Have I been hacked!?!?!

Ceyayrox

Prominent
Feb 13, 2017
2
0
510
On my desktop pc I have an Intel core i7 2600 and I also heard about the data breach thing that has happened (this might relate). Whenever I boot up my pc, I pop on chrome and I get a Russian website pop up (but it only pops up when I boot) the website is called: 'gameorplay' and '.info' at the end of the URL, I have tried Windows defender and Malware bytes anti virus and they didn't pick anything up...

Anyway so earlier today I was messing around on unreal engine and then at the bottom right it said someone logged in to my Origin account, so I checked my email and it said that they were logged in from Russia (same country as that weird website). Have I been hacked? I dont want any of my stuff being hacked so anyone please help!

I am only 15 btw so I dunno much about whats going on.
 

JoeMomma

Distinguished
Nov 17, 2010
55
0
18,610

Good to know. I was recently hacked on Black Friday. But in my case I don't think a full wipe will help.

They got into ebay, PayPal, Amazon and Gmail. Anytime I ordered something they changed my shipping address to have my items sent to them. They are well known hackers, they weren't successful and it's been fixed, but they keep trying just to be a nuisance. Sometimes I get messages from sites I haven't been to in years saying they blocked an attempted break-in. I tracked them down, called their phone number and reported all of the evidence I collected to the websites and the FBI Cyber Division.

https://www.ic3.gov/default.aspx
Report it!

But that only made them mad and now they send 5 phishing emails a day. Everybody knows who they are but the FBI still can't catch them. Tech support locked all of my accounts from changes and had me change my passwords and IP address, but they didn't tell me to wipe my PC also. I was also told I should delete my Gmail I have had for 10 years and start a new one. It's a major inconvenience but I guess I better take every precaution. Maybe I will change my name, move to another country and live off the grid too.
 

USAFRet

Illustrious
Moderator
A full wipe and reinstall may sound over the top, but after an intrusion like that, I would not trust the system, or indeed any other system on my house LAN, until I knew they were clean.

How did they obtain the OP's Origina account? Unknown.
It might have been anything. A poor password, something from Skype, pirated game, an exploint on the PC. COmpletely unknown.

The fact that Malwarebytes returned nothing might just be a false negative.

Full wipe and reinstall from known good media.
 

bjornl

Estimable


It does sound as if someone has remote access to your PC. (ie: yes, you have been 'hacked'). You should turn off that PC immediately and use another to change every password you use.

You have some options on how to get rid of it. But the fastest and best is a format the HD and re-install. Anything else you do is going to take more time.
For example, unplug the PC from the internet. Since Chrome was used, the obvious first step is to uninstall it and delete the folder it used. Then get autoruns from sysinternals (via a 2nd PC) and see what is starting with your PC. Download malwarebytes anti-malware (again on another PC) and scan the PC.
As you can see this will take more time and some PC knowledge to get right. For this reason I suggest you first disconnect the internet (either pull the cable out of your PC (if you use a wired connection), or disable wifi on your PC). Boot the PC backup your personal files. saved game files, school work, photos. Do not backup any program files.
Then boot the PC with a Windows boot-media (USB stick, or DVD) when you get to the screen to select the disk to install to, delete the partition and then create it over again. This will completely remove the hacked stuff. Then re-install Windows.

Next you should probably consider "what did I (you) do that allowed this person or persons to steal from me and use my PC? Was it some web site you should not have gone to? Was it some pirated program you should not have installed? Was it some other 'oops'. The reason to think through this carefully is that unless you do, you are likely to end up right back where you are now in a short while.
 

JoeMomma

Distinguished
Nov 17, 2010
55
0
18,610


Hypothetically, if he had a known good system image backup from before the hack occurred and restored said backup that should be sufficient, right?

I was hacked by a phishing email that appeared to be from CVS Pharmacy that I use. But on closer examination it turned out to be a jpeg of an actual CVS email and I clicked on it. I never respond to unsolicited emails anymore. Now I know how to look for fake jpeg emails and to double check that any web page I enter data into starts with https://.

