Getting a bit creeped out now.

Soldato
Joined
22 Sep 2008
Posts
4,300
Location
Kent, England
Sigh.

Over the last few days, I've noticed that my live messenger has been messaging others, and saying some pretty crap things. Childish jokes such as "Did I tell you I'm gay" etc. For the record, I have no homosexual desires whatsoever.

So, I changed my live password a few nights ago, but it just happened again. Someone has contacted one of my friends and it has popped up on my PC. I'm 100% sure I don't have a multiple personality disorder, so it can't be me.

Anyway it is really creeping me out. I changed my password, set MSN to not remember it, and someone still manages to get on. My guess is they may have used an earlier password and just stayed logged in. However, I was under the impression that if someone else was logged into your account you can "Sign out from..." just like I do with my netbook and PC.

A niggling suspicion tells me it could be my brother, but I really don't know. As soon as he and his laptop are seperate, I'm going to investigate. If he has, I'm going wild. Delete/block all MSN contacts, hijack his facebook, anything. I'm just freaked out that someone has been reading my every MSN conversation for god knows how long :/

What can I do? :(
 
Last edited:
I put it down to being a virus too, but its pretty intelligent if it is :/

Was holding conversations, and when I tried to divert my friend somewhere else (by using a 'secret password') it replied that it was making a note of that password...
 
"Click here for free smiley faces"
"click here to find out who has blocked you"
"download this .exe to veiw my webcam"

Any of those ring a bell? It's very easy to avoid these things.

I have not clicked/downloaded anything of the sort.
 
Does anyone else use your computer? They could have done it, not you.

Do you have any anti-virus or anti-spyware installed atm?

No-one else uses it to my knowledge. This happens while I am online too.

Am running AV and spyware checks now.
 
( |-| |2 ][ $;14877709 said:
I think there's an option in live messenger now to allow sign in from more than one location. I can't confirm this right now but perhaps someone else can? If so you need to untick this now.

My worry is that they are permanently signed in i.e. keeping the machine on. If I do that, I will effectively lock myself out :/

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:46, on 13/09/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Windows\System32\rundll32.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Creative\Shared Files\CTSched.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Windows\system32\wuauclt.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - D:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
O4 - HKLM\..\Run: [UpdReg] D:\Windows\UpdReg.EXE
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CreativeTaskScheduler] "D:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [Google Update] "D:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4936 bytes
 
( |-| |2 ][ $;14877744 said:
I think it's more likely that as you tried to sign in last you'll get priority and sign them out.

Done.

Spyware/Virus scans haven't picked up anything. I dont know if someone is still watching all my chats or not though :/
 
The messages aren't that often, but it peeves me off.

Have ran everything I can for now, and changed password again. Hopefully that will be the end of it.
 
Does it not tell you where the other person is signed in from? When I sign in at two locations it tells me the PC name (only ever done it on a local network).

Nope, that's what confuses me. I too have done it on a local network though (PC and netbook).
 
Back
Top Bottom