I am not sure where to place this issue.....but can you help me.
Yesterday, I was scammed into paying for my Windows to be "reactivated" in order to get rid of all the "hackers/viruses/malware" on my computer (which could only be done by him) or face having my new week-old computer blocked . Before I knew it, a "technician" was remotely manipulating my computer and downloading programs. My computer is still useable, runs as good as new but now has programs on it that I don't trust. This event took place on 4/26/2014 between 3-5pm est. Here's what I now have found on my computer:
***ON THE DESKTOP, THE FOLLOWING SHORTCUTS:
-Anti Hacker
-ATF Cleaner
-Malwarebytes AntiMalware Pro
-WebShield
(the 4 above all have what looks like the Microsoft shield logo on the icon but at
closer look it is actually a blue and yellow shield in the same shape and reflection as
the MS shield-and I also see another icon with this shield called Lenovo Veriface and
I'm not sure if this icon was present before the event. I did see the technician pop
by the Lenovo site-I watched him.....)
Computer Performance
CCleaner
Google Chrome
EventC (this does not have a shortcut symbol on it)
***"GLOBAL IT" FOLDER ON THE DESKTOP CONTAINS:
Anti Hacker (.exe)
ATF-Cleaner (.exe) by Attribune.org
ccsetup406 -by Piriform Ltd. (in Properties it says application.exe) Digital signature is OK. The certificate is valid from 6/24/2013-9/24/2015
Computer Performance (in Properties it says application.exe)Description: Sysinternals Process Explorer. Digital signature is OK. ..but certificate is valid from 1/24/2013-4/24/2014
desktop.ini file
DisableUACforAdmin
Evntvwr Cleanr
favicon ICO File (.ico) (looks like a Microsoft Globe image and says Microsoft)
Malwarebytes licene Key text document
mbam-setup-1.75.0.1300 Signature is OK but valid from 5/23/2011-6/4/2013
WebShield, by Bleeping Computer LLC (in Properties>Digital Signatures>details: it says, the signature is not valid.
***IN THE DOWNLOAD FOLDER:
-aa_v3 - application (.exe) Description Ammyy Admin. Signature is OK. Certificate valid 1/13/2014-1/14/2015
-aa_v3 text document (.log)
-ccsetup-application (.exe) signature OK . Certificate 6/24/2013-9/24/2015.
-mbam-setup-1.75.0.1300 - application (.exe) Signature is OK but valid from 5/23/2011-6/4/2013
-Support-LogMeInRescue (1)
-Support-LogMeInRescue(2)
-Support-LogMeInRescue - application (.exe) Signature OK. Certificate valid 9/24/2012-10/10/2015
***IN THE PROGRAM FILES, I ONLY SEE, (IN REGARDS TO THIS EVENT):
-CCleaner
***IN THE PROGRAM FILES (x86), I FIND THE FOLLOWING FOLDERS (IN REGARDS TO THIS EVENT):
-Google (with a Chrome folder inside)
-LogMeIn Rescue RC - 7d1e22b2-8121-4749-8fd7-c5ab2887aff5 (Interesting that the date modified of this folder says 4/27/2014 at 9:04am when I believe that this was installed on 4/26/2014....are they still making changes to my computer????)
-Malwarebytes' Anti-Malware
***IN THE "UNINSTALL A PROGRAM" AREA, IN REGARDS TO THIS EVENT, I ONLY FIND:
-Malwarebytes Anti-Malware version 1.75.0.1300
-Google Chrome
-CCleaner
So where are the rest of the programs that link to the desktop shortcuts?
I've blocked my Visa card, changed my yahoo & amazon passwords. I do not do banking on line. What else do I need to do to get rid of this mess???
How can I be sure that they can not take remote control again or are popping in on my computer ??
I read about someone else that this happened to and they reinstalled Windows (I guess they were able to regain control of their computer that way)....do I need to do that? go back to factory specs???
I am currently using a 30 day trial of McAfee and have a licensed copy of Panda on hand for afterwards and also want to buy the pro version of Malwarebytes (which I see that you offer an affiliate link for). Otherwise, everything seems to be working fine, but I don't trust any of what was done nor the software that was added!
Do I need to change my wifi password? Could these bad people remotely take over another computer on my wifi??? Is it safe for THAT computer to pay bills? Is it safe for me to use my computer on other wifi systems??
You helped me out a few years back, which I was very grateful for. Can you help me now, please??? With as traumatic as this event was, I " won't be fooled again!"
PS: What is a P2P program which I need to "uninstall before asking for help?"??
-----------------------------------------------
Hope it was OK to start this as I found posted on your site....
# AdwCleaner v3.204 - Report created 28/04/2014 at 02:47:04
# Updated 26/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Diana - MAGICSTAR
# Running from : C:\Users\Diana\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Diana\AppData\Local\Pokki
Folder Deleted : C:\Users\Public\Pokki
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\kylr0zt8.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1545 octets] - [28/04/2014 02:42:15]
AdwCleaner[S0].txt - [1445 octets] - [28/04/2014 02:47:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1505 octets] ##########
How should I go about redowning loading Malwarebytes when I already have if installed (altho it is a suspicious copy?)??
