Computer might got hacked, what to do

[noisebomb44]

While i was bored and responded to scam emails i accidentally clicked one of their links, before i had noticed it got me to a page with a few words on it, i then closed the tab quickly and when i returned the keyboard was typing the word "what" and then just spamming random letters. After a few seconds my mail went crazy and started re-orginize and perhaps delete things. I then closed the tab and did a quick virus scan which resulted in nothing and then unplugged my computer. I reseted my email password, the rest of my passwords are encrypted and i haven't recieved any reset passwords emails, so those are probably safe. Im now asking myself if i dare boot into safemode and do a virus scan and hope its completely removed or if i should just give it to the administrator and tell him to reset the PC. Any ideas on what to do next or how widespread this can be? 

 

A side note, I believe the reason my email went crazy was because the virus sent emails to their owner with sensitive info from emails in my inbox and then deleted them, any idea what to do about this? I scanned my email for sensitive info on a website,  but couldn't find any so i think im safe

 

 

TL:DR

My computer got a virus that can control my keyboard and send mails, my passwords are safe, what should i do next? 

[Fake Dragonite]

Sounds like you have a keylogger/virus that gives remote access. Only sure way of being safe is to nuke your OS and reinstall.

[Fake Dragonite]

2 minutes ago, Tibbles said:

my question is, why would you even respond to them?

Maybe he was inspired by this

[PeachyUwUSenpai]

Drill through hard drive Kerosine the bios chips and then replace the hard drive and bios chips and you should be good you'll have to reinstall the os as well

[PeachyUwUSenpai]

1 minute ago, Fake Dragonite said:

Maybe he was inspired by this

if you do this again at least be in a VM

[noisebomb44]

1 minute ago, Fake Dragonite said:

Maybe he was inspired by this

Yes, its hilarious to have long conversations with nigerian scammers about investments in my basement brewing facility 

[noisebomb44]

1 minute ago, Alaradia said:

if you do this again at least be in a VM

Yeah, i did at first but couldn't bother installing it on the new laptop i got

[noisebomb44]

3 minutes ago, Alaradia said:

Drill through hard drive Kerosine the bios chips and then replace the hard drive and bios chips and you should be good you'll have to reinstall the os as well

Can't be that bad though? Don't think im allowed to do that by the system admin

[A Silver]

Just nuke your hard drive and reinstall windows. Your laptop should have come with a recovery disk or USB

[noisebomb44]

Just now, A Silver said:

Just nuke your hard drive and reinstall windows. Your laptop should have come with a recovery disk or USB

Yeah, i will just give it to the system admin and tell him to do it, don't think im allowed to do it myself. Not sure if wants to replace the bios chip though 

[PeachyUwUSenpai]

Just now, A Silver said:

Just nuke your hard drive and reinstall windows. Your laptop should have come with a recovery disk or USB

it could've been a ring 0 zero day that installed on his bios he has to nuke his Bios chips as well

[A Silver]

Just now, Alaradia said:

it could've been a ring 0 zero day that installed on his bios he has to nuke his Bios chips as well

Oh, i did not think of that.

[Fake Dragonite]

3 minutes ago, Alaradia said:

it could've been a ring 0 zero day that installed on his bios he has to nuke his Bios chips as well

I mean, there's not a lot that can really be done if that's what happened though. Most institutions seem to rather keep dangerous hardware around than junk a "perfectly well working machine"

[PeachyUwUSenpai]

1 minute ago, Fake Dragonite said:

I mean, there's not a lot that can really be done if that's what happened though. Most institutions seem to rather keep dangerous hardware around than junk a "perfectly well working machine"

Yeah stuff can be done you just swap the bios chips or swap the motherboard if their soldered on and also replace the hard drive simultaneously 

[Fake Dragonite]

Just now, Alaradia said:

Yeah stuff can be done you just swap the bios chips or swap the motherboard if their soldered on and also replace the hard drive simultaneously 

I'm not saying it's physically impossible to be done. It's just common for many places to feel it's not worth the time and energy to worry about, as well as not wanting to get rid of functioning hardware.

