-1

Recently been hacked because of a download which Malwarebytes deemed safe when scanned, done a fresh install of windows on C drive, I didn't format my spare HDD and SSD as I moved documents/files onto it and have plugged them back in, I'm still being paranoid, endlessly searching event viewer etc. My reddit was recently comprised [they had access since the hack day but didn't do anything until today when they decided to join a bunch of porn subreddits and Gmail yesterday (which I thought was due to new pc name). I've virustotal'd what was used to hack me and passed it onto bitdefender as none of these programs could pick it up. I can link the file if anyone wants to see it & if you have any tips on what else I could do it would be nice.

Just wondering if these are normal;

Subject: Security ID: Redacted Account Name: Redacted Account Domain: Redacted Logon ID: 0x5A9A9

Logon Type: 3

Account For Which Logon Failed: Security ID: NULL SID Account Name: Guest Account Domain: DESKTOP-Redacted

Failure Information: Failure Reason: Account currently disabled. Status: 0xC000006E Sub Status: 0xC0000072

Process Information: Caller Process ID: 0x15dc Caller Process Name: C:\Windows\explorer.exe

Network Information: Workstation Name: DESKTOP-Redacted Source Network Address: - Source Port: -

Detailed Authentication Information: Logon Process: Advapi
Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0

Bunch of these ones^. &

Subject: Security ID: Redacted Account Name: Redacted Account Domain: DESKTOP-Redacted Logon ID: 0x5A9A9

Logon Type: 2

Account For Which Logon Failed: Security ID: NULL SID Account Name: Redacted Account Domain: DESKTOP-Redacted

Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A

Process Information: Caller Process ID: 0xdf8 Caller Process Name: E:\New folder (16)\Game.exe

Network Information: Workstation Name: DESKTOP-Redacted Source Network Address: - Source Port: -

Detailed Authentication Information: Logon Process: Advapi
Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0

-

Subject: Security ID: DESKTOP-Redacted Account Name: Redacted Account Domain: DESKTOP-Redacted Logon ID: 0xCA8F9

Logon Type: 2

Account For Which Logon Failed: Security ID: NULL SID Account Name: Redacted Account Domain: DESKTOP-Redacted

Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A

Process Information: Caller Process ID: 0x3468 Caller Process Name: C:\Program Files\Google\Chrome\Application\chrome.exe

Network Information: Workstation Name: DESKTOP-Redacted Source Network Address: - Source Port: -

Detailed Authentication Information: Logon Process: Advapi
Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0

iTurniKill
  • 1
  • 2
    After being hacked, I would not trust any attempt to remove it short of restoring the entire drive from an image made before the malware was installed. Also, all logins to everything from websites to banking utilities should be changed, and possibly use an identity protection service, lest your personally identifiable information (PII), which that malware appears to have garnered, be used to bleed existing accounts or take out loans in your name. – DrMoishe Pippik Mar 10 '24 at 03:18
  • Bookmark virustotal.com – Gantendo Mar 10 '24 at 05:36

0 Answers0