Page 1 of 2 12 LastLast
Results 1 to 15 of 24
  1. #1
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Unsettling. Disturbing. Am I being hacked?

    Recently two disturbing things have happened on my computer. Last week, while viewing a video on YouTube, (couldn't remember what it was, one of those Top 10 lists I believe) I stepped away from the PC for a call of nature and when I came back, there was something, I don't know where it came from, on the site. I can't quite remember the title (it began with "This is not a . . ." something or other). It showed a figure of someone doing a sexual act (I'm not going to go into details, basically back passage stuff). It sort of looked like an animated chalk figure. It was superimposed over the YouTube video. I clicked it off, the video ran as it should but I was wondering, "Where the f... did that come from?" I ran a scan with Norton. It didn't find anything. Then today, only a few minutes ago, while I was browsing another website (strictly adult but generally safe, not known to have problems, perfectly within my rights) something popped up that replaced the site. It had titles like National Security Agency, InterPol, junk like that. It looked official; I read a few lines. Something about violating a law or another. I only read for a few seconds before closing the browser in case this . . . thing was trying to put Malware on it. It took longer than it should. The site's legal so far as I can tell. I think that . . . whatever came from something or someone definitely not legit, but two incidents like this in such a short time has caused me to seriously question my security. Has anyone had any trouble like this recently? Am I hacked? Did something sneak by my defenses? Can I expect anything more like this? This is troublesome and I'm starting to worry.
    Last edited by RetiredGeek; 2015-08-24 at 15:59. Reason: Edited for Language

  2. #2
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    Don't know about the first one, second one is just a redirect with something trying to get you to click on it further to indeed try to get you to help malware get on to your computer. I'm surprised you were able to close it; often it will lock up the browser. I run Chrome with Add Block Plus extension (to kill ads if that's what the first was) and the Chrome task manager open and ready in case of an incident like the second; just go to the Chrome task manager and kill the offending page (otherwise you'll have to kill the entire browser from the system task manager)...and then don't go back to whatever caused it.

  3. #3
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by F.U.N. downtown View Post
    Don't know about the first one, second one is just a redirect with something trying to get you to click on it further to indeed try to get you to help malware get on to your computer.
    How did that redirect get on the computer? Was it the site or a crack in the system?

  4. #4
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    Redirects are based on browser urls sent from other computers, if it was on your computer and one of those ransom viruses your computer would be locking up even without using the browser and when/if you did try to use a browser, you would be taken immediately to whatever site the virus wanted to take you or it would display ransom demands immediately, no sites of your choosing would likely work at all.

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    You should run the usual collection of malware removal tools.
    http://www.bleepingcomputer.com/foru...line-scanners/

    cheers, Paul

  6. #6
    Star Lounger
    Join Date
    May 2011
    Posts
    84
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by F.U.N. downtown View Post
    Redirects are based on browser urls sent from other computers, if it was on your computer and one of those ransom viruses your computer would be locking up even without using the browser and when/if you did try to use a browser, you would be taken immediately to whatever site the virus wanted to take you or it would display ransom demands immediately, no sites of your choosing would likely work at all.
    We've all heard horrendous stories about ransom sites. Never happened to me or family, but stuff happens. What exactly does one do if this ransom thing ever appears?

  7. #7
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    One hopes one has a backup that has not been compromised. If not it's boot from CD / USB, delete the disk partitions and install from scratch.
    Make sure your bootable USB device has not been connected to the compromised computer since the infection.

    cheers, Paul

  8. #8
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by robertpri View Post
    We've all heard horrendous stories about ransom sites. Never happened to me or family, but stuff happens. What exactly does one do if this ransom thing ever appears?
    I think I found out what this thing was; I believe its called Reveton. It's a police/cop trojan. I found it on Wikipedia when I googled ransom virus. Its description pretty much fits what I saw. Am I compromised? Can my Norton Security Suite deal with this? I clicked it off as soon as I saw it but I'm wondering if it's still hiding somewhere on my PC. My PC's working okay now but I'm wondering . . . And would a malware removal tool react with my Norton?

    https://en.wikipedia.org/wiki/Ransomware

  9. #9
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    Reveton details and removal.

    Using malware removal tools should not conflict with Norton, but you have a full backup don't you?

    cheers, Paul

  10. #10
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Paul T View Post
    Reveton details and removal.

    Using malware removal tools should not conflict with Norton, but you have a full backup don't you?

    cheers, Paul
    Booting into safe mode seems a little much. Can Malware Bytes take care of this? And yes I have backup.

  11. #11
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    Booting into Safe Mode is required to access Windows to clean up the malware.
    I don't know if MB will clean that infection for you.

    cheers, Paul

  12. #12
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I followed the instructions on that link you sent me. According to my startup folder, there's nothing in it. I don't know if that means I opened the wrong folder or I should open something else or I managed to click off Reveton before it could do something nasty. I still don't feel safe; I'm still wondering if that thing is in my PC somewhere.

    Quote Originally Posted by Paul T View Post
    Booting into Safe Mode is required to access Windows to clean up the malware.
    I don't know if MB will clean that infection for you.

    cheers, Paul

  13. #13
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    Are you getting any indication of the malware?
    Have you run the scanners from post #5?

    cheers, Paul

  14. #14
    Star Lounger
    Join Date
    May 2011
    Posts
    84
    Thanks
    2
    Thanked 2 Times in 2 Posts
    From my very novice approach, here is what I think might work with a sudden ransom-ware attack. First, do not touch a single key. Hold down the power button until computer shuts down. Second, attach a bootable pre-configured thumb drive having an anti-virus program, like Windows defender. Boot to the usb drive to clean the machine. If not possible, boot to safemode and run virus cleaners.

    I think this worked until Windows 8 [and probably W10] because unlike the good old days, one cannot simply boot to bios/setup and change boot sequence.

    I have done this endless times on older machines, but could never boot to USB with Win 8. I called Dell on this and they said it was simple. Just boot to Win 8 and inside the OS, change the boot sequence. Unclear on the concept, eh?

  15. #15
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Well, I downloaded and ran a free MalwareBytes. It didn't find anything either. When the ransomware initially appeared, I clicked the X in the upper corner a couple of times and it disappeared. I'm wondering if I did something before it could do something. Maybe I should download another scanner.

    Quote Originally Posted by Paul T View Post
    Are you getting any indication of the malware?
    Have you run the scanners from post #5?

    cheers, Paul

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •