What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Serious help. Hacked?

Pages: (4): « First [ 1 ] 2 3 4 » Last »
Serious help. Hacked?
Author: Message:
Vimto
Full Member
***

Avatar
In and Out

Posts: 495
Reputation: 49
32 / Female / Flag
Joined: Jul 2006
O.P. Serious help. Hacked?
OMG HELP :|

As i was about to write this just then "Okay so i have a problem...", the whole text deleted itself and someone must have hacked into my laptop, because they deleted it and wrote "well it isnt really a big problem is it? i could make it disappear"

I'm really freaked out! I've turned my internet off temporarily, but gunna switch it on to post this.

It's kinda scared me, any ideas how i can get rid of this?
And when your heart begins to bleed, your dead
and dead and dead indeed.
12-08-2008 08:57 PM
Profile E-Mail PM Find Quote Report
Voldemort
Veteran Member
*****

Avatar

Posts: 3504
Reputation: 49
– / – / Flag
Joined: Jul 2005
Status: Away
RE: Serious help. Hacked?
k, download hijackthis here and post the log here asap


and post a screenshot of your task manager

This post was edited on 12-08-2008 at 09:03 PM by Voldemort.
*All posts are a purely speculative hypothesis based on abstract reasoning.
Not my daughter, you bitch!
[Image: ico-mollytrix16.gif]
12-08-2008 08:59 PM
Profile E-Mail PM Find Quote Report
Vimto
Full Member
***

Avatar
In and Out

Posts: 495
Reputation: 49
32 / Female / Flag
Joined: Jul 2006
O.P. RE: Serious help. Hacked?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:41, on 08/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\JADE\AppData\Roaming\kerne1.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel Paint Shop Pro Photo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&home...{SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 0 - {AC141EAB-017D-4C14-D9BB-A3C284BD0F01} - C:\Program Files\InstallShield Installation Information\quzak.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kerne1] C:\Users\JADE\AppData\Roaming\kerne1.exe
O4 - HKCU\..\Run: [fab] C:\Applications\FabApplication.exe\
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\JADE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows...layerInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initia...eoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerSta...lient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7199 bytes
And when your heart begins to bleed, your dead
and dead and dead indeed.
12-08-2008 09:04 PM
Profile E-Mail PM Find Quote Report
prashker
Veteran Member
*****


Posts: 5109
Reputation: 104
– / Male / –
Joined: Mar 2005
Status: Away
RE: Serious help. Hacked?
Paste that in here

http://www.hijackthis.de/

You'll see a few things that you'll want to check and then click "Fix Checked"
12-08-2008 09:09 PM
Profile PM Find Quote Report
Vimto
Full Member
***

Avatar
In and Out

Posts: 495
Reputation: 49
32 / Female / Flag
Joined: Jul 2006
O.P. RE: Serious help. Hacked?
Scrrenshot

.jpg File Attachment: screenshot.jpg (112.28 KB)
This file has been downloaded 213 time(s).
And when your heart begins to bleed, your dead
and dead and dead indeed.
12-08-2008 09:11 PM
Profile E-Mail PM Find Quote Report
Voldemort
Veteran Member
*****

Avatar

Posts: 3504
Reputation: 49
– / – / Flag
Joined: Jul 2005
Status: Away
RE: Serious help. Hacked?
quote:
Originally posted by Vimto
C:\Users\JADE\AppData\Roaming\kerne1.exe
O4 - HKCU\..\Run: [kerne1] C:\Users\JADE\AppData\Roaming\kerne1.exe
you wanna check this out


END the process now (its on your task manager too), do an antivir/spyware scan,(if you don't want to or if its not detected then go send it to the recycle bin)

This post was edited on 12-08-2008 at 09:18 PM by Voldemort.
*All posts are a purely speculative hypothesis based on abstract reasoning.
Not my daughter, you bitch!
[Image: ico-mollytrix16.gif]
12-08-2008 09:13 PM
Profile E-Mail PM Find Quote Report
Vimto
Full Member
***

Avatar
In and Out

Posts: 495
Reputation: 49
32 / Female / Flag
Joined: Jul 2006
O.P. RE: Serious help. Hacked?
I ended that process, but I'm still quite worried :\
He had this dialogue box thing up talking to me, how can I know its gone or not?
And when your heart begins to bleed, your dead
and dead and dead indeed.
12-08-2008 09:15 PM
Profile E-Mail PM Find Quote Report
vaccination
Veteran Member
*****

Avatar

Posts: 2513
Reputation: 43
32 / Male / –
Joined: Apr 2005
RE: Serious help. Hacked?
http://www.symantec.com/security_response/writeup...14-5445-99&tabid=3

Should help :P
[Image: jumbled.png]
12-08-2008 09:16 PM
Profile PM Find Quote Report
Vimto
Full Member
***

Avatar
In and Out

Posts: 495
Reputation: 49
32 / Female / Flag
Joined: Jul 2006
O.P. RE: Serious help. Hacked?
:\

.jpg File Attachment: funny.jpg (142.04 KB)
This file has been downloaded 219 time(s).
And when your heart begins to bleed, your dead
and dead and dead indeed.
12-08-2008 09:18 PM
Profile E-Mail PM Find Quote Report
mezzanine
Full Member
***

Avatar

Posts: 106
Reputation: 23
– / – / Flag
Joined: May 2005
Status: Away
RE: Serious help. Hacked?
kerne1.exe is Troj/Lineage-BS/Trojan-PSW.Win32.Lineage.lk.
Scan your computer with both an antivirus and a malware removal tool. For more details or if you want to do it manually, you can google for trojan removal instructions.
12-08-2008 09:20 PM
Profile PM Web Find Quote Report
Pages: (4): « First [ 1 ] 2 3 4 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On