TechSpot

Hackers in our stuff-can't get 'em out

By Lysa Ray
Nov 6, 2013
  1. They are in all of our computers (even at our office), our Pads, Ipads and Iphones. They are connecting via Telephony with bluetooth. They are very organized, my husband found the hacking instructions on my HP Pad in every language, on how to "drop the packet". If we shut off our computers they turn them on via telephony. We have Malwarebytes, AVG and even installed Tiny Wall and Kaspersky. It is not a virus. Although AVG finds "";"Found Adware.Generic, HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\AVP";"Cannot be removed
    Access is denied."....but I cannot find it on my computer nor remove it with AVG. Before we completely wipe our computers, and change our IP addresses (which we do not even know if it will do any good) I have come here for some direction. I have considered hiring my own hacker, but the one we talked to looked at the codes from the hackers and said it was beyond him.
    I am running Malwarebytes again right now and will post log when complete.
    Any help would be greatly appreciated.
     
  2. Lysa Ray

    Lysa Ray TS Rookie Topic Starter

    Malwarebytes report from today shows nothing
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.06.01

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16721
    lysaray :: LYSA [administrator]

    11/5/2013 8:12:30 PM
    mbam-log-2013-11-05 (20-12-30).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 398529
    Time elapsed: 55 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. Lysa Ray

    Lysa Ray TS Rookie Topic Starter

    Malwarebytes log from a few days ago:
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.02.10

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16721
    lysaray :: LYSA [administrator]

    11/2/2013 10:24:07 PM
    mbam-log-2013-11-02 (22-24-07).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 404046
    Time elapsed: 1 hour(s), 14 minute(s), 27 second(s)

    Memory Processes Detected: 1
    C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 2088 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 8
    HKLM\SYSTEM\CurrentControlSet\Services\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: SWEETPACKS_SEARCH -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10...&barid={E05F3855-C0E9-11E2-BE79-28924A3CF96E}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 13
    C:\Program Files\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Delete on reboot.
    C:\Program Files\Updater By SweetPacks\Firefox (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\defaults (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\libraries (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\resources (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

    Files Detected: 22
    C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Delete on reboot.
    C:\Users\lysaray\Downloads\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
    C:\Windows\Installer\9dcd66a.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\DGChrome.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Extension32.dll (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Extension64.dll (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\InstallerHelper.dll (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\source.crx (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\unins000.dat (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\unins000.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome.manifest (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\install.rdf (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.xul (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources\localscript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US\overlay.dtd (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin\overlay.css (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences\defaults.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    C:\Program Files\Updater By SweetPacks\resources\localscript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...