Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Had someone hack onto my computer!

Feb 27, 2018 12:46AM PST

So i was watching a Youtube video on my main monitor and suddenly on my 2nd monitor my mouse began to move, opening up my Coinbase then quickly closed it once they seen i wasn't logged in. I then restarted my PC and checked my browsing history to make sure i wasn't seeing things and sure enough Coinbase had been opened. After looking at some forums i went back to my history and where the Coinbase TimeStamp was and it had been deleted, confirming someone was and maybe still is on my computer! This happened after i turned off "Remote Access". All i had on my computer was windows defender and i didn't have any malware or paid virus protection. I downloaded "Malware Bytes" did a scan and it found 6 Threats. I quarantined all 6. I was wondering if i am now safe or should i still be worried? What are my next steps? I re-scanned it once i had restarted my computer and no threats were found.

Post was last edited on February 27, 2018 12:50 AM PST

Discussion is locked

- Collapse -
Clarification Request
Maybe you gave permission
Feb 27, 2018 1:43PM PST

To let the miners into your comp without realizing it ?
The part about your pointer moving and opening up the Coinbase would be scary to see for sure .
It seems like you would have seen this before if it were the miners ?

- Collapse -
Crypto
Feb 27, 2018 3:16PM PST

i'm not as much worried about the Crypto thing as i don't have much invested, i'm more worried that someone has access to my computer and everything on it. i'm assuming the only reason they clicked on my Coinbase bookmark is because it is a easy untraceable way of getting money fast.

- Collapse -
Answer
The thing is.
Feb 27, 2018 10:20AM PST

Mining for coins uses code that is not open to inspection so sure, why not.

In you case, it's time to head to Bleepingcomputer.com and follow their rules about how to post and you'll get another reading on what state your machine is in. Here we primarily use the usual scan tools but there they have another suite of tools.

Do you know what the 6 threats were?

- Collapse -
The virus' that i have quarantined.
Feb 27, 2018 1:40PM PST

Trojan.NetSupport.RAT.Generic, HKU\S-1-5-21-194223072-1564108021-2015141283-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|COWEBKIT, Quarantined

PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_packagetracking.dl.myway.com_0.localstorage, Quarantined

PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_packagetracking.dl.myway.com_0.localstorage-journal, Quarantine

Trojan.Script.Trace, C:\USERS\JONNY\APPDATA\ROAMING\ZER0.BIN, Quarantined

PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_packagetracking.dl.tb.ask.com_0.localstorage, Quarantined

PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_packagetracking.dl.tb.ask.com_0.localstorage-journal, Quarantined

- Collapse -
I'd be worried about that RAT!
Feb 27, 2018 1:49PM PST
- Collapse -
RAT
Feb 27, 2018 3:10PM PST

i downloaded the first ADWcleaner program he had linked and it did not find anything. should i still be worried? did my original scan on malwarebytes kill off everything?

- Collapse -
(NT) Run ALL Of the Tools Listed In That Link
Feb 27, 2018 5:22PM PST
- Collapse -
done
Feb 27, 2018 5:34PM PST

did all the steps and no threats were found do you think i am safe?

- Collapse -
I Would Now Go To BleepingComputer.com...
Feb 28, 2018 7:09PM PST

...and run the tests their folks provide. Although the tools we've suggested will give you a good idea as to your computer's freedom of malware, there is really no way to know for sure. "Safe" is a relative term as the infection somehow was allowed on the computer by you, or someone else using that computer. Safe computing practices require constant monitor and knowledge of the routes infections take.

Hope this helps.

Grif

- Collapse -
RAT.
Feb 27, 2018 1:54PM PST
- Collapse -
So far not one scanner finds all infections.
Feb 27, 2018 3:21PM PST

And if it was a RAT nothing stops them from scheduling a reinstall of the nasty things. No scanner I know of is complete. We have to use many scanners today.

Because you may want a deeper look at this PC go ahead and head to bleepingcomputer.com, read the rules about posting and post about the RAT and ask what else you need to scan with.

Because a RAT could schedule something, are you a heavy Windows user? Would you know what every line in the AUTORUNS report does?

- Collapse -
If you're only prepared...
Feb 27, 2018 3:34PM PST
- Collapse -
links
Feb 27, 2018 3:41PM PST

these 4 steps of links are all safe? after i download all four of those scans you believe i will be safe?

- Collapse -
All safe.
Feb 27, 2018 3:45PM PST

You should run all software in the order given. Grif is a mod and wouldn't post harmful software.
Dafydd.

- Collapse -
safe?
Feb 27, 2018 3:52PM PST

just downloaded all four in order and none of them found any threats now what? am i safe?

- Collapse -
rat
Feb 27, 2018 3:36PM PST

Okay do you recommend i just copy and paste my original post onto the forums on bleepingcomputer.com and go from there? no i am not even familiar with what AUTORUNS is.

- Collapse -
Depends on the amound of work you are prepared to do.
Feb 27, 2018 3:52PM PST

If you were gunshy about the malwaretips apps, you ain't seen nothing yet. The tools that bleepingcomputer moderators use are safe but you always see folk question apps.

Anyhow, you would read their rules and at the very least give up the items found. Especially the RAT.

As to AUTORUNS, it's a Microsoft app. Something I use when I do a deep inspection. But it's a ton of work on some machines. I don't do that for free. Web Speccy reads? Sure, but AUTORUNS is another story.