I think somebody has access to my computer

0

1

Yesterday I received emails from Origin (EA) saying that my password, email and username were all changed. Not having done that myself, I reverted the changes, called EA security, set up a 2-step verification, and obtained a new password. Today, just half an hour before writing this, I got a text message giving me an EA security code. This means that somebody was trying again to access my account. But worse this person knew my one-day old password. I called EA security again and was suggested my Gmail was compromised and/or I am having a keylogger running.

But my Gmail has had 2-step verification for a few years now and I see no other unusual activities with Gmail or my Google account. I ran quick scans with MalwareBytes Anti-Malware (Premium) and Avast Free Antivirus 2015 and got no detection. I'm currently running a full scan (with all options and all drives ticked) from MalwareBytes Anti-Malware (Premium).

Can you please advise a course of action? How do I locate the vulnerability? I'm running Windows 8.1 and have no pirated software / games installed. Please assume that I am comfortable with everyday software, can follow written / pictorial instructions but do not possess further advanced knowledge.

Other oddities:

  • Two days ago, I went to the website of my cell phone's company and the browser had already been logged in with some strange email. I stupidly refreshed the page without taking screenshot and the account was logged out.

yurnero

Posted 2015-07-31T01:08:23.507

Reputation: 181

1One route you could take - Copy off any data that you need. Format and reinstall windows. (or replace the hard drive and install windows on new hard drive). Delete that email account. Create a new one. – barlop – 2015-07-31T01:11:27.607

Please don't downvote. I am not a new Stackexchange user, just new to superuser. And I really need help here. If you are unhappy with the OP, give suggestions so that I can edit. – yurnero – 2015-07-31T01:16:37.600

possible duplicate of How can I remove malicious spyware, malware, viruses or rootkits from my PC?

– DavidPostill – 2015-07-31T11:50:18.407

Answers

3

Though the safest course would be to reinstall the operating system and all applications as suggested by barlop, if you believe that your system has been compromised, I've sometimes found that using several antivirus/antispyware products will allow me to identify malware. It isn't always that one product is far superior to all others, but, instead, that the developers of some products have not yet encountered a new malware variant, but one particular company or organization has already encountered it and has updated their virus/spyware definitions to detect it. So for malware x, product A, B, C, and D may miss it, but product E may find it while for malware y, A, C, D, and E may not identify it, but B does. When I've had the time, I've sometimes tried a dozen or more before finding one that detected a particularly insidious piece of malware. Some other suggestions for legitimate, free antivirus/antispyware products you could try that shouldn't conflict with an existing antivirus/antispyware product on your system, if you choose the free, on-demand only version, i.e., it runs only when you manually start it, rather than one that constantly monitors your system:

  1. Ad-Aware Free Antivirus+
  2. Sophos Virus Removal Tool
  3. SUPERAntispyware
  4. Spybot - Search & Destroy

Rootkit detectors:

  1. GMER
  2. Kaspersky TDSSKiller
  3. Malwarebytes Anti-Rootkit

I like to be able to boot an infected system from a Live CD, so that the operating system normally used to boot the system is not running at the time of the scan. Many antivirus vendors provide a free Live CD you can use for such purposes. Some that I've used include the following:

  1. Avira Rescue System
  2. AVG Rescue CD
  3. BitDefender Rescue CD
  4. F-Secure Rescue CD
  5. Kaspersky Rescue Disk

Note: if you wish to identify malware on a system, perhaps even when you intend, eventually, to wipe the system and start anew, and wish to try multiple programs, you need to be willing and able to not use the system for other purposes for quite some time, since a scan with just one product may sometimes take a couple of hours. You don't have to sit there watching the scan, but you need to accept that the system may not be available for your use for some time or at least may perform very slowly, though I would avoid using a system I thought might be infected for other purposes in any case. I usually perform an image backup of a system first, so that I can always revert to the prior state and test again with some other product, if I want to compare products or a particular one renders the system unbootable after it has removed what it identifies as malware, which can, sometimes, be due to false positives.

Sometimes I use that approach to determine what website was the source for an infection. By looking at time stamps on files associated with an infection and correlating them with website visits, using tools such as the free Web Browser Tools provided by NirSoft that allow you to examine the browser history of various browsers.

And, if you have a particular file you suspect is a culprit for an infection, you can upload it to a site that scans files with multiple antivirus programs. Sites that provide that type of service for free include the following:

  1. VirusTotal - now owned by Google
  2. Jotti's Malware Scan
  3. VirSCAN

Spending the time to identify the exact cause of an infection can often consume far more time than wiping and reloading the system, though, and you may decide to do that in the end, anyway.

moonpoint

Posted 2015-07-31T01:08:23.507

Reputation: 4 432

Thank you very much moon. I'm running Windows 8.1 which has an option for resetting the system (just keeping Windows itself). Is that the same thing as reinstalling? I ask because I started with Windows 7 OEM, upgraded to Windows 8, got a further free upgrade to Windows 8.1. I don't particularly want to go through all that again. – yurnero – 2015-07-31T02:19:48.203

1

@yumero, see What do Windows 8 Refresh and Reset my PC really do? and Microsoft's article How to refresh, reset, or restore your PC. It may be that just reverting to a restore point from a time prior to when you believe the incident occurred will be sufficient - see the "To restore your PC to an earlier point in time" section of the Microsoft article for Windows 8.1

– moonpoint – 2015-07-31T02:33:23.090

1I wouldnt even use an OS unless I have the ISO for it. BTW Iclever malware can potentially infect system restore points . If the OP lacks will power / energy, but still wants to be safe particularly given the potential skill of the potential intruder, perhaps they could install win7 then later when they can be bothered, install the upgrades. – barlop – 2015-07-31T03:46:24.767

Asked: 2015-07-31T01:08:23.507

Viewed: 114 times

Active: 2015-07-31T02:21:16.167