Jump to content

  • Log in with Facebook Log in with Twitter Log In with Steam Log In with Google Sign In
  • Create Account
Photo

Home PC Hacked

- - - - -

  • Please log in to reply
16 replies to this topic

#1
PHANTASM

PHANTASM

    L8: Grand Teacher

  • Regular User
  • 1,963 posts
90
On the road to fame
  • Admin:XIII
  • Server:Jay2
Contributor
So, I (my wife actually) managed to infect our PC with a lovely trojan.

It was called ciphck.dll (or something like that).

I installed Norton SystemWorks because I noticed a slowdown on the computer and she said, yeah, she had clicked on a picture of a hairstyle she wanted (she is into makeup and jewelry and hairstyles etc) and a picture of the girl from the Exorcist popped up on the screen. She thought that was when we got hacked.

I had a different antivirus on the computer but it failed to detect or stop anything.

First I thought maybe it was just some normal program, and Norton was being paranoid (this happens a lot with Norton products). So I googled the file expecting to find that it was some obscure Windows service that was all fine and dandy. But a search of the file name on google showed no information - none - and google suggested other spellings as if I had typed it in incorrectly. I right clicked on the properties and it had been created on August 4th so I knew it was not from Windows. It was installed in WINDOWS/system32 where a lot of viruses get installed so they can pretend to be system files and be hidden from ordinary users.

I tried to open it in Notepad but I could not access it. I tried to delete it but again access denied. I turned off all services in msconfig and rebooted it then tried to get rid of it but still access denied. So somebody had gone to a lot of trouble to keep it safe, which pretty much convinced me it was a virus.

I then rebooted in Linux, found the file in the Windows directory, and deleted it easily. I rebooted back into Windows and rescanned with Norton and the file is gone, it did not recreate itself.

Then I realized that I have my tax info on this computer. With our names, addresses, and SS #s.

Now I am wondering if I should put a block on my credit and my wife's credit and our kids Social Security numbers. I probably should, just in case somebody found that file and has Turbo Tax and knows how to open it.

Sometimes the internet really sucks.


Click here to login or here to register to remove this ad, it's free!

#2
SickOne

SickOne

    L3: Novice

  • User
  • 380 posts
7
A step in the right direction
  • Admin:8
Ouch , Yeah you prolly do better by taking all necessary steps to be on the safe side . Includes a new setup of the comp of course .

#3
+Zippo+

+Zippo+

    L3: Novice

  • User
  • 132 posts
4
Unknown at this point
  • Admin:8
Yes you should do that man for the time being! Better safe then sorry especially when your kids are involved! So sorry too hear that too about ur kids.


If i recall correctly, a whole system reformated will wipe out the virus out, Or even a new one will definetly do the trick.

#4
daredevil

daredevil

    Profiler

  • Administrators
  • 25,166 posts
14,968
Guardian of the faith
  • Xbox Live:hellreturn
  • EvolveHQ:hellreturn
  • Admin:21
  • Server:None
  • Alias:hellreturn
  • T-M:1-0
Contributor
Give me exact virus name.

If it's trojan no need to stop all credit cards and such. If it's spyware stealing for your info then yes.

#5
PHANTASM

PHANTASM

    L8: Grand Teacher

  • Regular User
  • 1,963 posts
90
On the road to fame
  • Admin:XIII
  • Server:Jay2
Contributor

Give me exact virus name.

If it's trojan no need to stop all credit cards and such. If it's spyware stealing for your info then yes.


Exact name was: ciphkrnl.dll

Norton described it as a "Trojan.gen"

It would be nice if I did not have to get new Social Security numbers and pay for ID theft protection, or put a block on our credit (maybe that would be a good thing lol).

#6
daredevil

daredevil

    Profiler

  • Administrators
  • 25,166 posts
14,968
Guardian of the faith
  • Xbox Live:hellreturn
  • EvolveHQ:hellreturn
  • Admin:21
  • Server:None
  • Alias:hellreturn
  • T-M:1-0
Contributor
http://lmgtfy.com/?q=ciphkrnl.dll

I don't see much info for that either.

http://www.symantec....5526-99&tabid=2

http://service1.syma...999041209131106

Try this and see u can find more files:
http://www.malwarebytes.org/

I don't see need for blocking credit cards, etc. (If something goes bad don't blame me :P)

Also, it is always safe to .rar your files with password protection. So, even though if u pc gets hacked they will have a hell of a time to break the pass.

