Over 1 million tech questions and answers.

Gmail accounts hacked via unpatched hole

Q: Gmail accounts hacked via unpatched hole

Exploits allowing hackers to break into Gmail accounts are likely to occur, if they're not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch.Click to expand...

http://windowssecrets.com/comp/090423/

RELEVANCY SCORE 200
Preferred Solution: Gmail accounts hacked via unpatched hole

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Gmail accounts hacked via unpatched hole

Is web mail safe, or is your mail safer when retrieved to your PC ? What is your opinion?

Read other 2 answers
RELEVANCY SCORE 153.6

Exploits allowing hackers to break into Gmail accounts are likely to occur, if they're not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch....Make sure you have a strong password Many PC users select weak passwords that consist of common names or dictionary words, leaving them susceptible to brute-force discovery and configure Gmail to use SSL by default:To benefit from encryption when accessing Gmail, you should configure the service to use SSL by default. To do so, click Settings in the top-right corner of the main Gmail window, select Always use https in the "Browser connection" section at the bottom of the General tab, and click Save Changes.http://windowssecrets.com/comp/090423/

A:Gmail accounts hacked via unpatched hole

Or you can stop using a browser for accessing Gmail and start using Thunderbird for having all your emails delivered to your desktop.

Read other 1 answers
RELEVANCY SCORE 74.8

My gmail account got hacked. Offenders changed my pw, alternate email address, and deleted my contacts. They sent email out to all the contacts saying that I was stranded in the UK without money and asking for contacts to respond to arrange to send $2000.00. Offenders changed settings so that response email would be forwarded to their account. Friends who got these fraudulent emails called and alerted me and I contacted gmail and reset the alternate email address so they could send me a link to reset pw. Upon regaining access I discovered the extent of compromise.
I also rec'd email from facebook that my account with them has been breached. I still have not regained access to that.
I had Norton360 v 3.0 running on my computer the whole time. I have scanned my computer with it then with Norton 360 v 4.0 and with Trend Micro and no virus or malware is detectable. How did my account get hacked?????
 

A:gmail and facebook accounts hacked

Norton is mainly an antivirus product, maybe they include anti-spyware too now, not sure. There are many ways to steal access to your gmail. One of the ways is to install a keylogger on your pc, and steal username and passwords as you type them. But if you have accessed your gmail from another computer, like at university; public library, your friend's PC etc, then it may be that those computers are infected and not yours. Also, it may not be a technical attack. Simply being able to look over your shoulder as you enter the passwords will get you hacked just as easily. Then, there are whats called brute force attacks, where a program simply points to a login page, and tries each combination in sequence till it hits the right one. Gmail may not fall to brute force attacks, but if you use the same password on multiple sites, then there is a chance that they hacked that account first and tried to use the same password on gmail. Then there may have been phishing attempts made at your account and you mistakenly entered your password into a web site that only looks like Gmail. There should be more ways to steal your gmail, but I am not a hacker.

If you are running Trend Micro along with Norton, you might end up with them interferring with each other. You cannot run multiple real-time antivirus products together.

When you reset your Gmail, use a complex passphrase that is easy to remember. Eg. The phrase "Kirk is the rightful captain of the USS Enterprise" can be tr... Read more

Read other 3 answers
RELEVANCY SCORE 71.6

Over the past 3 weeks my battle.net and gmail accounts have been hacked on 2 major occasions. The first time the hacker seemed to always know my passwords after i changed them and i was engaged in a 30 minute battle of change-the-password before the hacker attached an authenticator to my account and locked me out. I then had to contact Blizzard to restore my account. After that i installed AVG and removed 4 infections and thought myself safe but last week i got hacked again when i was out, i didn't leave my pc on so he must have gotten my passwords earlier.I tried running DDS but it just quits and doesn't give me the logs. Tried GMER twice but both times my pc BSOD'd. All i have is a HijackThis log, hope its enough.(PS: PSMAntiKeyLogger was only installed minutes prior to this post as i only just found out about it, it was not running when i got hacked)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:31:15 PM, on 7/13/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.21020)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9 ... Read more

A:Suspect Trojan and/or Keylogger - Battle.net and gmail accounts repeatedly hacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers
RELEVANCY SCORE 70

Almost any cash machine in the world could be illegally accessed and jackpotted with or without the help of malware.
Security researchers at Kaspersky Lab reached this conclusion after investigating real attacks on ATMs and assessments of the machines carried out for several international banks.
The susceptibility of ATMs in particular is due to the widespread use of outdated and insecure software, mistakes in network configuration, and a lack of physical security for critical components of ATMs.
For many years, the biggest threat to the customers and owners of ATMs were skimmers – special devices attached to an ATM in order to steal PINs and data on bank card magstripes. However, as malicious techniques have evolved, ATMs have been exposed to a greater range of dangers.
In 2014, Kaspersky Lab researchers discovered Tyupkin – one of the first widely known examples of malware for ATMs – and in 2015, they uncovered the Carbanak gang, which among other things was capable of jackpotting ATMs through compromised banking infrastructures.
Both examples of attack were possible due to the exploitation of several common weaknesses in ATM technology and in the infrastructure that supports them.
 

