- This topic has 22 replies, 7 voices, and was last updated 20 years, 9 months ago by
.
-
Posts
-
Hiya,
Ok this is what had happened to me.
First off… one of my friends ened up sending me a file named “server.exe.”
via on AIM. He said that he needed some help w/ it cause it wouldn’t open on his computer.
It passed through my virus scanner and it didn’t detected it as one.
So I thought… oh mind as well see what it is.
I tried to open it.. I couldn’t. So I decided to throw it away.A while later, my buddies on AIM noticed that I was typing some stuff… that I wouldn’t normally say. I then saw that my buddies screen names were being changed to a ” O_O ” icon. Then, whoever the “hacker” was IM me using my screen name. I then realized I was being hacked.
When I told this to one of my friends… they said to do a virus scan… which I did.. and it came up that there were 2 Trojans… PSW.Briss.A and PSW.Briss.B that were deleted.
I also did a adware / spyware scan… and deleted all of those files too.
I also un-installed AIM and re-installed it too.Now here’s the problem….
My system is clean free from viruses etc, spyware, and adware… but I’m still being hijacked on AIM. *Even if I changed screen names*
And yes.. I am using a firewall and 2 virus-scanners along w/ spy/adware removal….
Can anyone help me about this?
I really want my old screen name back….Hello Sekiria101. I would be happy to help you with your current AIM problem. Before I get into detail on how to fix this problem, I strongly sugguest you do not recieve programs from anyone over AIM; even your friends (unless you are definite the program is safe). Many times a file looks safe, but that does not mean it actually is safe. Anyway, now on to how to get rid of this security problem.
First off, did you try changing your password? If not, try changing it to something totally different.
Try scanning your computer using a different virus scanning program. I am not saying your program is not good, but sometimes other AV programs catch viurses that others do not. Or, you can just go to one of the following sites that give out free online virus scanning services:
– http://housecall.trendmicro.com/
– http://www.bitdefender.com/scan/licence.php
– http://security.symantec.com/sscv6/vc_prescan.asp?langid=ie&venid=sym&plfid=23&pkj=SIKQRHYTINMHDKDCWLLDid a google search and got these.
If you did all this and are still having a problem or the AV services you tried did not come up with any results, there are actually a few other ways to see whats going on here. First, lets take a look at the task mannager to see what programs are running. Close out all programs that you have running, press CTRL+ALT+DELETE, click the tab that says “processes”, and take a look at all the running processes. I know this may take a while, but if you can, post all the running process here and I will take a look at them. This should help me to see what program is running which is giving out your password.
After doing all of this, tell me your results and we will work on fixing this securtiy problem from there. Hope this helps!
P.S. If this does fix it, I strongly recommend that you change your AIM account to something else and stay low for a while… What I mean by staying low is only give out your AIM account to people you know and people you trust. This way, who ever is getting your password wont be able to pick on your account for a while and will hopefully forget about picking on you.
Yeah… It must be freaky to have someone log on all of a sudden. You know that message that says “You are logged in from 2 locations”? Sometimes I get that as a connection glitch and it scares the heck outta me!
Dragon31 wrote:Hello Sekiria101. I would be happy to help you with your current AIM problem. Before I get into detail on how to fix this problem, I strongly sugguest you do not recieve programs from anyone over AIM; even your friends (unless you are definite the program is safe). Many times a file looks safe, but that does not mean it actually is safe. Anyway, now on to how to get rid of this security problem.First off, did you try changing your password? If not, try changing it to something totally different.
Try scanning your computer using a different virus scanning program. I am not saying your program is not good, but sometimes other AV programs catch viurses that others do not. Or, you can just go to one of the following sites that give out free online virus scanning services:
– http://housecall.trendmicro.com/
– http://www.bitdefender.com/scan/licence.php
– http://security.symantec.com/sscv6/vc_prescan.asp?langid=ie&venid=sym&plfid=23&pkj=SIKQRHYTINMHDKDCWLLIf you did all this and are still having a problem or the AV services you tried did not come up with any results, there are actually a few other ways to see whats going on here. First, lets take a look at the task mannager to see what programs are running. Close out all programs that you have running, press CTRL+ALT+DELETE, click the tab that says “processes”, and take a look at all the running processes. I know this may take a while, but if you can, post all the running process here and I will take a look at them. This should help me to see what program is running which is giving out your password.
After doing all of this, tell me your results and we will work on fixing this securtiy problem from there. Hope this helps!
P.S. If this does fix it, I strongly recommend that you change your AIM account to something else and stay low for a while… What I mean by staying low is only give out your AIM account to people you know and people you trust. This way, who ever is getting your password wont be able to pick on your account for a while and will hopefully forget about picking on you.
Sorry that it took me long to reply to this.
Ok first off.. I was able to change my password on my old account.
I did change screen names and even then… I am still being hijacked.Every single time I sign on… it gives me that *AOL SYS MSG*
saying that I am signed on in 2 locations. Then, that’s when the “hacker / hijacker” messes around with me and my computer.I’ll try to scan my computer with another virus scanner as you suggested.