#7
*Kiba*

*Kiba*

    L7: Teacher

  • ET Member
  • 1,068 posts
126
On the road to fame
  • EvolveHQ:darkkiba
  • Admin:12
  • Server:Hardcore ET
  • Alias:Kiba or Yu or Venom
  • Steam ID:darkkiba420

Donator

http://www.prevx.com...HBKRNL.DLL.html that should help you out the

cip part is just a add in to make it look safe and if i was you i would do something about it i don't no want they where looking for but most keep a eye on your cards for 3 weeks don't us them of course if there not used in the next 3 weeks i would say there nothing to worrier about but as for the kids numbers i would say something about it but not sure who would be the right prose to talk to about that type of self very good with pcs i know my files and my virus

#8
PHANTASM

PHANTASM

    L8: Grand Teacher

  • Regular User
  • 1,963 posts
90
On the road to fame
  • Admin:XIII
  • Server:Jay2
Contributor
It's already gone, I rebooted into Linux and found it and deleted it easily.

Now I just wish I knew if someone went on a search of my computer, or if the trojan just got installed and did nothing else but slow it down.

If it had been a legit program it would have had some google footprint, so I think it was just some random gibberish name to hide itself.

I should have looked at the last "Date Accessed" on my TurboTax folder properties, but I already looked in there myself tonight. So it would have my own Date Accessed instead of any intruder.

I looked in Computer Management/Event Viewer but I didn't see anything funny.

#9
*Kiba*

*Kiba*

    L7: Teacher

  • ET Member
  • 1,068 posts
126
On the road to fame
  • EvolveHQ:darkkiba
  • Admin:12
  • Server:Hardcore ET
  • Alias:Kiba or Yu or Venom
  • Steam ID:darkkiba420

Donator

ya most are like that just do want i said you should be okay even if they run up your card if you your safe have not used it in days then you have nothing to worrier about they can find out if you used the card


o by the why


online or offline they can find out where the card was last used at and where zip code is everything and ip or most like if the hacker is any good the isp would tell you ever thing you need to know and where to look for the prose sorry if my english is bad i am trying

#10
FinZeroX

FinZeroX

    L4: Apprentice

  • Regular User
  • 565 posts
37
Getting Better
  • Admin:12
  • Server:Jay2
  • Alias:FinZeroX
  • Steam ID:FinZeroX
  • T-M:ET: 1-1
Contributor
When it comes to trojans & other malware, I'd recommend having Malwarebytes on your computer. When you suspect an infection, unplug your connection cable and run Mbam.
You can get the installer from here.
Malwarebytes has the best rate of malware detection.
And if interested, the PRO-version has malicious IP block that prevents those bastards from accesing your PC and data.

#11
AntiThought

AntiThought

    L7: Teacher

  • Honored Veteran
  • 1,332 posts
58
Getting Better
  • Admin:14
  • Server:None
Contributor
Sorry to hear Phantasm. Unfortunately you can only get a new SS# if someone is provably using your information illegally (simple posession of your # is not enough) according to the SSA http://www.ssa.gov/pubs/10064.html . You can put a 90 fraud alert on your credit reports but with a police report and evidence of theft you can extend that 90 days up to 7 years http://www.privacyri...0a-SSNFAQ.htm#6 . Unfortuneately theives often wait for a year or more before using a number to ensure they catch someone offguard and do maximum damage before detected.

However in actuality there is only a small chance that they acquired your info. I would not worry anout it too much.

#12
*Kiba*

*Kiba*

    L7: Teacher

  • ET Member
  • 1,068 posts
126
On the road to fame
  • EvolveHQ:darkkiba
  • Admin:12
  • Server:Hardcore ET
  • Alias:Kiba or Yu or Venom
  • Steam ID:darkkiba420

Donator

ya what anti said it not that big of a deal even if they do something illegally with your info you can prove that it was not you lol you forget the world today is start to run ever thing with pcs and networks

#13
AntiThought

AntiThought

    L7: Teacher

  • Honored Veteran
  • 1,332 posts
58
Getting Better
  • Admin:14
  • Server:None
Contributor
I don't know if I would go that far Venom but the risk is still small.

BTW Venom I just realized we live about 60 miles apart.

#14
General

General

    L7: Teacher

  • Regular User
  • 1,169 posts
25
A step in the right direction
  • Admin:15
  • Server:COD4 #2
Idk what version of Norton u have, but my Norton sucked too. Then my dad got an upgrade of it or some crap and its not a very good system protector. Btw, CCleaner is a good program that deletes uses files/things

#15
FinZeroX

FinZeroX

    L4: Apprentice

  • Regular User
  • 565 posts
37
Getting Better
  • Admin:12
  • Server:Jay2
  • Alias:FinZeroX
  • Steam ID:FinZeroX
  • T-M:ET: 1-1
Contributor
I'd recommend a set of:
Avast! Antivirus or Avira antivirus(Against viruses)
Malwarebytes PRO (Against malware)
SpywareBlaster (Browser security)
CCleaner(Temp files etc.)

Also if you need a very lite antivirus&antimalware, try Panda Cloud Antivirus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users