I got hacked! Click on no links!

Search
Go

Discussion Topic

Return to Forum List
Post a Reply
Messages 1 - 66 of total 66 in this topic
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Original Post - Dec 27, 2012 - 02:26pm PT
Not sure how it happened but it did. I am not sending links to anyone so beware. Sorry for the inconvenience!

Death to those f*#king hackers!
donini

Trad climber
Ouray, Colorado
Dec 27, 2012 - 02:31pm PT
Just got one.....deleted.
Ron Anderson

Trad climber
Soon to be Nipple suckling Liberal
Dec 27, 2012 - 02:39pm PT
same here,, THANK YOU for the heads up Girl!!!!
Jingy

climber
Somewhere out there
Dec 27, 2012 - 02:40pm PT
window?


10b4me

Boulder climber
Somewhere on 395
Dec 27, 2012 - 02:43pm PT
Death to those f*#king hackers!

by which method?
Ron Anderson

Trad climber
Soon to be Nipple suckling Liberal
Dec 27, 2012 - 02:44pm PT
Send em to me Crimpie! ill show em something they never saw before,, the inside of their skin..;-)


and yeah i have windows..
mouse from merced

Trad climber
The finger of fate, my friends, is fickle.
Dec 27, 2012 - 02:54pm PT
I hate hackers, piece workers and peace guys totally to pizzas.
I hate hackers, piece workers and peace guys totally to pizzas.
Credit: NuttyBuddy
I'm guessin' Lincoln's Law of Blogs is coming into play.

http://www.linkinlog.com

I dare ya!
zip

Trad climber
pacific beach, ca
Dec 27, 2012 - 02:58pm PT
Yep, got your e mail.
So you can't get me a deal on Viagra?
survival

Big Wall climber
Terrapin Station
Dec 27, 2012 - 03:02pm PT
Fuk, I clicked it without thinking.

It was blocked as a trojan horse. Thank gawd for avast.
Hope there's no more to it......
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 03:05pm PT
So, I have avast. I didn't click on anything that would give this to me.

I have windows XP. Before you go all apple on me, it is a university issued machine.

How does this happen?

And for hackers - death by AR-15 of course!!

Do I need to do anything other than change passwords? Any advice is welcome.
John M

climber
Dec 27, 2012 - 03:08pm PT
So does this mean that you aren't leaving brassnuts and coming to california to be my slave girl?

Dang!!#$@@!


Damn those rat bastard hackers. I even took a bath.
GhoulweJ

Trad climber
El Dorado Hills, CA
Dec 27, 2012 - 03:09pm PT
Feeling left out :(
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 03:12pm PT
Maybe I managed to stop it before it got to GhoulweJ.

I hope I stopped it. Scared to touch anything on this dang machine now.
Ghost

climber
A long way from where I started
Dec 27, 2012 - 03:41pm PT
I feel so left out...
zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 03:49pm PT
Well I guess not being known from Adam has some benefits. But be thankful it wasn't ZeroAccess rootkit. That's an ugly one there.

http://nakedsecurity.sophos.com/2012/06/06/zeroaccess-rootkit-usermode/


philo

Trad climber
Is that light the end of the tunnel or a train?
Dec 27, 2012 - 03:49pm PT
Hackers don't deserve death by boobies.
locker

Social climber
state of Kumbaya...
Dec 27, 2012 - 03:52pm PT


Wish I had seen this first...

Yes you DID get hacked and I just opened the fuking thing and also emailed you back letting you know you've been hacked...

Figures!!!...

LOL!!!...



Check your email...
zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 03:55pm PT
Ahem, are you using protection?

That's a good place to start.


zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 03:56pm PT
Have you noticed any symptoms that you can elaborate on?

zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 04:00pm PT
OK now for some remediation. Though it is advised by some not to run this unless instructed to by an expert, I would download and run ComboFix.

Do not download it from anyone other than bleepingcomputer and follow the instructions carefully. It can take a while and it can require multiple runs.

Did I say it's free?

This is what eradicated the ugly rootkit mentioned above but it does a nice cleanup job in toto (not the dog).

http://www.bleepingcomputer.com/download/combofix/
locker

Social climber
state of Kumbaya...
Dec 27, 2012 - 04:04pm PT

zBrown...

