Share via

How can I detect whether I have been hacked, and if I have, how can I remove the threat.

Anonymous
2013-04-01T01:27:08+00:00

I think I may have a hacker in my system. Here are the reasons why: first, I have been having strange files pop up in places where they shouldn't be, and when I did not create them. First it was a MigWiz Installer file in my AppData folder in one of my accounts that had a bright blue title. I tried to throw it away, but it said that it was being used. I eventually installed some browsers to play with them, but some of them did not uninstall cleanly, so I did a refresh, and the MigWiz file disappeared. A few days later, I had a new account show up in my Users folder that had the same contents. I tried to throw it away, but it said that it was open in the Windows Search or something like that. I booted into Diagnostic Startup and threw it away, and have had no 'computer' problems since. Second: I have had messages say that there are programs running in my computer when I go to shut down or restart; there were no files or programs open because I double check before I restart/shut down. Third, I ran sfc/scannow a long time ago just to see what happened. I had registry errors that were not fixed. I did a refresh, because I read that fixes it, and ran it after re-installing each program that I had installed. It did not come back, and I had my computer back to what it was, until I went to my university email account, which is run on gmail, though it has a different server name. I went to it in a different browser, and I got a message that the email system was compromised. This has happened a few times now, and I thought that maybe I should ask for advice. I am attending a well-known state university for an online degree in IT Management, so that is why I thought maybe someone was 'observing' my files, etc. Also, I do NOT go on various strange websites or upload programs or files off websites other than Comodo, Microsoft, and Adobe, except for those browsers that are gone now.  I have changed my email and computer passwords and my email name itself already, but that didn't seem to work.

Windows for home | Previous Windows versions | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

13 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2013-04-01T17:47:51+00:00

    Can you try the WDO disc on another PC? I've not used WDO with a Windows 8 machine. I wonder if secure boot might be preventing bootup with the WDO disc if the disc is indeed bootable. I trust you used the WDO "wizard" to create the boot media?

    Those users are normal. I have exactly the same on my machine when coming at it from the same path you did. I'm no expert on Users in Windows, but I think you need to study up on how User Accounts work in Windows. If we go back to the beginning, is this where you saw the 3 extra Users originally?

    In lusrmgr.msc, click on Users. Forget about the groups for now as these are like "templates" for user rights. You should see only the users you created in addition to the Admin, Guest, and HomeGroup Users when looking at Users.

    -steve

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2013-04-01T17:18:06+00:00

    CASE ESCALATION!!!

    I just went to boot up after trying to run Windows Defender Offline, and I had a FOURTH account in my computer.  It has the same picture and name as my main account, but neither signing in with my Microsoft account nor with my user name and password works.  I still cannot boot from Windows Defender Offline, although I have to boot from a DVD/CD reader first priority.  I think that maybe the Windows Defender Offline was invalidated or destroyed somehow during the installation.  What should I do now?  Reset?  Won't they just come back if I do?

    Update:

    I went into the lusrmgr.msc and clicked Groups, then Users.  I had two users in their besides the three that I created.  The names are:

    NT AUTHORITY\Authenticated Users (S-1-5-11)

    NT AUTHORITY\Authenticated Users (S-1-5-4).

    Any ideas?

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2013-04-01T16:35:33+00:00

    I downloaded and installed the Windows Defender Offline, and entered my Advanced Startup options.  I went to Devices, and chose Internal DVD.  It said Startup Failed.  What do I do next?

    WDO Tutorial: http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

    -steve

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2013-04-01T16:23:59+00:00

    I downloaded and installed the Windows Defender Offline, and entered my Advanced Startup options.  I went to Devices, and chose Internal DVD.  It said Startup Failed.  What do I do next?

    1 person found this answer helpful.
    0 comments
  5. Anonymous
    2013-04-01T15:20:59+00:00

    Thank you for helping me.  I believe that Windows Defender is superior also, but was wondering just to do a scan.  I did a full scan with Windows Defender, which came back clear, and would leave it at that, but I read on Mandiant's website that all people who are hacked, besides the average user, have up-to-date anti-virus software installed.  I'll look through these and maybe do some.

    1 person found this answer helpful.
    0 comments