Computer HAS been hacked, help dearly needed

[shaney_96]

I'll get right into it..
By the way I'm not complaining about my RS being hacked, it's much more serious than that.

Years ago (like in 2007) my runescape account was hacked. I played Runescape again last year when the Old School version was released, after a month or two it was hacked into, I found the IP and it was somewhere in Vilnius, Lithuania (when you log into runescape it tells you where you last logged in from). After this hack I stopped playing (didn't bother changing my password as I just let stopped playing).

About a month back I resumed playing the game, I never got hacked or anything and I had changed my password...

A few weeks back I went downstairs, when coming back upstairs onto my computer I saw that there was somebody typing into my URL bar, stating my RuneScape username and password , it also said something like "we are not the same, fuck "...

I also play counter strike global offensive, and it has happened a couple of times where it would just start randomly pressing buttons and firing my gun mid-game, last week he started typing my runescape username and password in the chat for everyone to see.. I deleted it before he could hit enter.

Finally, I logged into steam today and it said I am logged in from Moscow, Russia (http/gyazo.com/bbfa515df71d48410d3b8233720f3e1a <-- that's the printscreen). It's also said I've been logged in from another country.

The thing is... This "guy" or "guys" have never used my passwords for other stuff (I've changed my passwords for most things now). But surely they have a keylogger to track this password from runescape? Even if they don't, I'm pretty scared that people are accessing my computer and I do not know how they have done it. What should I do? I've browsed the internet and I find the average "change your passwords" etc. I have anti-malware and anti-virus etc but that's proven no success. Please can anybody advise what I should/what I should install to prevent these from continuously accessing my computer. I do understand that now they have access to my computer that it may be hard to rid of them.

Any feedback is greatly appreciated as I am quite worried about what may happen. I do scans on my computer and nothing is ever traced. Do I really have to erase everything from my computer and start fresh with a brand new OS and change my IP? I don't mind if that's the only option, but I'd just love to know what I can do.

Please respond if you have any suggestions.

Regards, Luke

 

[USAFRet]

http/gyazo.com/a964a2ac4e005c0ca483b5479a572b2e

Just something that popped up today when coming back onto my PC, this has never come up before and proves that this is getting pretty scary. Going to go to a computer specialist tomorrow and get it all done in one payment (Wipe the PC and buy and install a new OS).

I'm guessing I should just go for the standard Windows 7 64bit Professional?

No need to have a 'specialist' do it. He won't do anything you can't do yourself.
DBAN, and reinstall the OS.

And unless you really need the extra features, Win 7 Home Premium will probably work just as well, instead of Professional.

 

[swiftleeo]

http/gyazo.com/a964a2ac4e005c0ca483b5479a572b2e

Just something that popped up today when coming back onto my PC, this has never come up before and proves that this is getting pretty scary. Going to go to a computer specialist tomorrow and get it all done in one payment (Wipe the PC and buy and install a new OS).

I'm guessing I should just go for the standard Windows 7 64bit Professional?

No need to have a 'specialist' do it. He won't do anything you can't do yourself.
DBAN, and reinstall the OS.

And unless you really need the extra features, Win 7 Home Premium will probably work just as well, instead of Professional.

Unless he/she needs more than 16GB of RAM, Home Premium will be more than enough. There are a few Digital River Windows 7 SP1 iso's laying around but if his product key is OEM, they wouldn't really help much.

 

[shaney_96]

A pretty important update here:
This is what is typed, it happens about every night now: "I'm the complete opposite... that I can promise you...And as long as you're not Fuck me"
The important point to note is that when I unplug the ethernet cable it STILL CONTINUES TO TYPE!!! This greatly implies that this is in fact a PROGRAM and not actually a hacker typing it himself! Although it must be pointed out that this guy has managed to get my RS username and pass, and somehow has had me download something that makes it type on my screen, I still had that dodgy steam message. I'm curious as to what's going on here, as I do not think I have been hacked.

A possible scenario is that the guy has logged into my RS account, found out my e-mail and password, and logged into steam through that.

I state that this is a scenario as I have installed:
SUPERAntiSpyware
MalwareBytes
360 Internet Security
AVG 2014
AntiLogger (anti keylogger)

I have run scans on all of these programs and have found minor viruses which I've googled and are seemingly harmless.

I must also point out that I have some kind of add-on on chrome called "Savings Wave" which cannot be deleted. I've tried deleting the file itself in the folder in chrome extensions but I can't seem to get it off my computer; this may have something to do with it, but I doubt it.

Can anybody comment on this and do you still suggest me paying £70 for a clean copy of Windows 7 and to format my hard drive?

Any feedback is appreciated.

Regards, Luke

 

[USAFRet]

Yes the OS was installed, and to be honest, the OS doesn't seem to function 100% correctly, some features of Windows 8 don't always work.

