Have I been hacked?

[angelfire]

I might have a problem.
I got a prompt that there were unused icons on my desktop, and the Desktop Wizard offered to clean them up for me. That got me looking at the icons on the desktop (there really are quite a few, and many of them seldom used).
I hadn't really looked at them in awhile. I noticed two new ones that I have no memory of -- they are titled "account_password" and "account_password(2)". I don't recall ever doing anything with passwords, so I clicked on the first one. A box came up saying that the file I was trying to open was "not a valid Win32 application."

I clicked on "Properties" for both of the desktop icons.
Here's the info from them (the same for both, except for time created)

Type of file:  XML Document
Opens with:  WordPad

Location:  C:\Documents and Settings\Owner.(my computer)
Size:  45.3 KB (46,458 bytes)
Size on disk: 48.0 KB (49,152 bytes)

(first one)
Created: Sunday, August 31, 2008, 6:56:29 PM   
Modified:  Sunday, August 31, 2008, 6:56:30 PM   


(second one)
Created: Sunday, August 31, 2008, 7:14:06 PM
Modified: Sunday, August 31, 2008, 7:14:06 PM

Accessed: (always has the current date & time that I clicked "Properties")

Attributes: Read Only  Hidden (neither box is checked)

Security: This file came from another computer and might be blocked to help protect this computer.

OK -- it's that last part -- about it coming from another computer -- along with my not recalling doing anything like this, that has me worried that someone has at least attempted to haq into my computer and get passwords from it.
I just don't know if that's the case, or what to make of this. Does anyone have any insight into what this could be about?
Is it spyware of some kind??

I have the AVG free antivirus software, I ran these files through it and it didn't show any viruses.
I checked my computer's download history, and nothing was downloaded on that date.
I do have a teenage daughter who shares this computer, but she knows nothing about this either, and the icons only show up on my desktop, not hers.
I ran a search on my computer for "account_password", and there was a third one -- it had also been created on the same day, shortly before the others, and was in the Recycle Bin.

I'm currently reading the threads on this site related to computer security, so as to get my computer protected, but as of now and the date in question the AVG anitvirus program is all the protection I've had.

If anyone has any insights on this, I'd very much appreciate any info you could give me. Right now, I'm worried.   Thanks.

[Jewels]

I would run a multiple antivirus scan. Avast and Anvir both have good free scanners. There is also a new one I like so far called Threatfire, there is a link on this board for it. Don't worry about all that nonsense about not having multiple AV. Just don't have them all run at sys startup as they'll bog your pc down heavily. Set one for startup and the rest for ondemand.

As for how the files got there-well really can't say as we don't have access to the pc.

[moderator_]

Be sure to run the virus scans as Jewels mentioned.



Here are a few steps to take to help prevent future intrusions:


To prevent other computers from accessing your computer remotely (remote access):

1.Press windows + pause key on keyboard.
--window will pop up for system properties

2. Choose the "remote" tab
--found at top right

3. Uncheck the box "remote assistance"


A backdoor trojan could be opening a port for accessing you remotely.
-Make sure you are up-to-date with Windows updates, and Adobe, Java, Quicktime, etc.
-Your OS also has event logs--steps to get to those logs depends on which OS you are using.
For example, for Windows XP Pro Version 02:


1.click Start
2.click Control Panel
3.click Performance and Maintenance
4.click Administrative Tools
5.click Event Viewer

6.right click an entry, look at properties for details and look for a Logon/Logoff (Event 528 and Logon Type 10)
-------------------------



Unplugging connections while not using computer:

Unplug your data cable/ethernet cables to your computer/modem/router
--People can access your computer even if its off
--Don't get paranoid because it's not likely to happen, but it can. If someone is watching your computer habits and are savvy enough--it can happen but you would have to be a huge target for that to happen.
-------------------------




Turn off file and print sharing on your computer

-the steps vary depending on what OS you are using--can be found on google

-------------------------





You may already be implementing the ideas I mentioned. There are always more ways to better secure your computer. Google is full of tips of securing your computer. Good luck

[tomron]

@angelfire

You didn't mention which OS you have,I'll bet its XP

Desktop Wizard is a feature of XP.

In the link provided scroll down to "76. Get rid of XP Annoyances"

http://www.mydfz.com/XPblues.htm

[angelfire]

@Jewels~

Thanks for the info on the multiple AVs! I've installed Avast and will be installing at least one of the other two as well. I feel a lot better already just with the Avast! So far no evidence of intrusion has shown up.