Article

A:What do you call an old, unpatched and easily hacked PC? An ATM

Hi John
Just another reason I do not use an ATM or Debit card either.
 
Thanks
Roger

Read other 2 answers
RELEVANCY SCORE 63.6

Thousands of Sites Hacked Via vBulletin Hole - http://krebsonsecurity.com/2013/10/thousands-of-sites-hacked-via-vbulletin-hole/ 35,000 vBulletin Sites Have Already Been Exploited By Week Old Hole
 

Read other answers
RELEVANCY SCORE 54.4

My facebook, youtube and hotmail accounts got hacked. I changed all passwords on another computer. But for some reason my hotmail password keeps changing. So I don't know exactly what is on my computer doing this, but I am fed up with rebooting all the time. Please help.

This is my DDS log and ark.txt and Attach are zipped and attached.
Please tell me whats wrong or if there is anything malicious on my computer.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Kar at 17:46:36.50 on Sat 12/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.942 [GMT -5:00]

AV: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with AntiSpyware *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.e... Read more

Read other answers
RELEVANCY SCORE 54.4

Hi All at Bleepingcomputer

I've been hacked.
Both Facebook and gmail have warned me themselves - FB said a south korean IP gained access and gmail said a US IP gained access.
I've changed passwords everywhere, but they managed to empty my battle.net wow account first for around 100.000 wow gold, sigh.

I think they still have access to my PC and possibly keylogging my new passwords.

I've read the forum introduction and saved a tcpview.txt file and I also got a hijackthis logfile ready.
What do I do now?

A:Hacked PC and accounts please help

You state that both " FB and Gmail have warned me themselves " ... did both send you emails notifiying you that the accounts were hacked or did popups appear with said notification ?To contact Gmail regarding a compromised email account click this - My account has been compromised To contact Facebook, start here - Security: My account has been compromised

Read other 22 answers
RELEVANCY SCORE 54.4

I think someone is logging my keys... 2 accounts of mine were hacked, and password changed. First time using hijackthis, so I'm not sure if I'm missing anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:06 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.ex... Read more

Read other answers
RELEVANCY SCORE 54.4

Hi All,

Thank you, in advance, for your help.

Yesterday I went to sign on to my computer and it would not accpet my XP password. I tried it sevral times and ensured I didnt have caps lock and did have num lock on. I'm not at all a computer beginner. I know I typed it correctly.

I then re-booted and tried again - same problem.

I then shut down and powered off, then booted back up and then the accounts listed had changed to Administrator, and my name. This was different than what I had before - which listed no Admin account. I had changed the Admin account to my name, then had another non-admin account, then an account for my dauighter.

Later I booted into safe mode with network support and was able to sign on as Administrator. I ran CleanUp, AdAware, & Spybot. AdAware turned up only cookies and Spybot had one item whyich said something about a Registry change which would prevent Windows Security center from advising me that the firewall had been turned off.

I tried to run my anti-virus program _ Trend PC-Cillin, but it would start to initialize, then shutdown. I then tried to run several on-line scans (Trend Housecall, Panda, etc), but could not in either Firefox or IE because Java was not turned on or something like that. I was able to run Symantec's scan, which turned up nothing.

I was talking with the IT guy at work this morning and he thinks I might have been hacked.

Any ideas on how to begin to resolve this? Also, how might I determiine if I've... Read more

A:XP Accounts - HAVE I BEEN HACKED?

Read other 6 answers
RELEVANCY SCORE 54.4

I hope I can explain this well enough to get help.
I'm running Vista with all updates and Trend Micro . All are updates and scans are run.

I have a few accounts where I do surveys. They require a log in and password. I have changed passwords and email addresses on the affected accounts. I use a Dell desktop and no one but me is ever near it.

Someone has been going into these survey accounts and doing surveys with bad answers forcing me to be dropped from the groups. Also, where I have earned points they have redeemed them. They never take anything for themselves, they donate them or have something silly sent to me.

I have also has passwords changed on my Yahoo and AOL accounts where the passwords were strong.

A Trend scan shows no problems. I used to use Symantec before I had trend Micro and still had the problem.

I ran the recommended programs and the details follow. I had trouble with GMER. It would run when I clicked on it. When I unchecked the boxes as instructed , and clicked scan nothing happens. It does not scan.

Here is what I have from the runs , please help. I've tried everything I know but this is way out of my league. Seems like someone can go into my accounts no matter the password and act as me.




DDS (Ver_09-01-19.01) - NTFSx86
Run by owner at 13:17:43.18 on Wed 01/28/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3060.1985 [GMT -6:00]

AV: Trend Micro Internet Security... Read more

A:My accounts are being hacked please help

Hello gerys,

I'm not seeing anything in these logs. Let's see if an online scan reveals anything for us.

**Vista users - right click the IE icon and Run as Adminstrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Read other 5 answers
RELEVANCY SCORE 54.4

Hi my laptop recently died, and in the interim I borrowed my fathers laptop so I could keep up with my college assignments. But I have noticed something weird when I try and login to various sites I'm a member of. One of the sites is facebook, and the other is a paid subscription members only weightlifting forum. When I click on the login name boxes for these two sites, before I enter my email a drop-down box appears with my previous login details, but there is also another email that always appears. [email protected]. When I googled this email to try and find out what is happening I found a twitter account with the same email address, and the owner seems to have reported that her twitter has been hacked. https://twitter.com/caT_XXXXX
Cat Grant ‏@caT_XXXXX Dec 30
My twitters been hacked. I'm following and unfollowing things all over the place..think I have to delete it Click to expand...

