My computer has been hacked.

[Jase]

this is the exact same way scareware works, it launches a fullscreen ie screen with a fake message with scrollbars and script and menus disabled.

 

you need to reboot in safemode to access your msconfig and remove the malware from starting with the pc

 

you then need to find the file and remove it, checking the fake processes location will tell you that.

 

these malware/scareware instances don't go about destroying your data, if a hacker wanted to hack you he wouldn't go to such details to warn you of it.

 

this is what i've been trying to tell him... he's in panic mode now & not listening.

[adrynalyne]

Judging by what happened sounds to me like he got hit by some sort of vulnerability, maybe through malvertizing.. For future reference make sure you keep your Java (f you have it) and Flash and Adobe Reader current on your system. Also install all the Windows update.

 

This is a prime example why sandboxie is amazing.

 

Once you reinstall Windows using your disc it's going to be seriously missing updates. Hopefully that CD contains Service pack 1.

 

After you reinstall Windows do not go surfing the internet until ALLLLLLLL of your Windows updates are done.

Lets add the more obvious avenues of attack as well.

 

• Don't open email attachments unless you know who they are from and know them to be safe.
• Don't believe emails that say click here for account information. Go to the actual site.
• Don't download every piece of shareware on the planet, and if you do, make sure its not know for malware. Then do a custom install and opt out of any additional software installations.
• Be careful of the sites you visit.
• Move yourself to a standard account if you find UAC inadequate. Read what is asking for permissione very time and if you do not recognize it, cancel it.
• Keep your antivirus and malware protection updated and scan regularly.

 

These same tips have kept me virus and malware free for 15 years. No sandbox needed on my part.

[xendrome]

I don't understand why he even needs to wipe the HDD, can't he just run a Virus scanner & Malware scanner.. this seems like a very miniature virus.. a simple scan & quarantine should be able to resolve this.. I don't think a format is necessary, where did he/she state that the infection had gone so far to the point that the computer is unusable?

 

Yeah anyone who has run into this type of infection before knows how hard it is to get rid of if you even can.. it's not worth the time/effort.

[+Warwagon MVC]

Yeah anyone who has run into this type of infection before knows how hard it is to get rid of if you even can.. it's not worth the time/effort.

 

Well most of time time it's just a single exe or DLL file in programdata or roaming or local getting hooked by rundll32.

 

Sometimes if it hasn't infected the system restore points, booting into recovery and rolling the system back a few days sometimes works too.

 

or if it hasn't modified the c:\windows\system32\config\regback backup files you can restore those if they were created before the malware which would just turns those exe's and dll's into dumb files on the hard drive.

 

Assuming he doesn't have a rootkit, though i've seen a major drop in rootkit infections in the last year or so.

 

But this is why I also keep sysprep'ed images fueled and ready which turns these reinstalls into a 10 min ordeal.

 

 

Lets add the more obvious avenues of attack as well.

 

• Don't open email attachments unless you know who they are from and know them to be safe.
• Don't believe emails that say click here for account information. Go to the actual site.
• Don't download every piece of shareware on the planet, and if you do, make sure its not know for malware. Then do a custom install and opt out of any additional software installations.
• Be careful of the sites you visit.
• Move yourself to a standard account if you find UAC inadequate. Read what is asking for permission very time and if you do not recognize it, cancel it.
• Keep your antivirus and malware protection updated and scan regularly.

 

These same tips have kept me virus and malware free for 15 years. No sandbox needed on my part.

 

I would say do all of that and Sandbox. I'm reminded of a quote from the movie contact where he gives her a suicide pill for her space travel and tells her he is giving her this not for reasons he can think of but for the reasons he can't think of.

[Haggis Veteran]

If it were mine i would just wipe and reinstall

 

not worth the hassle and you will never be 100% sure its gone

[pijano]

Hi!

If you can boot into safe mode (F8 at start), try system restore back to a date before this happened, and then run Malwarebytes AntiMalware.

Quarantine everything it finds and follow the instructions for reboot.

Download and run hijackthis: http://www.filehippo.com/download_hijackthis/

Do a system scan and save a log file.

Post logs from both software here.

[Anibal P]

I'll echo the format C and start over calls, only way to be 100% sure 

 

This is why you backup important stuff to the cloud like a sane person would do as past of a normal backup regimen 

[+Warwagon MVC]

This is why you backup important stuff to the cloud like a sane person would do as past of a normal backup regimen 

 

Sane person maybe but you give the average user way to much credit. You're lucky if they have any backup, let alone a cloud bacup.

[+Frank B. Subscriber²]

Sane person maybe but you give the average user way to much credit. You're lucky if they have any backup, let alone a cloud bacup.

Sadly you're right. You can try and teach Joe User to backup his data until the cows come home, most don't give a <expletive withheld> until it's too late.

[+Warwagon MVC]

Sadly you're right. You can try and teach Joe User to backup his data until the cows come home, most don't give a <expletive withheld> until it's too late.

