Unsettling. Disturbing. Am I being hacked?

Topic

New Reply

Recently two disturbing things have happened on my computer. Last week, while viewing a video on YouTube, (couldn’t remember what it was, one of those Top 10 lists I believe) I stepped away from the PC for a call of nature and when I came back, there was something, I don’t know where it came from, on the site. I can’t quite remember the title (it began with “This is not a . . .” something or other). It showed a figure of someone doing a sexual act (I’m not going to go into details, basically back passage stuff). It sort of looked like an animated chalk figure. It was superimposed over the YouTube video. I clicked it off, the video ran as it should but I was wondering, “Where the f… did that come from?” I ran a scan with Norton. It didn’t find anything. Then today, only a few minutes ago, while I was browsing another website (strictly adult but generally safe, not known to have problems, perfectly within my rights) something popped up that replaced the site. It had titles like National Security Agency, InterPol, junk like that. It looked official; I read a few lines. Something about violating a law or another. I only read for a few seconds before closing the browser in case this . . . thing was trying to put Malware on it. It took longer than it should. The site’s legal so far as I can tell. I think that . . . whatever came from something or someone definitely not legit, but two incidents like this in such a short time has caused me to seriously question my security. Has anyone had any trouble like this recently? Am I hacked? Did something sneak by my defenses? Can I expect anything more like this? This is troublesome and I’m starting to worry.

Reply | Quote

Replies

Don’t know about the first one, second one is just a redirect with something trying to get you to click on it further to indeed try to get you to help malware get on to your computer. I’m surprised you were able to close it; often it will lock up the browser. I run Chrome with Add Block Plus extension (to kill ads if that’s what the first was) and the Chrome task manager open and ready in case of an incident like the second; just go to the Chrome task manager and kill the offending page (otherwise you’ll have to kill the entire browser from the system task manager)…and then don’t go back to whatever caused it.

Reply | Quote

Don’t know about the first one, second one is just a redirect with something trying to get you to click on it further to indeed try to get you to help malware get on to your computer.

How did that redirect get on the computer? Was it the site or a crack in the system?

Reply | Quote

Redirects are based on browser urls sent from other computers, if it was on your computer and one of those ransom viruses your computer would be locking up even without using the browser and when/if you did try to use a browser, you would be taken immediately to whatever site the virus wanted to take you or it would display ransom demands immediately, no sites of your choosing would likely work at all.

Reply | Quote

Redirects are based on browser urls sent from other computers, if it was on your computer and one of those ransom viruses your computer would be locking up even without using the browser and when/if you did try to use a browser, you would be taken immediately to whatever site the virus wanted to take you or it would display ransom demands immediately, no sites of your choosing would likely work at all.

We’ve all heard horrendous stories about ransom sites. Never happened to me or family, but stuff happens. What exactly does one do if this ransom thing ever appears?

Reply | Quote

We’ve all heard horrendous stories about ransom sites. Never happened to me or family, but stuff happens. What exactly does one do if this ransom thing ever appears?

I think I found out what this thing was; I believe its called Reveton. It’s a police/cop trojan. I found it on Wikipedia when I googled ransom virus. Its description pretty much fits what I saw. Am I compromised? Can my Norton Security Suite deal with this? I clicked it off as soon as I saw it but I’m wondering if it’s still hiding somewhere on my PC. My PC’s working okay now but I’m wondering . . . And would a malware removal tool react with my Norton?

https://en.wikipedia.org/wiki/Ransomware

Reply | Quote

buy a new pc generally —
unless you want to pay them and encourage more such attacks on pcs —

then
load it up with mbam and other goodies

stay away from bad sites
plus dont open email attachments

kill flash and other popular security holes

We’ve all heard horrendous stories about ransom sites. Never happened to me or family, but stuff happens. What exactly does one do if this ransom thing ever appears?

Reply | Quote

You should run the usual collection of malware removal tools.
http://www.bleepingcomputer.com/forums/t/540376/recommended-offline-scanners/

cheers, Paul

Reply | Quote

One hopes one has a backup that has not been compromised. If not it’s boot from CD / USB, delete the disk partitions and install from scratch.
Make sure your bootable USB device has not been connected to the compromised computer since the infection.

cheers, Paul

Reply | Quote

Reveton details and removal.

Using malware removal tools should not conflict with Norton, but you have a full backup don’t you?

cheers, Paul

Reply | Quote

Reveton details and removal.

