I am being hacked help

February 4, 2011 at 05:38:53
Specs: Windows 7
i think im being hacked and i dont know how. there are some really old logs of msn and pictures of mine (that i dont even have or remenber, they have5 years or more) being send to another person. They have acess to to my msn, they sent print screens of my contact list. how is this possible? how can i know and protect myself?

Thank you


See More: I am being hacked help

Report •


#1
February 4, 2011 at 06:59:35
Did you change your password?

How do you know when a politician is lying? His mouth is moving.


Report •

#2
February 4, 2011 at 10:07:40
in the moment that happened i change my password in everything. how is this possible? stuff for 5 years ago i dont even have. how can i caugh them?

Report •

#3
February 4, 2011 at 10:23:28
Dude if I was you I would wipe my computer and do a complete system reinstall. It sounds like some one has a BOT installed on your computer.

Look at the screen shot, is it your desktop or someoneelse's?

If it is a root kit then it will be very hard to get rid of. If it is a key-logger then I would reset all passwords I have ever used on that system after I reinstalled it.

You can look at all of the running programs under your tasklist and check on line to see what they are and if you find the BOT Google instructions for removing it. If it is a root kit however it will not show up in your tasklist because it is imbeded in your explorer.exe. If this is the case then you have to turn of the automatic system file restores and do a repair install of your OS. To get your running tasks go to your Command Prompt and run the following command..

tasklist > mytask.txt

This will make a MYTASK.TXT in your My Documents. Open and Google every program to make sure they are safe.

If you want a list of programs that are sending things out over the internet, run the following command...

netstat -b > myconnections.txt

Then open WhoIs site on the internet and find out who it is connecting to. (This is kinda for advanced users)

Last, I would interrogate old girl friends or any one who had physical access to your computer.

Good Luck and if you chose to do a system wipe remember to backup your key files first.


Report •

Related Solutions

#4
February 4, 2011 at 10:49:11
thank you very much that was really helpful :)

i have already done once the tasklist part but ill do it one more time (i found nothing), when i was searching stuff bout hacking i have found that "rootkit" stuff and i even download things to see it it was found anything - but nothing.

i was already informed about that comand "netstat -b" and im gonna try to use it and see where each conection is from.

and i have already installed my OS once but maybe ill do it again.

i understand NOTHING about computers and am in really in need of help. i dont know why people do this. im even thinking about going talk to someone cause this is getting abusive.

i have already talked with old bf but ofc they say that wasnt them.

I will do all that very carefully and with my full attention and ill keep this posted.

thank you so much :)


Report •

#5
February 4, 2011 at 13:13:20
i used tasklist, and it showed a thing runing named "lsass.exe" i googled it and what i read said that it was a trojan that allows ppl to acess my pc. should i rlly try do delete it and how? why it says "704" in PID? please help

thanks


Report •

#6
February 4, 2011 at 15:08:32
Run Hijack This & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

#7
February 4, 2011 at 16:06:24
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:02:34, on 05-02-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Programas\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programas\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6393 bytes


Report •

#8
February 4, 2011 at 16:39:51
I don't see anything that is "hacking" your machine. What I would do it abandon that MSN profile, create a new profile & only send it to a select group of people you trust.

How do you know when a politician is lying? His mouth is moving.


Report •

#9
February 5, 2011 at 01:51:22
i already did that, the logs and pics that are being send are from the old e-mail. but the print screens that had been send were from the new one. and everytime i do a new email they discover it. i will find the person who is doing this i just dont know how.
thank you

Report •

#10
February 5, 2011 at 07:38:33
Do you know how to read the headers of one of those emails or do you know how to post it here? That's the only way you are going to tell where they are originating.

How do you know when a politician is lying? His mouth is moving.


Report •

#11
February 5, 2011 at 10:33:45
the emails sent are always anonymous. sadly they were already deleted but it always said: From: hdadadadadaddada@hotmail.com
Next time i receive one ill post it here (it wont take long lol)

there is something i can do do find out from the e-mail?


Report •

#12
February 5, 2011 at 12:00:40
Don't post the email. Post the headers. Do you understand what I'm saying?

How do you know when a politician is lying? His mouth is moving.


Report •

#13
February 5, 2011 at 13:03:26
unfortunately those emails were deleted but ill post here the headers the next time i receive one, i understood i just dont have any of those mails already. ill keep this posted. i rlly need help. thanks :)

Report •

#14
February 5, 2011 at 15:14:11
I'll be here.

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question