Yesterday, I was believed to have been hit by a drive-by java attack. It supposedly installed a remote administration tool onto my pc, giving these hackers access to my files. I ran spyhunter 4 and it detected a trojan as well as some other things, but "super anti-spyware" did not detect those. I have changed my password several times and somehow I keep getting these bad login errors, which means someone is on my pc downloading my encrypted password files and decrypting them. Is it worth the $30 to get the full version of spyhunter4 and eradicate these viruses? Also how do I know if they are using a R.A.T. on my pc?
this is completely illegal and I hope the parties responsible are apprehended, but I don't see any way that would happen
but, I don't know, what did you download that was a trojan horse?
Well, I didnt intentionally download anything. A guy came onto my server, asked me to advertise my server on his site. I go to the site and it asks me to allow java, so I do so. Then a cmd prompt opens up real quick, then closes. Then the website says "failed to connect". Next thing I know, there are two ops on my server, one being the owner of the "site". I deopped them, banned them, banned their ip's, both of which I have. Changed my password, changed the SSH dedicated box password, and tonight I still got a bad login error when no one but me knows my new password.and where would I go to apprehend these people?
So what did Malwarebytes find?
Did you try asking for support on the forum or support site for your anti-virus?
I read the thread yesterday and at least a couple of the people gave you good advice, I hope you have followed thru on at least most of it.
So what did Malwarebytes find?
Did you try asking for support on the forum or support site for your anti-virus?
I read the thread yesterday and at least a couple of the people gave you good advice, I hope you have followed thru on at least most of it.
Remote Access Trojan or R.A.T.
The only software which has found something out of the three I ran is spyhunter 4. It has detected a trojan but I must pay $40 for the full version to get access to the removal. Are there any GREAT and FREE anti-trojan programs out there? I have tried googling but I have had little luck
So what did Malwarebytes find?
Did you try asking for support on the forum or support site for your anti-virus?
I read the thread yesterday and at least a couple of the people gave you good advice, I hope you have followed thru on at least most of it.
Remote Access Trojan or R.A.T.
Oh because hackers can use Remote Administration Tool to equally ruin people's days.
Have you tried Windows Defender? It isnt as bad as people think. Found the elusive Vorbus.md worm on my computer, while avast did not.
The only software which has found something out of the three I ran is spyhunter 4. It has detected a trojan but I must pay $40 for the full version to get access to the removal. Are there any GREAT and FREE anti-trojan programs out there? I have tried googling but I have had little luck
What a second, if spy hunter claims it found a trojan then it must have told you what it was, and probably where...with a name you can find manual uninstall instructions at all kinds of tech sites usually.
Windows Defender only has an antivirus on Windows 8, though. Microsoft Security Essentials is Windows 7's version.
If this does not detect anything and I still get the bad login errors, what is next? (I haven't scanned yet but if it does not detect anything I want to know what to do next)
What a second, if spy hunter claims it found a trojan then it must have told you what it was, and probably where...with a name you can find manual uninstall instructions at all kinds of tech sites usually.
Problem is that I was really late to school so I had to shut my PC down
The Trojan or other virus can only affect a computer unless they terrors the internet. How about change your computer, set new password and try again? But if you want to use this method, don't ever use computer that you think it is affected by Trojan Virus.
The Trojan or other virus can only affect a computer unless they terrors the internet. How about change your computer, set new password and try again? But if you want to use this method, don't ever use computer that you think it is affected by Trojan Virus.
Speedvision
What do you mean "unless they terrors the internet"? Also if you want to fork over a grand I would be glad to get a new pc
Backup your files, wipe your computer, change your password from a different computer, reinstall the operating system, import the backed up files, and they won't have your password
Option 1: Format your drive and reinstall everything. This will remove all viruses and is the quickest most efficient way to remove viruses.
Option 2: Run virus scanners and virus removal tools until you have completely removed the viruses. This is a LONG process and you may eventually run out of option and still have to reformat your hard drive. If you choose this, follow the directions below.
1. Get a REAL anti-virus program, like Avast, MSE, or Avira. Run a FULL SCAN.
Allow the full scan time to complete, this may take hours.
I don't know what these crappy programs you're using are, but stop using them. Uninstall them. You don't need them, and they likely won't ever find anything.
2. Get Malware Bytes or Spybot: Search and Destroy, and run another full scan with one of these programs.
3. Restart, do it all again.
If viruses remained after the restart, then you need a more specific tool to remove the virus. Get the name of the virus off of the program that finds it and look it up. You should find instructions to remove the virus on a legit security site, likely downloading a small program. After following these directions, restart and do it all again.
