Spyware, Viruses, & Security forum

General discussion

Computer Hacked - Seeking Advice

by amarie13 / April 2, 2011 7:46 AM PDT

Hello cnet members,

I am posting in the hopes of getting some feedback about how to proceed after having discovered that my laptop has somehow been broken into. Basically - this morning i went to log into my amazon account (the sign in page had still been on the screen as i had left the computer on over night ) and saw that a weird e-mail address i'd never seen before was already in the e-mail address field. This sent up red flags (and i still don't understand why/how this is possible) - but i thought i would try to login - however, after getting error messages i promptly called amazon. They told me they could not find an account associated with the e-mail address that i'd always had attached to my amazon account, and when i told them about the weird e-mail address that appeared on the page and gave them that information - they did indeed say that it was this weird e-mail that i'd never seen before that was now associated with my account (apparently my account info came up just from my calling them as that which is associated with the number i called from).

My level of freaking out ratcheted up upon learning that a $1400 charge had been made to the account this morning - of course, one that i had not authorized. Fortunately it seems as though the hackers had only hacked into my amazon account and had not secured my credit card information (as they had initially had the purchase set to send to my verified address [instead of adding their own from the get-go which would have required supplying full credit card info], and only afterwards sent an e-mail to the vendor requesting that the product be sent to a different/foreign address, supposedly because it was a gift]. I believe everything is now fortunately squared away with amazon and my credit card company -- but i have yet to turn my computer back on, not knowing exactly how my information was stolen and for fear of potentially allowing any further damage to be done. I'm not very computer saavy, so i don't quite understand how this happened and what precautions i need to take now with using this computer (the customer service rep from amazon was at first thoroughly convinced that someone had to have had access to MY computer until i assured him that no one besides me had even been in the household when this fraudulent purchase was made).

Basically, now i would just like to know if/how i can safely use my laptop again (can i even assume that the flashdrives that were plugged into it are safe to use?), if/how i can safely use the wireless internet on it, and what steps i need to take to prevent this from happening again . . . My gracious thanks to anyone who has read through my ramble here - i'm still quite frazzled and wasn't sure what all information to include, so i know i've gone on a bit -- But i would be quite grateful for any advice.

Many Thanks.

Discussion is locked
You are posting a reply to: Computer Hacked - Seeking Advice
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Computer Hacked - Seeking Advice
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
To marie13
by mchainmchain / April 3, 2011 6:29 PM PDT

Some information about your computer would be helpful.

For example, please state what operating system your laptop has, if you have an anti-virus, name and brand, a firewall, name and brand, a real-time anti-spyware program, name and brand. Please let me know whether you have a security suite, that protects your private confidential information and data, installed.

Without going into specifics here, it looks as if you may have been using a wireless connection, and left that running overnight. There have been many reports of drive-by hacking from nosy neighbors, and there have been reports of unscrupulous people who drive around the neighborhood in their cars, their computers in the passenger seat, scanning for weak or unencrypted wireless connections to hack into.

If you do not have the basic security protection I spoke of installed, it is not necessary for a person to drive around in a car to find you and your computer. They would come in through your Internet connection.

Working with as little information as I have about your system specifications, and how you actually connect to the Internet, I cannot say what is the best and most prudent course of action.

You should use a second computer to communicate and reply to your thread, one that you know is clean and free of any possible malware or infection.

Be sure to read the notice posted below by CNET, just below the message body you are posting, to ensure you do not post something here you should not. A word of warning: Anything posted in any forum anywhere is posted publicly, for anyone on the Internet to see and view. Once posted, it cannot be removed.

Best practices, would, among other things, include turning off your computer (the one that is now breached) when not in use, as well as any other computer you may use.

This is not exactly the help you are seeking but it is a start.