I wonder if her email has been hacked as well and is being used to try and gain access to my accounts?
 

A:Has someone hacked my accounts?

If you are seeing a email account on the login account drop down, and that is not yours, it just means that that email was also used on your machine to access that site. Most of the times those email addresses used to login to the site are stored as cookies on your machine. Try clearing cookies and see if that email still appears.
 

Read other 3 answers
RELEVANCY SCORE 54

A user in a game room in Yahoo said they were going to delete my girlfriend's account. Within 10 minutes he was able to change her password. I used the password reset on the Yahoo site on a different computer and then changed it. I changed it to an 18 character alpha numeric password. Within 5 minutes, it was changed. The guy doing all of this said he was using a freely available program. He was able to figure out her birthday and security question. Contacting Yahoo has been less than effective. Is there anything I can do?

She also created a different account, but he already changed the password on that one as well.
 

A:Yahoo accounts getting hacked

Were the two computers you used on the same network?
Try this from one of the affected machines:

Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here
 

Read other 1 answers
RELEVANCY SCORE 54

how do people hack facebook accounts ...im talking from a technical level now
and how do they get into the email from there and change the password?
as your email password isnt in your facebook details is it?

if a facebook acc has been hacked, and the gmail / hotmail acc...is there any hope?
 

A:Hacked facebook accounts

Well you aren't going to find a tutorial here!
I can think of two methods of getting a password for any site. The first is to write a piece of malware with a keylogger component to steal your password as you type it or from where it's saved; if that's the main attack then the same botnets that spam through email will probably be responsible for spamming through your Facebook. To stay safe you simply have to keep your computer free from infection.
The second is to use a phishing email which tricks people into going to your own lookalike and handing over the password and username blithely unaware of the trickery. A related approach is to create some other site that requires registration with an email and password; far too many people use the same password on all their online accounts and such a site then owns their email, facebook, etc. To stay safe here a bit of common sense is required. Check that links in emails and on the web go where they say they go, be careful what you sign up with, use different passwords for different accounts, and don't assume that anything was sent by a "nice/smart" person who wouldn't do something like that.
There may be other approaches, but I'm not aware of them.

As to recovering from a hack, most sites have a system in place to get it back.
http://www.ehow.com/how_5807957_fix-hacked-facebook-account.html
I guess if the email was got at the same time you're in a bit more bother, but there will be a s... Read more

Read other 3 answers
RELEVANCY SCORE 54

is it possible to format my pc with windows 7 as i did not receive a boot disc for it, i had to create 3 rescue discs when i started the system from new are these the discs i need to format my pc as i have a hacker attack all my accounts and i am getting a new email address aas well as router and more sercurity into the system i have but do i need to format my pc to rid any info on it as this might give the hacker a second chance.please advise thank you.

A:windows 7 and accounts hacked

Formatting and reinstalling is a good idea if you believe you have been hacked, however, you say you don't have a Reinstall disc. Formatting=Erase, So you would need to install an Operating System after you format. Before you format, try your Rescue discs on another HDD or computer so you know they boot and work and can restore your system

Read other 13 answers
RELEVANCY SCORE 54

TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers have claimed their computers were maliciously accessed by hackers. Hackers are accessing the computers late at night, out of standard USA working hours, and accessing bank accounts using saved browser passwords, or installing forms of ransomware. As of 12 p.m. Wednesday, the TeamViewer website remains offline, with their Twitter being the only form of comment so far from the company.
 

Article

A:Teamviewer Accounts Hacked

Yesterday I was using TeamViewer to remotely access customer's computer when it suddenly stopped working.
 
Reddit is full of complaints. 
 
https://www.reddit.com/r/teamviewer/
 
Check your TeamViewer logs for this file: webbrowserpassview.exe
 
You can find them on this location:
 
C:\Program Files (x86)\TeamViewer
 

 
If you find signs of it, change your passwords immediately.
 
https://www.virustotal.com/en/file/19c95954d7ccc83bcda8f73cd06381a691cbe7d06956e4d77c384b350fefa27a/analysis/
 
 
TeamViewer made an announcement about this several days ago:
 
https://www.teamviewer.com/en/company/press/statement-on-potential-teamviewer-hackers
 
 
If you haven't done it yet, now is the time to activate two factor authentication:
 
https://www.teamviewer.com/en/help/398-what-is-two-factor-authentication-for-your-teamviewer-account

Read other 0 answers
RELEVANCY SCORE 54

Sir/Madam
My emails xxxxxxx, xxxxxxx, xxxxxxxx were all hacked. The hacker can access all my accounts and sends abusive messages to my friends.
I joined a dating site and he is still able to block my friends and changes my pw everytime. Please help me how to have privacy. I created several email accounts hoping that he will not be able to access it but he is still able to get through my accounts.
 

