Topic: Quick test if your Windows pc has been hacked. (Read 3685 times)

It could be reduced to two steps.

1) Create a non admin user. Log out then log into the non admin.
2) Log out of the non admin and back into the regular account. Look at start button.

Or even one step.

1) Create a non admin user. Log out then log into the non admin. Log out of the non admin and back into the regular account. Look at start button.

\How's that?

Anyway I think I caused some confusion by not being clear that these steps are only meant for one virus that probably only a few people have on their computers. I think I might have given the impression that I meant it to test for all viruses.

So far the only thing that has been detected in files from that computer is Trojan-Dropper.Win32.Injector.jnzz and only 4 out of 49 antiviruses call it malware. Maybe in coming weeks some more interesting malware will pop up on a scan of those files.

Well yeah even if you found out that you are hacked you still need to re-install

I tried to list exactly what I did but a short version that is probably the same might be
1) Create a non admin user
2) Log out then log into the non admin
3) Log out of the non admin and back into the regular account
4) Look at start button.

You're right though, it's not likely anyone would take those steps.

The end. I hope.

It would be easier for me to re-install windows for meh then do this things

Hacker's browser
109.120.153.223 - -  "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0"

please go
thank you

Now your just bashing the ones who are helping and trying to understand what the hell you wrote as far as a "test"

BTW, your "test" makes no sense from an I.T.'s point of view, and is a waste of time.

Telling me to move on, the time I spent typing that to try and help you I should charge you my hourly rate but I'm afraid you couldn't afford it.

Also, saying it wasn't detected till the 11th, so your anti virus wouldn't catch it. I update my offline scanner's daily, it's not hard to click update.


I'm done, go troll somewhere else, maybe the newbie section, they seem gullible enough.  

Any kind of scanning is great if the virus was detected already by the company that scans. The virus or trojan mentioned above was not discovered until Dec 11.

https://www.virustotal.com/en/file/44fb2ae318a305108f9aba468e9a58d90aa695998cfeba9e951073edd69717fe/analysis/

Even if that one is not actually a virus, still a scanner only finds old news. It's important but it's not everything.

Believe whatever you want. Please move on. This is like kindergarten.

Start button has never changed in all the time I used a computer until it was hacked. When the computer was hacked there were several slight changes in the computer. I just googled black start button virus and the results did not match my experience.

As far as "verifying my claim". I've given what information I have. If you want information I have then ask. If you want information from google verifying it then look to google.

I use Avira as a complete offline scanner. Avira rescue cd is on a small linux distro making it completely offline.

Avast has the boot scan, and I haven't heard any complaints.

I have at least 4 different offline scanners on my multiboot drive.

Agree, have heard from many IT guys that offline virus scan such as boot scan in Avast detects hidden viruses.
Which program do you suggest for it.

The problem with a virus is that when you do a scan in windows it can not detect it sometimes if it already manifested into the system files.

You need to do the offline scan, it removes all the variables of the virus fooling the anti virus software.

By saying your not smart enough to understand what I wrote, I am inclined to believe you are trolling instead.

There are people in this form that will help, a lot in the I.T. industry, but once you are identified as a troll all bets are off.

We just wanted to know if there is any article on the internet (apart from your posts) that can verify your claim that the Start Button color change is related to PC being hacked.

etc

Sorry, I pretend to be smart but I can't follow all that shit. In the morning I'll reread it and do it since you sound smart.

I don't know if I specifically pissed someone off. I harassed a character fireball on this forum because he runs a crooked exchange, and he came to mind but if you read his posts he is generally a civilized type. He might have done it but I doubt it.

More likely. I got into bitcoins earlier this year but only a few weeks ago I started going bananas with weird coins, dozens of them, going to alot of off the wall flybynightish coin sites. It seems likely because of the timing and because that seemed to interest the hacker, that they are related.

I just scanned the files I saved with Zone antivirus and it detected Trojan-Dropper.Win32.Injector.jnzz while nothing was detected a few days ago. But it was in WiseCare365.exe so it might be a false positive. I use all of the Wise products and they are a major company. I'll keep scanning regularly. I looked online and saw Kaspersky discovered that trojan, so if it is the culprit there is some balance. Russia has some of the lowest scum as well as some of the most brilliant and decent people.