Fourteen years experience in IT field.

mchainmchain

Collapse -
thank you for your reply.
by amarie13 / April 4, 2011 7:36 AM PDT
In reply to: To marie13

hi mchainmchain,

thank you for your reply.
i am sorry i left out a lot of relevant information - this was not intentional, i am just a bit technologically ignorant & was frazzled enough to not have read the "please read before posting" (sorry).

my laptop is a Compaq Presario V5000, runs on Windows XP and has avast! antivirus installed. however, i have since (above issue) also downloaded spybot search & destroy which seems to have found problems that avast! had not, and i have also downloaded adaware and ccleaner.
these are all the security related programs i have downloaded and have knowledge of being on my laptop (my apologies, but i am unsure as to the name/brand of a firewall or if my laptop has a security suite -- but i would be happy to provide this info. if you could tell me the way i can check this)

Yes - the laptop does use a wireless connection, and yes, was left running overnight. I would be grateful for any additional thoughts or advice you may have -- please let me know if i can furnish any other information that would be of help.

p.s. You mentioned being careful with what i post -- as Carol mentioned, i have posted logs as obtained from a DDS program on another site - Now i am wondering if this was smart - Can you advise as to whether this was okay or perhaps could be inviting further, unintentional risk?

p.s.s. The tech person at work has suggested resetting my laptop to factory settings & has offered to install Norton AntiVirus -- i seem to recall not hearing the best things about Norton - Do you have an AntiVirus you would recommend?

(Also - if you have the time & patience to explain this to me [won't be offended if not], i am also wondering about the 1st warning sign i'd encountered that something was amiss -- that when i went to the amazon sign-in site and clicked in the box to enter my e-mail, an e-mail address popped up (as it usually does automatically with my own address showing) except this time, it was not my e-mail address or one i'd ever even seen before (and of course, after not being able to log in with my own & calling amazon, turns out my amazon account had been changed to be associated with that weird e-mail to make the fraudulent purchase [and it was very hard to convince the amazon rep. that no one else had access to my laptop that morning to have made the change!])

A million thanks once again for your sharing with me your time, patience, and expertise.

Collapse -
Response to amarie13
by mchainmchain / April 4, 2011 4:29 PM PDT

I have been at work most of the day, sorry I did not get back to you sooner.

Thank you for providing the above information. As I cannot see your laptop in person I will rely on asking the right and appropriate questions to guide you along.

You have windows XP and avast! anti-virus installed. What version of XP? Is it XP Home Edition, or XP Professional? Is XP Professional 32-bit or 64 bit?

To check the version of XP installed, go to start, then go to the run box just above and to the right and click that. Enter "winver" (without the quotes) and click enter on your keyboard. A dialog box will pop up with information about your operating system. Please include in your next post what it says exactly. However, there is information regarding your Product Installation Key; do not publish that number. (It is in the format of xxx-xxxx-xxxx-xxxx-xxxx). You can also get most of the same information by right-clicking My Computer icon and selecting Properties in the drop-down box. There you will find the Service Pack (SP) version as well as the amount of memory in your system. It is not necessary to post the amount of memory here, I just need to know the version of XP.

Like Carol, I am glad you got your amazon account straightened out.

Resetting your computer back to factory settings will mean you could lose all the files that are important to you, depending on how it is done. One way of doing this is by accessing a hidden backup partition on your C: drive that your Compaq manufacturer may have placed there for such a situation as this. Without seeing your computer I cannot know if that is what I would find. Another way of restoring your computer to factory specifications is to use the restore disks (if you have them) that may or may not have come with your laptop. Either way, your computer will be set back in time to where it was when you first bought it.

The good part of this is that if say, you do have a trojan installed by the hacker, it will be gone for good if you choose to take this action.

The bad part is that you will lose your personal files. Since the computer in question will be rolled back, it will necessary to go through all the Microsoft updates, reinstall Service Pack 3 (SP3) from Microsoft, re-validate your system (I am assuming you have a genuine copy of XP), and re-install all of the programs you are currently running on your computer.

So, use a flash drive to back up your personal data before you take this step. That way, you can choose to restore that information to your restored computer if you wish.

