Facebook hack - suspoected spyware/keylogger infection

  • 1 Replies
  • 391 Views
*

Offline Chalkie

  • Bronze Member
  • 79
Facebook hack - suspoected spyware/keylogger infection
« on: October 25, 2018, 06:10:37 AM »
Hi

I have suffered a facebook account hack and am concerned that this may have caused more widespread security breaches in my computer.

I have just run a MWBAM scan and posted the results below. With the rootkit/archive scans, this was more thorough  than a scan  ran abpt a week ago that also removed over 100 PUP-type logins. I woudbe really grateful for any help here.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/25/18
Scan Time: 11:35 AM
Log File: b29ab4b8-d841-11e8-b8a7-00504300101c.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7521
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AndrewStucken\Andrew Stucken

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 399241
Threats Detected: 16
Threats Quarantined: 14
Time Elapsed: 1 hr, 24 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-3772110883-3129243704-2712842087-1000\SOFTWARE\CSASTATS\ic, Delete-on-Reboot, [401], [586068],1.0.7521

Registry Value: 1
PUP.Optional.Eanswers.Generic, HKU\S-1-5-21-3772110883-3129243704-2712842087-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bdjkleolnalmieagkohncojfkjcnneca, Quarantined, [234], [495659],1.0.7521

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 14
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [322], [455289],1.0.7521
PUP.Optional.Eanswers.Generic, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [234], [495659],1.0.7521
PUP.Optional.Eanswers.Generic, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [234], [495659],1.0.7521
PUP.Optional.Eanswers.Generic, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [234], [495659],1.0.7521
PUP.Optional.Eanswers.Generic, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [234], [495659],1.0.7521
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Removal Failed, [322], [455289],1.0.7521
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [322], [455289],1.0.7521
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [322], [455289],1.0.7521
PUP.Optional.Delta, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [279], [455070],1.0.7521
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [322], [455289],1.0.7521
PUP.Optional.SafeSearch.ShrtCln, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [322], [455289],1.0.7521
PUP.Optional.Delta, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Removal Failed, [279], [455070],1.0.7521
PUP.Optional.Delta, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [279], [455070],1.0.7521
PUP.Optional.Delta, C:\USERS\ANDREW STUCKEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [279], [455070],1.0.7521

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10632
Re: Facebook hack - suspoected spyware/keylogger infection
« Reply #1 on: November 13, 2018, 12:25:53 PM »
Chalkie,
 :o2
I'm sorry we missed your post.  Do you still need help?

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-