4. If you still can't remove the viruses: Reformat... or take it to a specialist who will likely just reformat it for you.
After you've removed the viruses:
1. Get the IP of the website you went to, along with the other two IPs you got.
2. Find out the ISP of all of the IP addresses you had.
3. Call their ISP and report these IP addresses, explaining that you were attacked by these individuals and their website with viruses.
Finally:
Keep your crap up to date, Windows, Browsers, and Java, so this sort of crap doesn't happen again.
Well, I didnt intentionally download anything. A guy came onto my server, asked me to advertise my server on his site. I go to the site and it asks me to allow java, so I do so. Then a cmd prompt opens up real quick, then closes. Then the website says "failed to connect". Next thing I know, there are two ops on my server, one being the owner of the "site". I deopped them, banned them, banned their ip's, both of which I have. Changed my password, changed the SSH dedicated box password, and tonight I still got a bad login error when no one but me knows my new password.
and where would I go to apprehend these people?
Someone didn't update their Java. A critical vulnerability was discovered that allows Java to run executables outside the Java sandbox. This has been patched since then, but the high media attention it received and the tendency of people to not update Java make it a very real threat even now.
Please report the names of the users that did this to you, the web site they asked you to visit, and any other pertinent information that can be used to identify the perpetrators or at least to warn others about them.
Someone didn't update their Java. A critical vulnerability was discovered that allows Java to run executables outside the Java sandbox. This has been patched since then, but the high media attention it received and the tendency of people to not update Java make it a very real threat even now.
Please report the names of the users that did this to you, the web site they asked you to visit, and any other pertinent information that can be used to identify the perpetrators or at least to warn others about them.
Should I report it here? Also, the website they asked me to visit is one which no longer is up if I try to go to it. It brings me here: http://error404.000webhost.com/?
Option 1: Format your drive and reinstall everything. This will remove all viruses and is the quickest most efficient way to remove viruses.
Option 2: Run virus scanners and virus removal tools until you have completely removed the viruses. This is a LONG process and you may eventually run out of option and still have to reformat your hard drive. If you choose this, follow the directions below.
1. Get a REAL anti-virus program, like Avast, MSE, or Avira. Run a FULL SCAN.
Allow the full scan time to complete, this may take hours.
I don't know what these crappy programs you're using are, but stop using them. Uninstall them. You don't need them, and they likely won't ever find anything.
2. Get Malware Bytes or Spybot: Search and Destroy, and run another full scan with one of these programs.
3. Restart, do it all again.
If viruses remained after the restart, then you need a more specific tool to remove the virus. Get the name of the virus off of the program that finds it and look it up. You should find instructions to remove the virus on a legit security site, likely downloading a small program. After following these directions, restart and do it all again.
4. If you still can't remove the viruses: Reformat... or take it to a specialist who will likely just reformat it for you.
After you've removed the viruses:
1. Get the IP of the website you went to, along with the other two IPs you got.
2. Find out the ISP of all of the IP addresses you had.
3. Call their ISP and report these IP addresses, explaining that you were attacked by these individuals and their website with viruses.
Finally:
Keep your crap up to date, Windows, Browsers, and Java, so this sort of crap doesn't happen again.
I am doing some detective work, and may have found one on skype, but he claims that his account password for minecraft was stolen or something. I would try to match his IP to the player file but the website to check skype IP's is down for maitenance -.-. I ran a full scan with MSE, found a java downloader trojan and another one which I didn't recognize. I removed them, ran another full scan and nothing is there. Am I safe?
Hmm, not to much of a virus guy but try this, go into cmd and type ''netstat -ano'' , anything that says established should be using your internet connection (they need internet to remotely connect to you), if there is established stuff, open task manager, (ctrl alt esc) then goto view -> collums -> Pid, the established programs should have a number beside them, match them up, then find right click and open the file place, you can delete it manually there.
You could also try, booting in safemode then running the scans.
If you can look for the file that you downloaded, BUT DO NOT RUN IT, if possible right click and hit edit, then give us a link of the code, this could help us figure it out.
Btw, for the netstat thing, do it on normal windows (not safemode) then if there is somthing move on to safemode, make sure you have internet and try again, if theres nothing with established it could be a program under msconfig -> startup
Use Malwarebytes, http://www.malwarebytes.org/, found there. It's free, and the full version just has an anti-vir and some quicker scanning which you don't need really.
