haydn

CLOSED Hacked Instagram and Email

Recommended Posts

Hi I'm struggling first my Instagram was hacked and now my email has been sending emails to friends without consent

Ive changed the email associated with all main accounts and used command prompt to check netstat ports cant see anything obvious what else can I do ive run BT Mcafee anti virus nothing found Malwarebytes also shows no infections including root kits

I'm a bit lost now, I contacted my isp and got my email back and changed password, ive raised 2 cases with Instagram who have failed to respond and it seems whoever is in my Instagram is still active I'm guessing they use a proxy ip to remain anonymous

any help gratefully accepted

PS just to add I went on my Home Network last night to get a list of connected devices and there seemed to be too many for the amount of devices, I turned all off and still found what looked like two devices I didn't recognise so I disabled them

Share this post


Link to post
Share on other sites

Ive noticed the attacks tend to happen PM so I went through task scheduler to see if anything ran midday on that could open a door and I could only find Nvidia does some sort of broadcast check ive disabled that process since

It all started when I received two emails saying my passwords were changed on EA Sport and the broadcast service rub by Nvidia cant remember its name but it seems that service game recording etc is on by default so that's disabled also

When the attacks occur I loose my BB connection for a brief period

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} =>  -> No File
2017-03-16 09:04 - 2017-03-16 09:04 - 0637072 _____ (Acronis) C:\Users\track\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
2017-02-04 04:06 - 2017-02-04 04:06 - 0244264 _____ (McAfee, Inc.) C:\Users\track\AppData\Local\Temp\McCSPInstall.dll
2017-03-03 15:38 - 2017-02-23 08:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\track\AppData\Local\Temp\nvSCPAPI.dll
2017-03-03 15:38 - 2017-02-23 08:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\track\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-03 16:12 - 2017-02-23 08:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\track\AppData\Local\Temp\nvStInst.exe
2017-03-10 16:37 - 2017-03-10 16:37 - 5935576 _____ (Igor Pavlov) C:\Users\track\AppData\Local\Temp\Package_en_ww.exe
CustomCLSID: HKU\S-1-5-21-2242279074-711525422-971276025-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\track\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2242279074-711525422-971276025-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\track\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2242279074-711525422-971276025-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\track\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll => No File

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

I hope I'm not being a pain and ill gladly make a contribution to Emisoft but I have a laptop that suffers the same it mimics my PC in many ways I'm scared to turn it on in case it signals the hacker, would it be ok to run the same process on the laptop, I think when my PC was first hacked they killed the SSD drive as I only had it two weeks and the hard drive failed it could have been a coincidence and was covered by warranty but since I've had these hacking issues

Trouble is I think youngsters today think if they become good enough at hacking they'll gain employment with security companies almost glorifying the act of making peoples lives a bloody misery

I did go to Malwarebytes forum and advised I was seeing outgoing connection attempts from something called table.zip they didn't seem to know what it was and I received no assistance, then one day I logged in and found my Malwarebytes and BT virus protection off I turned it back on and thought nothing of it maybe there was more to it that happens on the laptop mainly 

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.