Wait a second, Tom's Hardware starts with http://. They need to fix that.

 

bjornl

Estimable


I agree that Tom's should use SSL.

How secure that image restore is would depend on a couple of factors.
1. The sophistication of his current problem. They don't come in a single level. Some are quite basic (script kiddies) others are very complex.
2. The location of his image.
3. How his image will be accessed.
4. How long the 'sleep' function (if any) of his current issue. Most have a waiting period where they do nothing. The goal is to make it in to your backups and also to obfuscate where you got it from.

In general you are right; the image should be ok. I have seen stuff inject itself in to images, but that is not common.
 

USAFRet

Illustrious
Moderator


Not necessarily.
When and where did this issue arise from? We don't know, the OP doesn't know...

For all of my systems, I have a Day 1 and Day 2 Image from Macrium.
Day 1 = the bare OS install
Day 2 = the OS, whatever updates were available, and my basic load of applications.

These exist in a drive that is offline.
30 minutes to recover to either. Then run whatever updates have gone on since then.

Then of course, my standard 14 day rotating backup routine, that exists in the Linux NAS box.

And yes, Tom's should be HTTPS.
 

JoeMomma

Distinguished
Nov 17, 2010
55
0
18,610

Thank You all for helping Ceyayrox (and me).

I have an internal backup that runs nightly using SyncBack. It's my "Oops!" drive for my 4 other drives.
I also have a hot-swap bay with 5 backups (retired smaller raw drives) that I keep in a fireproof safe. That's the real backup.

Over the years I have found that using Windows 7 System Image is the easiest and most reliable way to recover C:\ from a total meltdown. I boot off of a Windows install or repair disk and bada-bing it's restored quickly.
I will try Macrium too, hopefully I never have to restore from it. Wish me luck!

 

poochiepiano

Distinguished
Nov 1, 2010
5
0
18,520

I should do this, but never seem to remember to when I do a new build.
What do you mean by the drive being offline? Do you physically remove it from the system and plug it in when you eventually need to do a restore?
 

USAFRet

Illustrious
Moderator


Yes, physically removed.
The same Day 1 & 2 images also live in the NAS box backup space, but that 'physically removed' drive is the ultimate fallback position.

And by "plug it in"...it goes into the USB connected dock. Not inside the actual PC in question.
Boot from a Macrium Rescue DVD or USB, and apply that Image to whatever new (or corrupted/compromised) drive is in the actual system.
 

bjornl

Estimable

off-line means keep a copy of your most critical data on a disk which can be turned off. Meaning if your PC is overrun with bad stuff and needs to be nuked, your critical stuff is safe.
 

Ceyayrox

Prominent
Feb 13, 2017
2
0
510


Thankyou soooo much, I have disconnected my pc from the wifi, Restarted my router for a fresh ip, changed all my passwords or added a phone number 2-step verification and reset everything on my pc.
Hopefully I dont mess up again and get some russian dude on me.

Thankyou
 

bjornl

Estimable

Make sure you solve things on your PC as well. Otherwise you will continue to be at risk. The safest and simplest remains a format and re-install.

Best of luck.
 

leer1763

Prominent
Jan 28, 2018
4
0
510
First thing: THE BIOS!!! It has memory that can be used to ENCRYPT ANY DRIVE YOU BOOT!!! If the bios/UEFI is compromised, you're screwed! This is what I'm facing right now. Knew the bios was fubar, but tried a new SSD w/win 10 usb stick - formatted 250 GB drive w/MBR parts - two days later, it's GPT BOOTING FROM VIRTUAL DRIVE!!! Now, THAT'S a HACK JOB!! In the case of my poor Lenovo, I can't replace the BIOS chip (soldered on), so my only solution would be a new m'board ($600.00!!) or a new laptop (cheaper) - I could then use the new one to fix the old one. Yep, these new fast SSD's, 4GHZ CPU'S and 100MBPS connections sure make it convenient and FAST- for the HACKERS!!!