need new exhaust to,& electric bill just about wiped me out this month. A external solid state drive would be nice. *I have trend micro titanium anti-virus/ anti-malware,& malwarebytes pro. Windows defender has an invalid handle,supposedly from an earlier version of trend micro that didn't play well with it. New version is supposed to,but didn't fix the handle. Gotta look at those other anti-virus programs.

 

[DrunkleJon]

DrunkelJon... Thanks for the tip about the bootable CD antivirus. I'll keep that in mind for my two IT clients who I see semi-regularly.

No problem. One of the joys of this site, we all are happy to share what we know in a usually friendly straightforward manner. The other nice thing is now you can reuse the same CD as it can check the internet for signature updates upon boot if you want. CDs are cheap though and I usually dont bother to keep ahold of them. Be sure to burn it from a clean computer though. You never know what may slip in if you do it from the ill behaved one.

Well,vista home premium is from 2007,so maybe my computer is 2006? Can't afford a new one being retired. But I did think about that last night. Maybe just a new tower? Being e-check month,I have a brake idiot light on & no idiot lights or test fail. Need new exhaust to,& electric bill just about wiped me out this month. A external solid state drive would be nice. *I have trend micro titanium anti-virus/ anti-malware,& malwarebytes pro. Windows defender has an invalid handle,supposedly from an earlier version of trend micro that didn't play well with it. New version is supposed to,but didn't fix the handle. Gotta look at those other anti-virus programs.

Generally speaking (as of 4 or so years ago) laptops expect about a 3 year lifespan where desktops like to say 5 before they go all obsolete. You can keep a computer that does not need to be used for gaming, video processing, etc alive for much longer though, as my laptop has been going for 7? years now. Nuking and reinstalling Windows will speed it up greatly.

Do be sure to completely remove any antivirus programs and reboot before you install a new one. They do not play nicely with each other. Also, avoid like the plague the registry cleaners and anything advertised on TV or in a popup ad that claims it will speed your computer up. They don't really do anything, and usually make things worse.

 

[Newsman]

No problem. One of the joys of this site, we all are happy to share what we know in a usually friendly straightforward manner. The other nice thing is now you can reuse the same CD as it can check the internet for signature updates upon boot if you want. CDs are cheap though and I usually dont bother to keep ahold of them. Be sure to burn it from a clean computer though. You never know what may slip in if you do it from the ill behaved one.

Yeah. I'm a former IT guy playing telecom engineer now... I still support a couple clients and friends who have problems from time to time, but my main PC at home is Fedora 20. Definitely would not recommend it for your average joe, though. I second your point about CDs being cheap. Another trick for if you ever forget your Windows logon password is Pete Nordahl's Password Reset CD. I usually just burn a new one of those any time I need it... Fortunately, I haven't had to use it much since I left IT.

 

[IslandLizard]

When I said "new computer" I meant the "box," yes, not the monitor, keyboard, mouse, etc., although sometimes complete system deals can get really sweet.

You can buy (new) desktops for sub-$200 to $500. I'm not saying your current computer isn't worth anything, it isn't broken. You really only need to get Windows (re-)installed AFTER your current harddrive contents is saved to a spare harddrive. But IF you have to take it to a shop to have that done, you're out good money too. And you still have Vista, one of M$'s (almost) admitted mistakes on her way to Windows 7.

Don't you have some kids, niece or nephew, neighbor, friend of friend, who can do this for you? For many of today's half-geeks with the right talent this is "nothing" to worry about. They'll fix it while they look away from their game, briefly.

Regarding harddrives.
Solid state ones are nice, fast but pricy. They are to be used as your main system drive.

The regular ones (not Solid State), you can get 2.5" portable externals (USB) that hold 1TB (1000 GB) of data for $60 (e.g., NewEgg).

There are a lot of excellent suggestions and recommendations in this thread. Almost "sticky" worthy, if we mention beer at least 2 more times.

