[Last Call] Learn how to a build a cloud-first strategyRegister Now



Posted on 2012-09-01
Medium Priority
Last Modified: 2012-09-14
I could not access my yahoo mail account today.

I googled "yahoo email reset" and found a number and called them
When they answered i thought it was a yahoo support center in india.

I allowed them to log into my laptop and he ran "netstat" and "tree" to show me that my laptop and netowrk has been hacked and i need a certified MS technician for $300 to clean it up.

I figured this seems like a scam and later on I found the correct yahoo customer care number.

The problem is I allowed their unknow person to log into my laptop. I do not even recall giving him my ip address so i am not sure how he edid it. I only gave him my email address, so he might have gotten it using my log me in account.

I do not think he installed anything other than the log me in software.

But I want to verify there is nothing installed or spy software or anything else.

I do have norton 360 installed.

Is there a way for them to log back in or can i run norton 360 or any other software to ensure there is no spy software or other malicious things running on the laptop.
Question by:sam15
  • 5
  • 4
  • 2
  • +1
LVL 34

Accepted Solution

Michael-Best earned 1000 total points
ID: 38357793
"But I want to verify there is nothing installed or spy software or anything else."
Use some free online scanners:



For more Malware fightling options in detail see:

HijackThis is a free utility that generates an in depth report of registry and file settings from your computer

then you can paste a logfile in this textbox http://www.hijackthis.de/  for a generic report (or post the file here  at EE for more help.

Author Comment

ID: 38357818
i ran bitdefender and reported nothing. I ran hijack and attached the report.

Let me know if you see anything unusual. Also would this check if netowrk is hacked or that is more of a bluff by the company.

Author Comment

ID: 38357834
here is the file arttached.
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.


Expert Comment

ID: 38357889
You have a lot of entries showing missing files.  Since you have Norton 360, use it to clean up your registry.  Then, rerun HijackThis and post the new file.

LVL 34

Expert Comment

ID: 38357894
Use HijackThis to remove any traces of lsass.exe
Otherwise I see no real threats

Author Comment

ID: 38357989
I did clean up the registry using norton 360.
also ran hijack this and selected all the lsass.exe entries and then FIX this but it does not seem to delete it. I also see file missing message nexto to each entry.

I am attachine the new file.

Assisted Solution

RGRodgers earned 1000 total points
ID: 38358265
I'd recommend you run Malwarebytes to check out the system.  Some caveats:

1. ONLY download it from http://www.malwarebytes.org/
2. If you can, download it from another system onto a stick. Rename it.  Install it from there.
3. Norton 360 and Malwarebytes can battle, so do quick scan and a complete scan, record the results, and you probably then wan to uninstall it.

Let us know...RG

Expert Comment

ID: 38358562
also look online for firewalls like zonealarm which is 100 times more better than the std windows firewall.

Having a dencent firewall will put you in control of what to allow in and what to allow out so youhave peace of mind in knowing 'your da man'

Expert Comment

ID: 38358835
Norton 360 has a great firewall with it.  It's a good product that is surprisingly efficient.  Are you on Version 6?  ...RG

Author Comment

ID: 38359875
I did run malaware and it did clean up a few things that norton did not seem to catch or care about. I also attached a new hijack file and it still has references for lsass.exe (file missing).

How does "netstat" verify that no one is connected to my address? I still cant figure out how the otehr guy was able to login to my laptop by giving him my email address. I thought you need at least an ip address for remote log me in. He must have access to my log me in account.

Author Comment

ID: 38359876
BTW, norton 360 installed is version 6.3.0.

Expert Comment

ID: 38359896
Commonly, technical support will provide you a link to click and connect to them.  That way, you are actually penetrating the firewall from your end.  And, the remote IP for the connection is theirs.  Is this what was done?

You can run "netstat -b -f" to display detail about all the active connections.  Ensuring that it is all valid is up to you.  You can provide the list here for our review as well.


Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question