I could not access my yahoo mail account today.

I googled "yahoo email reset" and found a number and called them
When they answered i thought it was a yahoo support center in india.

I allowed them to log into my laptop and he ran "netstat" and "tree" to show me that my laptop and netowrk has been hacked and i need a certified MS technician for $300 to clean it up.

I figured this seems like a scam and later on I found the correct yahoo customer care number.

The problem is I allowed their unknow person to log into my laptop. I do not even recall giving him my ip address so i am not sure how he edid it. I only gave him my email address, so he might have gotten it using my log me in account.

I do not think he installed anything other than the log me in software.

But I want to verify there is nothing installed or spy software or anything else.

I do have norton 360 installed.

Is there a way for them to log back in or can i run norton 360 or any other software to ensure there is no spy software or other malicious things running on the laptop.
Who is Participating?
Michael-BestConnect With a Mentor Commented:
"But I want to verify there is nothing installed or spy software or anything else."
Use some free online scanners:

For more Malware fightling options in detail see:

HijackThis is a free utility that generates an in depth report of registry and file settings from your computer

then you can paste a logfile in this textbox  for a generic report (or post the file here  at EE for more help.
sam15Author Commented:
i ran bitdefender and reported nothing. I ran hijack and attached the report.

Let me know if you see anything unusual. Also would this check if netowrk is hacked or that is more of a bluff by the company.
sam15Author Commented:
here is the file arttached.
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

You have a lot of entries showing missing files.  Since you have Norton 360, use it to clean up your registry.  Then, rerun HijackThis and post the new file.

Use HijackThis to remove any traces of lsass.exe
Otherwise I see no real threats
sam15Author Commented:
I did clean up the registry using norton 360.
also ran hijack this and selected all the lsass.exe entries and then FIX this but it does not seem to delete it. I also see file missing message nexto to each entry.

I am attachine the new file.
RGRodgersConnect With a Mentor Commented:
I'd recommend you run Malwarebytes to check out the system.  Some caveats:

1. ONLY download it from
2. If you can, download it from another system onto a stick. Rename it.  Install it from there.
3. Norton 360 and Malwarebytes can battle, so do quick scan and a complete scan, record the results, and you probably then wan to uninstall it.

Let us know...RG
also look online for firewalls like zonealarm which is 100 times more better than the std windows firewall.

Having a dencent firewall will put you in control of what to allow in and what to allow out so youhave peace of mind in knowing 'your da man'
Norton 360 has a great firewall with it.  It's a good product that is surprisingly efficient.  Are you on Version 6?  ...RG
sam15Author Commented:
I did run malaware and it did clean up a few things that norton did not seem to catch or care about. I also attached a new hijack file and it still has references for lsass.exe (file missing).

How does "netstat" verify that no one is connected to my address? I still cant figure out how the otehr guy was able to login to my laptop by giving him my email address. I thought you need at least an ip address for remote log me in. He must have access to my log me in account.
sam15Author Commented:
BTW, norton 360 installed is version 6.3.0.
Commonly, technical support will provide you a link to click and connect to them.  That way, you are actually penetrating the firewall from your end.  And, the remote IP for the connection is theirs.  Is this what was done?

You can run "netstat -b -f" to display detail about all the active connections.  Ensuring that it is all valid is up to you.  You can provide the list here for our review as well.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.