At this point I cannot know if you do, indeed, have a trojan on your computer. It is quite possible that amazon.com was hacked into and that your computer is unscathed. Word in the news and the Internet is that web sites such as USBank, etc., have been hacked into, and some online customers have had their email addresses stolen.

EDIT: Before you install and run the program below, take a moment to back up your data. I cannot stress this enough.

To address the possibility of a trojan running on your computer, you should go to Malwarebytes.com, copy and paste http://www.malwarebytes.org into your address bar after opening a new tab, hit enter, and get a copy of their free antispyware program with that name. Use a second computer to do this if you cannot access this site from your own personal computer.

If you do not know what a trojan is, it is software designed (in most cases) to steal your personal data without your knowledge or permission. Sometimes it is installed via a link that you click in an email you receive, sometimes it is installed by what is called a "drive-by" attack at a site via a link you click on within a known good reputable site you trust. In all cases, there will always be a change to the way your computer behaves. Symptoms such as your computer running more slowly, some programs freezing or crashing, loss of Internet access through your browser, certain known good security web sites not accessible anymore, computer rebooting by itself, blue screens, etc,.

You will need to run this file on your computer. If it was necessary to use a second computer to get this file, you will need to transfer this file to your first computer using a flash drive. Copy and paste this file into your Downloads folder and double-click it to install. Click agree when asked to do so. It will then ask to update the program (an Internet connection is necessary for this) and let it complete the update. Do not make any changes to the built-in settings within Malwarebytes, but select full scan and let it run. On a XP system, this will take some time, one or two hours is normal. Do not close the program after installing. Make the choice to run it immediately after installation and updating is completed. If Malwarebytes does indeed find some files that are infected, choose to clean and quarantine these files. A dialog box will present itself at the end of the scan, and you will see these choices made available to you within that box. Quarantining these files will allow you to restore these files if you believe they are not infected. Do not use the computer for any other purpose (surfing, etc.) until the scan finishes and you know your computer is clean.

If you cannot run this file on your computer, chances are that your computer is indeed infected. Please let me know if this is the case. I will assist you in a way that will enable your computer to run this file. My answer will depend on what you say occurred. You may need to uninstall Spybot Search and Destroy if there is a conflict between it and Malwarebytes. As Spybot is a real-time antispyware program, it does fit the bill as to what you need to protect yourself. Real-time protection means that the moment a trojan or worm attempts to install itself, Spybot will halt the install and ask you what to do. The free version of Malwarebytes does not have real-time protection, but the paid version does.

Because Spybot has real-time protection and Malwarebytes free does not, I do not see a problem with a conflict between the two under normal circumstances. You should also know that antispyware programs differ in what they look for and consider malware. Running more than one antispyware program on your computer is recommended, but run only one antispyware program that is real-time enabled.

So, in this vein, I would suggest downloading and installing SUPERAntispyware Free. As before, the free version does not have real-time scanning enabled. Please pay attention to the way the file name is spelled, as rogue (malicious) programs with the same name are easily downloaded and installed by mistake (sigh). Always confirm the website is the one you want by looking in the address bar of your browser, and that there are no mis-spellings of the file name. To make it easier for you, copy and paste http://www.SUPERAntispyware.com into a new tab within your browser. SUPERAntispyare may find additional malware on your computer and will present a choice to quarantine, clean or repair these files. As before, run a full scan of your system. Again, this will take some time.

To find out what type and version of firewall you have installed, go to Control Panel and open that. Double-click Security Center and it should show avast! as your anti-virus, and either Windows firewall or a third-party firewall will be listed. It will also list your Windows Update settings as well. Let me know what you find here.

Lastly, what type of wireless connection do you have? To check this, run your wireless as you normally do, and go to Control Panel and double-click the Network Connections icon. Go to http://compnetworking.about.com/od/windowsxpnetworking/a/automaticwifixp.htm (copy and paste as before, albeit with a new tab again) and follow the instructions there exactly to glean the information I need to help you with your wireless connection. I need to know what is said in the Properties window. I suspect you may be running an older wireless format known as WEP, a totally insecure and outdated method of connecting to the Internet. I should be able to help you upgrade your wireless connection to a safer and much more secure network connection than you may now have.

