Getting a bit creeped out now.

Soldato
Joined
22 Sep 2008
Posts
4,300
Location
Kent, England
Sigh.

Over the last few days, I've noticed that my live messenger has been messaging others, and saying some pretty crap things. Childish jokes such as "Did I tell you I'm gay" etc. For the record, I have no homosexual desires whatsoever.

So, I changed my live password a few nights ago, but it just happened again. Someone has contacted one of my friends and it has popped up on my PC. I'm 100% sure I don't have a multiple personality disorder, so it can't be me.

Anyway it is really creeping me out. I changed my password, set MSN to not remember it, and someone still manages to get on. My guess is they may have used an earlier password and just stayed logged in. However, I was under the impression that if someone else was logged into your account you can "Sign out from..." just like I do with my netbook and PC.

A niggling suspicion tells me it could be my brother, but I really don't know. As soon as he and his laptop are seperate, I'm going to investigate. If he has, I'm going wild. Delete/block all MSN contacts, hijack his facebook, anything. I'm just freaked out that someone has been reading my every MSN conversation for god knows how long :/

What can I do? :(
 
Last edited:
Sounds like you have a virus of some sort that either allows someone to do that, or is programmed to do it. I'd run plenty of malware and AV scanners if I were you.

EDIT: Avoid using anything that could end up with you losing money, such as Paypal or that auction site until you know the PC is clean.
 
I put it down to being a virus too, but its pretty intelligent if it is :/

Was holding conversations, and when I tried to divert my friend somewhere else (by using a 'secret password') it replied that it was making a note of that password...
 
If its rather complex with the messages it sends (personal and what not) I'd wager someone is using a backdoor, if so, be afraid and don't do anything except virus scans. Personally I'd format and reinstall.

Don't think more than one person can be signed in to any one MSN messenger account so yeah, def not your brother unless he's some sort of closet hacker.
 
Last edited:
"Click here for free smiley faces"
"click here to find out who has blocked you"
"download this .exe to veiw my webcam"

Any of those ring a bell? It's very easy to avoid these things.
 
"Click here for free smiley faces"
"click here to find out who has blocked you"
"download this .exe to veiw my webcam"

Any of those ring a bell? It's very easy to avoid these things.

I have not clicked/downloaded anything of the sort.
 
Does anyone else use your computer? They could have done it, not you.

Do you have any anti-virus or anti-spyware installed atm?

No-one else uses it to my knowledge. This happens while I am online too.

Am running AV and spyware checks now.
 
If your scans come up clean, take a few screenshots of Task Manager with the Processes tab open, maybe the OCUK detectives can find the culprit.
 
I think there's an option in live messenger now to allow sign in from more than one location. I can't confirm this right now but perhaps someone else can? If so you need to untick this now.
 
( |-| |2 ][ $;14877709 said:
I think there's an option in live messenger now to allow sign in from more than one location. I can't confirm this right now but perhaps someone else can? If so you need to untick this now.

My worry is that they are permanently signed in i.e. keeping the machine on. If I do that, I will effectively lock myself out :/

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:46, on 13/09/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Windows\System32\rundll32.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Creative\Shared Files\CTSched.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Windows\system32\wuauclt.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - D:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
O4 - HKLM\..\Run: [UpdReg] D:\Windows\UpdReg.EXE
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CreativeTaskScheduler] "D:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [Google Update] "D:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4936 bytes
 
Back
Top Bottom