A:Hacked email accounts

For one thing, you should never post your email addresses on a public forum or anywhere else on the Internet as they will be harvested by spammers so I've edited them out.

If you change the password and then this person can change it again then you must have a keylogger or other type of malware installed on your machine that is reading keystrokes.

The only way to be sure to be secure would be to back up your important things like documents, photos, music, etc. and reformat the machine and reload Windows then change all passwords from the clean machine.
 

Read other 1 answers
RELEVANCY SCORE 54

Hello TechGuy people,

We believe we have the same issue with keylogger and potentially other hacking methods but we are in the process of fixing the issue: swapping hard drives. I have been to the public library in order to try to get away from it in order to change passwords, etc. You know, do my computer stuff on a "free and clear" system. I noticed on two different computers that when I log into my Hotmail that a certain set of suspicious foreign IPs establish connection. At this time, I'm not looking to just delete the account. I would like to know if it is possible to have something implanted in my email account (e.g. if I delete all the emails in my account, will the suspected virus be eradicated?). And if it's possible to have something that is activated when I log in so it can gain access to that computer? If these are possible then I could hire a more tech saavy person to log into my email and they can view this foreign IP activity on their system or if they can do investigative work on it. It's important for what we're doing with our computers.

Thanks for reading and for your help!
 

A:Hacked email accounts

Howdy and welcome, ComputerSOS. I've moved your post into it's own thread to avoid confusion.

thanks,

v
 

Read other 2 answers
RELEVANCY SCORE 54

Hello I'm totally new to the forums I'm not sure if i'm posting this in the right section sorry. (advised to come here by blizzard)
 
Here's some information on what has happened;
 
I had a text message from Blizzard stating that a security feature has been added to my battle.net account, which I did not add, I then discovered that my account had been compromised. So I full system restored my computer to factory default settings (Acer aspire 5332). I contacted blizzard and they changed my email for me (after I restored my computer), I specifically created a new email for my battle.net account. Everything seemed good as I could login to my battle.net account. Today I tried to log into the new email that I had created to find that the password had been changed on the new email including my partners email address, which took the whole situation to a new level because my partners email has sensitive and personal information in it. I am also concerned as to what other information this hacker has of mine and my partners. I have no idea why a full system restore to factory default settings has failed but I am determined to get this virus off my computer so here is a list of what I have tried thus far:
 
AVG antivirus- full scan nothing found
Adaware pro - full scan nothing found
Superantispyware- full scan nothing found
Spybot search and destroy- nothing found
Kapersky antivirus - nothing 
 
So on blizzards security support page I come across Combifix, Now I... Read more

A:Help please, Email accounts hacked

who is the provider of your email account? is this webmail, or exchange? Also, do you have a secondary account linked to either of these accounts? have you contacted the security team for the email account provider yet to let them know of this issue? Let me know, and also, I would highly suggest looking into an application called keypass (http://keepass.info/) a great application to keep passwords secure.

Read other 5 answers
RELEVANCY SCORE 54

Alright, a few days ago my PayPal account got hacked into. I am on a brand new computer and I will admit that I have not fully set it up yet. It is completely possible that I somehow got a keylogger.
PayPal is currently investigating the unauthorized activity, and they have already refunding the majority of my lost funds. However, if I do in fact have a keylogger, I want to get it off of my computer.

I am somewhat doubtful that it was a keylogger, because it seems that ONLY my PayPal account has been accessed. Of course I could be wrong, but nothing else was changed, and my online banking account was not accessed (as far as I know).

I admit that my password was not the best password ever, and it could have been guessed fairly easily (It was related to a username that I use on several forums). I deal with a lot of people online through PayPal, so many people would know my PayPal address.

So I am just wondering if you think that this is a keylogger or not. If it is, how can I remove it?
Is it true that keyloggers can be installed as add-ons to programs, so they actually wouldn't show up in processes?

Also, is there any antivirus program, free or paid, that could help me with this? I currently have AVG free and Spybot:S&D, and I also have a 60 day trial of Norton 360, which came with my computer.

For now I am just using an on-screen keyboard to imput important passwords.

A:Possible Keylogger-- Accounts hacked!

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 54

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Turion(tm) II Ultra Dual-Core Mobile M600, AMD64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 3838 Mb
Graphics Card: ATI Mobility Radeon HD 4200 Series, 256 Mb
Hard Drives: C: Total - 464838 MB, Free - 407639 MB;
Motherboard: Gateway , SJV50TR , Rev , LXWGH02014950B6B7E2200
Antivirus: Webroot Internet Security Essentials, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:25:56 PM, on 4/13/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Ac... Read more

Read other answers
RELEVANCY SCORE 54

I have two World of Warcraft accounts. The other night one of them got hacked, and Blizzard has already restored all the stuff I lost. Then today, my other account got hacked, and fortunately Blizzard must have noticed something was up because I got a temporary 24 hour lockout, for my own protection, before anything bad happened.

I need to figure out how the hacker is getting my account information. I use 2 different computers. After the first account got hacked, I scanned the computer I was on and found a trojan, which I removed. But then the other account was hacked today, even after I had removed that trojan and changed the passwords to both accounts.