Bear in mind that all suggestions and recommendations I have made so far are for free programs. I have more in mind when we get to the point where your system is clean of infection (if that is indeed the case) and I know you have a secure wireless connection.

I hope this helps.

Much work needs to be done by you; just follow the suggestions above and do not make any major changes to your system without letting me know first. I do not mean to say here that you should not run the above security programs and repair; you should, but do not install other programs not relevant to the task of what we are trying to do together here.

For example, do not install and run another anti-virus program thinking two is better than one. Unlike anti-spyware programs, running two anti-virus programs together on the same machine is a certain recipe for total catastrophic disaster, if not immediately, then sooner rather than later.

Let me know how it goes.

mchainmchain

Collapse -
thanks for all your help
by amarie13 / April 6, 2011 2:54 PM PDT
In reply to: Response to amarie13

sorry for the delay --
i had been debating, but finally decided to restore factory settings in order to ensure eradicating whatever caused the problem. given my luck with computers, i figured the hassle of backing everything up, reinstalling & updating would likely be an easier/safer bet than the other routes you described.

i wanted to thank you, though, for the time & effort you've given to help me out. i hope you do not feel your last detailed posting a waste of time - it provided me a realistic view of what my options would entail & your thoroughness helped me feel confident in making an informed decision.

it is a great sigh of relief to have made this decision & be able to move on (i.e., to get back to the thesis i have due in what will seem a few short months!)
thank you kindly for all your help

Collapse -
Re: Thanks for all your help
by mchainmchain / April 7, 2011 6:33 PM PDT

amarie13,

Glad to help you make your best decision.

Best practices means just that.

One of the most important decisions you can make is in the type and security level of your wireless connection. You should want to have an encrypted connection with a strong password. To avoid a potential situation such as the one you encountered recently, I suggest disconnecting your computer from the Internet when not using it online.

There are several free security programs out there, all of them are free, with the option of upgrading to a paid version if you would like.

You are already using one, avast! Home Edition Free. This program does provide basic protection when online. For example, I just recently clicked on a known good website to view a picture and was notified by avast! that their real-time Web scanner intercepted a trojan and prevented it from running on my computer. The picture never downloaded. Saved by the bell, so to speak.

As far as anti-spyware programs go, Malwarebytes Free is excellent, as is SUPERAntispyware Free. Downloading daily definition updates and running daily quick scans should be enough to keep your system clean. Windows Defender works here as well, as it does provide real-time protection without slowing your system down. Both Malwarebytes and SUPERAntispyware free are not real-time by default.

Sandboxie (the latest version is 3.54) is free as well. I use it when I run my browser to surf and communicate on the net. What it does is it isolates the browser you use (works on both IE8 and Firefox) from the rest of your system. It establishes a virtual sandbox from within your OS, and any nasty files that enter are kept within this box. Deleting this box (how this is done is explained by Sandboxie) dumps and erases these files when the box is closed. Your system will remain cleaner and will have significantly less dross in your temporary files over time.

A good firewall that is free is COMODO Internet Security. Be sure to install it with the default settings, and only as a firewall, (you want the free basic protection), do not muck about with it too much, and it will notify you in real-time when a file that is untrusted attempts to enter your system. Best practices here would say if you do know the file or process in question to select deny at the time, and check out what the file or process is by googling it without ticking remember my answer when clicking deny.

You will need to turn Windows Firewall off before you reboot your computer when asked to by COMODO. EDIT: avast! and COMODO may conflict with each other to some degree and slow your computer down a bit. A way to rectify that issue is to enter both COMODO and avast and mark both programs as trusted, i.e., COMODO cfp.exe is trusted in avast! and defense + is trusted in avast! avast! needs to be trusted by COMODO as well. Once you figure out how to do that (go to COMODO website and look for this type of issue and read threads posted relating to this) your computer will run faster.