 

[DrunkleJon]

Also, for getting a neighbor/friend to do it for you. Most computerly geekish types enjoy beer if you know what I mean.

 

[IslandLizard]

[snip] Generally speaking (as of 4 or so years ago) laptops expect about a 3 year lifespan where desktops like to say 5 before they go all obsolete. You can keep a computer that does not need to be used for gaming, video processing, etc alive for much longer though, as my laptop has been going for 7? years now. Nuking and reinstalling Windows will speed it up greatly.

This indeed depends highy on what you're doing and the quality of the system you started out with. Sometimes just adding more memory is the best upgrade you can give yourself... the machine that is.

[snip] Also, avoid like the plague the registry cleaners and anything advertised on TV or in a popup ad that claims it will speed your computer up. They don't really do anything, and usually make things worse.

Wow, ain't that the truth!
It's about time they start teaching that in school. No, better yet, you can't graduate from any school until you can prove you understand these principles. Then there's also the need for proven understanding of the exponential function... let's not digress.

Avast gets my nods for antivirus software. It's non-intrusive, which places it high on my list. Like a good bittering hop.

 

[IslandLizard]

Well,vista home premium is from 2007,so maybe my computer is 2006? Can't afford a new one being retired. But I did think about that last night. Maybe just a new tower? Being e-check month,I have a brake idiot light on & no idiot lights or test fail. Need new exhaust to,& electric bill just about wiped me out this month. A external solid state drive would be nice. *I have trend micro titanium anti-virus/ anti-malware,& malwarebytes pro. Windows defender has an invalid handle,supposedly from an earlier version of trend micro that didn't play well with it. New version is supposed to,but didn't fix the handle. Gotta look at those other anti-virus programs.

This is what I would do:
A. Get your data saved to another hard drive (e.g., 1TB external USB, $60 shipped). Or buy a new primary one.
B. Install Windows from scratch. Unless you use a new primary drive, overwrite everything on that existing hard drive
C. Install a good virus program. Malwarebytes is good to have alongside.
D. Copy the data back
E. Enjoy your "new" system

That idiot brake light could be low brake level fluid, a stuck floater, or even a loose wire in that circuit. Could also have to do with the ABS system if you have one.

 

[unionrdr]

This is what I would do:
A. Get your data saved to another hard drive (e.g., 1TB external USB, $60 shipped). Or buy a new primary one.
B. Install Windows from scratch. Unless you use a new primary drive, overwrite everything on that existing hard drive
C. Install a good virus program. Malwarebytes is good to have alongside.
D. Copy the data back
E. Enjoy your "new" system

That idiot brake light could be low brake level fluid, a stuck floater, or even a loose wire in that circuit. Could also have to do with the ABS system if you have one.

No abs. It checks for low fluid level,which happens as the brake linings wear down,puting more fluid in the brake lines from the resevoir as they wear down.
I have trend micro titanium & malwarebytes pro. I finally got through running vipre security scanner newsman posted. It took some 5 hours & ten minutes to run,quarentine & clean. Couldn't find the log though. But since it's an online program,it might be online? Anyway,it found,by searching every line of programing in the thing,106 threats,cleaning 20 or 21 of them,quarentining the rest. Most of the trojans & adware it found were connected to conduit toolbar or Vafmusic2 in mozilla firefox. A couple of the trojan lines had name: 1cooldudme <1>.exe. win32. Generic!BT or name: 1cooldudeme.exe.win32. Generic!BT at the end of them,the Generic!BT in the red [THREAT] program warning line by vipersecurityscanner. Now if I could just find out who 1cooldudeme is,I'd like to heel & hide is behind to a barn door.
Good idea on the external drive,but with maybe enough left to fix the exhaust to get by e-check,I'd still have to wait or borrow the money to get my stickers. Much less the external drive,which I'd love to have. I used to have an external OBD drive,but it's old & I don't know where it is.