HELP!! Hacker on my DD's Facebook.

fyn

fyn

Member
wdwmomof3 said:
I think this is exactly what is happening. I think I will need to take it to someone because this is way over my head.



She got it on her cell from facebook. She found it odd and went to log on and her password had been changed again. She had to request her password and then she went back in & put a new email & a new password.

I tried to install the firewall & it did locate something but it wanted me to pay a fee to use it, even though it said it was free. Our Norton does have a firewall on it but guess what, it was not on. I didn't know to check that too when I installed it. :mad: This is such a pain in the neck! I think that I got the Norton firewall on but I am taking it to a computer guy tomorrow and let him see what he can do.

This is what I am worried about now, she gets online at home with our wireless. Is there anyway that they could have hit the other computers as well thru that?
Click to expand...

Go here:
http://www.microsoft.com/security_essentials/default.aspx

Download and run this tool. It's completely free.

Did your daughter use the link that was texted to her, or did she just go directly to Facebook's main page?
 
wdwmomof3

wdwmomof3

Well-Known Member
Original Poster
fyn said:
Go here:
http://www.microsoft.com/security_essentials/default.aspx

Download and run this tool. It's completely free.

Did your daughter use the link that was texted to her, or did she just go directly to Facebook's main page?
Click to expand...

Thank you for the link. I will try it in the morning and see how it goes. I am just worried for her safty, you know. This is scary to me.

She went to Facebooks main page and did it from there.

You know what really makes me mad is that the links to report this on Facebook do not work. I have not found one way to get through, although I believe the problem is from her downloading from the internet and not FB, unless its one of those "became a fan of" things.
 
D

daddyphat808

Member
It sounds like a key logger which tracks all keystrokes on the computer and sends them back to whoever infected the computer. It was infected by somebody opening a phishing email that looked legitimate from facebook that had some sort of attachment that when opened it delivered the viral payload. Do the following.

Download and install malwarebytes from
http://www.malwarebytes.org
The free version will work just fine
Have the program update and run to remove all infections

Download any and all updates to your current anti virus software
Run scans with that software

Use the Microsoft Security essentials from
http://www.microsoft.com/security_essentials/
Download and install allow to update before running

Go to the windows update site and download and install all updates

If the computer scans clean then change all passwords to all accounts including financial if those are accessed from this computer. Only change the passwords after all scans and updates are performed.

If it still gives you some issues you can go to this forum and use their tools. The tools are a little more hardcore but they really work. I would not use them until the other items have been tried.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I hope this clears it out for you and the best tool to prevent these types of infections is to train everybody in the house to not open any unsolicited emails even from trusted sources and by all means DO NOT open attachments from facebook, amazon. UPS, USPS with the .zip extension.
 
Monty

Monty

Brilliant...and Canadian
In the Parks
No
There are a number of emails floating around the internet telling people their accounts have been hacked or their passwords compromised. All such emails are phishing attacks. They prompt you to follow an apparently good link like http://facebook.com but in fact if you click on it it takes you to a fake version of the site and asks you to enter your login and password and steals it. In this example, the Facebook link I just placed here will actually take you to my personal website [which is harmless], but I could easily build the site to look exactly like the Facebook logon page and you could be duped into giving me your logon info and the site would show a message from Facebook that said "We're currently experiencing higher than normal traffic volumes, please try again later."

The internet is great, but it has lots of pitfalls that can get you in trouble. You really need to learn to be "net-savvy" and know what to avoid and how to protect yourself and your data.

EDIT: I'd suggest taking the computer to the Geek Squad [or some similar computer-savvy folks] and pay them to clean all the junk off the computer and set it up with anti-spyware, anti-malware and firewall software, set all of them to automatically update at least weekly and teach you and your daughter the basics of internet security.
 
unkadug

unkadug

Follower of "Saget"The Cult
wdwmomof3 said:
I think this is exactly what is happening. I think I will need to take it to someone because this is way over my head.



She got it on her cell from facebook. She found it odd and went to log on and her password had been changed again. She had to request her password and then she went back in & put a new email & a new password.

I tried to install the firewall & it did locate something but it wanted me to pay a fee to use it, even though it said it was free. Our Norton does have a firewall on it but guess what, it was not on. I didn't know to check that too when I installed it. :mad: This is such a pain in the neck! I think that I got the Norton firewall on but I am taking it to a computer guy tomorrow and let him see what he can do.

This is what I am worried about now, she gets online at home with our wireless. Is there anyway that they could have hit the other computers as well thru that?
Click to expand...
I would make sure that the firewall is ON on every computer in the house. Run the programs listed by daddyphat on all computers to make sure.
daddyphat808 said:
It sounds like a key logger which tracks all keystrokes on the computer and sends them back to whoever infected the computer. It was infected by somebody opening a phishing email that looked legitimate from facebook that had some sort of attachment that when opened it delivered the viral payload. Do the following.

