Waiting for reply An old problem with suspicious activity / Av reports / Emails warning about accounts being possible hacked

This thread is waiting for a member reply to continue
Status
Not open for further replies.

Zecha

Level 2
Thread author
Mar 2, 2020
69
Hi again.
I just have an old problem about my devices could being hacked.
Problem it is since end of 2019/ start of the 2020 when I clicked on a website, then I clicked on a product on that website and on url bar it opened a Profitshare link that redirected me to a retailer but I got a pop-up that asked me for money in a limited time so I could not getting a ransomware by paying them.
I ignored that thing and after weeks by weeks , months by months I got different email alerts referring to my accounts linked to that email address could being hacked or someone tried to connect on those accounts.
Since then I just keept changing my passwords.
Since 2019/2020 no account has been stolen but I just got from time to time a notification alerting me.
I stopped receiving emails, or reports on my kaspersky antivirus after mid of 2021 I believe or even earlier than that.
But by few days, 3-5 days I wanted to disconnect my ethernet cable from router and connecting directly to my computer.
I created different broadband connections on Public because it couldnt remember my password.
And yesterday at 22:00 after closing a game I got a report from my kaspersky antivirus for a DDOS attack being blocked. (Atac de retea blocat - in ro).
I have/had a feeling that after 2019/2020 my devices went crazy with bugs after bugs. I just hate how many bugs and glitches I have on desktop, browsing, on different game platforms, on my phones, on my tvs etc.
And I have a permanent feeling that someone is watching me or he is trying to steal my accounts or personal data because it is strange how many bugs I can get with every new peripheral I get or device.
I scanned with different softwares and I found nothing.

I was guided by some experts on this forum to use some softwares, to post different files logs on my thread but they found nothing so my thread was closed.
But I am still afraid of being hacked.

What can I do in this situation? How can I find my problem? Malware, virus, process in the background, mining and so on. Is there an easy way to find the cause for my problem?
I am not that good at tech so steps I was guided to follow in the past I couldnt follow all of them bcs it was too stresful to do some of them.

But I really want to get rid of an eventual infection, corruption data. I just want to be 100% safe and clean.

Should I post the report from my kaspersky? It shows there my computer IP, Aggressor IP Address and some other things.
I tried malwarebytes and a lot of free anti malware softwares but no one could find a problem.

I really dont know what to do.
It is strange that no account was stolen from me but I continue to receive different connections attempts on my accounts, or even location from where I used my account (different countries from my).

Thank you! I hope you will understand my problem which I am confronting now and I hope I will get some help about that.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
900
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

It's been so long since the start of the problems will have to do a complete check.

If you have Malwarebytes installed just run it as suggested, If not:

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer

  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Post the MBAM, Adwcleaner, FRST.TXT and Addition.txt logs for my review.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
Hello.
Yes, I am doing things slowly, sorry.
I will try to follow the steps you suggested tommorow on morning.
I am not sure if I used malwarebytes on my actual windows or not I hope there wont be problems.

I tried to search on google for almost same things when I think I got an infection.
I typed "top cele mai bune benzi de alergat" and the website was similar to first searches :
Top 5 cele mai bune benzi de alergat | Gardianul.ro 2021
and

I am not sure how to post websites without an actual link and I hope you will edit for me.
Those websites are similar to what I clicked back then. It was a profitshare link on a Threadmill and after I clicked I went to "Emag" but I had a pop-up on top of the device.

I hope I can fix somehow my problem.
Sorry again for late response and how slow I cooperate.
Thank you!

Edit : I forgot to say that I copy link and scanned on virustotal every website above and first 3-5 links on that website and virustotal found nothing.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
900
Hi,

Take your time.
I will give you some fix after I have seen the logs from running the scan with the Farbar program.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
I did first step but I couldn't find this row : " Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*] "
I think my trial version it is a little bit different.

I did 2 scans just in case.

Here is log from malwarebytes and soon I will do next steps above :
I updated the application as you can see on jpeg file. I dont know if its the same as you mentioned before. "click on the word "Current" under the Scan Status to update the tool database."

Can you aswell tell me what does this mean? : PUP: Detect PUM: Detect.
It should be "Detect" as status or "Enabled"?
 