Though I opened the link...

so far no problems that I am aware of...

Seems that my FREE virus crap MAY have worked as I got an audible and written warning that "Malware has been detected and blocked" right after opening it...


EDITED:

If anyone want's to know or is curious, I am using the free version of AVAST (as suggested by Steve W)...

zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 04:13pm PT
email hacking, as far as I've read, is usually fairly benign. I've opened a few, but I usually delete them without opening. The ones I've seen are easily identified by having an improbable linkup between the sender and the topic.

Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 04:16pm PT
My machine has malwarebytes and hitman pro. Wrong in earlier stmt about avast. Running malwarebytes in safe mode right now. Maybe my machine is not compromised and only email and facebook were. I do not use the same password on email and other places. Just Wonder how this happens.

Does this just sometimes happen? Or did I likely do something to allow it?
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 04:16pm PT
Also never saw a weird link. Not sure where it came from.

My keyboard has been a bit possessed but I thought I just needed a new one. I go thru them pretty regularly.
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 04:19pm PT
Thanks for the suggestions. Will see what I can do...
Ron Anderson

Trad climber
Soon to be Nipple suckling Liberal
Dec 27, 2012 - 04:20pm PT
i was hacked once using a photo sharing site- photo bucket, and while you have that account open- using it, others can enter that account by going through the properties of any pic youve posted on forums from that site. And can add a virus..
10b4me

Boulder climber
Somewhere on 395
Dec 27, 2012 - 04:24pm PT
Does this just sometimes happen?

that's been my experience. just change your passwords for email, and fb.
Karl Baba

Trad climber
Yosemite, Ca
Dec 27, 2012 - 04:27pm PT
My Yahoo and then Skype got hacked very recently and I'm an apple guy who'se usually cognizant of what not to click

Send blank emails out to a bunch of people on my behalf and talked to Taiwan using up my skype credit

Could have been worse and hope it doesn't get worse

peace

karl
zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 04:28pm PT
photos, games, sites streaming music or video, the dread porn, anything that's sending something to your machine

i've used malwarebytes before it's good
GMER is good too

Ksolem

Trad climber
Monrovia, California
Dec 27, 2012 - 04:38pm PT
Thanks for the heads up Crimp! FWIW I got an email from you with a link at 11:12am PCT, so whoever it is was still at it then...

Cheers.
kunlun_shan

Mountain climber
SF, CA
Dec 27, 2012 - 04:43pm PT
How does this happen?

Cross-site scripting (XSS), can affect any platform. Its more dependent on browser vulnerabilities than the OS.

http://en.wikipedia.org/wiki/Cross-site_scripting
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 04:44pm PT
Hack. Still hearing from those who are getting emails. Guess I can't stop that. Doh.

Just last night I signed up for instant view on Netflix and listened to Pandora radio for the first time this week. Bad ideas?
Ron Anderson

Trad climber
Soon to be Nipple suckling Liberal
Dec 27, 2012 - 04:45pm PT
havent had any issues with either Crimpie. Netflix is secure..
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 04:50pm PT
One thing I do is work with my emails logged in and open. Sounds like that is a bad idea, no?
Ron Anderson

Trad climber
Soon to be Nipple suckling Liberal
Dec 27, 2012 - 04:54pm PT
from what the last COMP GEEK i talked to told me, its usually coming from something you go to like a vid, link, etc. If you get to those via email~~?

its ALL over my noggin Crimpie.. I know i felt totally VIOLATED though..In 74- if you would have told me a machine could violate me through space and wires, , i would have laughed.
murcy

Gym climber
sanfrancisco
Dec 27, 2012 - 04:58pm PT
It's very possibly nothing you did. Your return address might have been found among a friend's contacts, and the virus is spoofing emails "from" you.
SteveW

Trad climber
The state of confusion
Dec 27, 2012 - 05:09pm PT

Callie
I use avast on my Microsoft 7 computer. Never had any problems with
being hacked or infected since I've had it. But I'm no longer on FB,
and don't get netflix. . .

