-1

I have a PC at home running on Windows 7, 32-bit.

Recently, when clearing the temp folder (accessible by pressing %temp% on the Run command), I found that the folder has got some foul videos downloaded from Internet. By foul, I mean totally disgusting, of a very, very, very low level (like pornographic, horrible scenes, etc. which I can't mention). This has been occurring quite often. They come after some days even if I delete them.

I have a licensed copy of QuickHeal in my computer, and a full system scan at great depths shows that there is no virus, malware or any other system change. Behaviour Detection is set to highest security. Firewall is also on.

Our computer is accessed only by my father and me. We never visit any foul site, not even Facebook or Twitter or Google Plus. My father visits a travel forum, while I mostly use it for Java programming.

Moreover, the computer has recently started to crash frequently. We've called a mechanic, who could find no error. The computer has got 4GB RAM, yet sometimes everything on the screen freezes and then everything crashes, including Windows. The task bar and start button are not accessible, and mostly we have to power off the computer and reboot it.

The files come only if connected to Internet. We've tested, and not connected the PC to Internet for a month, and no videos had come.

We work on either Opera browser or Chrome. Both these browsers are known for protecting users from malicious sites. We've installed anti-tracking extensions to browsers like Ghostery to prevent tracking.

So, why are these videos coming? I feel somebody is bypassing QuickHeal security firewall and accessing the computer. I conduct a full system scan and a backup every week, so I'm not greatly worried for files, but what is it? What can I do to prevent this? How can I know who is accessing the computer by hacking firewall?

N.B.: somebody wanted to mark this as a duplicate to this one. Let me explain the difference. I don't even know till now whether the computer has been hacked or its a virus. Until and unless I'm confirmed it's a virus, it's not a duplicate.

Wrichik Basu
  • 101

2 Answers2

0

First, a review of QuickHeal shows some issues, though any antt-malware (antivirus) tool may miss some items. Try a scan with another product, such as the free versions of Kaspersky Virus Scan or Avira Rescue System.

The best way to check and remove malware is by booting from external media or USB stick, rather than the PC's internal drive. There are a number of capable bootable tools, such as the Avira one above.

Remove any questionable browser extension, or simply uninstall the browser and reinstall afresh.

Another likelihood, though, is that someone has access to your PC, either physically in your home or over WiFi. Disable Remote Access, disable sharing of your hard drive, except for those folders you want others to access. Maximize router security with WPA2 and hidden SSID. Change passwords on the router and on all PC's, and use upper and lower case letter, typographical symbols and numbers.

DrMoishe Pippik
  • 37,887
0

Is my computer compromised?

This can be a rather broad question. I think there are a few things you need to look into before isolating the issue. Firstly, run shell:startup and see if any odd links exist, and then check the startup tab of Task Manager (taskmgr.exe) to see if something is running.

The next step is to view the running processes on your PC. Ones that should stick out are:

  • Odd names, seemingly jumbled letters;
  • Processes with no description

A good way to see what network connections are running (if a virus is downloading a payload) is to run netstat -ab and see the connections.

If the process only starts when you connect to the internet (which it sounds like), then perhaps manually compare the files by running this before and after you're on the net:

tasklist.exe | out-file C:\tmp\before.txt and naming the next one as after.txt, see what you've got running, and any variances you're unsure of, simply "Google" (I love how we've coined that services name) it.

Now, it's time to boot into safe mode with networking and run the following in administrative shells:

sfc.exe /scannow, chkdsk /f and a memory test; not entirely relevant, but useful nonetheless.

Whilst in here, if you're on Windows 7 (which was stated), I would recommend you download two things to run:

Run a scan with these and see if anything is identified. Before rebooting into your PC, remove administrative functions from your account (whilst making another account with admin rights), to see if you get violation errors with process trying to perform tasks unintended.

Lastly, convert to Linux ;)

DankyNanky
  • 519