I bought the PC second-hand, I'm pretty sure that's nothing to do with me being hacked, as it was pretty much completely fresh (he wiped it before selling it). So yeah I don't have a licence key but will be willing to buy a fresh Windows 7.

The important point to note is that when I unplug the ethernet cable it STILL CONTINUES TO TYPE!!! This greatly implies that this is in fact a PROGRAM

Given those statements:

WIPE AND REINSTALL WITH KNOWN GOOD MEDAI
1. That is the only real way to get rid of this
2. It appears you do not currently have a valid, legal OS.
WIPE AND REINSTALL

 

[shaney_96]

Yes the OS was installed, and to be honest, the OS doesn't seem to function 100% correctly, some features of Windows 8 don't always work.

I bought the PC second-hand, I'm pretty sure that's nothing to do with me being hacked, as it was pretty much completely fresh (he wiped it before selling it). So yeah I don't have a licence key but will be willing to buy a fresh Windows 7.

The important point to note is that when I unplug the ethernet cable it STILL CONTINUES TO TYPE!!! This greatly implies that this is in fact a PROGRAM

Sorry can I just

Given those statements:

WIPE AND REINSTALL WITH KNOWN GOOD MEDAI
1. That is the only real way to get rid of this
2. It appears you do not currently have a valid, legal OS.
WIPE AND REINSTALL

Sorry can I just ask what you meant by MEDAI?

 

[USAFRet]

Yes the OS was installed, and to be honest, the OS doesn't seem to function 100% correctly, some features of Windows 8 don't always work.

I bought the PC second-hand, I'm pretty sure that's nothing to do with me being hacked, as it was pretty much completely fresh (he wiped it before selling it). So yeah I don't have a licence key but will be willing to buy a fresh Windows 7.

The important point to note is that when I unplug the ethernet cable it STILL CONTINUES TO TYPE!!! This greatly implies that this is in fact a PROGRAM

Sorry can I just

Given those statements:

WIPE AND REINSTALL WITH KNOWN GOOD MEDAI
1. That is the only real way to get rid of this
2. It appears you do not currently have a valid, legal OS.
WIPE AND REINSTALL

Sorry can I just ask what you meant by MEDAI?

Sorry...typo:
Media.....DVD, USB stick. Whatever it comes on when you buy it.
For Win7, this will be a DVD.
For Win8, either a DVD, or an ISO file that you can burn to DVD or USB.

 

[shaney_96]

Yes the OS was installed, and to be honest, the OS doesn't seem to function 100% correctly, some features of Windows 8 don't always work.

I bought the PC second-hand, I'm pretty sure that's nothing to do with me being hacked, as it was pretty much completely fresh (he wiped it before selling it). So yeah I don't have a licence key but will be willing to buy a fresh Windows 7.

The important point to note is that when I unplug the ethernet cable it STILL CONTINUES TO TYPE!!! This greatly implies that this is in fact a PROGRAM

Sorry can I just

Given those statements:

WIPE AND REINSTALL WITH KNOWN GOOD MEDAI
1. That is the only real way to get rid of this
2. It appears you do not currently have a valid, legal OS.
WIPE AND REINSTALL

Sorry can I just ask what you meant by MEDAI?

Sorry...typo:
Media.....DVD, USB stick. Whatever it comes on when you buy it.
For Win7, this will be a DVD.
For Win8, either a DVD, or an ISO file that you can burn to DVD or USB.

Thank-you. I was just wondering, I mentioned DBAN, but I have been told that if I buy a fresh copy of Windows 7 (my PC is 64 bit, http/www.amazon.co.uk/Microsoft-Windows-Home-Premium-English/dp/B00H09BB16/ref=sr_1_1?ie=UTF8&qid=1412113648&sr=8-1&keywords=windows+7 ), shouldn't it give me an option (when I pop the cd in) to format my HDD? Or will I actually have to use this DBAN program and then install the Windows 7 on the fresh HDD?

 

[USAFRet]

Thank-you. I was just wondering, I mentioned DBAN, but I have been told that if I buy a fresh copy of Windows 7 (my PC is 64 bit, http/www.amazon.co.uk/Microsoft-Windows-Home-Premium-English/dp/B00H09BB16/ref=sr_1_1?ie=UTF8&qid=1412113648&sr=8-1&keywords=windows+7 ), shouldn't it give me an option (when I pop the cd in) to format my HDD? Or will I actually have to use this DBAN program and then install the Windows 7 on the fresh HDD?

Yes it will. During the install, you can and should delete ALL partitions, and let Windows install to the entire blank space.
When it asks 'where', select Advanced. You will be presented with all the existing partitions. Select each, delete.

If it was my PC or a family members, I'd wipe with DBAN first, just to be absolutely sure. Can't hurt.
But not 100% necessary.