I hope you get it fixed without too much pain!
bvb

Social climber
flagstaff arizona
Dec 27, 2012 - 05:12pm PT
How come nobody ever hacks me? What, am I chopped liver?
Reilly

Mountain climber
The Other Monrovia- CA
Dec 27, 2012 - 05:19pm PT
So people will do anything to generate some email.
I didn't see any parrots in mine so I tweeted it to a flight into the nether.
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 05:58pm PT
I think it clearly originated from my machine as I got a zillion 'out of office' replies and tons of 'failure to deliver' (old email addresses I guess).

Ran the root kit thingy and malwarebytes and all came up clean. What a pain.
kunlun_shan

Mountain climber
SF, CA
Dec 27, 2012 - 06:03pm PT
How come nobody ever hacks me? What, am I chopped liver?

Just sent you a pm bvb, click on the link.
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 06:13pm PT
I knew you wouldn't email me on purpose =)

Boo on that Burchey. I definitely don't feel that way at all. For the record, there is only one person in all my years here on the taco that I would never communicate with. That certainly is not you!

Interesting though that you got it - I assumed it lifted addresses from gmail (which I know it did) but maybe it got them through the taco too? A mystery.
Mighty Hiker

climber
Vancouver, B.C.
Dec 27, 2012 - 06:17pm PT
I blame the parrots, but Pente was probably the mastermind.

Anyway, about our date on Saturday night...
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 27, 2012 - 06:26pm PT
My angel parrots were all napping. Pente on the other hand... Unlike birds, cats are post-fall creatures you know.

Haha!
khanom

Trad climber
Greeley Hill
Dec 27, 2012 - 07:36pm PT
My girlfriend ran into a cross-site scripting vulnerability with Yahoo Mail. Clicking on the link would grab your session data and compromise your account. Interestingly Gmail flagged the ensuing spam, but Yahoo Mail did not.

Basically re-iterated the point that if you are going to check out a suspicious link do so in a browser with no cookies and not on Windows (e.g. incognito window in Chrome). Could also go through an anonymizing service.
Timid TopRope

Social climber
'used to be Paradise, CA
Dec 27, 2012 - 07:55pm PT
Hey Crimpergirl, I just sent you the thousand dollars you were asking for to get you out of that Moroccan jail after having your money and passport stolen. Hope that helps.
WBraun

climber
Dec 27, 2012 - 08:39pm PT
Run ComboFix and run it.

http://combofix.net/
hobo_dan

Social climber
Minnesota
Dec 27, 2012 - 08:49pm PT
I also received a hacked email from lynne leicthfuss. I clicked it and then deleted it--It then proceeded to send out random emails from me to others. They used the title RE: Hey (your name here). So this might be a supertopo thing. This was about a week ago and I have not had any more replies
froodish

Social climber
Portland, Oregon
Dec 27, 2012 - 10:41pm PT
XP? Good lord. 11 years old now - only 15 months until MS end-of-lifes it. I hope at least it's got service pack 3 on it.

Tell the uni IT department to give you a Win7 boxxen.

Oh, and Riley, why are you giving the spammers free column space? Remove that crap.
zBrown

Ice climber
chingadero de chula vista
Dec 27, 2012 - 10:44pm PT
OK now for some remediation. Though it is advised by some not to run this unless instructed to by an expert, I would download and run ComboFix.

Run ComboFix and run it.

http://combofix.net/

Got yer expert instruction now Crimpie. Damn! those Brauns think alike.


just saw this, very likely you're OK (Well certainly more than OK, IMO)

Ran the root kit thingy and malwarebytes and all came up clean. What a pain.

Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 28, 2012 - 01:52am PT
Thanks Werner and others - combofix in the morning it is!
Patrick Sawyer

climber
Originally California now Ireland
Dec 28, 2012 - 02:49am PT
Yeah Karl, with the increasing popularity of Apple products, the scumbags will start targeting them more.

What's a good protection for a Mac? No jokes please.
matisse

climber
Dec 28, 2012 - 02:51am PT
I got one too. I feel special.
froodish

Social climber
Portland, Oregon
Dec 28, 2012 - 04:18am PT

Yeah Karl, with the increasing popularity of Apple products, the scumbags will start targeting them more.

What's a good protection for a Mac? No jokes please.

