Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Computer Hijacked, Hijack this log for experts

Posted on 2011-02-16
5
Medium Priority
?
673 Views
Last Modified: 2013-12-06
Hey guys! I've been working with a client, who was attacked by someone her daughter knew.
Long story short, guy was tech savy, they got into a fight, i'm assuming he got a keylogger on her computer, he'd been hijacking all of her facebook/myspace/whatever accounts, then eventually stole the family credit card when they ordered something.

I've cleaned all the malware, tracking cookies, temp files, etc with my usual combos of CCLeaner, malwarebytes, hitmanpro, combofix, everything seems fine, but i wanted to double check the hijack this log, as far as i see it looks good, but better safe then sorry!


hijackthis.log
0
Comment
Question by:STS-Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Accepted Solution

by:
rnicolaus earned 668 total points
ID: 34907913
Sounds like it needs more than that - (hope the police are involved) - I would seriously think about backing up data, reformatting and a reinstall.  If he had a chance to install a key logger, there's probably more than that on there.

If they insist on just cleaning, check for Rootkits - Run TDSSKiller from Kaspersky
And run just about any other root kit tool on it you can find.

Also, remove the drive, and connect it as a secondary drive in anther system and scan it thoroughly again from there.
0
 
LVL 9

Assisted Solution

by:meko72
meko72 earned 668 total points
ID: 34907957
Good morning!

  All looks well in the log. As a precaution I would run (System File Check) to verify that no system files have been compromised.
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 664 total points
ID: 34908264
The HijackThis log file looks okay, but please be aware that HijackThis will often miss detecting rootkits and other nasties!  
However, you appear to have run a whole arsenal of scanners and the computer is probably well & truly disinfected!

But ...here's another, free, popular scanner that could give you further confirmation that all is well...
Dr.Web CureIt!
http://www.freedrweb.com/cureit/?lng=en

In case you need the extra information for the earlier comment>
TDSSkiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

TDSSKiller tutorial, if needed:
http://support.kaspersky.com/viruses/solutions?qid=208280684
0
 
LVL 2

Author Comment

by:STS-Tech
ID: 34908424
Forgot about good olde TDSS killer, great program, i do find hitman generally gets the TDSS rootkits, but i'll run it just incase. I'm pretty confident that it won't need a rebuild, but we'll find out when she tries to make a facebook again (kids these days), thanks for reviewing, i should start picking up on that skillset, but hell these days with the tools we have, hijackthis is becoming a thing of the past!
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 34908600
Well, we need a few strong friendly disinfecting tools on our side, if we're going to draw level & beat the bad guys!   Thanks for the feedback.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question