Continued...

After virus scan is complete and viruses are removed it is now time to backup your files.

I recommend parted magic, but you can use whatever flavor of linux you want for this.

Go here and download parted magic http://www.majorgeeks.com/files/details/parted_magic.html

Once that is downloaded, you can either use the same flash drive or another if you have one. If your flash drive is big enough >4GB I recommend this.

http://www.pendrivelinux.com/yumi-multiboot-usb-creator/

I have a 32GB Flash drive with several linux distros, sever distros, parted magic, anti virus, Hiren's boot cd for mini xp

Either route, if using unetboot follow the previous steps and just select parted magic iso.

Once booted into parted magic, plug in an external drive and copy your documents from your main drive to the external.

Doing this outside windows prevents trojans from hopping a ride.

Once you have everything backed up, format c: and reinstall windows. I recommend upgrading to 7 if possible due to EOL for xp is April 14, 2014.

And last but not least, anti virus, get it, keep it up to date.




So what did you do to piss this guy off, as the ip you provided came from mother Russia.

http://blogs.e-rockford.com/applesauce/files/2013/09/vladimir_putin.jpg

Have you thought to mabey do some of the following?

1. Identify the problem & fix the problem.
2. Take steps to not allow said problem to happen again.

If you are wondering what I am talking about.

Computer A. is infected with an unknown virus, it is running Windows XP SP3 (I hope SP3), with obviously no anti virus software and no firewall protection.

Diagnose.

Shutdown computer A. immediately.  Go to http://www.avira.com/en/download/product/avira-rescue-system and download the rescue cd from a known clean computer.

Goto http://unetbootin.sourceforge.net/ and download the windows binary.

Place a flash drive at least 1 GB in size in known clean computer and format it as a fat32, quick format will do.

Run unetbootin and click diskimage, and the button with the "..." on it. Locate the avira rescue cd iso and open it.

Make sure the drive is set to the flash drive and click ok.

Once complete, eject flash drive.

Put said flash drive in infect computer and boot from it, scan computer and remove viruses.

To be continued.

I am a sysadmin by the way, I do this shit for a living.

Almost everyone is sure. Most are right. Some not.

I'm pretty sure that mine isn't being hacked 

-delete-

I do it when it seems prudent. I'll probably create a non admin user on every Windows pc I have from now on and log in and out of that at least every few weeks.

I'm not telling anyone else to do it.

pc out the window pisses off the neighbors, otherwise it works.

So , you're telling me that you're going through all those steps each time you use your computer to check if your virus free?

1. throw pc out of the window
2. use magnets on your hard drive

congrats, you're hack free

Learned what lersson? Apparently I made a mistake, I then corrected myself. What lesson did I not learn?




It would seem likely that the hacker did notdo that on purpose. It is simply a flaw in the hacker program. It would have been useful to me to know about it a week ago.

I'd have thought OP would've learnt his lesson after mistaking his screen saver for a virus. Guess not. This helpful Venn diagram should make things clear:



Protip: Actual viruses are designed to not leave obvious clues that you have a virus. Actual hackers are careful to not leave obvious clues that you have been hacked. If something is obviously wrong with your computer, especially if that something has nothing to do with anything a virus or hacker would have a reason to do (Why would a hacker change your Start button? There's absolutely no reason for a hacker to do that.), then chances are it's not a virus or hacker.

None. I read enough. Moving on.

I am well known among the people who know me for being a poor communicator. Do I give a fuck? No.

What do you mean source? My computer was hacked. There were strange things on my computer in the time of the hack that I ignored. I'm telling anyone who has a Windows computer and is interested that if they do the above test they will know whether they have whatever hit my computer.

There were other oddities that were not predictable and easily tested. On Firefox sometimes in the last week a black bar would cover the lower left where an address should be. I also sometimes use other browsers and don't remember anything on them. Sometimes when I would press a letter or number on the keyboard nothing would happen until I pressed a second time. All this is only in the time of the hack, not ever in the last many many years except in the last 2 weeks plus.

What source do you want?

There is some god awful info in this thread.

We would like to see what is your source for this, that's all. Don't feel offended. We just wanna save peoples time in doing a useless verification.

and others


I've been an IT zero years.

I've  been hacked once.

There were a few oddities in my computer that I noticed and could not explain but I ignored them. One of them, the easiest to notice, is that if you follow the steps above and your computer has this problem then when you log back into the admin account the start button will be black until you move the mouse over it.

There were several other things but thisc struck me as the most obvious and the one easiest to replicate.

Again, anyone and everyone is free to ignore my posts. If I had read this warning a week ago and spent a few minutes testing it then some coins would not be lost.

As far as anyone saying it sounds like this it sounds like that, all I can say is move on to the next post.

It can't, I assure you !

Ummmm, a change in the start button if you get hacked? How can that make sense?

Exactly !

That's what I'm saying too , it looks like a prank.
A very time consuming prank.

What the hell are you talking about !?
Sorry, but I've been an IT for more than 15years and this make no sense at all...

This is what happened on my computer. I thought it was very strange. I have been using Windows computers for years and never saw it. It coincides exactly with the hack. In other words exactly when the hack occurred this and a few other oddities occurred in Windows and on my browser. So I can saqy near 100% they are related.

I'm not trying to tell anyone to do anything nor am I pretending to know the least bit about security.

My advice though would be if someone has a Windows computer they follow steps above, create a non admin user, log in and out etc and look for the obvious change in the start button. Someone can do it, not do it, I don't care. When I see something like that I try to give a warning, that's all.

As I said earlier I will reconstruct the pcap files of the hack, put them on a storage drive and scan them regularly until one of the free major antivirus programs detects it. Then I will tell you its name.

Do you have any references about this?
Some thread in a forum which deals with security , viruses?

Unless you show some proofs I will think somebody on 4chan laughed at you.

I've never picked up a single virus in 15+ years until last week. I did what I did and learned my lesson. If you want to pay for a t shirt that says stupid I'll wear it.

If you don't want to read it don't read it.

This post is to point out that if a person notices that change on their computer they have been hacked. So far this is not detected by any antivirus programs so maybe someone else will find it useful. I have pcap files of the traffic and will run them through several antivirus programs once a week or so until it shows up. Til then this is one way to test for it.

You can download backups of your blockchain account.

I thought first he had hacked my blockchain but apparently he just took the backup off my computer along with the rest.

Were you using two-factor authentication on your blockchain account? I was thinking that two-factor authentication makes one immune to getting your account hacked.  Am I wrong?

Windows Vista+ runs everything as an unprivileged user under UAC by default.

Why do you even use an admin account as your regular account? This is like running root for everything under Linux. I have trained some non-technical Windows users to always run their regular stuff as a non-admin user and they have never picked up a single virus in the past 10 years or so.

No really , is this a joke?
Like post this message 7 times or you'll get hit by a falling air conditioner?

This is a quick tip for anyone using a Windows pc. My computer got hacked last week and if I had known it then I'd be richer.

I know this is probably common knowledge among tech types but I did not know it until too late.

1) Log into your Windows pc.

2) Create a second user without admin privileges.

3) restart.

4) Log into your regular account.

5) Look at the start button in the lower left.

6) Go to Switch User and go to your non admin account.

7) Log out of the non admin account.

Log back into the main account.

9) Without moving the mouse or anything else, if you notice something different in the start button you should be worried.

I'm sure this belongs in a different section, so move it. Also sure it is well known, but as I said before I did not know it.

Briefly the hack.

1) Someone emptied the 3 bitcoin I had at Blockchain into the wallet 1GFXKAYNo1Urm3HeaxgoWBPSG9MFUkWFDX

2) Then they emptied a litecoin wallet that I had lost the password for and had stored on my computer.

3) etc etc

In my initial paranoia I though adobe flash was used. Apparently it was not.

My suspicion also focused on Fireball who I have criticized a lot. But although he runs a crooked exchange he honestly does not seem to be the type to steal in this way.

It does seem likely the hacking is related to other altcoins. I've been on the internet since the 90s and was never hacked. Then I downloaded a bunch of weird coin wallets and within weeks got hit.

The hacker used ip address 109.120.153.223