There was a good thread on this over at TidBITS recently:

http://talk.tidbits.com/Anti-Virus-Comparison-Test-td4657102.html

But honestly, I haven't run A/V software on a Mac since the days of John Norstad's Disinfectant.

Keep your Mac system software and browsers up to date, don't install Flash (use Google Chrome's built in Flash if you really need to view one of the dwindling Flash sites) or Acrobat, disable Java in your browser and don't 2-click suspicious files. That'll pretty much take care of things.
murcy

Gym climber
sanfrancisco
Dec 28, 2012 - 06:39am PT
I think it clearly originated from my machine as I got a zillion 'out of office' replies and tons of 'failure to deliver' (old email addresses I guess).

You get replies, which only means that the "From:", "Return path:" and/or "Reply to:" email addresses are yours, which is exactly happens with spoofing. A better test is whether some of those replies come from email addresses you don't recognize.

http://en.wikipedia.org/wiki/Email_spoofing

The basic idea of short emails with a link to the virus is the strategy of the old "Netsky" worm, which used spoofing. So anyway, if the scans come up clean, you may actually be clean.
SteveW

Trad climber
The state of confusion
Dec 28, 2012 - 09:45am PT

Hey Timid--I'm in jail in Nigeria and they're askin' for $500 bail!!!!


hee hee hee. . .
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 28, 2012 - 10:07am PT
Interesting Murcy. There were addresses I did not recognize. And there were many that are not in my address book but are places I sent a single email to...sometimes a year or more ago. Bizarre. Wonder if I can figure out more looking at all the returned emails I got.
Ron Anderson

Trad climber
Soon to be Nipple suckling Liberal
Dec 28, 2012 - 12:02pm PT
i did find out last night that there are TONS of viruses being sent out from places like Africa, and the ME. Some sort of cyber war going on i would imagine.
zBrown

Ice climber
chingadero de chula vista
Dec 28, 2012 - 12:04pm PT
Graphically speaking, the idea is to keep all the bad stuff, portrayed here by Tinkerbell, from entering your private domain.

froodish

Social climber
Portland, Oregon
Dec 28, 2012 - 12:32pm PT
^^ Oh those Disney animators ;-)

As others noted email is easily spoofed but if you have a copy with the complete headers SpamCop is pretty good about determining the actual source:

http://spamcop.net

Was it a web mail account?

Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 28, 2012 - 01:43pm PT
gmail account. I assume that is a webmail account??
Jingy

climber
Somewhere out there
Dec 28, 2012 - 02:47pm PT
I got ther email...

Completely forgot this post and only remembered after clicking....


No harm no foul


Similar thing happened a week or so ago with Lynne.
QITNL

climber
Dec 28, 2012 - 02:53pm PT
Try this
https://support.google.com/mail/bin/answer.py?hl=en&answer=50270
and then this:
https://support.google.com/mail/bin/mail.google.com/support/bin/static.py?hl=en&page=checklist.cs&tab=29488

(You will need to copy & paste those links)
Crimpergirl

Sport climber
Boulder, Colorado!
Topic Author's Reply - Dec 28, 2012 - 03:29pm PT
Thanks QITNL. Looks like I've done most of that. Still, I'd not seen these pages - they are really useful!
Karl Baba

Trad climber
Yosemite, Ca
Dec 28, 2012 - 05:12pm PT
Yeah Karl, with the increasing popularity of Apple products, the scumbags will start targeting them more.

I don't think it's a apple virus or anything. If they can get you to sign a phoney page that looks real, they get your info without regard to OS. Or they can just attack your account without involving your computer at all, or steal your info from a server that's not properly protected

Peace

karl
Lynne Leichtfuss

Sport climber
moving thru
Dec 29, 2012 - 12:52am PT
Sorry Jingy et al. I answered an email from a close friend. Turned out to be a false one. How can hackers know so much?

Anyway, when I answered I got slammed....then everyone on my email address list got slammed too. Again, sorry. Lynne
Messages 1 - 66 of total 66 in this topic
Return to Forum List
Post a Reply
 
Our Guidebooks
Check 'em out!
SuperTopo Guidebooks


Try a free sample topo!

 
SuperTopo on the Web

Review Categories
Recent Trip Report and Articles
Recent Route Beta
Recent Gear Reviews