Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: Twitter account hack, email account compromised, possible browser problem

  1. #21
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I hope the sfc /scannow command can figure some of these problems out.

    I've tried researching as much as I could before we lost our electricity here, then I had no wireless connections throughout the house.
    I had to call our ISP provider to get back online......go figure.

    I had to pull the power from back of my router for a minute or two then it all connected back.

    OK, what I've found I'll list and let you read over because I do not know of any miracle cure for whats going on.

    I was pretty surprised to see it was back to default, my best guess is, during a power outage and restart it somehow reset to default.
    that I was hacked while my router was in default status and prior to the VPN being installed, thus, I'm suspicious of the router itself as contributing to my problem.
    It can, what you've mentioned is possible.

    while I do have Oracle VB on my computer, I have never used it and don't know how to either.
    If it were on my machine, I would remove it.
    Go to the "Start" (shell), "Contol Panel", "Programs and Features". A list of installed applications will be displayed in alphabetical order. Left click "Oracle VM VirtualBox" so it is selected, then "right click" it and choose "Uninstall" from the menu.
    Uninstalling it wont remove it from Host network, follow the link below.

    How do I remove a VirtualBox host only network adapter
    https://superuser.com/questions/8543...active#tab-top

    How to remove extra host only network interfaces created by vagrant on windows 10?
    https://stackoverflow.com/questions/...t-on-windows-1

    See if you can follow the topic below for any hints on your internet, if that doesn't help you might want to call your ISP.
    Windows 10: Disabled wifi qualcomm atheros
    https://www.tenforums.com/network-sh...m-atheros.html

    ~~~
    I have come across an article you might want to read over that was created for someone who had been hacked.
    Help: I Got Hacked. Now What Do I Do?
    https://technet.microsoft.com/en-us/...or=-2147217396
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #22
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Smile Routers and links

    I do need to contact my Internet service again because when I look at the router firewall setting in the configurator page, it says, it is set too low. I'm not sure if the Norton firewall settings cover the router but they are secure (as far as I know) for my computer, but obviously someone is getting into my system somewhere or the VB network adapter wouldn't have been there. For sometime, every time I reset my router or the power goes out, it restarts in a "walled garden" mode and I have to go through the setup and configure routine to get online again. That may be a hardware or software issue, I'm not sure, but it is annoying and I'm considering upgrading, especially in light of my recent network situation. At any rate, I was able to run the scannow tool in Admin PowerShell mode, since I'm not sure how to save/post a log, I'll attach a screenshot but if it ran correctly, it appears to be okay. (Good time to mention that during a restart about a week ago, it ran the "checkdisc/repair" program automatically before starting.)
    I have uninstalled the Oracle VB from my computer and next I'll go into the links for removing the network adapter version, many thanks for that info in advance, I'll let you know how that goes. currently my network icons in the systray appear to be normal, that resolved itself during the scannow run amidst a lot of disconnect/reconnect activity... (Update) Interestingly enough my network adapter currently shows nothing but the connections I would expect to see, no Virtualbox network, although I wouldn't expect uninstalling the Oracle program from my machine would remove the adapter that I had, I'm cautiously optimistic and will still use the links you supplied to see if I'm missing anything.
    The links and info your providing are very much appreciated, they save a lot of time searching and narrowing down issues that I'm dealing with, again thanks. I'm pretty sure the hacking I experienced through Twitter wasn't the result of bored kids messing around, that site is a hackers playground second only possibly, maybe to Facebook. Since this isn't technically a malware issue, I hope I'm not posting in the wrong section but I do find the info here very useful and relevant.
    At this point, I'm off to do some reading in your links and will let you know how its progressing as I get things figured out.

  3. #23
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Details and stuff

    Sorry, I forgot to attach the SS.
    Attached Files Attached Files

  4. #24
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    scannow txt was blank

    I think we're both on a learning process here....
    There are so many possibilities of what a hacker can do once their in your computer.....In my mind, to make sure it's completely safe and clean is to reformat.
    I've got to throw that out there so that you know this machine may or may not be secure.

    I would also take precautions and notify your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    ~~
    The issue of Walled Garden maybe coming from your router. I found info on this (different types of routers or ISP provider) people had to connect to the router manufacturer for a better connection
    Walled Garden
    https://www.bleepingcomputer.com/for...walled-garden/

    There have been public notices sent out that Twitter and Facebook accounts are being sold online
    https://help.twitter.com/en/safety-a...nt-compromised
    Twitter has been forced to lock around 33 million accounts after their security details were posted online for sale.