Using malware removal tools should not conflict with Norton, but you have a full backup don’t you?

cheers, Paul

Booting into safe mode seems a little much. Can Malware Bytes take care of this? And yes I have backup.

Reply | Quote

Booting into Safe Mode is required to access Windows to clean up the malware.
I don’t know if MB will clean that infection for you.

cheers, Paul

Reply | Quote

I followed the instructions on that link you sent me. According to my startup folder, there’s nothing in it. I don’t know if that means I opened the wrong folder or I should open something else or I managed to click off Reveton before it could do something nasty. I still don’t feel safe; I’m still wondering if that thing is in my PC somewhere.

Booting into Safe Mode is required to access Windows to clean up the malware.
I don’t know if MB will clean that infection for you.

cheers, Paul

Reply | Quote

Are you getting any indication of the malware?
Have you run the scanners from post #5?

cheers, Paul

Reply | Quote

Well, I downloaded and ran a free MalwareBytes. It didn’t find anything either. When the ransomware initially appeared, I clicked the X in the upper corner a couple of times and it disappeared. I’m wondering if I did something before it could do something. Maybe I should download another scanner.

Are you getting any indication of the malware?
Have you run the scanners from post #5?

cheers, Paul

Reply | Quote

From my very novice approach, here is what I think might work with a sudden ransom-ware attack. First, do not touch a single key. Hold down the power button until computer shuts down. Second, attach a bootable pre-configured thumb drive having an anti-virus program, like Windows defender. Boot to the usb drive to clean the machine. If not possible, boot to safemode and run virus cleaners.

I think this worked until Windows 8 [and probably W10] because unlike the good old days, one cannot simply boot to bios/setup and change boot sequence.

I have done this endless times on older machines, but could never boot to USB with Win 8. I called Dell on this and they said it was simple. Just boot to Win 8 and inside the OS, change the boot sequence. Unclear on the concept, eh?

Reply | Quote

Try the Panda one and Eset. That should cover most.

cheers, Paul

Reply | Quote

I used the Panda. I don’t know; my unease seems to have abated somewhat. Maybe I should use Eset too. Anyway, thanks Paul T

Try the Panda one and Eset. That should cover most.

cheers, Paul

Reply | Quote

PANDA ATTACK?
After reading the above, I followed the Bleeping Link and while there, decided to first read the info about installing the Panda, before downloading Panda. That took me to Panda’s site and then a 1″ tall reversed white out of black message appeared at the bottom of my screen, which said “We use our own and third party cookies to enhance your computer experience. By continuing to browse this site or clicking the close button you agree to our use of cookies.” aka you lose both ways. I got out of there, but when I re-opened the Lounge, there was an ad floating at the bottom of the screen. Have I been hacked by the Panda? What should I do now, or should I start a new message?

Reply | Quote

PANDA ATTACK?
After reading the above, I followed the Bleeping Link and while there, decided to first read the info about installing the Panda, before downloading Panda. That took me to Panda’s site and then a 1″ tall reversed white out of black message appeared at the bottom of my screen, which said “We use our own and third party cookies to enhance your computer experience. By continuing to browse this site or clicking the close button you agree to our use of cookies.” aka you lose both ways. I got out of there, but when I re-opened the Lounge, there was an ad floating at the bottom of the screen. Have I been hacked by the Panda? What should I do now, or should I start a new message?

No, you have not been hacked. Cookies are not evil.

Ads on this site are controlled and personalized by Google: “In addition to seeing ads based on the types of sites you visit, you may also see ads based on your interests and more.”

You can change settings to opt-out of personalized ads. You’ll still see ads but they will be less relevant to you. Click on the small AdChoices (for AdSense) triangle at top right of an ad.

Reply | Quote

A lot of sites never bother to warn about cookies…trust me, you have cookies up the yingyang unless you purge them purposefully constantly.

Reply | Quote

For some reason I was getting very few pop-ups, but within the last day or so I am now getting quite a few.
I use FireFox. I did not have an ad-blocker enabled on FireFox (because I did not need one).
Is there an a workable ad-block for FireFox ?
Thanks in advance,
Paul

Reply | Quote

5,

Adblock Plus.

Zig

Reply | Quote

Also uBlock – supposed to be better than Adblock, but don’t know if it is though.

Eliminate spare time: start programming PowerShell

Reply | Quote

Noscript is good as well, though it does take some getting used to.

Reply | Quote