Norton Antivirus is good as well.

Finally, invest a bit of money in a backup program such as Norton Ghost. Get the latest version (I have version 15) and it will save you an immense amount of time in restoring your computer to a time when there were no issues for you. You will need an USB drive (I use a USB drive enclosure, not a flash drive) to back your saved .gho files so you can restore them later, if need be. Be sure to set up the drive in NTFS format, not FAT32, if access to the drive by Windows 98 and ME is not important to you. It should be at least 100 gigabytes in size, as each independent point created will take up at least 9 GB. It is a time-saver for times such as a Microsoft Update file causes problems with your computer going into a blue-screen crash, for example, and you just rebooted as requested. Password protect these .gho files when you create them as well. How often you backup depends on your needs and time available, but once a week should be sufficient.

Restoring a backup takes only minutes. Compare that to the time and effort you will have to invest in updating your system to where you want and need it to be now.

It takes me only ten minutes to restore my system when I need to. Just be sure to back up files that you want to keep before restoring with Ghost as these more recent files are not backed up by your most recent .gho file.

A word of caution: CCCleaner is an excellent program when used sparingly and judiciously, but is very capable of deleting a removing a necessary system file. So, use it with caution, and with the least amount of cleaning necessary.

Not a waste of time here at all for me. Learning something new is never a waste of time.

Fourteen years in IT field

mchainmchain

Collapse -
hopefully back on track!
by amarie13 / April 10, 2011 5:29 AM PDT

Thanks for the further helpful advice.

I found out at work that b/c i am a student, i am eligible for a free copy of Norton Antivirus -- After i restored/reset my system i left it with the tech person at work to install Norton & Word 2007-- I see a program called Symantec Endpoint Protection Version 11, which i guess must be what was meant by Norton . . .

Anyhow , given this, i am assuming this would replace my avast! ?
And, if i have understood correctly, that also adding Malwarebytes and COMODO would provide a more appropriately comprehensive network of security?

(Also Sandboxie, or is this just an alternate for Malwarebytes?
You mentioned CCleaner of benefit sparingly - Would you recommend my re-downloading that and/or the Ad-Aware or Spybot Search & Destroy programs i'd previously used?)

Thanks again
(and will definitely keep in mind something like Norton Ghost - sounds like an investment worth saving for)

Collapse -
Re: hopefully back on track!
by mchainmchain / April 10, 2011 10:10 AM PDT

amarie13,

Glad to hear your computer is restored for now. Restoring a computer in this way does take a lot of time and effort, as you may have found out.

Yes, Symantec Endpoint replaces your avast! If you ever have a problem updating your anti-virus definitions for this program, go here: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce and find and save this file for your XP system to your download folder. Double-click this file to update Symantec Endpoint.

You cannot run both avast! and Symantec Endpoint on your system at the same time. Doing so will cause your system to lock up at boot time and you will not be able to access your files. This is because both avast! and Symantec will both be scanning your files at the same time on boot, and will lock (battle) when accessing and reading the same file at the same time.

COMODO Internet Security will download as a starter file, and will get the remainder of the program when it is run. An optional install to watch for is for the Ask Toolbar, just untick that option during install if you do not want it to install in your default browser. Because COMODO is not installed during download, you must have your Windows Firewall up and running to protect your system while you are downloading this. Just be sure to select the free version of the basic COMODO firewall during install, as the complete file for COMODO Internet Security (including the trial/paid version) is downloaded as well. Be sure to turn off Windows Firewall before you reboot to finalize installation of COMODO firewall. Disconnect your computer from the Internet before rebooting, and do not re-connect until you see COMODO installed and running properly on your desktop.

Running COMODO and Symantec should not require any adjustments or fiddling with your settings as you would with avast! and COMODO.

To get the COMODO file, go here: http://www.comodo.com/home/internet-security/firewall.php and download this file.

Yes, both Malwarbytes and COMODO will provide the security protection you need. As Malwarebytes Free does not install with the real-time protection you need to protect yourself from spyware, you will need the paid version to get this feature.