Somehow they got my new password. I have installed AVG, ZoneAlarm, and HijackThis on both computers, and since getting ZoneAlarm I realized that SpeeditupFree and PCCheckup are bad, bad things. So I got rid of them.. could that have been it? PCCheckup was trying to access the internet from the moment I booted up the computer. But, I've had Speeditupfree installed for months and never had this problem before.

Anyway, I want to post the HijackThis logs from both computers. Please help me ensure that my computers are secure, before the temporary lockout is over and my account becomes vulnerable again.

First computer (the one that I originally found a trojan on):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:10 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6... Read more

A:WoW accounts getting hacked. Please help me stop it.

Can't anybody help me?
 

Read other 1 answers
RELEVANCY SCORE 53.2

I was using my computer when a message started popping up that Windows encountered a critical problem and will restart. After that, I couldn't get the computer to turn on so I ran it in safe mode. Eventually, I was able to scan my computer with Avast and it found Win32:Adware-gen[adw]. I got a blue screen and restarted my computer and went to the log. It deleted the virus, or at least it said it did. Later, my computer still would not turn on, so I did another scan and found NSIS:Bundlore-C. Avast deleted that also after another blue screen. After that, I tried to turn on my computer in normal mode and it would not turn on at all. The computer went to the welcome screen but weird symbols popped up. Now, on my friends laptop, it says I am online on Skype when another computer I was using had been off for a long time. On Minecraft, I tried to play but it said bad login, which usually means that that account is in use. Please help me and let me know if you think my accounts have been hacked and tell me what I should do.

A:Please Help! Infected with Viruses, Accounts Hacked

Hello and welcome to TSF.

I am currently reviewing your post. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification then click Subscribe.

Please be patient with me during this time.
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Right-click and Run as Administrator dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download aswMBR to your desktop.
Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.


Click the image to enlarge it
----------

Read other 19 answers
RELEVANCY SCORE 53.2

Hi this are my logs. My world of warcraft was hacked and i could be because of key logggers!DDS (Ver_09-02-01.01) - NTFSx86 Run by Admin at 17:55:08.95 on Mon 03/09/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2331 [GMT 5.5:30]AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)FW: ESET Personal firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exesvchost.exeC:\WINDOWS\system32\... Read more

A:Keylogger Some program accounts have been hacked!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

some of my friends email and online accounts have been hacked recently, wanted to know if theres anything suspicious in my hijack this log. Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:40 PM, on 2/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users&#... Read more

A:Friends accounts getting hacked, would like to know if im safe

Hello and to BleepingComputer!We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 26 answers
RELEVANCY SCORE 53.2

PLease Help I'm getting hacked

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:36 PM, on 10/20/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Dig... Read more

A:HJT log, PLease help, my email accounts are getting hacked and spammed

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

Read other 1 answers
RELEVANCY SCORE 53.2

so about a month ago my friend sent me a bhop program for csgo EXTREMELY sketchy but my friend has said he was using it for months anyways i got keylogged and within 20 minutes the guy tried logging in to my gmail , facebook , skype , steam etc he only got my old facebook and skype . now i am almost certain i got rid of that one because it was a keylogger instantly i was lagging in my games and the hacker who got my skype was just trying to send the bhop script to everyone on my friends list but the most recent hacker has just completly tried to wipe the fact i ever owned the account and is adding french people and speaking in french very weird shit the guy had atleast 20 convos with people and he was saying shit like "oh im leaving right now to meet at the coffe shop beside *enter street name here* and the person would respond and say oh alright il meet you soon" very weird stuff kinda like i was into someones personal texts. now the french guy got my old facebook account deleted everyone and added a bunch of french people and chatted with them like he did with my skype . they day the facebook happened i really didnt download anything besides gta 5..

TLDR some french guy took my facebook accounts 2-3 weeks ago and TODAY took my skype account but isnt able to highjack me because of 2step
 

Read other answers
RELEVANCY SCORE 52.8

Over the past few weeks I have been having random popups from Core.insightexpressai.com and sometimes other websites.
 
I have tried to remove or check for a virus myself but not matter what i scan with nothing is found. Programs I have tried are:
 
Malwarebytes anti malware
Avg 2015
Hitman Pro
Awdcleaner
rkill
tdsskiller
SUPERAntiSpyware
 
None of them have found anything and I am still having this problem
 
My firefox addon Web of Trust always blocks the sire when it pops up https://www.mywot.com/en/scorecard/secure.insightexpressai.com?utm_source=addon&utm_content=warn-viewsc
 
I've also had prblems with two of my emails being hacked recently (one my main email and one spam email) this resulted in a few gaming related accounts I have being stolen including my steam account with about $200 worth of purchased games included. I noticed i was logged out from the steam client and logged into my email where I saw that a account recovery email had been opened and the password changed to the steam account but the passwprd to the email had not been changed. I quickly changed the pass and got that account changed over to a differnent email. The emails that were hacked have been logged into several parts of the world from china to places in the us. After changing the pass I noticed that the hacker had registerd a phone number and alternative emails to my email account. After about 2 weeks the password has been changed and i no longer have acess to that em... Read more

A:Core.insightexpressai.com popup and accounts hacked

Welcome aboard
 
Which browser is affected?