Yesterday, I was scammed into paying for my Windows to be "reactivated" in order to get rid of all the "hackers/viruses/malware" on my computer (which could only be done by him) or face having my new week-old computer blocked . Before I knew it, a "technician" was remotely manipulating my computer and downloading programs. My computer is still useable, runs as good as new but now has programs on it that I don't trust. This event took place on 4/26/2014 between 3-5pm est. Here's what I now have found on my computer:
***ON THE DESKTOP, THE FOLLOWING SHORTCUTS:
-Anti Hacker
-ATF Cleaner
-Malwarebytes AntiMalware Pro
-WebShield
(the 4 above all have what looks like the Microsoft shield logo on the icon but at
closer look it is actually a blue and yellow shield in the same shape and reflection as
the MS shield-and I also see another icon with this shield called Lenovo Veriface and
I'm not sure if this icon was present before the event. I did see the technician pop
by the Lenovo site-I watched him.....)
Computer Performance
CCleaner
Google Chrome
EventC (this does not have a shortcut symbol on it)
***"GLOBAL IT" FOLDER ON THE DESKTOP CONTAINS:
Anti Hacker (.exe)
ATF-Cleaner (.exe) by Attribune.org
ccsetup406 -by Piriform Ltd. (in Properties it says application.exe) Digital signature is OK. The certificate is valid from 6/24/2013-9/24/2015
Computer Performance (in Properties it says application.exe)Description: Sysinternals Process Explorer. Digital signature is OK. ..but certificate is valid from 1/24/2013-4/24/2014
desktop.ini file
DisableUACforAdmin
Evntvwr Cleanr
favicon ICO File (.ico) (looks like a Microsoft Globe image and says Microsoft)
Malwarebytes licene Key text document
mbam-setup-1.75.0.1300 Signature is OK but valid from 5/23/2011-6/4/2013
WebShield, by Bleeping Computer LLC (in Properties>Digital Signatures>details: it says, the signature is not valid.
***IN THE DOWNLOAD FOLDER:
-aa_v3 - application (.exe) Description Ammyy Admin. Signature is OK. Certificate valid 1/13/2014-1/14/2015
-aa_v3 text document (.log)
-ccsetup-application (.exe) signature OK . Certificate 6/24/2013-9/24/2015.
-mbam-setup-1.75.0.1300 - application (.exe) Signature is OK but valid from 5/23/2011-6/4/2013
-Support-LogMeInRescue (1)
-Support-LogMeInRescue(2)
-Support-LogMeInRescue - application (.exe) Signature OK. Certificate valid 9/24/2012-10/10/2015
***IN THE PROGRAM FILES, I ONLY SEE, (IN REGARDS TO THIS EVENT):
-CCleaner
***IN THE PROGRAM FILES (x86), I FIND THE FOLLOWING FOLDERS (IN REGARDS TO THIS EVENT):
-Google (with a Chrome folder inside)
-LogMeIn Rescue RC - 7d1e22b2-8121-4749-8fd7-c5ab2887aff5 (Interesting that the date modified of this folder says 4/27/2014 at 9:04am when I believe that this was installed on 4/26/2014....are they still making changes to my computer????)
-Malwarebytes' Anti-Malware
***IN THE "UNINSTALL A PROGRAM" AREA, IN REGARDS TO THIS EVENT, I ONLY FIND:
-Malwarebytes Anti-Malware version 1.75.0.1300
-Google Chrome
-CCleaner
So where are the rest of the programs that link to the desktop shortcuts?
I've blocked my Visa card, changed my yahoo & amazon passwords. I do not do banking on line. What else do I need to do to get rid of this mess???
How can I be sure that they can not take remote control again or are popping in on my computer ??
I read about someone else that this happened to and they reinstalled Windows (I guess they were able to regain control of their computer that way)....do I need to do that? go back to factory specs???
I am currently using a 30 day trial of McAfee and have a licensed copy of Panda on hand for afterwards and also want to buy the pro version of Malwarebytes (which I see that you offer an affiliate link for). Otherwise, everything seems to be working fine, but I don't trust any of what was done nor the software that was added!
Do I need to change my wifi password? Could these bad people remotely take over another computer on my wifi??? Is it safe for THAT computer to pay bills? Is it safe for me to use my computer on other wifi systems??
You helped me out a few years back, which I was very grateful for. Can you help me now, please??? With as traumatic as this event was, I " won't be fooled again!"
PS: What is a P2P program which I need to "uninstall before asking for help?"??
-----------------------------------------------
Hope it was OK to start this as I found posted on your site....
# AdwCleaner v3.204 - Report created 28/04/2014 at 02:47:04
# Updated 26/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Diana - MAGICSTAR
# Running from : C:\Users\Diana\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Diana\AppData\Local\Pokki
Folder Deleted : C:\Users\Public\Pokki
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\kylr0zt8.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1545 octets] - [28/04/2014 02:42:15]
AdwCleaner[S0].txt - [1445 octets] - [28/04/2014 02:47:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1505 octets] ##########
How should I go about redowning loading Malwarebytes when I already have if installed (altho it is a suspicious copy?)??