Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [resolved] Computer hijacked.
New Posts  All Forums:Forum Nav:

[resolved] Computer hijacked.

post #1 of 75
Thread Starter 
First time I've gotten a virus, ever, and this thing completely hijacked my rig!

Today - random clicking started whenever I move the mouse.
Launchy stopped working. (It's a program).
TeamViewer starts up at random times and acts weird. Uninstalled.
Apache web server restarts itself when killed.

I do a quick scan with MSSE, it finds nothing.
Do a quick scan with Malwarebytes, finds 8 infected items, here's the log

Attachment 211224

I push remove, it gives me the confirmation box, I restart, and nothing changes.

Then, I open up notepad to see why my keyboard hotkeys for opening up Launchy don't work.

Then, I see random crap being typed, without me touching the keyboard.
After several seconds I see this appear in the text: "form??"
Then, this appears:

" y

1 sec "

After this point, I shut off the internet by removing the cable.

So, some mofo, is controlling my computer and monitoring every single thing I do. He's watching me type this message because he's screwing around with the formatting, so I'm going to make this quick.
I logged into my router, saw a bunch of DoS attacks there, and I saw a huge range of IP's trying to connect to my computer using the port 8564.

Shortly after typing this, and with internet OFF!! this thing pasted in what seems to be one of my passwords, but I couldn't read which one because I was erasing something.

I'm probably reformatting this whole thing ASAP, I don't think there's anything I can do, at this point I'm not worried about losing data, but I'm worried about losing my accounts.

Crap. Crap. What the hell is going on?

Edited by srsdude - 5/19/11 at 11:14am
post #2 of 75
Shut off, disconnect from the internet now

Use an anti-virus rescue disk (google it), i.e. the one from Kaspersky
It will boot separate from OS and with latest definitions should remove that virus!
post #3 of 75
oh man thats messed up.

change all your passwords, call your ISP and get that IP blocked or something
reformat your computer asap.
    
CPUMotherboardGraphicsRAM
Core i7 5930k MSI X99S SLI GTX 1080 32GB Crucial DDR4 
Hard DriveHard DriveCoolingCooling
(3x) Crucial 256GB (768gb RAID0) WD 3TB EK Supremacy EVO + D5 Vario GT-AP15 
CoolingMonitorMonitorKeyboard
2X HWLABS GTX360 (2x) 1440p QHD PLS MicroBoard 40" 4k MVA Corsair K70 RGB 
PowerCaseMouseAudio
Corsair RM1000 Custom Build Logitech G900 Yamaha RX-V465 + 5.1 Surround 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 5930k MSI X99S SLI GTX 1080 32GB Crucial DDR4 
Hard DriveHard DriveCoolingCooling
(3x) Crucial 256GB (768gb RAID0) WD 3TB EK Supremacy EVO + D5 Vario GT-AP15 
CoolingMonitorMonitorKeyboard
2X HWLABS GTX360 (2x) 1440p QHD PLS MicroBoard 40" 4k MVA Corsair K70 RGB 
PowerCaseMouseAudio
Corsair RM1000 Custom Build Logitech G900 Yamaha RX-V465 + 5.1 Surround 
  hide details  
Reply
post #4 of 75
Reinstall and change all important account passwords starting with email and banking.
    
CPUMotherboardGraphicsRAM
2500k ASUS P8P67 WS Revolution 2 x Asus GTX470 900/1800/1700 Corsair Vengence 8gb 
Hard DriveOSMonitorPower
120gb ssd, 4 x 1TB F3's Raid 0, 2TB F4 Backup Windows 7 Catleap 27 1440p Enermax Revolution 1050w 
Case
Case Labs M8 with pedestal  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2500k ASUS P8P67 WS Revolution 2 x Asus GTX470 900/1800/1700 Corsair Vengence 8gb 
Hard DriveOSMonitorPower
120gb ssd, 4 x 1TB F3's Raid 0, 2TB F4 Backup Windows 7 Catleap 27 1440p Enermax Revolution 1050w 
Case
Case Labs M8 with pedestal  
  hide details  
Reply
post #5 of 75
When you're that deep in it, just reformat and start again. Make sure your router is secure as well. Rescue individual data files by booting from another OS (Ubuntu live CD or whatever) if you must.
The New Guy
(16 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0@3.0GHz GA-P35-DS3L EVGA 8800GT Superclocked 4GB Corsair XMS2 DDR2 800 
Hard DriveHard DriveOptical DriveOS
Seagate 320GB 7200RPM Western Digital Caviar Black Lite-on DVD burner Windows 7 Professional x64 
MonitorKeyboardPowerCase
Samsung 225BW Filco Majestouch Ninja (full keyboard w/browns) Cooler Master Xtreme 650 Antec 900 
MouseAudioAudio
Logitech MX518 Denon AHD-2000 Sennheiser HD595 
  hide details  
Reply
The New Guy
(16 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0@3.0GHz GA-P35-DS3L EVGA 8800GT Superclocked 4GB Corsair XMS2 DDR2 800 
Hard DriveHard DriveOptical DriveOS
Seagate 320GB 7200RPM Western Digital Caviar Black Lite-on DVD burner Windows 7 Professional x64 
MonitorKeyboardPowerCase
Samsung 225BW Filco Majestouch Ninja (full keyboard w/browns) Cooler Master Xtreme 650 Antec 900 
MouseAudioAudio
Logitech MX518 Denon AHD-2000 Sennheiser HD595 
  hide details  
Reply
post #6 of 75
In the future, you should register MBAM. its honestly the best defense against this kind of malware.
From FX to i7
(15 items)
 
