• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Computer hacked from ts3 lure

H

hail megatron

New Member
Joined
Aug 17, 2015
Messages
2 (0.00/day)
Ok so recently I was playing a game (runescape no hate :/ ) and in a recent update new bosses were launched requiring a bit of teamwork. So a guy invites me to his team and asks me to join his ts server. I join his ts server but am kicked out as soon as i tried to join. An error message shows to me, telling me dat i need to upgrade ts3. Being a noob i am, i clicked on the link. The link took me to an authentic ts3 looking website and so i clicked the download button and install watever was downloaded.

Ts3 works and i am like gainz yay.. Later i close my game and go afk.. I come back to find the game opened with password typed in. I closed the client 4 times and it still happened again. So i close the laptop and later log in to find my id is hacked, my password was attempted to be changed and all. Ok so idc abt the game part. The real thing is now dat i cant open dat laptop at all. Instead of opening my laptop it shows a blue screen of death for a second and restarts the whole thing. In hopes to run a scan in safe mode I tried to open safe mode. The same thing happens in safe mode too.

Later i get a call from Nigeria. I didn't pick up the call tho but considering the fact that i have never received an international call i am pretty sure its them :( . Sooo wat options do i have??? And how much data has my stupidity cost me? Like can they access my bank account and stuff??

Any help right now will be much appreciated.
 
Use the EEK

Then use your AV software to run a scan.

Use ADW cleaner

JRT

Malware bytes.

you should probably change your passwords if they are all the same.

You should probably contact your bank.

BTW TS3 has its own built in updater. and it doesnt bring you to a website.
 
+1000 on contact your bank.
Change all the passwords you can still access, starting with the most critical.

find another computer, and download Hitman Pro, and make a boot USB device from it. (http://www.surfright.nl/en/hitmanpro). This will bypass most of your startup items, and hopefully allow you to run some of the other tools that Solaris recommended, none of which do you any good if the computer won't come up without a Blue Screen.

While you're contacting your bank, find yourself to bleepingcomputer.com, and open a thread in the help forum. Start here. The group there has more information and experience than 99% of the people here, and between them, they easily put us to shame. We appreciate your visit, but you've come to the General Practitioner's office, and we have an ENT in the adjoining office. I'm referring you to an oncologist. You've got something we just don't have the resources to deal with easily.
 
You shouldn't have messed with the Autobots.

Ahhzz said:
+1000 on contact your bank.
Change all the passwords you can still access, starting with the most critical.

find another computer, and download Hitman Pro, and make a boot USB device from it. (http://www.surfright.nl/en/hitmanpro). This will bypass most of your startup items, and hopefully allow you to run some of the other tools that Solaris recommended, none of which do you any good if the computer won't come up without a Blue Screen.

While you're contacting your bank, find yourself to bleepingcomputer.com, and open a thread in the help forum. Start here. The group there has more information and experience than 99% of the people here, and between them, they easily put us to shame. We appreciate your visit, but you've come to the General Practitioner's office, and we have an ENT in the adjoining office. I'm referring you to an oncologist. You've got something we just don't have the resources to deal with easily.
Click to expand...
That's really not true. A lot of the guys over at bleepingcomputer are on TPU also. The difference over at Bleeping is the mods are more hands on with the advice when it comes to these things making things SEEM more knowlageable.

To tell you the truth Solairs was pretty spot on with his advice. Just to show you Ill add to it.....

1. Download Kaspersky rescue disk from here.
2. Follow the directions CLOSELY.
3. Once you are back into your system run uninstall your AV because its complete junk. Install Bitdefender full trial from here. Reboot in safe mode.
4. Go through the options and make sure ROOT KITS and SCAN ARCHIVE are on.
5. Do a full system scan.
6. Reboot into standard mode.
7. Download TDSKiller from here.
8. Run that until it come back clean.
9. Reboot
10. Run Hitman Pro from here.
11. Reboot

Note: Kaspersky, Bitdefener and Hitman all use similar Heuristics. However the are all slightly different. These next steps will double check the first.

12. Download and install Malwarebytes.
13. Make sure Rootkit scan is on along with Archive.
14. Scan, Fix and Reboot.
15. Open up your drive cleaner and make sure you delete ALL restore points and clean out your temp. files.
16. Backup your files to a clean drive.
17. Format and reinstall your OS. Be sure to format ALL partitions. Some baddies love to hide in the MRB. (Only way to be sure its a nuke)
18. Download and install Bitdefender Free BEFORE you install any of your programs but AFTER you install your drivers.
19. Install Malwarebytes.
20. Download HitmanPro stand alone again. DONT INSTALL.
21. Connect your backup drive but DO NOT COPY ANYTHING.
22. Scan backup drive with Bitdefender.
23. Scan backup drive with Malwarbytes.
24. Scan backup drive with Hitman Pro (Do not install)
25. Restore your files.
26. Change ALL passwords and don't save anything on your computer.
27. Use DIFFERENT passwords for everything.
28. Use step-two verification for emails.
29. Use different emails. Gmail and Windows mail both have step two.
30. Confirm the emails against each other.
31. Don't be an idiot next time.
 
Last edited:
I would like to point out that i have no banking info saved on my lapy dat was hacked but i did do some transactions like booking movie tickets from my credit card.... really have no idea how it works but can my bank info be leaked from just dat? Also will reinstalling windows work???
 
your credit card information was most likely snagged. You should assume until proven otherwise, that any possible information that you had on your computer, or that you typed in within the last year, is in the hands of someone who knows how to misuse it, and make money from it. React accordingly. If you assume that there's no way they could use that credit card data to make money, I've warned you otherwise.

Most Likely a complete format and reinstall (not a restore, not a recovery, a complete format of the drive with reinstallation software available), would put your machine in a safe condition. That does nothing to recover what has already been taken from your computer. However, again, I urge you to go to the people that spend so much more time dealing with it, and can go thru log files with you, over at bleepingcomputer.com. All you're doing at this point is asking the nurse that came in, whether or not that spot on your x-rays is really a bad cancer, or just a spot. Go to the specialists.
 
Ahhzz said:
your credit card information was most likely snagged. You should assume until proven otherwise, that any possible information that you had on your computer, or that you typed in within the last year, is in the hands of someone who knows how to misuse it, and make money from it. React accordingly. If you assume that there's no way they could use that credit card data to make money, I've warned you otherwise.

Most Likely a complete format and reinstall (not a restore, not a recovery, a complete format of the drive with reinstallation software available), would put your machine in a safe condition. That does nothing to recover what has already been taken from your computer. However, again, I urge you to go to the people that spend so much more time dealing with it, and can go thru log files with you, over at bleepingcomputer.com. All you're doing at this point is asking the nurse that came in, whether or not that spot on your x-rays is really a bad cancer, or just a spot. Go to the specialists.
Click to expand...
Added to my post......What were you saying about bleeping? :)
 
There just usually aren't alot of virus threads here on TPU. I actually deal with virus/bootkit/rootkit removals everyday its part of my job. I manage system security for my entire company. On consumer rigs if you would really like to know my methods I can post them.


first things first you should always do rootkit scans first. If your having trouble running tools use

RKILL

then start rootkit scans

hitman pro kickstart
TDSS Killer
MBAR (Malware bytes anti rootkit.)

Then I begin main Battery which includes AV scans I always assume the built in one has custom exclusion rules or is overall compromised if the system is infected but I run a full scan with it anyway. of course removing what ever it finds.

I then run.

EEK
Rogue Killer
hitman Pro
Herd Protect
Malware Bytes (MBAM)

If 100% necessary I follow up this list with

Combofix

With main AV batteries out of the way lets hit the adware.

ADW Cleaner
JRT

Now the system should be pretty clean but lets make sure the machines reg entries and security settings aren't wrecked.

TWEAK (www.tweaking.com)

good now the system should be running much better. Lets clean it up generally.

Ccleaner

I also wrote a program called ATLAS that is literally meant to pull systems out of the ground and prep them for other diagnostics.

We just dont get alot of virus related posts on TPU this is generally a hardware site. but alot of us do this for work or experience it on the daily. Looking at you network and sys admins.
 
if the computer has been compromised, isn't it easier/safer to reinstall it ? got a rollback image or a copy of your favorite OS on DVD maybe ?

Most of the time only a handfull files are critical, should they become infected / corrupted / lost.

If i were you i would seriously consider a reinstall from scratch as a valid & trouble free option.
 
hail megatron said:
Ok so recently I was playing a game (runescape no hate :/ ) and in a recent update new bosses were launched requiring a bit of teamwork. So a guy invites me to his team and asks me to join his ts server. I join his ts server but am kicked out as soon as i tried to join. An error message shows to me, telling me dat i need to upgrade ts3. Being a noob i am, i clicked on the link. The link took me to an authentic ts3 looking website and so i clicked the download button and install watever was downloaded.

Ts3 works and i am like gainz yay.. Later i close my game and go afk.. I come back to find the game opened with password typed in. I closed the client 4 times and it still happened again. So i close the laptop and later log in to find my id is hacked, my password was attempted to be changed and all. Ok so idc abt the game part. The real thing is now dat i cant open dat laptop at all. Instead of opening my laptop it shows a blue screen of death for a second and restarts the whole thing. In hopes to run a scan in safe mode I tried to open safe mode. The same thing happens in safe mode too.

Later i get a call from Nigeria. I didn't pick up the call tho but considering the fact that i have never received an international call i am pretty sure its them :( . Sooo wat options do i have??? And how much data has my stupidity cost me? Like can they access my bank account and stuff??

Any help right now will be much appreciated.
Click to expand...
Have you tried typing like an adult human with at least elementary school? Helps in lots of situations in life.
 
Go with what solaris has said above, he is quite the expert on this stuff and has made bootable DVD's for this kind of thing (its named after him, because his ego is huge too :p)


Octopuss said:
Have you tried typing like an adult human with at least elementary school? Helps in lots of situations in life.
Click to expand...

He could actually be a kid. I'd have preferred better english as well to avoid misunderstandings, but no need to make a post just about that.
 
I say it's format time wipe every thing learn the hard way, better to be safe than sorry even more so if you use bank details on the system too.


Octopuss said:
Have you tried typing like an adult human with at least elementary school? Helps in lots of situations in life.
Click to expand...

Wow, tried to be more useful than trying to be a ass ?
 
Ditto on wiping and restoring, also ditto on resetting passwords for EVERYTHING and canceling cards/reporting them stolen and getting new ones. Reporting them stolen/getting new ones will get you a new security number for the account (number on the back of the card).

Wiping and starting fresh is easier than dabbling in looking for rootkits etc..
 
You must log in or register to reply here.
Back
Top