Post by: Allanon on January 01, 2007, 05:20:51 PM
Quote
Hi, could somewon please help me, all of my computer has been hacked, i play runescape, all my accounts and items have been taken, i used to speak with the hacker on RS a few times, so i added him to msn, he explained what he done, (took my accounts my gp, my msn, my website) he explained that he sent me a .EXE file.. that connected to his computer through a port, from there he said he sent me an "exploit bug" that he made himself, he said it's attached to my system files, somewon please help, he is threatening to destroy my whole pc, i have norton anti-virus, spybot search and destroy, spyware doctor along with windows security system materials.. i ran countless scans and i keep removing the trojans bugs and registry changes he put on my computer, yet i can't seem to shake them off, they keep coming back after a few hours.. he can see everything i'm doing he also sees my password... i'm growing tired of it, my computer is running it's slowest since it was purchased, if anywon could recommend a program to rid these trojans and exploit bugs, please post here, OR I AM F--KED...
...:::Ryan:::... - The Supreme one, join W/E Now... Mod On Rs2MM. W>E! says:
please an expert help me here, he really is mangling my pc and i feel as if my privacy is gravely invaded...
any suggestions and support would greatly be appreciated.
Ryan...
Post by: ~*Blak*~ on January 01, 2007, 05:28:09 PM
Post by: guestolo on January 01, 2007, 05:58:28 PM
1. Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post the log please
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from Combofix
2. Can you have him post a log from Hijackthis
Instructions are at the top of this forum
He'll have to email you the logs I guess and you can post the contents here
Post by: lordlazer on January 01, 2007, 07:46:14 PM
Post by: Mod Ryan on January 01, 2007, 11:13:35 PM
Post by: guestolo on January 02, 2007, 12:22:01 AM
Post by: Mod Ryan on January 02, 2007, 12:34:23 AM
Well, i'm pretty sure it was the system file CSRSS.EXE, or it was my whole Win32 Folder, all i need to know is that now iv'e completely formatted my hard drive, does he still have access, and or, can he access me without a direct port again?
Post by: guestolo on January 02, 2007, 12:48:36 AM
A good firewall & AntiVirus
Since you just clean installed, make sure you have the latest High Priority Windows Updates!!!
I would also put in some protections such as SpywareBlaster <--I can give instructions
Do you have your own AV and Firewall to install
Or do you need a free link?
In case you had some kind of keylogger, I would immediately change passwords to all online accounts
Eg... Emails, online banking, etc...
Post by: Mod Ryan on January 02, 2007, 12:52:54 AM
as for you'r suggestion, is spyblaster good, better than ones i have at the moment,?
Thanks for the help bud.
Ryan.
Post by: guestolo on January 02, 2007, 01:06:17 AM
Having more than one AV running is not really a better thing, it's actually worse
They conflict with each other and can cause System instabilities
I would remove one and stick with the one your happiest with
Do you have a good software firewall setup?
This way you can filter incoming and outgoing traffic to your computer
I've been using Comodo free firewall lately, I'm very happy with it so far
I have a link to it at the top of the forum if needed, with others
Again, only use one Firewall software
Here's some more info on Firewalls
Understanding and using Firewalls (http://\"http://www.bleepingcomputer.com/tutorials/tutorial60.html\")
SpywareBlaster just sets registry killbits
Have a look see
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
Wouldn't hurt to add a good Host file
http://www.mvps.org/winhelp2002/hosts.htm (http://\"http://www.mvps.org/winhelp2002/hosts.htm\")
Here's more info on how to download and extract it
http://www.mvps.org/winhelp2002/hosts2.htm (http://\"http://www.mvps.org/winhelp2002/hosts2.htm\")
You will want to do this once a month
Be very careful with anything you download from the Internet, I'm sure your aware of that
Have it scanned first with an updated AV before you open it
I wouldn't trust anyone, even if it was my Mom sending me an .exe
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' /> She wouldn't know if it was good or bad anyways, hee hee
Post by: Mod Ryan on January 02, 2007, 01:18:49 AM
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />, i'll also take a check up on spyblaster, it doesn't look too bad, i also just removed AVG, norton normally does the jump of real-time protection, but when i run an AVG scan it normally picks up more than norton, i usually have AVG disabled and once a week i run a virus scan with AVG, but heh it's fixed now, as for the "hosts file" i'm not too familiar with that, is it for finding ip address' and seeing what component is connected, i had a quick flick through the wikipedia, but i'm still not 100% sure.
Post by: guestolo on January 02, 2007, 01:26:39 AM
Run the Scan for know applications wizard, found under the Security tab
This way you won't be prompted for everything allowable
I can't remember if it runs automatically on install, but run it just in case
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Host file
I can't explain better what a Host file is as Winhelp2002 can, the first link I gave you explains it pretty well
Post by: Mod Ryan on January 02, 2007, 01:29:45 AM
Post by: guestolo on January 02, 2007, 01:37:02 AM
I'll lock this topic as you seem to have things in hand
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />