spying?

Monopoly money comes in many flavors: 7, Vista, XP, 2K, ME, 98, etc.

Moderators: Flying Fox, Ryu Connor

spying?

Postposted on Tue Aug 28, 2012 4:20 pm

soo i was downloading a patch for my assassins creed revelations
i was curious where it ws being downloaded so i looked it up and found it in my temp folder
C:\Users\R*****\AppData\Local\Temp
then i noticed somthing more i saw screenshots of my desktop every 15 min or so
it started since i turned it on today morning after about 4 months or so
any one else have this thing the screenshot goes by the name of MY-PC - 28-08-12-9.34.39-PM.gif

shud i be worried?
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Tue Aug 28, 2012 4:40 pm

Probably yes.

Download sysinternals suite, launch process explorer, find which process has an open handle with the common part of the name. Check if it's signed by trusted 3rd party, proceed from there.
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
Madman
Minister of Gerbil Affairs
 
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Re: spying?

Postposted on Tue Aug 28, 2012 4:52 pm

Madman wrote:Probably yes.

Download sysinternals suite, launch process explorer, find which process has an open handle with the common part of the name. Check if it's signed by trusted 3rd party, proceed from there.


i have downloaded got a bunch of exe's in a zip file not sure what to open now :roll:

EDIT i got process explorer what do i search for
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Tue Aug 28, 2012 5:45 pm

Either check for unsigned processes, you can add view signature column, and check verify image signatures, or press the search and type the common part of the filename to try and find which process has them open.

Another option is to launch process monitor to see which process touches thouse files. It will need some filtration though.

Once you know the source of the problem, google what it is, or ask here, someone might know.
Core 2 Duo E6300, MSI P45 NEO-F, Club 3D GTX 260, 4Gb DDR2-800Mhz, Audigy X-Fi Fatal1ty Champ1on ed., 0.5Tb+1Tb Seagate Barracuda 7200.12, 630W AXP, Samsung SyncMaster BX2450, ViewSonic VP171b
Madman
Minister of Gerbil Affairs
 
Posts: 2317
Joined: Tue Apr 01, 2003 4:55 am
Location: Latvia

Re: spying?

Postposted on Tue Aug 28, 2012 6:06 pm

That is almost definitely some sort of malware/spyware.

Have you run a Malwarebytes scan lately?
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37493
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: spying?

Postposted on Tue Aug 28, 2012 6:53 pm

just brew it! wrote:That is almost definitely some sort of malware/spyware.

Have you run a Malwarebytes scan lately?


i do have norton internet security but i shall also use malwarebytes scan :)
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Tue Aug 28, 2012 6:58 pm

i found the culprit its AOE.exe dnt kno wt it is but i will delete it
located in C:\Users\MECOMPS\AppData\Roaming
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Tue Aug 28, 2012 7:09 pm

killadark wrote:i found the culprit its AOE.exe dnt kno wt it is but i will delete it
located in C:\Users\MECOMPS\AppData\Roaming


found out what made that file its was smartsteam.exe a software i downloaded for offline coop of some games :P removed it problem solved
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Tue Aug 28, 2012 7:12 pm

You still need to do a malware scan. If you had one, there's a good chance you've got more. Once they're in, they often invite their buddies over to play...

Edit: I'm unfamiliar with Smartsteam. How confident are you that it didn't contain malware?
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37493
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: spying?

Postposted on Tue Aug 28, 2012 7:14 pm

just brew it! wrote:You still need to do a malware scan. If you had one, there's a good chance you've got more. Once they're in, they often invite their buddies over to play...


yep jus ran malwarebytes found 19 and AOE.exe is a keylogger F*** ME will have to change some passwords now :(
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Tue Aug 28, 2012 8:23 pm

I would also pay VERY close attention to any financial accounts you use/access online (bank, credit cards, PayPal, etc.), watching for any suspicious activity.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37493
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: spying?

Postposted on Tue Aug 28, 2012 9:31 pm

just brew it! wrote:I would also pay VERY close attention to any financial accounts you use/access online (bank, credit cards, PayPal, etc.), watching for any suspicious activity.


Change back passwords immediately. It is easier to get money back from credit card companies than it is to a bank dealing with cash.
Sony a7
Sony Zeiss 55/1.8 SSM, 24-70/4 SSM
Minolta 17-35/2.8-4 D, 100-300 APO
TheEmrys
Minister of Gerbil Affairs
Silver subscriber
 
 
Posts: 2144
Joined: Wed May 29, 2002 8:22 pm
Location: Northern Colorado

Re: spying?

Postposted on Tue Aug 28, 2012 9:56 pm

If I was you, I would buy a new hard drive and start from clean. Scan all of the old data for viruses and copy it across into the new system.

That's just me, but I don't like to mess around when it comes to a security compromise.

Kill it with fire :evil:
blitzy
Gerbil Jedi
 
Posts: 1777
Joined: Thu Jan 01, 2004 6:27 pm
Location: New Zealand

Re: spying?

Postposted on Tue Aug 28, 2012 10:14 pm

You'll probably want to scan with a couple other tools, though I'm honestly not sure what's worthwhile anymore. Some companies like Trend and Mcafee offered free online scans, while there are some other anti-malware tools that are probably worth checking out, too. Definitely update and run a Norton scan.

While a new hard drive isn't necessary, reinstalling WIndows could be a consideration.
absurdity
Gerbil Elite
 
Posts: 859
Joined: Sat Mar 02, 2002 7:00 pm
Location: VT

Re: spying?

Postposted on Tue Aug 28, 2012 10:39 pm

Yea, better change all the passwords, BUT only do it after cleaning up your PC completely, or do it from different PC/laptop. MBAM and Norton Antivirus might not detect everything, so... You should probably try out other tools as well - for example Avira makes a free bootable CD with antivirus scanner on it, you might try it out: http://www.avira.com/en/download/produc ... cue-system
Kaspersky also has a similar rescue CD, though it's not being updated frequently, however you may also try it:
http://support.kaspersky.com/viruses/rescuedisk
Of course, the only way to be completely sure is to just back up your old HDD and re-format it, or get a new HDD and keep the old one as a spare or backup destination :wink:
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
Gold subscriber
 
 
Posts: 1862
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: spying?

Postposted on Tue Aug 28, 2012 11:36 pm

...and at least one AV vendor identifies smartsteam.exe as a "Trojan Program that is used for stealing bank information and users passwords". Seriously. Not. Good.

Admittedly, AverScanner/Greatis isn't one of the better known/respected AV vendors so I'm not sure how reliable the information is. But when dealing with bank or credit card accounts (or any other sensitive data, for that matter) it is best to err on the side of caution. (And note that I am NOT recommending for or against buying their tool to remove it, I have no idea whether it is any good.)

This should also serve as a vivid example of why installing software from untrusted sources is a REALLY BAD IDEA. (The phrase "a software i downloaded for offline coop of some games" sets off all sorts of alarm bells... DANGER, WILL ROBINSON!)
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37493
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: spying?

Postposted on Wed Aug 29, 2012 3:45 am

just brew it! wrote:I would also pay VERY close attention to any financial accounts you use/access online (bank, credit cards, PayPal, etc.), watching for any suspicious activity.

well im quite happy i dint access any of my financial a/c through this pc yet only the regular gmail,facebook, yahoo and steam
AMD FX-8350|Sabetooth 990FX|8gb Kingston Hyper X|Samsung SSD 120g 840|AMD R9 290 TRI-X
TT ToughPower 850w,Thermaltake Xaser vi ,Creative SoundBlaster X-Fi Titanium Sound Card
killadark
Gerbil Team Leader
 
Posts: 265
Joined: Fri Feb 22, 2008 2:55 am

Re: spying?

Postposted on Wed Aug 29, 2012 4:14 am

killadark wrote:
just brew it! wrote:I would also pay VERY close attention to any financial accounts you use/access online (bank, credit cards, PayPal, etc.), watching for any suspicious activity.

well im quite happy i dint access any of my financial a/c through this pc yet only the regular gmail,facebook, yahoo and steam

That's fortunate. But it may not be that simple. If you have any OTHER accounts where they have a record of your gmail or yahoo address, someone could've used your gmail or yahoo credentials to do a password reset.

Trust nothing at this point.

And if you find an account which seems to have a password that is different from what you think it should be, you may have a problem...
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37493
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer


Return to Windows

Who is online

Users browsing this forum: No registered users and 3 guests