have I been hacked?

jenkns · September 5, 2008, 7:51pm

ok I when I came home and logged on my computer I found that some programs were deleted from it. My antispyware, comodo, and anitvirus among others. Also on my windows taskbar it showed that someone used the windows cmd run application. So I used system restore to get back comodo and my antispyware. I had to download another antivirus program. Also my comodo says it has been blocking intrusion attempts since about 1:30; almost every second there is an intrusion attempt. There have been 11 suspicious attempts that it blocked. I am using Comodo Firewall Pro program. what should i do if I have been hacked? :‘( :’( :‘( :’(

alaertsxan · September 5, 2008, 7:59pm

Unplug your internet

Then run several updated virus/spyware/malware scanners and kill all invasions. Then delete all Firewall rules of CFP and run on costum policy mode, this should be it… Also, make sure you have the latest Windows updates…

Xan

jenkns · September 6, 2008, 4:41am

I can’t seem to find the windows updates in add/remove programs. I have service pack 3 though. when I go to windows update online it says I have already downloaded them. also, my antispyware scans through a wierd program called smart antivirus 2009 but it doesn’t think it’s bad. from what I have read this is malware. I ran my computer through the kaspersky 2007 antivirus scan and it didn’t pick up some weird program that said “plz don’t delete me”. :‘( :’( :‘( :’(

system · September 6, 2008, 4:50am

Download and install Superantispyware, Update it

Boot in safe mode then Complete Scan…

CG

system · September 6, 2008, 7:13am

Smart Antivirus is a virus itself. You must have clicked on a pop up and downloaded it. Kaspersky 2007 is out of date and the new version is 2009. Do what CGPM said to do and also always use Firefox when browsing.

jenkns · September 6, 2008, 11:25pm

superantispyware was the program that couldn’t recognize the antivirus 2009. I downloaded malwarebytes’ anti-malware and here is the log for that…

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dll.dll (Trojan.Downloader) → Quarantined and deleted successfully.

system · September 8, 2008, 11:09am

Malwarebytes’ AntiMalware with SUPERAntispyware is a Great Combo!

I’m glad you downloaded it! How are things running? By the way best to do scans in Safe Mode, When the PC is booting up keep pressing “f8” until you get to the Black Config Screen.

Josh

jenkns · September 8, 2008, 7:34pm

so far everything has been fine but today as soon as I started surfing on the internet my firefox crashed and it has been slowing down at times when there are sites with lots of advertisments. I had to reinstall my printer software because I wasn’t able to print anything. everything looks good but I am not sure to find out if am clean or if my security compromised in some way.

system · September 8, 2008, 9:12pm

Can you tell us what exact Security software you currently have installed?

Clearing System Restore can help too:

Right-click My Computer, and then click Properties.
On the Performance tab, click File System, or press ALT+F.
On the Troubleshooting tab, click to select the Disable System Restore check box.
Click OK twice, and then click Yes when you are prompted to restart the computer.
To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

Josh

jenkns · September 8, 2008, 10:08pm

spybot sd 1.6
super anti-spyware
avast! 4.8 home
comodo firewall pro
malewarebytes

I cleared my system restore.

on my comodo I have my “system” program listening to port 139 TCP with 0 bytes going in and out. is this normal or am I being paranoid ;D?

also on my windows task manager I have a process called “system” user name “system” memusage 252K.

system · September 9, 2008, 6:08am

You have good tools on your PC! Well done.

You’re fine. Is there anything else you need help with? Be sure to scan once a week with Spybot, SUPERAntispyware & Malwarebytes and keep them updated (important!!).

Josh