Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Facebook hack help
#1
Good evening all. My son downloaded some file he said it was a bot or something for poker. But since he has done this everytime anyone tries to access facebook we get redirected to http://chips01.justfree.com/croft.php?ch...&lsd=BCZUb the *** are whoever's email and password.

we also get popus to several different sites. I have done lots of scans with avast, a few online scanners spybot search&destroy and also run regcure. a few things have been found and apparently cleaned but the problem is still not resolved. Win32 rootkit gen, win32 crypt gdv win32 trojan gen were three of the items found.

Any help would be very much appreciated
Reply
#2
Hi, I would've replied sooner but my DNS messed up, then my router decided to follow suite.

You are no doubt infected, download and install the following

Online armer (free version), for firewall protection - http://www.online-armor.com/downloads/On..._Setup.exe
Malware anti bytes (free version), a great scanner - http://www.malwarebytes.org/

And do a scan with Malware anti bytes, and it should find and remove they infections you have.

Also, if you use IE browser, don't, use Chrome - http://www.google.com/chrome
It's a lot faster and it doesn't have any known security vulnerability's like IE does

Keep all this installed for protection against future infections.

Once you're sure they infections have been sorted out, change all online internet account passwords (like facebook), and advise your son to do the same.

Edit: Also, Malware anti byes will make a log when it's finished scanning, copy and paste that here, and someone will analyse it for you, and give you further instruction on how to remove if the software above fails to.
Reply
#3
Thank you Cida. I'm currently scanning and will post results.

Again Thanks
Reply
#4
Try system restore or just format your C =D
Reply
#5
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/04/2010 05:02:58
mbam-log-2010-04-14 (05-02-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 229343
Time elapsed: 1 hour(s), 57 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\_avast5_\unp101502371.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.


I am still getting redirected to that http://chips01.justfree.com/croft.php?ch...&lsd=BCZUb

I can't do a reformat as I can't for the life of me find any of the installation cd's
Reply
#6
The infected item from the log looks like it was already quarantined by avast.

Download HiJackThis: http://go.trendmicro.com/free-tools/hija...ckThis.msi

That should make a more detailed log, I'm not the best guy to review your log, but I'll give it a shot with they aid of Google and common sense, I've picked up that Malware Boss is supposed to be good at this sort of thing, hopefully he will see it.

Also, uninstall avast and use Avira instead, I've been using it for a week or so now, an I would say it's better

Avira download:
http://download.cnet.com/Avira-AntiVir-P...d=11012914

save it some where you'll remember, like your desktop.

Control Panel>Add or Remove Programs, look for avast and uninstall it, then run the Avira installer, and install, when done reboot, and if it doesn't automatically, select to update, then let it scan your system.

And as I said before, Chrome would be better if you use IE, it might actually just be IE that's been rigged to redirect from Facebook, and they infection might be gone (not if your still getting pop ups), and this redirect might just be something it left behind.
Reply
#7
hey all, sorry for the delay in getting back to you all. my pc is now rebooting every time i boot up. it is not even getting as far as loading up the desk top. it displays the background then just reboots. does this every time. I'm at a loss as what to do...... any help what so ever would be massively appreciated.

thanks in advance.
Reply
#8
(04-19-2010, 11:54 AM)over2ubob Wrote: hey all, sorry for the delay in getting back to you all. my pc is now rebooting every time i boot up. it is not even getting as far as loading up the desk top. it displays the background then just reboots. does this every time. I'm at a loss as what to do...... any help what so ever would be massively appreciated.

thanks in advance.

Download Kaspersky Rescue Disc and burn it to a disc.
http://devbuilds.kaspersky-labs.com/devb...e_2008.iso

Follow this guide on how to use it:
http://www.techmixer.com/kaspersky-rescu...using-dos/

Note: Be sure you let it update!
Reply
#9
can i use this is safe mode? I connect to the internet using a mobile dongle. and I am unable to load up the drivers for it to enable me to get online. I am using my brothers pc at the moment to get on here..
Reply
#10
(04-19-2010, 12:36 PM)over2ubob Wrote: can i use this is safe mode? I connect to the internet using a mobile dongle. and I am unable to load up the drivers for it to enable me to get online. I am using my brothers pc at the moment to get on here..

OK, if you cannot get online, then let's use another rescue disc.

Download Avira's Rescue Disc and burn it to a CD.

Read this tutorial on how to use it.
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)