Read other 16 answers
RELEVANCY SCORE 52.8

I was here a couple months ago with some questions regarding a possible hack into my computer. I completed the steps someone here provided but during the time it took for someone to respond to my HJT log or possibly before I posted it, one of my email accounts and my World of Warcraft account was hacked and stolen and possible credit card info compromised though so far not used. I now have access to neither email nor WoW account but am in the process of recovering them. I believe they had unlimited access to my system during this time though I was assured my system was most likely clean by someone on here. I timed out on the HJT forum post and never had anyone look it over though now its irrelevant I suppose.I have reformatted my harddrive using the recovery partition on my harddrive, reinstalled all windows updates and reinstalled all security apps. SASW, Mbam etc.I have followed the steps given for scanning my drive for malware, including all safemode scans from the previous forum post just to be sure my system is now clean although before my accounts were hacked, these scans turned up nothing pretty much.However, Is it possible that the hacker who was harassing me (changing wallpapers, duplicating and changing file names, stealing/hacking accounts etc) may have accessed the recovery partition on my harddrive and put malware/hacking tools/keyloggers into it so they reloaded when I did the recovery?Basically I am asking, did I finally get rid of this hacker or do I nee... Read more

Read other answers
RELEVANCY SCORE 52.8

Yahoo! mail accounts of some journalists and activists whose work relates to China were compromised in an attack discovered this week, days after Google announced it would move its Chinese-language search services out of China due to censorship concerns. Several journalists in China and Taiwan found they were unable to access their accounts beginning March 25, among them Kathleen McLaughlin, a freelance journalist in Beijing. Her access was restored Wednesday, she told Reuters. "I suspect a lot of information in my Yahoo account was downloaded," the group's spokesman, Dilxat Raxit, told Reuters Wednesday. He said the email account, which was set up in Sweden, has been inaccessible for a month.http://cpj.org/2010/03/journalists-report-...ed-in-china.phphttp://www.pcmag.com/article2/0,2817,2362083,00.asp

Read other answers
RELEVANCY SCORE 52.8

I do house keeping once a week (adaware, malwarebytes, superantispyware and avg) but found this morning that a couple of online games had been hacked so thought I would seek some extra help with a HJT log if someone could have a look thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:39, on 19/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-St... Read more

A:Online gaming accounts hacked HJT included please help

ITs been hacked again they have told me that they suspect a key logger so am worried that bank details etc may be vunarable
 

Read other 2 answers
RELEVANCY SCORE 52.8

Multiple accounts including Emails have been hacked, ran multiple virus/adware programs including Ad-Aware, AVG, and Avast but couldn't find anything.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:54 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd... Read more

Read other answers
RELEVANCY SCORE 52.8

Well I'm definitely no idiot when it comes to computers. I know just about everything about them. I suspect I either have or had a RAT/Keylogger, due to the fact that my forum accounts and my email were hacked. Well, here's my CF log:ComboFix 11-04-14.01 - eXoTiK 04/14/2011 18:51:24.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2943.1717 [GMT -4:00]
Running from: c:\users\eXoTiK\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 23:22 . 2011-04-14 23:22 -------- d-----w- c:\program files\CONEXANT
2011-04-14 23:17 . 2011-04-14 23:17 -------- d-----w- c:\windows\system32\RTCOM
2011-04-14 23:17 . 2011-04-14 23:17 -------- d-----w- c:\program files\Realtek
2011-04-14 23:16 . 2011-04-14 19:13 -------- d-----w- C:\.jagex_cache_32
2011-04-14 23:16 . 2011-04-14 23:16 -------- d-----w- c:\program files\Common Files\Java
2011-04-14 23:16 . 2011-04-14 23:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 ... Read more

A:Hotmail/Forum Accounts Hacked - ComboFix Log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

Here is my Hijack this log. I have tried everything and nothing seems to work. I get constant warning from random Executables running from C:\Recycler\ along with wincap.exe. I get a blue screen error when i try and run safe mode. I tried running DSS, but it would just get killed. Not even sure how that was happening. I have gotten my online accounts hacked, and am fairly sure I have a keylogger. So far I have isntalled AVG and ZoneAlarm and they seem to be containing the virus.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:21:38 PM, on 7/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\... Read more

A:Trojan Hijacker Online Accounts Hacked

I just wanted to update that I turned off all firewalls, anti-virus, spware apps and tried running DSS and still could not. It just dissappears. I also still get a blue screen when I try to run in safe mode to run SDFix.

Read other 3 answers
RELEVANCY SCORE 52.8

Dell Dimension 4400 Desktop, Windows XP Pro
My computer was hacked. All user accounts were deleted as well as the Administrator account.
I saw a post where Shift+F10 did allows me into the command prompt when trying to do a Repair Windows XP.
I got in but found there was no accounts so I could not change password (there is no accounts). When I try to create a new account. The box where I could enter the account name does not accept any entry from keyboard. I know the key board works because I was able to enter command "NUSRMGR.CPL" and gaining access to "User Accounts" in control panel.

Can any one help with gaining back control of my desktop without having to re-install XP Pro and all my software.

Thanks.
 

