• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Computer hacked from ts3 lure

hail megatron

New Member
Joined
Aug 17, 2015
Messages
2 (0.00/day)
Ok so recently I was playing a game (runescape no hate :/ ) and in a recent update new bosses were launched requiring a bit of teamwork. So a guy invites me to his team and asks me to join his ts server. I join his ts server but am kicked out as soon as i tried to join. An error message shows to me, telling me dat i need to upgrade ts3. Being a noob i am, i clicked on the link. The link took me to an authentic ts3 looking website and so i clicked the download button and install watever was downloaded.

Ts3 works and i am like gainz yay.. Later i close my game and go afk.. I come back to find the game opened with password typed in. I closed the client 4 times and it still happened again. So i close the laptop and later log in to find my id is hacked, my password was attempted to be changed and all. Ok so idc abt the game part. The real thing is now dat i cant open dat laptop at all. Instead of opening my laptop it shows a blue screen of death for a second and restarts the whole thing. In hopes to run a scan in safe mode I tried to open safe mode. The same thing happens in safe mode too.

Later i get a call from Nigeria. I didn't pick up the call tho but considering the fact that i have never received an international call i am pretty sure its them :( . Sooo wat options do i have??? And how much data has my stupidity cost me? Like can they access my bank account and stuff??

Any help right now will be much appreciated.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,772 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Use the EEK

Then use your AV software to run a scan.

Use ADW cleaner

JRT

Malware bytes.

you should probably change your passwords if they are all the same.

You should probably contact your bank.

BTW TS3 has its own built in updater. and it doesnt bring you to a website.
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,708 (1.48/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
+1000 on contact your bank.
Change all the passwords you can still access, starting with the most critical.

find another computer, and download Hitman Pro, and make a boot USB device from it. (http://www.surfright.nl/en/hitmanpro). This will bypass most of your startup items, and hopefully allow you to run some of the other tools that Solaris recommended, none of which do you any good if the computer won't come up without a Blue Screen.

While you're contacting your bank, find yourself to bleepingcomputer.com, and open a thread in the help forum. Start here. The group there has more information and experience than 99% of the people here, and between them, they easily put us to shame. We appreciate your visit, but you've come to the General Practitioner's office, and we have an ENT in the adjoining office. I'm referring you to an oncologist. You've got something we just don't have the resources to deal with easily.
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
You shouldn't have messed with the Autobots.

+1000 on contact your bank.
Change all the passwords you can still access, starting with the most critical.

find another computer, and download Hitman Pro, and make a boot USB device from it. (http://www.surfright.nl/en/hitmanpro). This will bypass most of your startup items, and hopefully allow you to run some of the other tools that Solaris recommended, none of which do you any good if the computer won't come up without a Blue Screen.

While you're contacting your bank, find yourself to bleepingcomputer.com, and open a thread in the help forum. Start here. The group there has more information and experience than 99% of the people here, and between them, they easily put us to shame. We appreciate your visit, but you've come to the General Practitioner's office, and we have an ENT in the adjoining office. I'm referring you to an oncologist. You've got something we just don't have the resources to deal with easily.
That's really not true. A lot of the guys over at bleepingcomputer are on TPU also. The difference over at Bleeping is the mods are more hands on with the advice when it comes to these things making things SEEM more knowlageable.

To tell you the truth Solairs was pretty spot on with his advice. Just to show you Ill add to it.....

1. Download Kaspersky rescue disk from here.
2. Follow the directions CLOSELY.
3. Once you are back into your system run uninstall your AV because its complete junk. Install Bitdefender full trial from here. Reboot in safe mode.
4. Go through the options and make sure ROOT KITS and SCAN ARCHIVE are on.
5. Do a full system scan.
6. Reboot into standard mode.
7. Download TDSKiller from here.
8. Run that until it come back clean.
9. Reboot
10. Run Hitman Pro from here.
11. Reboot

Note: Kaspersky, Bitdefener and Hitman all use similar Heuristics. However the are all slightly different. These next steps will double check the first.

12. Download and install Malwarebytes.
13. Make sure Rootkit scan is on along with Archive.
14. Scan, Fix and Reboot.
15. Open up your drive cleaner and make sure you delete ALL restore points and clean out your temp. files.
16. Backup your files to a clean drive.
17. Format and reinstall your OS. Be sure to format ALL partitions. Some baddies love to hide in the MRB. (Only way to be sure its a nuke)
18. Download and install Bitdefender Free BEFORE you install any of your programs but AFTER you install your drivers.
19. Install Malwarebytes.
20. Download HitmanPro stand alone again. DONT INSTALL.
21. Connect your backup drive but DO NOT COPY ANYTHING.
22. Scan backup drive with Bitdefender.
23. Scan backup drive with Malwarbytes.
24. Scan backup drive with Hitman Pro (Do not install)
25. Restore your files.
26. Change ALL passwords and don't save anything on your computer.
27. Use DIFFERENT passwords for everything.
28. Use step-two verification for emails.
29. Use different emails. Gmail and Windows mail both have step two.
30. Confirm the emails against each other.
31. Don't be an idiot next time.
 