Download and install malwarebytes from
http://www.malwarebytes.org
The free version will work just fine
Have the program update and run to remove all infections

Download any and all updates to your current anti virus software
Run scans with that software

Use the Microsoft Security essentials from
http://www.microsoft.com/security_essentials/
Download and install allow to update before running

Go to the windows update site and download and install all updates

If the computer scans clean then change all passwords to all accounts including financial if those are accessed from this computer. Only change the passwords after all scans and updates are performed.

If it still gives you some issues you can go to this forum and use their tools. The tools are a little more hardcore but they really work. I would not use them until the other items have been tried.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I hope this clears it out for you and the best tool to prevent these types of infections is to train everybody in the house to not open any unsolicited emails even from trusted sources and by all means DO NOT open attachments from facebook, amazon. UPS, USPS with the .zip extension.
Click to expand...

Good advice...or take it someone else to do the work.

Have them give your daughter remedial lessons on internet safety also.
 
wdwmomof3

wdwmomof3

Well-Known Member
Original Poster
I am giving it one more shot befrore I take it to someone. Thank you daddyphat808, I am doing everything that you said to do now and we will see.

I ran the Malwarebytes and it found one thing. : Hijack.displayProp... Registry Data. (item) HKEY_LOCAL_MACHINE\SOFTWARE\Micro...

I removed it. Now I will go on to the next step that you said... right?
 
Testtrack321

Testtrack321

Well-Known Member
An important thing to remember too is that hackers and phishers don't really care about reading emails or invading privacy like that. They want MONEY. What I've seen them do is hack into FB accounts, gmail accounts, and so forth and pose as the other person trapped in another country looking for a money wiring.

Make sure there are no key loggers. Have her uninstall all her non-Facebook made Facebook apps (quizzes, games, etc), and change her email address that registers to FB. Also when she changes her FB password make it random letters and numbers instead of words (much harder to brute force.) Use a site like http://www.randpass.com/ to create one.

Good luck, god speed.
 
wdwmomof3

wdwmomof3

Well-Known Member
Original Poster
I just got off of the phone with a comuter guy and he is telling me that we need to wipe the computer clean and start over but first I need to close these accounts. I am going to do this and take it to him. Also, we have never used her computer do to anything with money, like at our bank or whatever. Her itunes is not even on it, so I think we are safe there. What worries me is that whoever this is is also talking to he friends pretending to be her. Her friends are all aware of this problem, but it scares me because of all of the sick people out there, ya know. This has been stressful.
 
D

daddyphat808

Member
wdwmomof3 said:
I am giving it one more shot befrore I take it to someone. Thank you daddyphat808, I am doing everything that you said to do now and we will see.

I ran the Malwarebytes and it found one thing. : Hijack.displayProp... Registry Data. (item) HKEY_LOCAL_MACHINE\SOFTWARE\Micro...

I removed it. Now I will go on to the next step that you said... right?
Click to expand...

Yes run the scans and apply all of the updates. You are doing good!
 
D

daddyphat808

Member
wdwmomof3 said:
I just got off of the phone with a comuter guy and he is telling me that we need to wipe the computer clean and start over but first I need to close these accounts. I am going to do this and take it to him. Also, we have never used her computer do to anything with money, like at our bank or whatever. Her itunes is not even on it, so I think we are safe there. What worries me is that whoever this is is also talking to he friends pretending to be her. Her friends are all aware of this problem, but it scares me because of all of the sick people out there, ya know. This has been stressful.
Click to expand...

You don't need to be that drastic yet. There are times you need to have it wiped but I don't think this is one of them. Try running the combofix.exe program from the last link I posted from bleepingcomputer. The guys there are great and that program works real well to remove keyloggers and the sort.

On a side note I own a IT company and my guys run into this stuff more and more. the tools I told you about are the same ones the pros are using at the moment. If you have any other questions feel free to PM me.
 
MsSnuzi

MsSnuzi

Well-Known Member
I just wanted to say what a great site this is, great people willing to help out a friend in need.

I can see you have helped relieve some of wdwmom's stress You guys are awesome!

I love this place. :kiss:
 
Goofy4TheWorld

Goofy4TheWorld

New Member
wdwmomof3 said:
I ran the Malwarebytes and it found one thing. : Hijack.displayProp... Registry Data. (item) HKEY_LOCAL_MACHINE\SOFTWARE\Micro...
I removed it. Now I will go on to the next step that you said... right?
Click to expand...

Malwarebytes found this on my brand-new Windows 7 computer last week, and after researching it, I am pretty sure that this Hijack.DisplayProperites is a false positive on the part of Malwarebytes.

Not that your computer does not appear to have serious problems, but I don't think Hijack.DisplayProperties is it.
 
wdwmomof3

wdwmomof3

Well-Known Member
Original Poster
Goofy4TheWorld said:
Malwarebytes found this on my brand-new Windows 7 computer last week, and after researching it, I am pretty sure that this Hijack.DisplayProperites is a false positive on the part of Malwarebytes.

Not that your computer does not appear to have serious problems, but I don't think Hijack.DisplayProperties is it.
Click to expand...


Ok, that makes me feel better. The copmuter that she is on is new too, she got it for Christmas.

MsSnuzi said:
I just wanted to say what a great site this is, great people willing to help out a friend in need.

I can see you have helped relieve some of wdwmom's stress You guys are awesome!

I love this place. :kiss:
Click to expand...

I love it too!! They have helped me before and I have seen others get help also. It's like a Big Disney Family here. :)

daddyphat808 said:
You don't need to be that drastic yet. There are times you need to have it wiped but I don't think this is one of them. Try running the combofix.exe program from the last link I posted from bleepingcomputer. The guys there are great and that program works real well to remove keyloggers and the sort.

On a side note I own a IT company and my guys run into this stuff more and more. the tools I told you about are the same ones the pros are using at the moment. If you have any other questions feel free to PM me.
Click to expand...

Ok.. I am running the Microsoft Security Essentials now. It is taking a while because I have been in & out today. Now I am going to get the kids & will finish when we get back. Hopefully!! :lol:
 
fyn

fyn

Member
wdwmomof3 said:
Ok.. I am running the Microsoft Security Essentials now. It is taking a while because I have been in & out today. Now I am going to get the kids & will finish when we get back. Hopefully!! :lol:
Click to expand...


For what it's worth, it's entirely possible that this is simply a Facebook application that she "installed" on facebook (which means it shouldn't be a threat to the rest of her machine, just facebook). A clean report by the Security Essentials tool would reinforce my hypothesis. I would also try going into Facebook and removing all Facebook applications. Another way to verify this is to see if any of her friends on Facebook have gotten mysterious "things" posted to their walls by your daughter (even if she didn't do it herself) that asked them to install a certain application in order to see what was posted.
 
D

daddyphat808

Member
fyn said:
For what it's worth, it's entirely possible that this is simply a Facebook application that she "installed" on facebook (which means it shouldn't be a threat to the rest of her machine, just facebook). A clean report by the Security Essentials tool would reinforce my hypothesis. I would also try going into Facebook and removing all Facebook applications. Another way to verify this is to see if any of her friends on Facebook have gotten mysterious "things" posted to their walls by your daughter (even if she didn't do it herself) that asked them to install a certain application in order to see what was posted.
Click to expand...

For sure Facebook is breeding all kinds of nasties these days.
 
wdwmomof3

wdwmomof3

Well-Known Member
Original Poster
fyn said:
For what it's worth, it's entirely possible that this is simply a Facebook application that she "installed" on facebook (which means it shouldn't be a threat to the rest of her machine, just facebook). A clean report by the Security Essentials tool would reinforce my hypothesis. I would also try going into Facebook and removing all Facebook applications. Another way to verify this is to see if any of her friends on Facebook have gotten mysterious "things" posted to their walls by your daughter (even if she didn't do it herself) that asked them to install a certain application in order to see what was posted.
Click to expand...


Ok, I ran Microsoft Security Essentials and everything was clear. I deleted the facebook account, but I am not sure how to remove the face book applications yet. I will look to see if I can find any.
 
fyn

fyn

Member
wdwmomof3 said:
Ok, I ran Microsoft Security Essentials and everything was clear. I deleted the facebook account, but I am not sure how to remove the face book applications yet. I will look to see if I can find any.
Click to expand...

If you deleted the entire Facebook account, then there aren't any applications to remove. They exist "within" your facebook account, and not on your computer. You should be fine at this point. Have your daughter recreate her Facebook account, have her friends send her friend requests, and tell her to be careful what Facebook "apps" she allows to access the information in her profile. Feel free to PM me if you run into any other issues.
 
wdwmomof3

wdwmomof3

Well-Known Member
Original Poster
Ok, The only problem that I am having at this moment, and I have had this all along, is with Norton 360. It is showing that the PC Security is at risk and that 3 items need my attention. When I click "Fix Now" it doesn't do anything. The three items are with the SONAR Advanced Protection, and says that my computer is not protected by SONAR, yet on the side it shows that it IS on, but it is in red.

Also, My inbound & outbound email attachments are not being scanned for viruses, spyware, and other threats. It shows them off & in Orange, but it will not let me turn them on. :brick: My fix it now button will not work.
 
D

daddyphat808

Member
I am not a fan anymore of the Norton product line. In fact with our clients we have been moving them away from the corporate products as well. Look into AVG, or NOD32 as alternatives. AVG free has a pretty good product and is free. No anti-virus\spyware product is perfect no matter what anyone says. The bad guys are just faster at making nasties than the good guys are at detecting them. Just make sure to keep the computer up to date with Windows updates and run the spyware AV scans once a week.
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Back
Top Bottom