I wouldn't bother with paid AV, especially Norton. It's one of the worse ones from my experience (experience being repairing 50-100 systems a week).
If you haven't already found it, and assuming there IS something in your system, AV is not going to find it. It will be something that they are designed not to find (like keyloggers or monitors)
It's more likely a loophole than software.
Gaming: Dual Intel Pentium III Coppermine @ 1400mhz + Blue Orb | Asus CUV266-D | GeForce 2 Ti + ZF700-Cu | 1024mb Crucial PC-133 | Whistler Build 2267
Media: Dual Intel Drake Xeon @ 600mhz | Intel Marlinspike MS440GX | Matrox G440 | 1024mb Crucial PC-133 @ 166mhz | Windows 2000 Pro
IT'S ALWAYS BEEN WANKERSHIM | Did you mean: Fhqwhgads"Three days on a tree. Hardly enough time for a prelude. When it came to visiting agony, the Romans were hobbyists." -Mab
I ask because I believe I had someone keylog me through a cracked version of ... lets say "a popular scientific computing language whose annual license is no longer affordable without student discounts", in which I had about ten thousand lines of code that I needed for research. Said program is Java-based. In simplest terms, no antivirus program would know how or where to scan it.
The plural of anecdote is not "data". It's "Bayesian inference".
after reading all of the above, here is my take and your choices (I am a Certified Network Security Specialist btw):
1.) i think your PC is either compromised by remote access or a rootkit that gives the hacker Administrator privileges.
2.) you are never going to get rid of the hacker unless you do a complete scan and removal for said rootkit, or by cleaning your active directory (User Account Database, or SAM repository) of ANY users that you arent 100% certain belong on there (research microsoft's online help for lists of required active directory accounts so you dont make Windows unbootable)
3.)i would suggest a complete wipe of your Hard Disk and re-installation of Windows with a scrutiny on making sure you turn off or disable ANY remote access services, this includes third-party access through paid software distributions.
4. Get a great Anti-virus (Norton has already been suggested here, or you can buy a Corporate product (BlackIce, BitDefender, which i recommend) for even MORE protection that includes IDS protections and services) and also a great malware monitor and removal system
5.) learn to use and understand your router's access tables and access logs, those will help you more than anything in finding out where said attack is coming from, and also will help you to lock out intuders from your router FIRST, there fore preventing any access to devices or your PC.
i know this all seems extreme and alot to do, but believe me you would rather have/learn all this stuff instead of trying to put your life back together after all your information, credit rating and money is stolen and used against you through a data breach that YOU are solely responsible for.
Last edited by Wramp; 2017-07-13 at 07:11 PM.
And use a script blocker and/or ad blocker in the future. uBlock Origin and AdBlock are extensions I use together in Chrome that have often warned me or outright stopped sites from opening because of the security risk.
It is also worth remembering that any kind of adult websites you might visit are huge security risks, so don't go around Googling for adult stuff that takes you to random sites.
Do you have SMS protect? This has been a life saver for me as I dealt with a similar situation years ago. The thing with the authenticator is, it will only ask for authentication if logging in from a new or unrecognized computer. If the hacker is spoofing you, it will not ask him for authenticator. With SMS Protect on the other hand any time a password is changed, authenticator added/removed or anything really, it will text you a code that must be entered. Turning on SMS protect and changing my password prevented getting hacked anymore.
- - - Updated - - -
Not if you have SMS Protect. If you have SMS Protect, you can remove authenticator with a code sent to your phone. I just did this a few weeks ago as I started playing D3 again and my authenticator was on my old phone that I don't have anymore. So I had to remove it and it was easy with SMS Protect on.
- - - Updated - - -
I thought it was "Programs and Features" in W10?
Good information. Thanks all
Slight minor issue that I was facing in the past 2 hours: when I was looking at my authenticator option on battle.net i accidentally unchecked "Enter an authenticator code every time I type my credentials in a game client or the Blizzard Account desktop app" and now it gives me an error every time i try to re-check it again. I will contact Blizzard about this as well.
I've got a hand in both SMB and residential repair, and yeah. A lot of people are using those.. That doesn't mean they're 'protected'
I would say (just guessing, no actual numbers), about 30% have McAfee, 20% have Norton, 20% have AVG, and another 20% have everything else (Avast, Kasp, BitDef, fake progs) and 10% have nothing at all.
And all of those come in with multiple viruses and spyware. Even the one we sell (Webroot) has some, but much lower rates, however we also manage a lot of those systems so they get cleaned more often. I didn't want to say "I recommend Webroot because I sell it" but I certainly don't recommend anything else. Personally, I run no AV whatsoever on my own machines, because I feel they're a waste unless cleaning a specific thing... In which case, go free programs.
In this situation, I think it's a matter of configuring proper security and baselines (i.e. reformat)
Gaming: Dual Intel Pentium III Coppermine @ 1400mhz + Blue Orb | Asus CUV266-D | GeForce 2 Ti + ZF700-Cu | 1024mb Crucial PC-133 | Whistler Build 2267
Media: Dual Intel Drake Xeon @ 600mhz | Intel Marlinspike MS440GX | Matrox G440 | 1024mb Crucial PC-133 @ 166mhz | Windows 2000 Pro
IT'S ALWAYS BEEN WANKERSHIM | Did you mean: Fhqwhgads"Three days on a tree. Hardly enough time for a prelude. When it came to visiting agony, the Romans were hobbyists." -Mab
Here are the screenshots
http://imgur.com/a/fslJt
And yeah, it looks like a mess that I should be cleaning up, with or without keyloggers
It seems fine. The yundetectservice.exe looks weird but evidently you downloaded it when you installed one of the 60 anti-virus programs you got.
I'd still love to see what programs you have on your computer.
Again, if I were you I'd wipe the computer and reinstall Windows.
when i had a keylogger i found it as some random numbered .dll running at boot using rundll32.exe i found it in the startup it was something like 923954294592.dll
have you checked all the programs loading with windows? i check startup weekly now to make sure nothing has magically added itself to there. ill admit it was a while ago around cata it happened for me.
Last edited by Heathy; 2017-07-14 at 02:17 PM.