If that doesn't find anything, run MBAR, http://www.malwareby.../products/mbar/, which will look for a rootkit which could be hiding the RAT. If it finds it, kill it and run MB again.
Since you found something already, this probably isn't necessary though.
Well now when I go to make a new folder it says "new briefcase" and there is no option for a new folder. Then it says that briefcases are used to sync files between two computers. Is this part of their virus or is this because of some anti-spyware program?
but, I don't know, what did you download that was a trojan horse?
Well, I didnt intentionally download anything. A guy came onto my server, asked me to advertise my server on his site. I go to the site and it asks me to allow java, so I do so. Then a cmd prompt opens up real quick, then closes. Then the website says "failed to connect". Next thing I know, there are two ops on my server, one being the owner of the "site". I deopped them, banned them, banned their ip's, both of which I have. Changed my password, changed the SSH dedicated box password, and tonight I still got a bad login error when no one but me knows my new password.and where would I go to apprehend these people?
Did you try asking for support on the forum or support site for your anti-virus?
I read the thread yesterday and at least a couple of the people gave you good advice, I hope you have followed thru on at least most of it.
Remote Access Trojan or R.A.T.
The only software which has found something out of the three I ran is spyhunter 4. It has detected a trojan but I must pay $40 for the full version to get access to the removal. Are there any GREAT and FREE anti-trojan programs out there? I have tried googling but I have had little luck
Oh because hackers can use Remote Administration Tool to equally ruin people's days.
Have you tried Windows Defender? It isnt as bad as people think. Found the elusive Vorbus.md worm on my computer, while avast did not.
What a second, if spy hunter claims it found a trojan then it must have told you what it was, and probably where...with a name you can find manual uninstall instructions at all kinds of tech sites usually.
Speedvision
Option 1: Format your drive and reinstall everything. This will remove all viruses and is the quickest most efficient way to remove viruses.
Option 2: Run virus scanners and virus removal tools until you have completely removed the viruses. This is a LONG process and you may eventually run out of option and still have to reformat your hard drive. If you choose this, follow the directions below.
1. Get a REAL anti-virus program, like Avast, MSE, or Avira. Run a FULL SCAN.
Allow the full scan time to complete, this may take hours.
I don't know what these crappy programs you're using are, but stop using them. Uninstall them. You don't need them, and they likely won't ever find anything.
2. Get Malware Bytes or Spybot: Search and Destroy, and run another full scan with one of these programs.
3. Restart, do it all again.
If viruses remained after the restart, then you need a more specific tool to remove the virus. Get the name of the virus off of the program that finds it and look it up. You should find instructions to remove the virus on a legit security site, likely downloading a small program. After following these directions, restart and do it all again.
4. If you still can't remove the viruses: Reformat... or take it to a specialist who will likely just reformat it for you.
After you've removed the viruses:
1. Get the IP of the website you went to, along with the other two IPs you got.
2. Find out the ISP of all of the IP addresses you had.
3. Call their ISP and report these IP addresses, explaining that you were attacked by these individuals and their website with viruses.
Finally:
Keep your crap up to date, Windows, Browsers, and Java, so this sort of crap doesn't happen again.
Someone didn't update their Java. A critical vulnerability was discovered that allows Java to run executables outside the Java sandbox. This has been patched since then, but the high media attention it received and the tendency of people to not update Java make it a very real threat even now.
Please report the names of the users that did this to you, the web site they asked you to visit, and any other pertinent information that can be used to identify the perpetrators or at least to warn others about them.
I am doing some detective work, and may have found one on skype, but he claims that his account password for minecraft was stolen or something. I would try to match his IP to the player file but the website to check skype IP's is down for maitenance -.-. I ran a full scan with MSE, found a java downloader trojan and another one which I didn't recognize. I removed them, ran another full scan and nothing is there. Am I safe?
You could also try, booting in safemode then running the scans.
If you can look for the file that you downloaded, BUT DO NOT RUN IT, if possible right click and hit edit, then give us a link of the code, this could help us figure it out.
Btw, for the netstat thing, do it on normal windows (not safemode) then if there is somthing move on to safemode, make sure you have internet and try again, if theres nothing with established it could be a program under msconfig -> startup
If that doesn't find anything, run MBAR, http://www.malwareby.../products/mbar/, which will look for a rootkit which could be hiding the RAT. If it finds it, kill it and run MB again.
Since you found something already, this probably isn't necessary though.