Last edited:

hail megatron

New Member
Joined
Aug 17, 2015
Messages
2 (0.00/day)
I would like to point out that i have no banking info saved on my lapy dat was hacked but i did do some transactions like booking movie tickets from my credit card.... really have no idea how it works but can my bank info be leaked from just dat? Also will reinstalling windows work???
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,708 (1.48/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
your credit card information was most likely snagged. You should assume until proven otherwise, that any possible information that you had on your computer, or that you typed in within the last year, is in the hands of someone who knows how to misuse it, and make money from it. React accordingly. If you assume that there's no way they could use that credit card data to make money, I've warned you otherwise.

Most Likely a complete format and reinstall (not a restore, not a recovery, a complete format of the drive with reinstallation software available), would put your machine in a safe condition. That does nothing to recover what has already been taken from your computer. However, again, I urge you to go to the people that spend so much more time dealing with it, and can go thru log files with you, over at bleepingcomputer.com. All you're doing at this point is asking the nurse that came in, whether or not that spot on your x-rays is really a bad cancer, or just a spot. Go to the specialists.
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
your credit card information was most likely snagged. You should assume until proven otherwise, that any possible information that you had on your computer, or that you typed in within the last year, is in the hands of someone who knows how to misuse it, and make money from it. React accordingly. If you assume that there's no way they could use that credit card data to make money, I've warned you otherwise.

Most Likely a complete format and reinstall (not a restore, not a recovery, a complete format of the drive with reinstallation software available), would put your machine in a safe condition. That does nothing to recover what has already been taken from your computer. However, again, I urge you to go to the people that spend so much more time dealing with it, and can go thru log files with you, over at bleepingcomputer.com. All you're doing at this point is asking the nurse that came in, whether or not that spot on your x-rays is really a bad cancer, or just a spot. Go to the specialists.
Added to my post......What were you saying about bleeping? :)
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,772 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
There just usually aren't alot of virus threads here on TPU. I actually deal with virus/bootkit/rootkit removals everyday its part of my job. I manage system security for my entire company. On consumer rigs if you would really like to know my methods I can post them.


first things first you should always do rootkit scans first. If your having trouble running tools use

RKILL

then start rootkit scans

hitman pro kickstart
TDSS Killer
MBAR (Malware bytes anti rootkit.)

Then I begin main Battery which includes AV scans I always assume the built in one has custom exclusion rules or is overall compromised if the system is infected but I run a full scan with it anyway. of course removing what ever it finds.

I then run.

EEK
Rogue Killer
hitman Pro
Herd Protect
Malware Bytes (MBAM)

If 100% necessary I follow up this list with

Combofix

With main AV batteries out of the way lets hit the adware.

ADW Cleaner
JRT

Now the system should be pretty clean but lets make sure the machines reg entries and security settings aren't wrecked.

TWEAK (www.tweaking.com)

good now the system should be running much better. Lets clean it up generally.

Ccleaner

I also wrote a program called ATLAS that is literally meant to pull systems out of the ground and prep them for other diagnostics.

We just dont get alot of virus related posts on TPU this is generally a hardware site. but alot of us do this for work or experience it on the daily. Looking at you network and sys admins.
 
Joined
Oct 24, 2004
Messages
1,294 (0.18/day)
if the computer has been compromised, isn't it easier/safer to reinstall it ? got a rollback image or a copy of your favorite OS on DVD maybe ?

Most of the time only a handfull files are critical, should they become infected / corrupted / lost.

If i were you i would seriously consider a reinstall from scratch as a valid & trouble free option.
 