    How to tell if your Facebook has been hacked, and what you can do about it
    https://www.cbsnews.com/news/how-to-...at-you-can-do/

    I may have post the below link, not sure
    https://www.computerhope.com/issues/ch001539.htm

    compromised-home-router-devices
    https://www.reuters.com/article/us-u...-idUSKCN1IQ2DY
    Last edited by Juliet; 2018-06-01 at 14:54.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #25
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default A quick note

    Yup, I'm definitely on a learning curve here, I attached the wrong file, trying again.
    I was fortunate enough to secure the bank business right off, the accounts linked to my email are the biggest problem for me at this point, but I'm working on that.
    Attached Images Attached Images

  6. #26
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    About the only other thing I can think of when you have time
    check-disk
    https://www.howtogeek.com/howto/wind...windows-vista/


    accounts linked to my email , let me know how you make out on that.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #27
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default network drivers and stuff

    I'm still going over the links you posted, a lot of good info there. While reading on removing the VB host network, I noticed a tip about going into device manager and disabling any VB hosts you find. That seemed like a simple enough process, so I opened the DM, expanded networks and didn't find any VB hosts. This seemed like good news but then I noticed a lot of networks, only a few of which I recognized. I'll attach a SS to illustrate, the first three I recognize but the rest are a mystery. Do you have any idea what they could be?
    Upon reading the link "I got hacked, what do I do now?" I realized, this guy is right, I'm going to have to format and start over. There is an upside to this though, I'll get a fresh install and likely lose some glitchy performance that's been bugging me for a while. I'll get back to work on this end because my router is back to disconnecting again, I was just curious about the extra networks I show and wondered if disabling the unknown ones might not be a bad idea.
    Attached Images Attached Images

  8. #28
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    router is back to disconnecting again
    Wonder if the router is failing, call your ISP for them to check your connections?, just a thought.

    didn't find any VB hosts. This seemed like good news but then I noticed a lot of networks, only a few of which I recognized. I'll attach a SS to illustrate, the first three I recognize but the rest are a mystery. Do you have any idea what they could be?
    Your seeing the SSID being broadcast, your not connecting to them, if you look at signal strength you'll see you can't connect.
    And most likely you don't know their password.it is how it supposed to work. When I open mine up I can see my neighbors routers names, theres one I wish they would change their name since it's somewhat offensive.

    good article below.
    https://www.howtogeek.com/331816/how...ng-on-windows/
    ~~~~~~~~~~~~~

    I don't like to tell people that they should clean and reformat but, there are times it's the best thing to do.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #29
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Pros and cons

    Since my problem obviously doesn't fall in the Malware category I should probably put an end to this thread, however I haven't due to the info I'm learning from all the links is so interesting, as well as relative to what I need to know.
    The last time I posted, my "10" was working on a major update. I'm able to get steady internet by hard wiring through Ethernet but wifi is really irregular so I'll have the ISP go over things and wouldn't be surprised to find out I need a new router. One thing I noticed lately is that when I look at sysconfig, I am on 1 core at boot and start up is set on "selective" rather than normal. I'm unable to change these settings, do you have any thoughts on that situation?

  10. #30
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by 1oldman View Post
    I'm able to get steady internet by hard wiring through Ethernet but wifi is really irregular so I'll have the ISP go over things and wouldn't be surprised to find out I need a new router. One thing I noticed lately is that when I look at sysconfig, I am on 1 core at boot and start up is set on "selective" rather than normal. I'm unable to change these settings, do you have any thoughts on that situation?
    Either the router or your WIFI network card? which equals hardware?...I don't know.

    I know in earlier versions of windows, if you were in selective startup it was because you had disabled items not to load when the computer booted up to create a faster bootup. Some think of it was junk or bloatware and all machines come with it.
    IF, you were to reset all things to load and run when you reboot your computer, again my opinion is, it's going to take longer for everything to load.
    Now, with windows 10, of which I don't have, I kinda think it still works along the same line, my opinion of course, is that items have been disabled.
    Your logs show
    === MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "boincmgr"
    HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
    HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
    HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"

    I found a couple of links for you to read over that might help with changing from selective mode to normal mode.

    Msconfig in selective startup
    https://www.bleepingcomputer.com/for...ctive-startup/

    Windows 10: Add, Delete, Enable, or Disable Startup Items in Windows 10
    https://www.tenforums.com/tutorials/...dows-10-a.html

    I am on 1 core at boot
    LOL, beats me!, don't know if I can help with that.
    https://answers.microsoft.com/en-us/...b44fe22?auth=1
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •