Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Computer is/or was under super hack!!
New Posts  All Forums:Forum Nav:

Computer is/or was under super hack!!

post #1 of 32
Thread Starter 
Ever since early last week my mouse has been giving me problems...So I assumed "HEY time for an upgrade". Anyway right when I was on these forums something very wierd happened.

My mouse took on a life of it's own and clicked (very un randomly) to my files and user account!

Has anyone ever heard of this before? I can deal with it though I am wondering what kind of virus bug could take away control from your pc, and, well take over?? This just happened and it sort of freaked (and pissed) me off. I have been very safe with this pc, no dangerous sites or nothing of that sort. I have Mcafee virus scan and spyware docotr.

Ever heard of a bug that allows a hacker to take control of your pc and steal info???

EDIT: I have a wireless connection BTW but it is a secure one.

UPDATE: As this was posted a while ago now here is an update, I am having no problems for a while now.

HERE IS MY LOG FILE. If you notice any problems feel free to tell me. Though I believe I have already taken care of this problem and I did not see any problems here I believe I am just fine. Though I only quickly glanced at this before posting. Here is the Hijackthis report log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:29 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\csrss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\D-Link\\D-Link RangeBooster N DWA-542\\acs.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Spyware Doctor\\pctsTray.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\D-Link\\D-Link RangeBooster N DWA-542\\wirelesscm.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\WINDOWS\\system32\\CTsvcCDA.EXE
C:\\Program Files\\Logitech\\MouseWare\\system\\em_exec.exe
C:\\WINDOWS\\eHome\\ehRecvr.exe
C:\\WINDOWS\\eHome\\ehSched.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\Program Files\\Spyware Doctor\\pctsAuxs.exe
C:\\Program Files\\Spyware Doctor\\pctsSvc.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\ehome\\mcrdsvc.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\WINDOWS\\System32\\alg.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe
C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://google.atcomet.com/b/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.comcast.net/
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01480e46-b0ad-41e6-90fd-52bec5b1a04f} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: (no name) - {094a337e-bd4c-45ab-95c7-a9a1a6e99ab6} - (no file)
O2 - BHO: (no name) - {0e19fdac-14e3-470f-b32c-0d802c41a503} - (no file)
O2 - BHO: (no name) - {14531c98-a73d-4031-8c91-2541164d1508} - (no file)
O2 - BHO: (no name) - {242cf8e5-e05a-4bad-b0c5-006b97ca959e} - (no file)
O2 - BHO: (no name) - {393C2547-B2AB-422C-87AF-385238C73416} - (no file)
O2 - BHO: (no name) - {3a1f47a7-d9aa-47b7-acb5-345906ec87a3} - (no file)
O2 - BHO: (no name) - {3aa265dd-a051-4b6b-8420-876a29566502} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: (no name) - {51351222-5fcc-4457-99df-8aed0a3a5e4e} - (no file)
O2 - BHO: (no name) - {58661f70-27f7-4f40-bb53-c449c208645a} - (no file)
O2 - BHO: (no name) - {62b5ca27-ee53-4bf0-9b80-254b932191ef} - (no file)
O2 - BHO: (no name) - {68441c88-0670-498d-9de3-7a6b205e7c9d} - (no file)
O2 - BHO: (no name) - {70fab332-4c2e-44d0-bc53-ea553a2bd6d0} - (no file)
O2 - BHO: (no name) - {714c67c2-c091-40b9-839d-b119b24dea7d} - (no file)
O2 - BHO: (no name) - {7662ba5f-803c-4677-8085-562f2c4ad57e} - (no file)
O2 - BHO: (no name) - {871d1ebd-71e6-4da9-8be7-043604f62ba1} - (no file)
O2 - BHO: (no name) - {8e6e8ea5-6ec7-4ff3-9a5c-22746fc2e93c} - (no file)
O2 - BHO: (no name) - {a648225e-974f-4c37-9291-b4d230712b9c} - (no file)
O2 - BHO: (no name) - {ace6ae60-7718-45b9-9484-4412dc91cebf} - (no file)
O2 - BHO: (no name) - {bf96628e-5738-44bf-9b0b-724001ef07e8} - (no file)
O2 - BHO: (no name) - {c44a9fe4-979a-4883-991c-5f4216119a13} - (no file)
O2 - BHO: (no name) - {d4bddcb2-db23-4835-adb0-6029b66493a2} - (no file)
O2 - BHO: (no name) - {df23f9cc-1929-4e76-a727-ef4f392f76e3} - (no file)
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [CTSysVol] C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r
O4 - HKLM\\..\\Run: [amd_dc_opt] C:\\Program Files\\AMD\\Dual-Core Optimizer\\amd_dc_opt.exe
O4 - HKLM\\..\\Run: [RCSystem] "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe" RCSystem * -Startup
O4 - HKLM\\..\\Run: [AudioDrvEmulator] "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe" -1 AudioDrvEmulator "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll"
O4 - HKLM\\..\\Run: [RivaTunerStartupDaemon] "C:\\Program Files\\RivaTuner v2.01\\RivaTuner.exe" /S
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [TrojanScanner] C:\\Program Files\\Trojan Remover\\Trjscan.exe
O4 - HKLM\\..\\Run: [ISTray] "C:\\Program Files\\Spyware Doctor\\pctsTray.exe"
O4 - HKLM\\..\\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [NVIDIA nTune] "C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneCmd.exe" clear
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\
eader_sl.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\\Program Files\\D-Link\\D-Link RangeBooster N DWA-542\\wirelesscm.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\\Program Files\\D-Link\\D-Link RangeBooster N DWA-542\\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\system32\\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\\Program Files\\Spyware Doctor\\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\\Program Files\\Spyware Doctor\\pctsSvc.exe
Edited by Sgtoku - 5/25/08 at 9:25pm
Adventure
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8120 Asrock 970 Extreme 3 Cheap 5000 series 16gb 4x4 ddr3 1600 
Hard DriveOptical DriveOSMonitor
350gb SSD Sata III Samsung 22x DVD-RW Windows 7 Home Premium 64bit Asus Pro Art Monitor 23" 
KeyboardPowerCaseMouse
Logitech Standard Xigmatek 750w Modular NZXT Logitech MX530 Gray 
Mouse Pad
Standard 
  hide details  
Reply
Adventure
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8120 Asrock 970 Extreme 3 Cheap 5000 series 16gb 4x4 ddr3 1600 
Hard DriveOptical DriveOSMonitor
350gb SSD Sata III Samsung 22x DVD-RW Windows 7 Home Premium 64bit Asus Pro Art Monitor 23" 
KeyboardPowerCaseMouse
Logitech Standard Xigmatek 750w Modular NZXT Logitech MX530 Gray 
Mouse Pad
Standard 
  hide details  
Reply
post #2 of 32
Yeah.... get something better that Mcafee....

