The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Remote Accessed... Great, now what?
I'd Fuck Chuck Lidell Up
Registered User regular
Registered User regular
Ok, so I unlocked my computer last night and it was acting funny. Jumps in FPS and the like. Tried to drag browser from one screen to the other and it was stopping. Basically looked like when we would get RA'd at school. went to open a command line to run ipconfig and whoever was on it ran a shutdown script. I rebooted it in safe mode and ran MSE and it found a java exploit. removed it, ran reg scan and everything seems to be fine now.
So now I have some questions:
1. Was the (assumed) s-kid able to access my computer when it was locked or did he only have access for the 20~ seconds it took for me to realize what's going on?
2. Is it safe to assume that I'm fine now and my stuff is secure (closed the exploit, got rid of trojan) or is it time to blow away my OS and/or change all of my passwords?
any other advice is appreciated as well
thanks
So now I have some questions:
1. Was the (assumed) s-kid able to access my computer when it was locked or did he only have access for the 20~ seconds it took for me to realize what's going on?
2. Is it safe to assume that I'm fine now and my stuff is secure (closed the exploit, got rid of trojan) or is it time to blow away my OS and/or change all of my passwords?
any other advice is appreciated as well
thanks
0
Posts
2. Technically you are fine and should not need to nuke your OS. I would definitely change your passwords for online services from a different computer, just to be safe. As for your passwords for that particular system, you can change them just to cover your bases, but you should be fine.
I'd definitely monitor activity on that system for a week or so, just to make sure you're okay.
https://steamcommunity.com/profiles/76561197970666737/
You have no idea how else your system has been compromised and even stuff sold in crimeware kits can have features that most (any?) AVs are not going to catch.
I think it's appropriate to listen to this guy - compromises can be incredibly complex and contain many components that can operate independently from one another. Format and change all credentials.
I can has cheezburger, yes?
Complete agreement.
I'd add a recommendation to change your passwords. At minimum reset your system, banking, and e-mail passwords to something you haven't used before. Monitor your banking activity for a few months, make sure you grab your annual credit report and check it for unexpected stuff (you are doing that already, right?), the normal stuff.
As the saying goes, "take off and nuke the site from orbit, its the only way to be sure"
Would a fresh MBR be appropriate? It's going to be missed by most partition software(unless you manually tell them to recreate it), and there's a few rootkits that live in there. It takes a few seconds, but just deleting partitions won't hit it.
Your MBR should be located on the partition you boot from, so if you're doing a complete format you should be okay. The problem is the most popular reinfection is currently an awesome partition that takes over as it's very own boot partition, and launches code from there. So you have to make sure you remove that first, otherwise it'll just load the infected MBR again anyways.
When in rootkit doubt, run TDSS killer