 

Its even worse, when you ask them if they backup and they say "They don't know how" then you mention a USB memory stick and they have no F'ing clue what you are talking about.

[Anibal P]

Like I tell my ex, if you don't back it up, it's not that important then, still won't backup, when her windows install goes belly up like it will eventually I'll remind her she should have backed up, maybe the OP will learn his lesson and get a good AV and backup data regularly 

[kozukumi]

If it were mine i would just wipe and reinstall

 

not worth the hassle and you will never be 100% sure its gone

 

Same. I would rather spend maybe an hour or two reinstalling Windows than wrestle with trying to remove the infection but never being quite sure if it is totally gone or just hiding to give the impression of it being cleaned. There are so many places for things to hide in Windows it makes it a total nightmare. Hell even Mark Russinovich has written blog posts about how nasty some of these can be and he is a Windows hacking god.

 

Doing a clean install of Windows these days isn't like with XP. Updates are quicker and generally only require a single reboot. Just make sure you grab the December 2014 updated ISO to install from and you should be up and running in under an hour

[+Warwagon MVC]

Like I tell my ex, if you don't back it up, it's not that important then, still won't backup, when her windows install goes belly up like it will eventually I'll remind her she should have backed up, maybe the OP will learn his lesson and get a good AV and backup data regularly 

 

Technically if Windows goes belly up its super simple to get the data back, compared to if the hard drive goes belly up.

[Anibal P]

Technically if Windows goes belly up its super simple to get the data back, compared to if the hard drive goes belly up.

 

 

I'm the nuke and reinstall type, too much effort for maybe some benefit, not worth my time anymore 

[+Warwagon MVC]

Doing a clean install of Windows these days isn't like with XP. Updates are quicker and generally only require a single reboot. Just make sure you grab the December 2014 updated ISO to install from and you should be up and running in under an hour

We don't even know which version of Windows he is running but if he's running WIndows 7 but this works on Vista and 8 too..

 

https://www.neowin.net/forum/topic/1248172-quicker-way-to-install-windows-updates-from-windows-7-sp1-iso/

[Anibal P]

We don't even know which version of Windows he is running but if he's running WIndows 7 but this works on Vista and 8 too..

 

https://www.neowin.net/forum/topic/1248172-quicker-way-to-install-windows-updates-from-windows-7-sp1-iso/

 

Wild guess is that it's XP or a not updated Vista install 

[+Warwagon MVC]

Wild guess is that it's XP or a not updated Vista install 

 

I'm guessing Windows 7 with out of date 3rd party applications.

[LaP]

Same. I would rather spend maybe an hour or two

It's more like an entire day now if you install Windows, Office and Studio and get them up to date.

A lot more faster to make a weekly image of the OS partition.

[+Warwagon MVC]

You have surely not installed windows lately.

It's more like an entire day now.

 

No it's not. A Windows 7 SP1 clean install. Then all the updates ... 2 1/2 hours MAX..

 

If you use this guide I wrote

https://www.neowin.net/forum/topic/1248172-quicker-way-to-install-windows-updates-from-windows-7-sp1-iso/

[LaP]

No it's not. A Windows 7 SP1 clean install. Then all the updates ... 2 1/2 hours MAX..

 

If you use this guide I wrote

https://www.neowin.net/forum/topic/1248172-quicker-way-to-install-windows-updates-from-windows-7-sp1-iso/

 

Yeah but this is windows only. You got to install the drivers and apps. If you are a freelance worker and do other things than gaming it can take a while. Last time i installed studio i think it took 1 hour or something like that.

[kozukumi]

It's more like an entire day now if you install Windows, Office and Studio and get them up to date.

A lot more faster to make a weekly image of the OS partition.

 

I can go from a blank drive to Windows 8.1 fully updated, Office 2013 fully updated and Visual Studio 2013 Update 4 installed in 3

[x-scratch]

Yeah but this is windows only. You got to install the drivers and apps. If you are a freelance worker and do other things than gaming it can take a while. Last time i installed studio i think it took 1 hour or something like that.

 

 

 

not that hard to do slipstream updates & drivers

[LaP]

not that hard to do slipstream updates & drivers

 

Way easier to keep an updated image

[sinetheo]

Do a re-image.

 

Next time install an adblocker and do not use MSE security essentials and use a real AV program.

 

Sounds like a flash explot in an ad in facebook hosed your system.

[Studio384]

I've a hard drive with a couple of Windows ISOs on (Windows 8.1 November 2014 updates 32/64, Windows 10 build 10074 32/64, Office 2016 and VS) so I don't need to download anything, and I'm able to restore my Windows workspace from scratch in less then 2 hours.

 

Anyway, whatever OS version this person is using, I would say that it might be time to do just that: start from scratch. You can never be certain that an AV will be able to remove all issues and a new start is the only guranteed solution.