Share via

How can I detect whether I have been hacked, and if I have, how can I remove the threat.

Anonymous
2013-04-01T01:27:08+00:00

I think I may have a hacker in my system. Here are the reasons why: first, I have been having strange files pop up in places where they shouldn't be, and when I did not create them. First it was a MigWiz Installer file in my AppData folder in one of my accounts that had a bright blue title. I tried to throw it away, but it said that it was being used. I eventually installed some browsers to play with them, but some of them did not uninstall cleanly, so I did a refresh, and the MigWiz file disappeared. A few days later, I had a new account show up in my Users folder that had the same contents. I tried to throw it away, but it said that it was open in the Windows Search or something like that. I booted into Diagnostic Startup and threw it away, and have had no 'computer' problems since. Second: I have had messages say that there are programs running in my computer when I go to shut down or restart; there were no files or programs open because I double check before I restart/shut down. Third, I ran sfc/scannow a long time ago just to see what happened. I had registry errors that were not fixed. I did a refresh, because I read that fixes it, and ran it after re-installing each program that I had installed. It did not come back, and I had my computer back to what it was, until I went to my university email account, which is run on gmail, though it has a different server name. I went to it in a different browser, and I got a message that the email system was compromised. This has happened a few times now, and I thought that maybe I should ask for advice. I am attending a well-known state university for an online degree in IT Management, so that is why I thought maybe someone was 'observing' my files, etc. Also, I do NOT go on various strange websites or upload programs or files off websites other than Comodo, Microsoft, and Adobe, except for those browsers that are gone now.  I have changed my email and computer passwords and my email name itself already, but that didn't seem to work.

Windows for home | Previous Windows versions | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

13 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2013-04-01T02:04:51+00:00

    MigWiz: http://www.processlibrary.com/directory/files/migwiz/28336/

    File and settings Transfer Wizard

    I don't know that I'd suspect someone has "hacked" your system, but it could well be compromised by malware.

    You've not specified what security software you are running, but have selected Windows 8. Are you using Windows Defender on Windows 8 as your security? is this an upgrade from an earlier version of Windows or a fairly new PC that came with Windows 8 installed? Are you the only user on the PC?

    Try Hitman Pro Trial Version: http://www.surfright.nl/en/hitmanpro This program may be run from a flash drive. You may need to run it in Safe Mode or Safe Mode With Networking.

    And/or

    Try TDSS Killer: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller TDSS Killer may be run from a flash drive. You may need to run it in Safe Mode or Safe Mode With Networking.

    You may wish to download (on an uninfected PC) one or more of the following rescue scanners to create bootable media to scan the infected PC (list courtesy of forum member, GreginMich):

    http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

    http://support.kaspersky.com/viruses/rescuedisk?level=2

    http://www.f-secure.com/en\_EMEA-Labs/security-threats/tools/rescue-cd/

    http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html

    http://www.avira.com/en/support-download-avira-antivir-rescue-system

    http://www.avg.com/us-en/avg-rescue-cd-download

    http://www.freedrweb.com/livecd/

    http://www.superantispyware.com/portablescanner.html

    http://support.kaspersky.com/faq/?qid=208283363

    Each rescue scanner will miss things – because none of them will have a perfectly complete and up-to-date set of definitions; so you might need to use several of these rescue scanners, or something like the Shardana Antivirus Rescue Disk Utility, which creates a custom bootable CD or flash drive that includes multiple rescue scanners:

    http://www.sarducd.it/

    You can also  start here - https://support.microsoftsecurityessentials.com/ and select the link that says - I think my computer is infected. Options will vary by region, but phone support leads you to Microsoft Answer Desk (http://www.answerdesk.com/) in the US at this time. After an initial free consultation, a fee will be charged for assistance, based on the details of the case.

    This web site - http://www.bleepingcomputer.com- contains details for many of the common infections, often immediately after they began to appear in the wild, and instructions are provided for how to remove the infections using their malware removal guides. They also have forums where you can seek help from people who specialize in malware removal.

    This may also be helpful - How to get rid of malware:

    http://answers.microsoft.com/en-us/windows/forum/windows\_vista-security/how-to-get-rid-of-malware/ba80504b-61f1-4d71-960f-b561798b7b42

    -steve

    3 people found this answer helpful.
    0 comments
  2. Anonymous
    2013-04-01T18:48:36+00:00

    Thank you very much.  I thought that those were maybe templates, but I cannot see the other account, which now has mysteriously disappeared from the all accounts page where I sign in.  No, this is not where I saw the extra users originally.  Thank you for your help.  I will post if anything more helpful comes up.

    2 people found this answer helpful.
    0 comments
  3. Anonymous
    2013-04-01T10:27:38+00:00

    I believe (my opinion) that Windows Defender on Windows 8 is superior to any 3rd party product for protection.

    I'd go ahead and try some utilities to check for the possibility of infection. Since the PC is fully functional, downloading one or more of the rescue scanners and creating a boot disc on this PC is also a reasonable avenue to try.

    -steve

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2013-04-01T05:34:21+00:00

    Maybe you can try free antispyware softwares (like SUPERAntiSpyware(Free) and others) and anti keylogger software (see http://freeware.wikia.com/wiki/Lists_of_freeware_antikeyloggers) to remove any spy program or any keylogger in your system.

    1 person found this answer helpful.
    0 comments
  5. Anonymous
    2013-04-01T03:41:37+00:00

    I am using Windows Defender.  I check for Windows updates twice daily, and all other updates, Visual Studio, HP, Windows Store, NVidia, Desktop Skype, Adobe Reader and Flash, Comodo Dragon, and Office 2013, daily.  I had not installed anything between when I didn't have the migwiz and when I did.  I am the only user; I have two Admin accounts and one standard account.  Family members are also allowed to do web searches and use some Windows apps under supervision.  I have been on Bleeping Computer, but I did not wish to install anything from them as other places said that those softwares were harder to remove than malware.  I got my computer wish Windows 8; it is not an upgrade.  I do not have access to a second PC - my family has one Apple and one Windows computer.  The Apple is the families, and the Windows is mine because I needed it for college.  I will look into the Bleeping Computer website and maybe try Kaspersky.  What do you think about the free Comodo internet security software that includes a full scanner?  I thought maybe it was a hacker because everything is so surreptitious and keeps recurring in different places.  Thank you for your response.  I will look into these other solutions you directed me to.

    1 person found this answer helpful.
    0 comments