A:Solved: Computer was hacked. All accounts deleted

Read other 8 answers
RELEVANCY SCORE 52.8

After several years of trouble-free online credit card use, I've had two of my accounts compromised in the past month. Both accounts are for cards I typically use for online payments.

Could it be that I've just had terrible luck this month and that the odds caught up to me, or could I have some kind of virus-type program in my machine that is recording my credit card info when I enter it?

Any thoughts and/or things to check for would be greatly appreciated!

Thanks
 

A:Two credit card accounts hacked into in a month!

Read other 7 answers
RELEVANCY SCORE 52

I was going through topics of how to prevent from being hacked and came to know that a technique called Brute force attack can be used to search for all possible codes even if it is not a dictionary word. I just wanted to know that can anyone's including my e-mail account be hacked by brute force attacks. Is it has to do anything with SSL encryption as Gmail and most of them provides SSL.

Thanks, Please reply with your suggestions to protect against this technique.

A:Can e-mail accounts be hacked using Brute Force Attacks ?

If your user name is known, a brute force attack can get into pretty much anything, it's just a matter of time. Though, most sites have things to prevent that, such as a lockout after X attempts that are wrong.

This is why special characters are good in passwords.

Read other 1 answers
RELEVANCY SCORE 52

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:47:07, on 16/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\AstSrv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe... Read more

A:Computer Hacked - All Accounts Accessed & Passwords Changed

Sorry - just highlighting my lack of computer knowledge by submitting the post without an explanation. Essentially my computer was hacked and I'm really sorry but I don't know the name of the virus/malware etc. I've followed all the steps as per the forum with the exception of intalling the firewall. When the firewall is installed I can't access the internet. My query now is - is my computer clean and safe to use again? So far I've avoided logging onto any site that requires personal information. Thanks in advance for the help PS. My original post is at http://www.bleepingcomputer.com/forums/t/124641/unable-to-log-into-any-accounts-hotmail-facebook-ebayhelp/

Read other 16 answers
RELEVANCY SCORE 52

On Sunday we reported details of how one specific app developer had managed to hack iTunes users accounts and use them to purchase his own apps ? making it to the top of the iTunes charts.As the story has developed, the problem has grown far more serious than initially thought ? not just that one particular developer and his apps - the Apple App store is filled with App Farms being used to steal. iTunes users have reported anywhere between $100-$1400 spent using their accounts.http://thenextweb.com/apple/2010/07/04/appstore-hack-itunes/Please be aware of this and check your accounts. Read the entire article and if any unauthorized activity is found regarding your account, contact your bank/credit card company. Also change your password, whether you have been hacked or not--especially if you have a weak password--and take the other actions recommended in the article.Other links:Original report from TNW AppleThread at MacRumors: ForumsCNET NewsFrom BlackwebEdit: Changed URL of Thread at MacRumors: Forums so that more recent posts will show.

A:iTunes Accounts, App Store Hacked, People Robbed

Reading one of those forum links posted above, it appears as though this has been a problem since AT LEAST 2008.

From what I've read, it would be wise to remove all Credit Card and Debit Card information from iTUNES.

Orange Blossom

Read other 2 answers
RELEVANCY SCORE 52

Recently had a few accounts of mine hacked. I run spybot and AVG pretty religiously and they are not showing anything. My HijackThis log looks kinda strange, a bunch of file missing entries? I just reinstalled windows about a month ago, never had any problems til now. Not entirely sure what's happening..

Here is the log. Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:01:48 PM, on 2/21/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO... Read more

A:Game accounts hacked.. see no spyware or viruses... don't understand!

Read other 16 answers
RELEVANCY SCORE 52

I was trolling thru directories and came across plain text files in the Program Data directory that had account logins and URLs with my user name and passwords in them. 
The files 1, 218930EM, 218390P, 27323, 955942P, and weerrretm.exe did not have read /write permissions enabled, only execute. 
 
I'm really worried now - Is deleting and changing passwords enough or do I need to do something more? Maybe it's to late. 
 
    Directory: C:\ProgramData\218390
 
 
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----         1/9/2016   2:16 PM            388 01-09-2016.txt
-a----        1/10/2016   8:24 PM           6276 01-10-2016.txt
-a----        1/11/2016   7:57 PM           1702 01-11-2016.txt
-a----        1/12/2016   9:19 PM            738 01-12-2016.txt
-a----        1/13/2016   9:04 PM           2942 01-13-2016.txt
-a----        1/14/2016   8:45 PM            457 01-14-2016.txt
-a----        1/15/2016   7:... Read more

A:Have I been hacked? Accounts & passwords found in plain txt files

https://www.reasoncoresecurity.com/weerrretm.exe-ab92592924ebd2b16354629995a0ac4216f5d89b.aspx
My search for "weerrretm.exe" led me to the above URL.  I have no idea whether weWhateverEXE is really a pup or not.