Attachments

  • Update database.jpg
    Update database.jpg
    295.9 KB · Views: 18
  • first scan.txt
    1.2 KB · Views: 17
  • second scan.txt
    1.2 KB · Views: 16

Zecha

Level 2
Thread author
Mar 2, 2020
69
I did for now the scan with AdwCleaner but it was done in 4 seconds and in the log file it says that I use Windows 10 Pro but I am on Windows 11.
I couldnt find Clean button after scan.
The scan was made without changing any settings on the program.
I will attach a screenshot how the program looks.
After scan I was asked if I want to do a basic repair and I skipped.
Run basic repair it means "Clean button"?
I dont want to go on next step if this one was wrong made by not clicking on basic Repair because I have to do steps in order.
 

Attachments

  • adwcleaner - run basic repair or skip.jpg
    adwcleaner - run basic repair or skip.jpg
    67.7 KB · Views: 15
  • AdwCleaner[S00].txt
    1.4 KB · Views: 15

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
900
Hi,

The Adwclener log is good.
Windows 10 and 11 are using the same function.

I will check with Malwarebytes if it's possible to identify the correct Operating sysem version.

Now I need to see the other logs from the Farbar program.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
I did the scan with FRST and I took a look at txt.
Is it ok or it has some problems?
So through this software you just take a look at different programs, services installed on my computer past time and check those programs if they are safe/legit or not? Or how does this work?

Here are the logs.
/ I tried to post my FRST log but It doesnt let me.
 

Attachments

  • Addition.txt
    36 KB · Views: 14

Zecha

Level 2
Thread author
Mar 2, 2020
69
This is very strange that someone used my Riot Games account since 18 march I think just after I posted log files Adwcleaner.
And yesterday just 4 minutes after your reply at 3:15 PM I got request for code to connect to my Riot games account on my email address.
I just figured out today that someone accessed my account.

It could be the cause that I scanned different things on virustotal recently? Maybe some files that I should'nt scan them there?

Just an update : Someone used my computer recently and went to :

Can somone tells me if this was the problem? Because I scanned on virustotal and after doing so I can see at Detection : Comodo Valkyrie Verdict : Phishing.
As I know Phishing is related to account informations being stoled, right?
The problem which I encountered recently is based on account informations being stoled (Riot / Valorant account).

Is virustotal right and that is a link used for phising?

Thank you once again!
 
Last edited:

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
900
Hi,

Virus total can be trusted.
Never seen any problems by those using it.

I would change my passwords for all important sites since you have been hacked.

Pwned Passwords​


Be sure to use a strong password”

The logs from running the Farbar program will help me identify any known malware .
If found I will give you a fix to remove it.

You have posted the Addition.txt log but I also need to see the FRST.TXT log for a review.
Please attach it to your next reply.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
I wrote about Farbar text notepad that doesnt let me post it on this thread.
I tried multiple times and he was loading but the box was blank. And after I pressed Post reply nothing was posted.
Dont know how to make that FRST.txt work.

So non the eos website (last link) or those links on my #4 comment were malicious?

The problem with my Riot account is it an isolated case or the problem could be bigger than that?
In all this long time I didnt see any match played on my accounts or something like that.
But on different accounts I could see connections on the account which were not mine. Social media mostly.

This is the first time when I am having this problem. So maybe I did something wrong recently? By searching different things and scanning different things on virustotal?

I want to know if eos is truly used for phishing or not. (As I found on virustotal)

"The logs from running the Farbar program will help me identify any known malware .
If found I will give you a fix to remove it."
Ok, good, but how?
You just check which programs do I have installed on my computer and you know if all those programs are often malware or not?

What I am trying to say about Virustotal is : if I scan a file or link on that website that has some personal information then after scan people can use that data?
Maybe I did this wrongly on virustotal and my data was exposed. I really dont know.
 
Last edited:

Zecha

Level 2
Thread author
Mar 2, 2020
69
Also you should turn 2fa to make your account even safer
Yes, I can do that but Riot account isnt very important to me.
By not using 2fa I can have an evidence that I am being hacked by someone.
This problem is veryyyyy deep and I really dont know from where to start...
It could be anything minor or not hiding behind my internet.

It's strange how no program can detect anything malicious on my device. That makes me think even harder.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
The most funny part about this is that the attacker/hacker how you can call it he got access on my account but he didnt change password, email or data in general.
He invited 5 of his friends I think and he played a lot in 2 days. I went up in battle pass by 10-15 levels.
Should I laugh or cry?
 

peterfat11

Level 11
Verified
Top poster
Well-known
Mar 25, 2021
531
he must be a game :D, but who knows what will he do later? So, it is better just to turn on 2fa and log out from all devices, he might mess up your stats idk.
 
Status
Not open for further replies.
Top