To clarify, all computer programs are designed to run and do specific things on your computer, legitimate or otherwise. For example, Symantec Endpoint does anti-virus, and scans for viruses, Malwarebytes scans for malicious programs, spyware, and adware, COMODO provides for a two-way firewall protection in your case, and Sandboxie creates a virtual environment for any program with Internet access, thus protecting your real-environment operating system.

To read and see what Sandboxie is and what it does, go here: http://www.sandboxie.com/

For real-time antispyware protection that is free, use Windows Defender, Spybot, or something I am trying out, PCTools Threatfire. The last one is for temporary try-out for me, and I am having some problems with it at the moment.

As with the antivirus, you cannot run two real-time enabled antispyware programs at the same time, for the same reasons stated above with the anti-virus programs. One of them has to have real-time scanning disabled.

CCCleaner is not a program to be used by newbies or novices. Ad-Aware is very limited in effectiveness as a free program, Spybot and Windows Defender are better for your needs in what they do, and they are both free.

You are welcome, BTW. Hope this helps.

Fourteen years IT experience

mchainmchain

Collapse -
Re: Computer Hacked - Seeking Advice
by Carol~ Forum moderator / April 3, 2011 10:36 PM PDT

amarie..

I'm glad to hear you were able to get things squared away with Amazon and your credit card company. A saving grace!

I see you included a log, at one of the other two forums you posted at. It was wise to follow their original advice. I would continue to follow up with that one forum. (Posting logs at 2 forums is frowned upon) If necessary, they make use of certain diagnostic and removal tools, we (generally) don't utilize here. It may take a day or two for them to get back to you, but it's well worth the wait.

I wish you the VERY BEST of luck..
Carol

Collapse -
My apologies
by amarie13 / April 4, 2011 2:04 AM PDT

Thank you both for your responses.

Carol - i apologize for any disrespect i may have shown in posting at multiple sites, i didn't realize this was frowned upon (thank you for letting me know). Given this, can i either delete this post or have it deleted for me?

Thanks.

Collapse -
NO need to apologize. You did nothing wrong.
by Carol~ Forum moderator / April 4, 2011 2:47 AM PDT
In reply to: My apologies

I saw your other (similar) post at the other forum, prior to seeing what you wrote here. As already noted, I was only referring to posting duplicate logs, at two different forums.

You only posted the log at the one forum. There's absolutely nothing wrong with that. The reason I mentioned it, was because one of the forums hadn't yet responded to your post. I only wanted to let you know (in advance) in case you thought to post logs at both forums. I should have made myself clearer.

Please know, as far as I'm concerned, you have the right to post where ever you wish. Again. I was ONLY referring to posting the logs.

Furthered good luck..
Carol

Collapse -
thanks.
by amarie13 / April 4, 2011 7:09 AM PDT

thanks.

Collapse -
Hacked Computer
by jclassboat / April 8, 2011 12:55 AM PDT

I had my yahoo email account hijacked and friends were getting attachments from my email that I did not send.
I realized it when I started getting failure notices on bogus email delivery.

I downloaded Advanced System Care from Iobit/Cnet and started running their diagnostics and used their fixes.
I also immediately changed the password on my email account. I ran the Microsoft Security programs, antivirus, malware removers and a few other Anti type programs. This seemed to have foiled the Hack.

A more extreme measure would be to back up critical programs/documents and then reformat the hard drive and start all over.

After running all the above programs/utilities my computer runs faster. You would do well to change ALL of your passwords and download "Last Pass" or "RoboForm" to make password management more secure.

Collapse -
Hacked computer
by mchainmchain / April 10, 2011 10:36 AM PDT
In reply to: Hacked Computer

Enclosed find the body of an email I sent earlier today referring to an email I found in my spam folder. I sent it to a friend, and also thought you might find it pertinent for you in your case.

BTW, if you get an email purporting to state that your 'mail account will be closed in three days', do not open the attached document, as this is probably a worm, Trojan, or worse.

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.