[noisebomb44]

I just scanned the link i clicked on, but its not finding any viruses on it? Perhaps its a really sophisticated virus, will try it on a VM when i get home to see how severe it is

 

scan:

https://www.virustotal.com/en/url/b3ceb94fa4050ce3793abb56c0635e4609fa03a4a6ba1555416f01873521bad6/analysis/

[Sauron]

I think part of what you're conjecturing is paranoia - what's likely to have happened is you ran some sort of remote desktop application which briefly gave control of your computer to someone else, who was probably waiting at a desk for someone to open a connection. When that happened they were probably in the middle of typing something else ("what") and took a few seconds to realize they had scored a "hit". From that they scrambled to get whatever sensitive information they could, starting from opening random emails and making a mess.

 

If this is the case, you should have no problems when you reboot. Just to be safe, I'd unplug your internet connection and see what happens.

[noisebomb44]

1 minute ago, Sauron said:

I think part of what you're conjecturing is paranoia - what's likely to have happened is you ran some sort of remote desktop application which briefly gave control of your computer to someone else, who was probably waiting at a desk for someone to open a connection. When that happened they were probably in the middle of typing something else ("what") and took a few seconds to realize they had scored a "hit". From that they scrambled to get whatever sensitive information they could, starting from opening random emails and making a mess.

 

If this is the case, you should have no problems when you reboot. Just to be safe, I'd unplug your internet connection and see what happens.

Yeah, that night actually be the case, becuase after closing chrome and unplugging internet acces to do the virus scan nothing suspicious happened. 

[noisebomb44]

Also, my mail saved what he wrote as a draft, this is what he wrote after writing "what" : "INdsafd"

it certainly looks like he mashed a wasd keyboard with both hands, not like something a virus would write

[noisebomb44]

Annother pretty funny thing i just remembered happening was that the language inexplicably changed to english in Gmail, i didn't think much of it because i thought it might be a bug in gmail or something. Thanks for helping me though, im pretty sure it was just someone using remote desktop on me now,  but i think i will nuke it before starting to use it anyway in case he planted a Keylogger or something 

 

Ill probably try doing it again inside a VM later today, im really interested in what he wanted to do if he got more time, i might also post an update of what happened here for those interested 

[beanhubbleday]

10 minutes ago, noisebomb44 said:

Annother pretty funny thing i just remembered happening was that the language inexplicably changed to english in Gmail, i didn't think much of it because i thought it might be a bug in gmail or something. Thanks for helping me though, im pretty sure it was just someone using remote desktop on me now,  but i think i will nuke it before starting to use it anyway in case he planted a Keylogger or something 

 

Ill probably try doing it again inside a VM later today, im really interested in what he wanted to do if he got more time, i might also post an update of what happened here for those interested 

I'd like to see

[noisebomb44]

6 hours ago, JackHubbleday said:

snip

(just quoted you to make sure you got a message since you didn't follow this thread)

 

Ok guys, so I've just setup a clean version of windows, filled my fake account's inbox with "sensitive information" (fake bank account numbers, etc), copied the link I followed earlier today and started recording. I sat back after entering the URL, waiting for someone to take control of my mouse and keyboard, but nothing happened. I then inspected the page and the only content of the page was a header with some text in it. No viruses or malware as far as I could see. But then how did someone take control of my mouse and keyboard? 

 

I think I know why. When I got my laptop it had TeamViewer (the only connect edition) installed, and it was rumoured that they could take control over your PC and monitor it at all times and that you were not allowed to block it through the firewall (1984 anyone?). I opened glasswire and there were a few non-TeamViewer related clients connected. My theory is that it was just the system admin/manager spooking me out for reading and replying to spam emails because I was actually in the process of writing a mail when someone got access to my PC, they then deleted the text and replaced it with what I mentioned earlier, perhaps they were going to write "what are you doing?" or something before I disconnected it. I'm going to have a long talk with him next Monday

[bcguru9384]

cmd prompt

netstat -b -n -t 3

that will show all network connections ipaddress, exe associated with ip in use and repeat or update every 3 seconds

best way to see if your "hacked"

[noisebomb44]

1 minute ago, bcguru9384 said:

cmd prompt

netstat -b -n -t 3

that will show all network connections ipaddress, exe associated with ip in use and repeat or update every 3 seconds

best way to see if your "hacked"

5

CurrPorts is much easier to read though and has more features

[bcguru9384]

using netstat combined with tracert how i found yucky person in my old dsl connection

path went

72.dsl to 72.dsl to 184.privatebluefish to 72.dsl to google or microsoft or any other site

both those tools built right into os system

i used webbased ipwhois page check identity