Read other 4 answers
RELEVANCY SCORE 51.6

Hi,

I need help! This started a little while ago, less maliciously, on my other computer. Evenutally I allowed AVG to remove all the threats it found and it completely messed up that computer (as yet undealt with and presently unable to even enable the wireless connection). On this computer (which was networked to the other one), occasionally a Google link would open as a page I hadn't clicked on and I would have some sort of AVG warning or a Yahoo! Error page. Then other sites started coming up (a whole pile of different sites), but I figure they were just bad links. Then, a few days ago, my gmail password was reset and I was temporarily unable to access my account (I had Google help me with it). I didn't consider a trojan or malware or anything, yet (I'm not a techie, and I figured my three protection programs would have caught it). Then the Google links problem started happening much more often and with links I new were good (like nhl.com, bbc.com, etc). At the same time these links started popping up as new windows or sometimes new tabs, even though I wasn't opening them in new windows or tabs. That's when I realized I was infected. I ran scans with AVG Free 11, AdAware, and Spybot S&D, and found nothing. I started searching for solutions online, and found your forum and others. I download HitmanPro 3.5, SUPERAntiSpyware, and Malwarebytes Anti Malware. I ran the first two and found and deleted some tracking cookies. Malwarebytes wouldn'... Read more

A:Infected w/ something that causes popup windows, hacked email and facebook accounts

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

Read other 12 answers
RELEVANCY SCORE 51.6

TeamViewer confirms number of hacked user accounts is ?significant
Investigation continues to show external password breaches are cause, spokesman says.








It was a tough week for TeamViewer, a service that allows computer professionals and consumers to log into their computers from remote locations. For a little more than a month, a growing number of users have reported their accounts were accessed by criminals who used their highly privileged position to drain PayPal and bank accounts. Critics have speculated TeamViewer itself has fell victim to a breach that's making the mass hacks possible.

On Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was "significant," but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.



Read more: http://arstechnica.com/security/2016...-account-hack/

Read other answers
RELEVANCY SCORE 51.6

Hello: I would appreciates everyone's help. Recent computer device is HP 2000 with Windows 8 that came with the package.
As a victim of intense cyber attacks (24/7) in connection to identity theft for over a year now, I have lost more than twenty email accounts, every accounts, and electronic devices destroyed. Despite repeated changes to WiFi IP address, hacker(s) continues to send harassment messages, compromising email accounts, etc.

It appears that malware are being sent discretely via applications, extensions, etc.

Despite of all, that I always use address with https, but to no avail.

I am currently in Central America. I am suspicious to these addresses (below) that appears in yahoo toolbar each time I attempt to access my new email account.
Can someone tell me or analyze these addresses below. Any advice welcome.

https://us-mg6.mail.yahoo.com/neo/launch?.rand=16id1sirnmgvl

https://espanol.yahoo.com/?p=us

https://login.yahoo.com/config/login?.src=fpctx&.intl=e1&.lang=es-US&.done=https://espanol.yahoo.com/
https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com

Thank you so very much for your help.
Somoz3
 

A:Hacked email accounts in connection to victim of identity theft

Changing your ip address would not deter hackers. They install software on your machine and it calls out to them, so no matter what ip address you use, they know the address.

Do you use pirated software? In many cases, spyware/keyloggers/hacker-ware is bundled with programs that you download via torrents and P2P programs. And you won't notice them because the program that you are installing works perfectly, except that it also includes spyware.

To get rid of the hackers, do a fresh re-install of a legit copy of Windows and dump all the programs you obtained through torrents. Try to find freeware or open-source software that does the job, Since you say the hackers always return, it probably is related to software you install. A fresh re-install of Windows ensures that there are no more malicious software hanging around in your system, After installing Windows, immediately go do Windows Update, do not use Internet Explorer while you are doing the updates, because it would be lacking important security patches until Windows Update completes. Be mindful that you have to repeatedly click on Check for Updates after each round of installation until it says there are no more updates, because MS install updates in batches, and there may be more updates to follow.

Next, go get the most up-to-date version of programs that you use. ( Like FireFox browser, Adobe Reader and Adobe Flash ) In most cases, the updated version fixes security flaws as well as add new features. Attackers... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

The hack was enabled by the infamous LinkedIn hack in 2012. In one message, shared online, the OurMine team claimed to have found the Facebook founder's password in that dump, which was 'dadada'.
 

Article

A:Mark Zuckerberg's LinkedIn, Pinterest and Twitter accounts hacked

Wow that does not really surprise me that people still use those weak passwords....

Read other 1 answers
RELEVANCY SCORE 50.4

Good evening brilliant comp minds!! thank you in advance for your expertise...should you have any cooking or massage questions I will be happy to return the favor!I ran Avast and got a win32.conflicker problem and a backdoor.tidserv trojanWhat do I do???Computer slow and frezing, passwords stolen, Outlook virus because it keeps shutting down.I work from home so today was a total loss, need to work tomorrow...help appreciated!EDIT: added ComboFix log from AII topic ~~boopmeComboFix 10-03-24.02 - HP_Administrator 03/24/2010 21:11:16.2.2 - x86Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exeAV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 ))))))))))))))))))))))))))))))).2010-03-24 16:14 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys2010-03-24 16:14 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2010-03-24 16:14 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys2010-03-24 16:14 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys2010-03-24 16:14 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys2010-03-24 16:14 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\... Read more

A:hijackthis-computer freezing/slow,accounts hacked,microsoft outlook keeps shutting down

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers