| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 134332 | 2013-06-21 01:32:00 | Hacked | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1346521 | 2013-06-21 01:32:00 | I have a person who thinks their computer has been hacked into. I have updated their internet security program (BitDefender Internet Security 2013) & scanned (37 threats detected so far) I am going to change their security key on their wireless adsl router is there anything else that I should do: 1] to detect whether or not they have been hacked into 2] to prevent further hacking? Thank you |
NZHawk (4093) | ||
| 1346522 | 2013-06-21 01:44:00 | and is there anyway of identifying if the computer has been hacked into (she wants proof) |
NZHawk (4093) | ||
| 1346523 | 2013-06-21 01:47:00 | Look in its logs and see if it blocked anything. What are the threats? | Speedy Gonzales (78) | ||
| 1346524 | 2013-06-21 01:54:00 | will get back to you on that when the scan is completed. | NZHawk (4093) | ||
| 1346525 | 2013-06-21 02:03:00 | Why does she think it has been hacked, and what information does she think has been accessed. | Alex B (15479) | ||
| 1346526 | 2013-06-21 02:08:00 | Good question and it was hard for me to pin her down as she was quite vague but she said setting seemed to have been changed windows would open up & then close & she wouldn't be able to find them. she took pictures of some of the windows - but I couldn't make out enough of the details to know what they were reflecting. she has very little data if any - only uses the laptop for skype & emails |
NZHawk (4093) | ||
| 1346527 | 2013-06-21 02:20:00 | here is the results of the scan: Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\VJZCCJGC.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\DXT2VUFB.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\M5V34YXF.txt Cookie.Ru4 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\RTUWIFEU.txt Cookie.Advertising Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\UFJIYXSJ.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\LEERTKSC.txt Cookie.WebTrends Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\ATQ6G444.txt Cookie.Casalemedia Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\L10ON3Q6.txt Cookie.Apmebf Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\QRWN8ZWS.txt Cookie.DoubleClick Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\VO4GP8N0.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\28LTQYND.txt Cookie.Rub Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\6RXHJNEG.txt Cookie.FastClick Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\46GY02AA.txt Cookie.BS.Serving-Sys Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\TLKW6YL1.txt Cookie.Rub Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\0T9Q417E.txt Cookie.Overture Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\OEFYJYF4.txt Cookie.Zedo Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\2WPI16OZ.txt Cookie.DoubleClick Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\DY42TRBH.txt Cookie.Advertising Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\5FFV7DXJ.txt Cookie.Zedo Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\D6582QS9.txt Cookie.Rub Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\ASVUP1DX.txt Cookie.Ru4 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\63845PIZ.txt Cookie.BurstNet Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\G1XH4WMM.txt Cookie.Adtech Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\X8BI7HT0.txt Cookie.TribalFusion Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\Z6QRKQ9W.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\BUVF4W11.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\LM812XKL.txt Cookie.Mediaplex Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\2B70IVSW.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\K9Z501MC.txt Cookie.2o7 Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\R6BHMEP1.txt Cookie.247RealMedia Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\45BSUEFH.txt Cookie.Statcounter Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\Q07Q75ZW.txt Cookie.BS.Serving-Sys Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\SHD05AQQ.txt Cookie.Overture Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\RBHA77JU.txt Cookie.Rub Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\SLSAY69O.txt Cookie.QuestionMarket Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\XUMIYN3N.txt Cookie.Advertising Deleted Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\3JHG9PSE.txt Cookie.RealMedia Not scanned: File: C:\swsetup\HPQWB\qwfiles\data.1=>datafs (BAD CRC) Overcompressed Not scanned (file was overcompressed) File: D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-04-09 185240\Backup files 12.zip=>C=>Users=>Owner=>Downloads=>setup (1).zip=>setup.exe=>(RAR Sfx o)=>lb66wf4rdb56hlt.exe=>(RAR Sfx o)=>tt123fxamh7if34.exe Password-protected Not scanned (file was password-protected) File: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found) File: D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-04-22 202938\Backup files 2.zip=>C=>Users=>Owner=>Downloads=>setup (1).zip=>setup.exe=>(RAR Sfx o)=>lb66wf4rdb56hlt.exe=>(RAR Sfx o)=>tt123fxamh7if34.exe Password-protected Not scanned (file was password-protected) File: D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-05-27 195526\Backup files 2.zip=>C=>Users=>Owner=>Downloads=>setup (1).zip=>setup.exe=>(RAR Sfx o)=>lb66wf4rdb56hlt.exe=>(RAR Sfx o)=>tt123fxamh7if34.exe Password-protected Not scanned (file was password-protected) File: C:\swsetup\HPQWB\qwfiles\home.1=>homefs (BAD CRC) Overcompressed Not scanned (file was overcompressed) File: C:\System Volume Information\{207032f0-d80b-11e2-a126-e4115b2e9dac}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found) File: C:\Users\Sheryl\AppData\Local\Temp\SP59624.exe=>(CAB Sfx 2o)=>=>HPPTVFSSetup.exe=>(Embedded DocFile r)=>(Embedded CAB)=>WinUSBCoInstaller_x86_300.dll.0A805B51_A7A6_44F0_B 475_3BCE758D57C8=>(CAB Sfx 2r)=>update\update.exe |
NZHawk (4093) | ||
| 1346528 | 2013-06-21 02:29:00 | Well the 1st lot are cookies. I wouldnt worry about those. Did she make the backup files?? If not delete them. It looks like SP59624.exe is an HP setup file I would disable system restore, use ccleaner to remove temp files/cookies. Then turn system restore back on |
Speedy Gonzales (78) | ||
| 1346529 | 2013-06-21 02:31:00 | Yep I agree, I wasn't too worried about the cookies. Will run CCleaner after Malwarebytes finishes it's scan cheers |
NZHawk (4093) | ||
| 1346530 | 2013-06-21 02:34:00 | Post a HJT log . We'll see whats in it | Speedy Gonzales (78) | ||
| 1 2 | |||||