@Patrick~

Thanks for the tips on security! I had already found and followed the info here on unchecking the remote assistance and file & print sharing boxes, but hadn't thought about the possibility of being accessed even when the computer is off. The only person I would be a huge target to is my soon-to-be-ex-husband, but I wouldn't put much past him at this point. I have reason to believe that he tried to install spyware on the laptop I was using before he moved out. The irony of that is that he was he one cheating and scheming, not me! lol

@tomron~

Yep, you guessed it -- I have XP. Thanks for the tip on removing Desktop Wizard!

[jimmy97]

HijackThis helps too. Majorgeeks is a safe place to download it. Remember to rename the file too.

[sometime]

Im getting these Antivirus pop ups telling me my computer's infected and i should enter my email address and purchase certain software. How can i tell if its part of my computer's original security system or if the pop ups themselves are the infection? Dumb i know. But i reallly dont know

[tomron]

@emailmemoreinfo

I wouldn't install it.

How can i tell if its part of my computer's original security system or if the pop ups themselves are the infection?

Whats the name of the AV pop up?

We have to determine what protection is already installed on your puter.Use the link provided below and install  Belarc Advisor which will show whats installed.

http://www.belarc.com/free_download.html

Could be an infection or software shipped with OEM machines,or more commonly known as crapware.

[Jewels]

How can i tell if its part of my computer's original security system or if the pop ups themselves are the infection? Dumb i know. But i reallly dont know

If it was part of your original security system it wouldn't be asking for your email addy, or asking you to purchase anything. So sounds like scam crap. 

What's the name of the "supposed" antivirus program that is giving you these popups? There is one out now that looks like a good fake of the windows security and even installs an identical icon to ur system tray. I can't remember the name of it but I just had to remove it from my mother's pc a few weeks ago. If you give us some more info we can help you get rid of it.

[sometime]

thanks, well whatever it is, its definitely slowing my computer down. There are 2 pop ups:
1) e trust ez antivirus
2) antivirus 2009 - this is the one that you were talking about that looks very "official microsoft"

i told a computer repairman about this and he said that they are both the trojan virus and will cost 125 total to remove

i just downloaded belarc from the above link and it says i have e trust ez antivirus as my virus protection. is it possible there's a fake one out there that looks teh same but is actually a virus? There are now 2 icons for this program at the bottom of my screen and i often get pops saying its time for me to renew my ez antivirus.

is $125 a reasonable price?

[justy]

thanks, well whatever it is, its definitely slowing my computer down. There are 2 pop ups:
1) eztrust antivirus
2) antivirus 2009 - this is the one that you were talking about that looks very "official microsoft"

i told a computer repairman about this and he said that they are both the trojan virus and will cost 125 total to remove

computer repairmen can be nasty little a s s e s.  they want major $$ for simple shit that people can fix for free online. okay, is the "ez" antivirus a program that you have already installed for protection?  if not, download AVG 8.0 for free, scan your computer & hit remove viruses. do the pop ups name the trojan?  not the software name, but the actual trojan name.

[sometime]

i was modifying my previous post as you were typing a response.  i will work on what you suggested right now

[justy]

is $125 a reasonable price?

NO, that is a ridiculous price. Yes, it could be a virus itself. If you dont remember downloading it, remove it in your control panel & try AVG. Let me know how it goes.

[sometime]

1. i removed one of the AV icons from the control panel. The other doesnt give me that option. Neither does the antivirus 2009 icon.
2. i downloaded the AVG 8.0 you suggested. when i tried to run it i got the following message:

another antivirus/security program is already installed....we strongly recommend that you cancel this installation, and then uninstall the current antivirus program...

[justy]

1. i removed one of the AV icons from the control panel. The other doesnt give me that option. Neither does the antivirus 2009 icon.
2. i downloaded the AVG 8.0 you suggested. when i tried to run it i got the following message:

another antivirus/security program is already installed....we strongly recommend that you cancel this installation, and then uninstall the current antivirus program...

okay, did you look in your control panel for antivirus 2009?  if its not there, go to  C:\Program Files       and look for anitvirus 2009.  if the folder is there, open it and there should be an uninstall there.  If you dont see the folder, go ahead and just run AVG.