 

[sora]

You don't actually have to reformat if you don't want to. The truth is, you may not have a pirated install and you have installed a RAT to your computer. Somebody probably logged in your Steam account via a proxy from Moscow. First I would run Malwarebytes' Anti-Malware and post the log after you are done. Afterwards, post a HiJackThis log.

 

[Skylyne]

You don't actually have to reformat if you don't want to. The truth is, you may not have a pirated install and you have installed a RAT to your computer. Somebody probably logged in your Steam account via a proxy from Moscow. First I would run Malwarebytes' Anti-Malware and post the log after you are done. Afterwards, post a HiJackThis log.

I'm with you on this one. It really doesn't seem like the computer has actually been compromised by a hacker; but a RAT/trojan that has given some random guy control over your computer sounds to be the most likely case. In reality, the other person doesn't have to have too much experience to "hack" your machine with a RAT, as long as someone gives them instructions. Scan the HDD with another machine, using a virus/malware scanner, and see what turns up; most likely, you'll find something that's allowing remote access. Remove the trojan and any other malware that may be present, and be sure to update your OS when you turn the original computer back on. That should take care of things.

Also, on a side note, pirated copies of an OS do not necessarily make your computer vulnerable to threats. Some copies have malware in them, but there are many copies/methods that are perfectly safe to the end-user. If you didn't install the OS yourself, then the OS is obviously suspect to its legitimacy and safety; but, honestly, pirated does not automatically mean hacker friendly. I think that's a very vague, over-generalised misconception that has stemmed from a lot of poor information over the years. I'm not saying you should pirate your next copy of Windows, I'm just saying that using a computer that has a pirated copy of Windows does not mean your activities are any more likely to be watched/compromised.

 

[USAFRet]

No, a pirated OS does not automatically mean it comes with malware as well.
But with a legal install, that percentage is 0. With a pirated OS, that is greater than 0.

Since the OP almost certainly has a pirated OS and is buying a new one, why not do a full reinstall? What else is wrong with that existing install?
He's already run AV and malware scans, with nothing turning up.

Mess with it for days, and 'maybe' fix it (but never really know for sure).
Or wipe and reinstall, and be absolutely sure.

 

[Skylyne]

No, a pirated OS does not automatically mean it comes with malware as well.
But with a legal install, that percentage is 0. With a pirated OS, that is greater than 0.

Since the OP almost certainly has a pirated OS and is buying a new one, why not do a full reinstall? What else is wrong with that existing install?
He's already run AV and malware scans, with nothing turning up.

Mess with it for days, and 'maybe' fix it (but never really know for sure).
Or wipe and reinstall, and be absolutely sure.

Actually, no one has confirmed that the OS is pirated. You suggested it was a pirated install, and the OP said, "I completely agree about the OS being pirated," because, "the OS doesn't seem to function 100% correctly, some features of Windows 8 don't always work." To me, that is not definitive of a pirated install. I've used more pirated installs that worked better than genuine installs... so it could be a number of things causing these problems. It could also just have been an installation problem, or the copy was a non-retail version; the possibilities are more than 'legit or not'. Unless the OP properly confirmed the OS is pirated, and is not assuming it, this is only speculation. There's no sense in reinstalling Windows if the OS is genuine, and there are just problems with the features; it may be fixable, and could save him some money. If he'd prefer to reinstall the OS for peace of mind, that's another thing altogether. I was simply making the point that it didn't seem like the OS was part of the problem. Also, I didn't even see any conclusive evidence that the OS was pirated... so I don't see why everyone was treating it as such.

Then we move onto the topic of the new install... If his existing security software didn't catch anything when this problem was going on, there's obviously no reason to reinstall it. I would place the blame on either bad security software, user error, or both (it's a toss up at this point). The pre-existing install may also not have been updated often, and that could have led to leaving open vulnerabilities in the OS. However, with this fresh install, who's to say there won't be a recurrence? I don't know his browsing habits, updating habits, the security software being used, what was actually causing the problem, or anything else useful... if there's no understanding of what the problem really was, then the problem isn't really "fixed," is it? That's why you don't automatically re-install an OS; if you don't know what the problem was, you don't know how to avoid it happening again. Taking the short route out is why old viruses and malware vulnerabilities can keep working for a long time after patches are released, and a/v software is updated; the users don't learn, so the programmers can keep on exploiting bad user habits.

But hey... not my computer. I'm only trying to educate the guy on how to prevent things. I'd be fine with helping fix it too, but I figured a little security education would help. It seemed like there were too many quick judgement calls, and I figured I'd add my two cents. Take it for whatever you think it's worth. I've been working with computers running both pirated software and genuine software, and have been troubleshooting all sorts of problems for quite some time; this sounded like a potentially simple fix, and looked like it could be a great learning opportunity.

EDIT: I find it ironic that your signature is "Identify the problem before applying a solution." Not trying to take a jab at you, I just found it amusing. No offence meant by it, mate. I just don't think we found the problem, and a solution was applied lol. I have a sense of humour