I reccomend
AVG Free
OR
Avira Anti-Virus
post #3 of 32
Seems like you have caught yourself a trojan, either from a download or something, and now someone has control over your computer remotely, obviously they are inexperienced, because they shouldn't be moving the mouse to tip you off that they are there. They can see anything and EVERYthing your doing while at your PC, and if you leave it on during the night, no telling what they are doing while your sleeping. I suggest looking at all the files/programs/games you have downloaded recently and give em a run over with AVG antivirus. It is much better than McAfree,
EITM
(13 items)
 
  
CPUMotherboardGraphicsRAM
E3110 @ 3.8 DFI X48 T2R Sapphire 4870 OC'd 4GB Gskill DDR2-1066 
Hard DriveOSMonitorKeyboard
Seagate 500GB 7200.11 32MB Win 7 Home Professional 64-Bit 24" Dell WFP2407 Logitech G15 v2.0 
PowerCaseMouse
Raidmax 700w Rocketfish Modded 6 fan design Logitech G5 
  hide details  
Reply
EITM
(13 items)
 
  
CPUMotherboardGraphicsRAM
E3110 @ 3.8 DFI X48 T2R Sapphire 4870 OC'd 4GB Gskill DDR2-1066 
Hard DriveOSMonitorKeyboard
Seagate 500GB 7200.11 32MB Win 7 Home Professional 64-Bit 24" Dell WFP2407 Logitech G15 v2.0 
PowerCaseMouse
Raidmax 700w Rocketfish Modded 6 fan design Logitech G5 
  hide details  
Reply
post #4 of 32
I don't think any Wireless connection is "secure". But I would reformat, I don't trust anti-virus, spyware programs at all.
Big Daddy
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-4970k ASUS Z97-A 2 x EVGA GTX 980Ti Classified 32GB DDR3 1866MHz Corsair Dominators 
Hard DriveCoolingOSMonitor
2 x Samsung 1TB EVO SSD Corsair H80i Windows 10 x64 ASUS ROG Swift M 
KeyboardPowerCaseMouse
Vortex Pok3r Corsair 1200W Jonsbo UMX3 Mionix 
  hide details  
Reply
Big Daddy
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-4970k ASUS Z97-A 2 x EVGA GTX 980Ti Classified 32GB DDR3 1866MHz Corsair Dominators 
Hard DriveCoolingOSMonitor
2 x Samsung 1TB EVO SSD Corsair H80i Windows 10 x64 ASUS ROG Swift M 
KeyboardPowerCaseMouse
Vortex Pok3r Corsair 1200W Jonsbo UMX3 Mionix 
  hide details  
Reply
post #5 of 32
Quote:
Originally Posted by Limes View Post
I don't think any Wireless connection is "secure". But I would reformat, I don't trust anti-virus, spyware programs at all.
Yup. A clean install is your best anti-virus.
Cataclysm
(20 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 GA-EP45-UD3P Rev. 1.0 Sapphire 4850 4x 2GB DDR2-1066 
Hard DriveHard DriveOptical DriveCooling
WD1600AAJS Random IDE Sony DVD Burner Tuniq Tower 120 
CoolingCoolingCoolingOS
6x 120mm Scythe SY1225SL12SH Fans Thermalright T-RAD2 2x 92mm Scythe DFS922512M-PWM Fans Windows 7 Ultimate x64 SP1 
MonitorMonitorKeyboardPower
Acer 19" @ 1400x900 Sceptre 19" @ 1280x1024 Cherry G81-7000LPAUS-2 (MY Switches) Corsair 650TX 
CaseMouseMouse PadAudio
Antec 900 Razer Diamondback 3G A black one with a cat in a hammock Asus Xonar D1 
  hide details  
Reply
Cataclysm
(20 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 GA-EP45-UD3P Rev. 1.0 Sapphire 4850 4x 2GB DDR2-1066 
Hard DriveHard DriveOptical DriveCooling
WD1600AAJS Random IDE Sony DVD Burner Tuniq Tower 120 
CoolingCoolingCoolingOS
6x 120mm Scythe SY1225SL12SH Fans Thermalright T-RAD2 2x 92mm Scythe DFS922512M-PWM Fans Windows 7 Ultimate x64 SP1 
MonitorMonitorKeyboardPower
Acer 19" @ 1400x900 Sceptre 19" @ 1280x1024 Cherry G81-7000LPAUS-2 (MY Switches) Corsair 650TX 
CaseMouseMouse PadAudio
Antec 900 Razer Diamondback 3G A black one with a cat in a hammock Asus Xonar D1 
  hide details  
Reply
post #6 of 32
i see your on xp, there was a security hole in the remote assistance program a while back, i dont know if they ever got that fixed or not, but it would explain what happened to you