  
CPUMotherboardGraphicsRAM
I7-7700K 5ghz delid MSI Z170A Gaming M7 1080Ti 32GB Trident Z @ 3600 
Hard DriveHard DriveOptical DriveCooling
Samsung PM961 M.2 850 Evo LG Bluray Drive Phanteks PH-TC14PE 
OSMonitorPowerCase
Win 10 x 64 P2715Q 4K  EVGA SuperNOVA 750G2 Phanteks Enthoo Pro  
  hide details  
Reply
From FX to i7
(15 items)
 
  
CPUMotherboardGraphicsRAM
I7-7700K 5ghz delid MSI Z170A Gaming M7 1080Ti 32GB Trident Z @ 3600 
Hard DriveHard DriveOptical DriveCooling
Samsung PM961 M.2 850 Evo LG Bluray Drive Phanteks PH-TC14PE 
OSMonitorPowerCase
Win 10 x 64 P2715Q 4K  EVGA SuperNOVA 750G2 Phanteks Enthoo Pro  
  hide details  
Reply
post #7 of 75
I would be changing all of my password on a different pc if I were you. Start backing up your data on your hard drive and secure wipe then reinstall windows. Also I would look into securing your router as tight as it will let you.

You have a keylogger somewhere on there so make sure you don't take that with you.
post #8 of 75
Make sure your Windows Speech Recognition isn't turned on. A friend of mine had theirs on unknowingly awhile back and weird stuff would appear to be typed on their computer as well, thinking it was some hacker messing with their computer.
Circuit Breaker
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 4.7ghz Gigabyte GA-P67A-UD4-B3 GTX 480 4gb G.Skill Ripjaws @ 2133mhz 
Hard DriveOSPowerCase
G.Skill Phoenix Pro 60gb SSD Encom OS 12 Seasonic X650 Thermaltake Spedo Advanced 
  hide details  
Reply
Circuit Breaker
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 4.7ghz Gigabyte GA-P67A-UD4-B3 GTX 480 4gb G.Skill Ripjaws @ 2133mhz 
Hard DriveOSPowerCase
G.Skill Phoenix Pro 60gb SSD Encom OS 12 Seasonic X650 Thermaltake Spedo Advanced 
  hide details  
Reply
post #9 of 75
1. Get off OCN and change passwords! First, of course, any bank details, then email, then the rest.

2. Call ISP and report it. They will (should) forward the info to the police who can access records etc.

3. Format system. Could be worth trying to save data with the PC disconnected from the 'net. .avi, .mp3, .doc etc files are unlikely to be infected. Obviously, scan the files before accessing them with the clean install.

4. Bad luck

Had you opened port 8564?
My do-it-all rig
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD K15 970A-D3P NVIDIA GeForce GTX 660  NVIDIA GeForce GTX 460 
RAMRAMHard DriveOptical Drive
Kingston  Kingston  Crucial M4 64Gb, 4x 1Tb, 1x 500Gb WD Caviar Black LG LiteScribe GH24 
OSMonitorKeyboardPower
Win 10 x64 LG E2350 23" 1920x1080 / Samsung 19.5" 1366x768 Razer Lycosa (Mirror Edition) Corsair HX850w 
CaseMouseMouse PadAudio
CoolerMaster 690 Razer Mamba 2012 Razer Goliath XL Logitech X-530 speakers 
Audio
Creative SupremeFX X-Fi sound card 
  hide details  
Reply
My do-it-all rig
(17 items)
 
  
CPUMotherboardGraphicsGraphics
AMD K15 970A-D3P NVIDIA GeForce GTX 660  NVIDIA GeForce GTX 460 
RAMRAMHard DriveOptical Drive
Kingston  Kingston  Crucial M4 64Gb, 4x 1Tb, 1x 500Gb WD Caviar Black LG LiteScribe GH24 
OSMonitorKeyboardPower
Win 10 x64 LG E2350 23" 1920x1080 / Samsung 19.5" 1366x768 Razer Lycosa (Mirror Edition) Corsair HX850w 
CaseMouseMouse PadAudio
CoolerMaster 690 Razer Mamba 2012 Razer Goliath XL Logitech X-530 speakers 
Audio
Creative SupremeFX X-Fi sound card 
  hide details  
Reply
post #10 of 75
man that sucks!

disconnect backup files that you don't think are infected and format the thing
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [resolved] Computer hijacked.