Joined
Aug 13, 2009
Messages
3,187 (0.60/day)
Location
Czech republic
Processor Ryzen 5800X
Motherboard Asus TUF-Gaming B550-Plus
Cooling Noctua NH-U14S
Memory 32GB G.Skill Trident Z Neo F4-3600C16D-32GTZNC
Video Card(s) Sapphire Radeon Rx 580 Nitro+ 8GB
Storage HP EX950 512GB + Samsung 970 PRO 1TB
Display(s) HP Z Display Z24i G2
Case Fractal Design Define R6 Black
Audio Device(s) Creative Sound Blaster AE-5
Power Supply Seasonic PRIME Ultra 650W Gold
Mouse Roccat Kone AIMO Remastered
Software Windows 10 x64
Ok so recently I was playing a game (runescape no hate :/ ) and in a recent update new bosses were launched requiring a bit of teamwork. So a guy invites me to his team and asks me to join his ts server. I join his ts server but am kicked out as soon as i tried to join. An error message shows to me, telling me dat i need to upgrade ts3. Being a noob i am, i clicked on the link. The link took me to an authentic ts3 looking website and so i clicked the download button and install watever was downloaded.

Ts3 works and i am like gainz yay.. Later i close my game and go afk.. I come back to find the game opened with password typed in. I closed the client 4 times and it still happened again. So i close the laptop and later log in to find my id is hacked, my password was attempted to be changed and all. Ok so idc abt the game part. The real thing is now dat i cant open dat laptop at all. Instead of opening my laptop it shows a blue screen of death for a second and restarts the whole thing. In hopes to run a scan in safe mode I tried to open safe mode. The same thing happens in safe mode too.

Later i get a call from Nigeria. I didn't pick up the call tho but considering the fact that i have never received an international call i am pretty sure its them :( . Sooo wat options do i have??? And how much data has my stupidity cost me? Like can they access my bank account and stuff??

Any help right now will be much appreciated.
Have you tried typing like an adult human with at least elementary school? Helps in lots of situations in life.
 

Mussels

Freshwater Moderator
Staff member
Joined
Oct 6, 2004
Messages
58,413 (8.21/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Go with what solaris has said above, he is quite the expert on this stuff and has made bootable DVD's for this kind of thing (its named after him, because his ego is huge too :p)


Have you tried typing like an adult human with at least elementary school? Helps in lots of situations in life.

He could actually be a kid. I'd have preferred better english as well to avoid misunderstandings, but no need to make a post just about that.
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
18,851 (3.08/day)
Location
UK\USA
Processor AMD 3900X \ AMD 7700X
Motherboard ASRock AM4 X570 Pro 4 \ ASUS X670Xe TUF
Cooling D15
Memory Patriot 2x16GB PVS432G320C6K \ G.Skill Flare X5 F5-6000J3238F 2x16GB
Video Card(s) eVga GTX1060 SSC \ XFX RX 6950XT RX-695XATBD9
Storage Sammy 860, MX500, Sabrent Rocket 4 Sammy Evo 980 \ 1xSabrent Rocket 4+, Sammy 2x990 Pro
Display(s) Samsung 1080P \ LG 43UN700
Case Fractal Design Pop Air 2x140mm fans from Torrent \ Fractal Design Torrent 2 SilverStone FHP141x2
Audio Device(s) Yamaha RX-V677 \ Yamaha CX-830+Yamaha MX-630 Infinity RS4000\Paradigm P Studio 20, Blue Yeti
Power Supply Seasonic Prime TX-750 \ Corsair RM1000X Shift
Mouse Steelseries Sensei wireless \ Steelseries Sensei wireless
Keyboard Logitech K120 \ Wooting Two HE
Benchmark Scores Meh benchmarks.
I say it's format time wipe every thing learn the hard way, better to be safe than sorry even more so if you use bank details on the system too.


Have you tried typing like an adult human with at least elementary school? Helps in lots of situations in life.

Wow, tried to be more useful than trying to be a ass ?
 
Joined
Jul 21, 2008
Messages
5,169 (0.90/day)
System Name [Daily Driver]
Processor [Ryzen 7 5800X3D]
Motherboard [Asus TUF GAMING X570-PLUS]
Cooling [be quiet! Dark Rock Slim]
Memory [64GB Corsair Vengeance LPX 3600MHz (16GBx4)]
Video Card(s) [PNY RTX 3070Ti XLR8]
Storage [1TB SN850 NVMe, 4TB 990 Pro NVMe, 2TB 870 EVO SSD, 2TB SA510 SSD]
Display(s) [2x 27" HP X27q at 1440p]
Case [Fractal Meshify-C]
Audio Device(s) [Steelseries Arctis Pro]
Power Supply [CORSAIR RMx 1000]
Mouse [Logitech G Pro Wireless]
Keyboard [Logitech G512 Carbon (GX-Brown)]
Software [Windows 11 64-Bit]
Ditto on wiping and restoring, also ditto on resetting passwords for EVERYTHING and canceling cards/reporting them stolen and getting new ones. Reporting them stolen/getting new ones will get you a new security number for the account (number on the back of the card).

Wiping and starting fresh is easier than dabbling in looking for rootkits etc..
 
Top