In the mean time… here is a screenshot of my Processes…
*sorry I was lazy to type them all… lol*Thanks for helping me out here. 🙂
I do not see anything suspicious on that list. But that doesn’t mean you do not have a trojan that would be giving your password to someone. I see that you have ZoneAlarm installed on your computer… Have you noticed any odd looking programs trying to run? If a trojan was trying to connect, it most likely would have notifyed you. If you do not remember, try checking your logs (program log section, not connection log). If you see any weird looking apps trying to connect, post them here. Also note that someone does not have to infect your computer with a virus to get your password. Many people come up with methods to exploit software/services.
When you said he was messing with your computer when you log on, what do you mean? What does he do to it?
To prevent the person hijacking your AIM account from gaining access to friends accounts, I strongly sugguest you save your AIM buddylist to a CD (not harddrive) and delete your buddylist. Also please post anything any AV program finds. Like I said before, try out different AV programs. The one you have isn’t a bad program or anything, but many AV services catch viruses that others do not. You might be supprised what comes up.
you have a trojan. It is probally optix pro. Any antivirus scanner would detect this. It is a really old trojan virus. The person cannot connect to your computer without the internet, so if you dont connect to the internet, they cant do anything. use a different computer to get an antivirus scanner, and install it on the infected computer. after it is deleted, then you can get online again.
You shouldn’t call other peoples knowlage crap. I was giving him a technical tutorial on how to fix it… Sure, you could just say it is a trojan… But how does this solve the problem? I am not saying you are wrong here, all I am saying is problems like this are not as simple as they may seem. He did a virus scan and nothing came up. And also as I have said before; it could be (though from the looks of this problem, I really personally do not think so) an exploit letting someone know his password. I took out my time to help this guy, I kindly ask that you please do not call it crap. Thank you.
Anyway, Sekiria101… Tell me when you do the things I sugguested and we can work more on fixing this problem. Hope my info in my last post helps!
Okay, I did a bit of more reseach. I went to a securtiy website and found something on Server.exe. Server.exe is actually very much related to some AOL trojans. My advice would be to do a virus scan (like I suggusted before) and eliminate this viurs(es). Many of the ones it came up with were hijacking viruses and some spy viruses (all AIM-related) when I did a search… So theres your problem. You most likely have one of those. Good luck and I hope everything goes well! Keep us informed of the results. If you need any more help, feel free to ask me.
Ok, first end all processes from windows task manager that you dont recognize
then start>run>msconfig
remove all things from ‘startup’ that you dont recognizethen start>run<regedit
remove malicious registry keysthen reboot
then run a virus scan or whatever.
P.S dont click on things called “server.exe.”
I recommend that you do not what he sugguested. Deleting some of these things (for example; registry keys) can really mess up your computer.
Edit: sorry! Edting mistake… word “not” was actidently removed when I edited this post before… do NOT do what he said as it may mess up your computer.
Lol.. here my advice.If you dont know what you are doing dont mess with the registry or msconfig you will mess something up. As for the AOL Trojans. ALl trojans when made from the client program have a base name “server.exe” any trojan can be named anything but the base is always server.exe. Onto the “ohh he did a virus scan.” When do you think a virus is deteactable? After people have had it. You think they magically know what a virus is? No its gotta be found. Which is why trojans are undetectable for a period of time. Before responding with your silly little answers, learn what yuor talking about. Do what i suggested Find a trojan scanner use it. then goto http://www.pandasoftware.com and use there active scan utility. It contains a much larger database than norton or mcafee. and if anyone wants to debate me on my answer ill rip them apart because everything i said is verifiable. so dont start with me children i know what im talking about
From your screen shot i see theres alot wrong. One of your processes shouldnt be running. Well more than one. If you can see the user names of the processes arent there. Meaning something stopped that from loading. So find that problem and take care of that. just close processes of things you know you dont need. and if you dont know respond back and i might take the time to tell you what they all are.
Okay… I manage to run my Anti-Virus and those ones that you recommended too..
I don’t remember exactly what the names where… but it came up like 7 trojans
*those 2 that I listed plus 5 different ones*Plus a backdoor too. *Backdoor.A <— or something like that*
I wished it could log those file names.. but it didn’t.
As far as messing around with the registry… I don’t know if I really should do that cause I’m not really a “computer professional.” Sure I know alot about them.. but not that advanced yet. 😉 hehe
I was thinking…. would it be ok just to re-formatt my Hard Drive and re-install my OS? o.o
also… How the “hacker” mess around with my computer
is that some files of mine would be deleted… then restored the next day.
Like my pictures, videos,.. stuff like that.I appreciate all the help from you Dragon31. 🙂
Thanks so much. ^.^ !Oh btw… >.> not that it really matters or anything but… I’m a girl actually. 😉
- You must be logged in to reply to this topic.