Am I being hacked? Do I have a keylogger?
I accidentally accepted a contact request from a person with the username playful.fresh7, he didn't send ANY links, he just wanted contact information. I removed him immediately and proceeded into a call with my friends. As the call progresses two strange things happened. 1: A bunch of internet explorer windows opened up, I closed them all immediately with task manger. 2: My screen resolution unexpectedly went down. I turned it back up as soon as it happened. Then my friend in the call had a bunch of file explorer windows open up. My one friend in the call was entirely unaffected, I would believe it was him but I would need evidence it couldn't have been anything else. I blocked all communications from the strange account. I updated AVG 2014 and ran a whole computer scan, it removed a piece of trojan. Then I did the same with Malwarebytes Anti Malware and it also removed trojan. I then tried Adwcleaner and CCleaner and both of them didn't turn up anything of note. Nothing has happened recently. This happened to me around 11 P.M. EDT on July 23, 2014 and while nothing has happened, I still feel unsafe. I consulted a friend skilled in this subject and he told me not to stress over it and that its probably nothing since AVG and Malwarebytes both removed a trojan. Recently I've done tests with signing into an account, signing out of it, coming back in a few hours and seeing if anything changed or I didn't have access. Nothing has happened so far but I want reassurance.
EDIT: This is a laptop and its shared, hardware change isn't really an option. Again, he sent no link. He just wanted to be my contact. Any ideas on why it might have happened to my friend?
15 Comments • Newest first
@BobR: Well I thought it was worth a try anyway. The anti-virus/malware scans found: 2 Trojan Horse Ransomer.dbb, 2 more minor viruses, and some adware.
Edit: AVG Found: Adware InstallCore.LA
Adware Generic5.AOJI
Trojan horse Ransomer.DBB (x2)
Found MALSign.Generic.EEB (x2)
MBAM Found: PUP.Optional.OpenCandy
I removed all of them, and submitted them for analysis as well.
[quote=xipwnux99]@BobR: I watched a video to check, I don't know if its reliable, can you check it? I'll post the link
https://www.youtube.com/watch?v=ZrFeiEmhwJg[/quote]
Umm... no. Just run the anti-virus/malware scanners. They'll find anything like this stuff and do it a lot quicker and more thoroughly.
@BobR: I watched a video to check, I don't know if its reliable, can you check it? I'll post the link
https://www.youtube.com/watch?v=ZrFeiEmhwJg
[quote=mitarumetaro]I think System Restores might be useful in the case of like system hijacks, because it can revert your system to a state from which you have a greater capacity to actually deal with the virus.[/quote]
That might be true in cases where something like a home page has been changed by some method other than locally resident malware (actually on the computer).
A System Restore would change the settings back to your original home page.
But if there's actual malware on the computer, the malware will remain on the hard drive, either still active (meaning it will simply change the home page back to the hijacked setting when you start the computer), or possibly disabled but waiting in the background to be triggered again.
The only effective way to combat resident malware is to remove it with the appropriate tools, or reformat the hard drive.
[quote=BobR]System Restore does NOTHING to help with viruses.
All it does is perform a "rollback" to the date the restore point was made, it doesn't REMOVE anything. Anything evil that was there before is STILL on your computer.
System Restore should NEVER be used when dealing with malware.
(Incidentally, CCleaner does nothing to help with viruses either, but at least it's not harmful.)
Your friend is probably right, you shouldn't stress over it. Unless you're being targeted by the NSA or the Chinese Cyberwarfare Command, you're probably OK.
You essentially have two choices-
1- Use your regular anti-virus/malware software and don't stress over it.
2- Reformat the hard drive (which will erase anything on the drive including viruses) and reinstall everything when anything suspicious happens.[/quote]
I think System Restores might be useful in the case of like system hijacks, because it can revert your system to a state from which you have a greater capacity to actually deal with the virus.
#ImNotAnExpertThough
[quote=xipwnux99]So I used a system restore point, but not factory defaulted. Is this ok? Will this have fixed any possibility?[/quote]
System Restore does NOTHING to help with viruses.
All it does is perform a "rollback" to the date the restore point was made, it doesn't REMOVE anything. Anything evil that was there before is STILL on your computer.
System Restore should NEVER be used when dealing with malware.
(Incidentally, CCleaner does nothing to help with viruses either, but at least it's not harmful.)
Your friend is probably right, you shouldn't stress over it. Unless you're being targeted by the NSA or the Chinese Cyberwarfare Command, you're probably OK.
You essentially have two choices-
1- Use your regular anti-virus/malware software and don't stress over it.
2- Reformat the hard drive (which will erase anything on the drive including viruses) and reinstall everything when anything suspicious happens.
@LuckyNinja: Yeah I'll keep that in mind, running scans right now.
[quote=xipwnux99]So I used a system restore point, but not factory defaulted. Is this ok? Will this have fixed any possibility?[/quote]
idk, try doing more scans to be sure
[quote=xipwnux99]So I used a system restore point, but not factory defaulted. Is this ok? Will this have fixed any possibility?[/quote]
Just continue to do whatever you were doing (except talking to sketchy people) for now. I recommend backing up any valuable information on your computer. If anything like this happens again, you won't lose anything and can go straight to resetting to factory settings.
So I used a system restore point, but not factory defaulted. Is this ok? Will this have fixed any possibility?
Worse case scenario: Move any important documents into USB (By important, I mean essays, powerpoints, and etc. Not any that can be downloaded again or anything risky.)
After do a factory reset, because I doubt you have anything that important on your computer.
Person probably sent you a virus...
I suggest disconnecting your internet and backup all your important files then wipe your hard drive clean or get a new one.
[quote=demonicrack]Worst comes to Worst, you can do a factory reset or reset to a safe point[/quote]
This is what I was thinking. But the solutions to finding something suspicious haven't turned anything up, but I didn't go TOO far in depth with my investigations. I shouldn't have to go that far, but if I need to, I have a restore point from last month. Of course I don't want to do this. It would take some time and maybe even lose some data.
Worst comes to Worst, you can do a factory reset or reset to a safe point
you might have been RATed but there are sites that give you more in depth info concerning that so you should definitely google a bit. its easy to clean usually but if anything you can easily TV with a technician and have them remove it for you