although there are a few other possible things too
post #7 of 32
Thread Starter 
Wow, I have kept this computer very clean. I am still very surprised that this happened, I wonder if sharing connections with other comps in my household is the enemy...
Adventure
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8120 Asrock 970 Extreme 3 Cheap 5000 series 16gb 4x4 ddr3 1600 
Hard DriveOptical DriveOSMonitor
350gb SSD Sata III Samsung 22x DVD-RW Windows 7 Home Premium 64bit Asus Pro Art Monitor 23" 
KeyboardPowerCaseMouse
Logitech Standard Xigmatek 750w Modular NZXT Logitech MX530 Gray 
Mouse Pad
Standard 
  hide details  
Reply
Adventure
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8120 Asrock 970 Extreme 3 Cheap 5000 series 16gb 4x4 ddr3 1600 
Hard DriveOptical DriveOSMonitor
350gb SSD Sata III Samsung 22x DVD-RW Windows 7 Home Premium 64bit Asus Pro Art Monitor 23" 
KeyboardPowerCaseMouse
Logitech Standard Xigmatek 750w Modular NZXT Logitech MX530 Gray 
Mouse Pad
Standard 
  hide details  
Reply
post #8 of 32
Quote:
Originally Posted by Sgtoku View Post
Wow, I have kept this computer very clean. I am still very surprised that this happened, I wonder if sharing connections with other comps in my household is the enemy...
Yep it only takes one idiot to corrupt a whole network.
    
CPUGraphicsRAMHard Drive
Core i5 M 520 NVS 3100M G.SKILL 8GB (2 x 4GB) 204-Pin DDR3 SO-DIMM DDR3... OCZ Vertex 3 128GB 
  hide details  
Reply
    
CPUGraphicsRAMHard Drive
Core i5 M 520 NVS 3100M G.SKILL 8GB (2 x 4GB) 204-Pin DDR3 SO-DIMM DDR3... OCZ Vertex 3 128GB 
  hide details  
Reply
post #9 of 32
Sounds like remote desktop has been compromised...this means that SOMEONE IS UP IN YOUR MA. If it were me and my problem I would wipe the PC and set up the Firewall to keep traffic managed. I would not use McAfee but AVG as mentioned.

If you have any sort of purchasing online going on in that rig you might want to contact your CC company and bank. Be sure to change all your passwords after you have wiped and reinstalled and secured your rig.
Shop Dog
(13 items)
 
 
CPUMotherboardGraphicsRAM
E8400 Asus Blitz Formula SE HD3870X2 G Skill 2 x 2GB DDR2 800 
Hard DriveOptical DriveOSMonitor
Velociraptor 150GB LG DVD Burner Vista Ultimate 64 AOC 21.5" LED 1080p 
KeyboardPowerCaseMouse
Deck Legend Silverstone 750 Modular OverClock Edition Lian Li V1100 Logitech Trackball 
Mouse Pad
Nope 
  hide details  
Reply
Shop Dog
(13 items)
 
 
CPUMotherboardGraphicsRAM
E8400 Asus Blitz Formula SE HD3870X2 G Skill 2 x 2GB DDR2 800 
Hard DriveOptical DriveOSMonitor
Velociraptor 150GB LG DVD Burner Vista Ultimate 64 AOC 21.5" LED 1080p 
KeyboardPowerCaseMouse
Deck Legend Silverstone 750 Modular OverClock Edition Lian Li V1100 Logitech Trackball 
Mouse Pad
Nope 
  hide details  
Reply
post #10 of 32
What sort of router do you got?

As always the router has WEP which is insecure.
If I was you if it doesn't support WPA2 go get a router that does support it.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Computer is/or was under super hack!!