EvilZone
Community => General discussion => : lucid April 06, 2012, 12:13:11 AM
-
I have a facebook question....wait don't leave yet. I have no facebook and this is not pertaining to me. Other members of the household all have facebooks and recently a few of them have no been able to sign on. Password didn't work. So they changed their passwords and minutes later their new passwords didn't work. I ran a hitman scan on their computers and, of course, they had viruses. Adware and the like. They were removed but their facebooks seem to have been "hacked" They're all idiots of course and one of their computers has a Win32 persistant virus that I couldn't remove. Now I'm no malware forensics expert but try as I may the computer is sick and needs a geekier geek than I. Also their yahoo accounts password are changed and they can't get on to them either.
I'll get to my question. Are their facebooks being individually messed with or is there a virus that is spreading itself through the home network? Or something else. I am not sure what to tell them is wrong with their shit.
-
I have a facebook question....wait don't leave yet. I have no facebook and this is not pertaining to me. Other members of the household all have facebooks and recently a few of them have no been able to sign on. Password didn't work. So they changed their passwords and minutes later their new passwords didn't work. I ran a hitman scan on their computers and, of course, they had viruses. Adware and the like. They were removed but their facebooks seem to have been "hacked" They're all idiots of course and one of their computers has a Win32 persistant virus that I couldn't remove. Now I'm no malware forensics expert but try as I may the computer is sick and needs a geekier geek than I. Also their yahoo accounts password are changed and they can't get on to them either.
I'll get to my question. Are their facebooks being individually messed with or is there a virus that is spreading itself through the home network? Or something else. I am not sure what to tell them is wrong with their shit.
It sounds like they all use the same computer, and someone downloaded something they shouldn't have (for example, a game item-duplicator that had a stealer attached to it). If multiple accounts are being affected, 8/10 it's a stealer, the other 2/10 a keylogger. Login to that computer, put wireshark on it, then make a batch file that will have it listening on start-up. Look through the logs and check for smtp/ftp information. I'm 90% sure that you'll find account information logging in to a remote server somewhere.
If you can't do that, arp-poison your network, have wireshark or ettercap ready to go, then turn that computer on. <-- same effect, except you'll see the information on your computer if you do happen to be dealing with a stealer/keylogger.
Like I said let me know how it goes. If you get account information, I'll guide you through cleaning shit up if you need help. If you don't get account information, get one of those boot-up anti-virus disks.
-
They are dumb and wouldn't let me do anything on their computers. Once time one one of them was using skype and they couldn't hear us talking to them, so I turn their skype microphone on thus fixing the problem. Later the setting was back off and she blamed me and said I broke her computer since I was "messing around on it" Since we are all on a home network I don't suppose I could run wireshark on my pc?
-
Since we are all on a home network I don't suppose I could run wireshark on my pc?
Yes you can, but like I said you'll have to arp poison your network first.
-
Well, "Be smart or face the consequences" - that's how I roll.
Sometimes I just pity, like really pity, the fools. Most of the time I don't even bother with hunting down viruses and removing them because most likely they had done damage to the system already - you never know what virus one might have. I just reinstall the system. Of course if the person has lots of apps or data that can't be backed up, then I try to fix stuff.
-
Embarrassingly enough I know how to set a program to run on startup but I don't know how to program it to be listening on startup. Not very knowledgable about batch