0

So for the last week I've been fighting some virus or malware that has compromised my email. It's sending phishing links to every email address in my cache and I'm also seeing unauthorized FaceBook posts.

I'm on Windows 7 using Outlook 2013 with an IMAP aol.com email. I start seeing email bounce backs and eventually they show up in my sent mail but not until I open Outlook 2013 much later.

And everytime it happens AOL blocks my email and requires me to change my password. I've done it 4 times, but the password change is not helping. Either its a keylogger or something else that is capturing it, but I don't think the emails are being sent through my computer, because it's shutdown or in sleep mode when the emails happen (acording to the timestamps).

I'm running a full scan on all drive using Malwarebytes right now. So far... nothing. Anyone know of something that's going around like this? I think this all started after I clicked on a link from Facebook from my cell phone, but I can't seem to track down the source.

5
Contributors
6
Replies
25
Views
3 Years
Discussion Span
Last Post by kram7750
0

Time to wipe your computer and start from scratch... :-( First, backup your data, and scan it off-line for viruses (another subject). Then, COMPLETELY wipe your disc, including the recovery partition - I have had a number of clients where a virus would infect the DLL's in the recovery partition and then re-infect the system when you re-install the OS. Other modern viruses will infect the boot sector, the system flash memory (where the BIOS keeps its settings), etc. So, you need to wipe the flash, wipe the disc COMPLETELY, and reconfigure the BIOS, reinstall the OS from hard media (DVD), and finally restore your applications and (cleaned) data. It's probably easier and faster to purchase a new system...

FWIW, this is one reason why I run Linux, and only run Windows in a virtual machine. If the Windows system becomes infected I can easily restore it to the last known good snapshot. That has happened, and restoring took about 2 minutes. :-)

FWIW, I will NEVER again purchase a Windows system without a hard media option. These days, it just isn't worth the pain - and $$ to purchase a new copy of Windows 7 or 8/8.1.

0

Here's a copy of my HijackThis log (below) for anyone that can look into it. Thanks. I would prefer not to reinstall everything right now. I do need to make sure my backups were not compromised either, but there is software on this computer that I cannot reinstall because the activation will not work anymore (because the company went out of business).

I will eventually replace the C: drive (currently an SSD but I'm trying to replace it with a larger one). Plus I have to deal with Windows 7 reactivation for an OEM license... which should be fun. I just need to make sure I don't lose anything in the process and I just don't have the time to go through a complete reinstall.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:17 PM, on 4/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\InstallShield Installation Information{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU..\Run: [SkyDrive] "C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = John\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Samsung Magician.lnk = C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
O4 - Global Startup: Event Reminder.lnk = D:\Program Files (x86)\The Print Shop 23.1\Remind.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://
.cinemanow.com
O15 - Trusted Zone: http://.qflix.com
O15 - Trusted Zone: http://
.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\appinit_dll.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LucidSvc - LucidLogix - D:\Program Files (x86)\VIRTU MVP 2.0\LucidSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14886 bytes

0

The "file missing" logs are probably the most indicative that you have been seriously hacked, and should NOT be running this system as-is now. No matter the pain in restoring it, you should give some thought to migrating to Linux. Most Windows applications have Linux equivalents, and where they don't, then you can either run them in Wine, or in a full Windows virtual machine.

0

The "file missing" logs are probably the most indicative that you have been seriously hacked, and should NOT be running this system as-is now.

No, the "file missing" entries are indicative of WOW64 redirection. HijackThis is terribly outdated and shouldn't be used on 64 bit systems. For serious malware problems, HijackThis is basically useless regardless of the windows platform.

0

Yeah, HijackThis is over. Trend bought it out and a year later allowed it to languish, no further development. And in this case, it shows no malware indications. I'm afraid malware has moved on; it's shamefully poor stuff that is picked up by such a simple scan.
John, you copped a trojan that opened a backdoor, read and delivered your email address book, but I find it hard to believe that having done that it is posting your password changes as you make them. That is too personal an attack.... However... may I suggest first a scan using OTL (non-invasive) followed by a pass with Combofix ( a scan plus preliminary malware kill). Post the resulting logs, please ( there will be two OTL logs, and one Combofix log).
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

  • Double click on the icon to start the application.
  • Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
  • Into the Custom Scan box paste this:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

  • Press Run Scan.
    The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or perhaps from here: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and save work, turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
- to run it dclick the Combofix.exe icon and follow the prompts to start it. If you do not have it installed already, Combofix will download and install the Recovery Console on your system. You must allow that.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

0

That is some big virus/malware you got there...
I recommend just buying a new system. It's a lot easier, especially if you don't know about flashing BIOS, formatting hard drives and so on.

If it knows your password updates, your in big trouble.

Go onto your smartphone or tablet if you have one and change your passwords. If you don't have a smartphone or tablet, or a device which can run the internet browser well apart from your currently infected computer/laptop, do it at a friends house. After changing ALL your passwords, make sure you do not login to ANYTHING on your infected system, or it will gather all your passwords again and login and use them.

After changing all the passwords, get rid of the system. Unless you are willing to spend the time to fix it with the above suggestions/any suggestions people may write to fixing it. Personally, I would agree with the first post in this thread on how to fix it. I would get started, now.

Make sure you don't just reinstall the Operating System. Format the hard drive completely, flash the BIOS, buy a new copy of Windows/use a Windows installation disk which has been bought. Do not use a online downloaded ISO because that may be infected and then after installation you get infected again.

In the future, get a good firewall and Anti-Virus to help protect you. Of course, they can never be 100% fullproof but they do a good job at trying to protect your system.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.