Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: MSN Messenger hijacked - Please help - [FIXED]

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    18

    MSN Messenger hijacked - Please help - [FIXED]

    Hi everyone, I'm new on here, but I am a bit of a loss what to do next. Here's the problem:

    My girlfriend's son's messenger account is being hijacked ( we suspect by someone else from his school given the content of the messages sent by the hacker posing as her son). Simply put when he goes online, within seconds he is logged out and when he tries to go back in it says he is logged on another computer, then his password gets reset. Vile and disgusting messages are sent to the other contacts on his list as if they were from him. More over we have gone on and ‘chatted’ with the hacker who is pretending to be him, when we say that we know it is not her son the hacker becomes abusive writing thoroughly disgusting messages about my girlfriend. He has gone back in and changed his password three times to random sequences of letters and numbers and still within minutes he has been logged out again. He even tried creating a new messenger account and it happened with that to (which I presume suggests it is one of his contacts). It is the Messenger 7.5 with Windows XP Service pack 2 (all updates applied and up to date). They have up to date antivirus software in the form of PC-Cillin with it's own personal firewall. This has detected nothing.

    I ran panda activescan and apart from a few cookies it only came up with two other forms of adware :

    Adware:adware/oemji in the registry
    Adware:Adware/WinTools C:\WINDOWS\system32\grwinsthlp.exe

    Also ran hijack this and tried to put log in here, but said message too long.

    Can anyone please help? Firstly to secure the machine and his account to stop this happening and secnodly is it possible to find out who is doing it?

    Many thanks in advance.

  2. #2
    Junior Member
    Join Date
    Jun 2006
    Posts
    18
    here is the hijackthis log:

    Edit: log put into notepad and attached (Rev)

  3. #3
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,737
    grwinsthlp.exe is a trojan.

    Install and run Spybot Search & Destroy and AdAware (make sure you update the definitions first before running them)

    Also you need to remove WinTools. Details here

    Also check out Egghead's Spyware removal thread

    =========== Please Read The Forum Rules ===========

  4. #4
    Junior Member
    Join Date
    May 2006
    Posts
    6

    MSN Hijacked

    I have found that Xoftspy works indescribably well. Takes care of most of my problems. Just wanted to give you my two cents.

  5. #5
    Junior Member
    Join Date
    Jun 2006
    Posts
    18
    Many thanks Reverend, I will do as requested and hope that this solves the problem. I will report back.

    Also is there any way of definitely proving who the hijacker is? I am 99% sure of who it is, but have no concrete evidence.

    Many thanks for your two cents Angelcry, although I had already tried Xoftspy. Thanks anyway, answers always appreciated.

  6. #6
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,737
    Quote Originally Posted by wexfordalty
    Also is there any way of definitely proving who the hijacker is? I am 99% sure of who it is, but have no concrete evidence.
    If you have any conversations with him try and trick him into revealing his identity. You only need him to make a small slip up and then you will have enough evidence in the "saved" conversation. You can pass that info onto MSN.

    My prefered option though would be to pay him a personal visit and enquire as to whether his dental insurance is up to date.

    =========== Please Read The Forum Rules ===========

  7. #7
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,303
    Quote Originally Posted by Reverend
    My prefered option though would be to pay him a personal visit and enquire as to whether his dental insurance is up to date.








  8. #8
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,385
    this is a little scary... Let us know how u go... delete the trojan!! Then reset password, hopefully there is no password stealer!

    --- 0wN3D by 3gG ---

  9. #9
    Junior Member
    Join Date
    May 2006
    Posts
    6
    And you can track the fellows ip address. That should tell you where he/she is or where about this person may be. You need to get a chat going with him though. Try this site. http://www.abika.com/Reports/verifyemail.htm. Hope that helps. Oh' and im just wondering have you tried the free version of AVG? It may sound strange but that fixed my computer after a major virus. When all others failed on me.

  10. #10
    Triple Platinum Member
    Join Date
    Aug 2004
    Posts
    805
    Oh' and im just wondering have you tried the free version of AVG? It may sound strange but that fixed my computer after a major virus. When all others failed on me.
    I'll second that. It picked up a backdoor.optix (?) trojan when Norton died on me.

  11. #11
    Junior Member
    Join Date
    Jun 2006
    Posts
    18
    Quote Originally Posted by Reverend
    You can pass that info onto MSN.
    Already had much contact with them and found them to be about as much use as a chocolate teapot.

    Quote Originally Posted by Reverend
    My prefered option though would be to pay him a personal visit and enquire as to whether his dental insurance is up to date.
    LOL. Yeah, not an option though we are talkin about a schoolkid here.

  12. #12
    Junior Member
    Join Date
    Jun 2006
    Posts
    18
    Quote Originally Posted by cash_site
    this is a little scary... Let us know how u go... delete the trojan!! Then reset password, hopefully there is no password stealer!
    Will let you know. There must be a password stealer given the number of changes made and the speed with which it is hacked each time.

  13. #13
    Junior Member
    Join Date
    Jun 2006
    Posts
    18
    Quote Originally Posted by AngelCry
    And you can track the fellows ip address. That should tell you where he/she is or where about this person may be. You need to get a chat going with him though. Try this site. http://www.abika.com/Reports/verifyemail.htm. Hope that helps. Oh' and im just wondering have you tried the free version of AVG? It may sound strange but that fixed my computer after a major virus. When all others failed on me.
    Thanks for that will try the search and AVG. First want to try and track if possible.

  14. #14
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,303
    Also check for a Keylooger. As you said the speed which it was accomplished leads me to believe that the culprit has an "inside" to your system.

  15. #15
    The Beast Master TZ Veteran PIPER's Avatar
    Join Date
    May 2002
    Location
    Florida
    Posts
    1,055
    Quote Originally Posted by rik
    Also check for a Keylooger. As you said the speed which it was accomplished leads me to believe that the culprit has an "inside" to your system.
    Ah ha....Miss Scarlet, with a wrench in the Library.....lol.....gotta luv a mystery. ......only the nose knows..........I like Revs idea..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •