Help! Aright so I logged into my computer and this chat box came up, and some zion person started to chat with me. The window said, "Ghost Chat". He knew my first name and started making comments about my appearance. At first, I was totally freaked out and thought somone was watching me from my room. But then i covered up the webcam and he stated, "wrong camera dude". But if that wasn't the camera, he would have scared me more and said something else about my looks. Also made a comment if i had a sexy mama next to me - but never commented on her appearance. So my first guess was someone had access to my camera - which that's why they could see me and also my microphone, probably why they knew a girl was next to me. But then i started typing into google and they knew what i was typing. but if they had access over my computer - they would have scared me more and moved my mouse or typed something. NOW. I am freaked out. He asked if i had played Runescape and i have never played. After i said no he logged off. First thing I did was turn off my computer - got on my girlfriends computer on a different network and changed all of my passwords. Ummm...I'm kind of stuck, I don't want to turn on my computer and also afraid someone has access to my files on my computer when it's turn off right now. What Should I Do?!?! Thanks
Basic advice: Run free program called Malwarebytes. Use good anti-virus Check your ADD/DELETE programs and delete things you do not need and check on others you may not be sure about.
Install a good firewall. Most exploits can be stopped by having a firewall in place. Get http://www.comodo.com/home/download/download.php?prod=firewall One of the best software firewalls. (its free as well). Do that 1st. Then scan the PC as per enjoythemusic. No guarantee its a virus/trojan. He might be getting thru via an exploit. Make sure your O/S is up to date and things like flash and adobe is upto date as well.
Hmm... maybe it is a new 'hook/exploit' into the Microsoft Messenger services (this is DIFFERENT than Messenger chat software). You can disable Messnger it in XP: www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx It is not installed by default in Vista, yet check to be sure if you use Vista...
Before doing anything else, reboot your computer and start it in safe mode WITH networking (so you can get online). Press F8 during the startup phase to do this. 1) Install a virus scanner and scan your whole hard drive. I do not like Norton or McAfee, they are junk. AVG is my preference, mostly because it's free and relatively "light", but others are good too. avgfree.com 2) Install Malware Bytes anti-Malware and run it 3) Install Spybot Search and Destroy and run it 4) No offense, but stop doing whatever you are doing that is giving you viruses and stuff... whether it's downloading software, or clicking "ok" on stuff you come across on the internet, or something else... but you have to sort of wise up to this stuff or it will just happen again, and next time it could be your credit card number or bank account number or address or something else.
When I start it in safe mode - would someone still have access to my webcam like they did before and still see what I'm doing? I'm also thinking about just going somewhere to have it completely scanned and wiped out - as if I just bought it from the store.
Probably not, since safe mode will pretty much prevent everything else other than the basic Windows stuff from starting up. That's why you want to run in safe mode when you download, scan, and install the software listed. Or you could just use the restore disk that came with your computer (or if it's on a separate partition, you should be able to press a button at startup to initiate the restore.
Been doing a little researching - this attack might be something similar to the cybergroup "GhostNet" - which takes control of peoples computers including webcam and microphone. I wonder if it might be the same people since the chat box that came up was, "Ghost Chat"
The source code from ghostnet is freely available(google "ghost rat source"). Anyone into hacking could of been talking to you. Here is a utube of it in action http://www.youtube.com/watch?v=Vz-gg8hxaVQ As the dude mentions at the end, using a good AV should find and delete it. AVG is good and so is AVAST both free. Backdoors are nothing new the most common way they would of got that trojan on your pc would be via PDF/flash exploits tho could of been any number of ways. That firewall I recommend picks up hooks and injected DLL's so even if the AV doesn't detect the latest flavour of viri/malware/rootkit it would alert you by telling you that app "so and so" is trying to phone home and you can say "NO!" Anyway hope that helps and good luck.
Thanks everyone. I went ahead and fully restored my computer from the day I bought it. After that, I installed AVG, Spybot, and Comodo Firewall (I've noticed how detailed they are, really like it). hopefully this takes care of it, thanks for all yall's input.
Thanks for the hot tip. Though vastly improved over previous editions I dumped annoying-as-hell AVG and... Installed COMODO Internet Security - Antivirus, Firewall, Defense. While there were two false positives which came right up and were greenlighted, to have a sweet suite "tell me" what is actually going on [active processes], without getting in the way is great. Do you also keep yours in "Safe Mode", or is another level to your liking? Further tweaks would be appreciated. In fact, COMODO may be worthy of it's own thread. *hint, HINT*
I have network defence on custom policy and Proactive defence on safe mode. When you install an app just click "treat this app as" then click the "installer" option. It stops the alerts appearing every few secs. Plus after you finish installing the app it will ask you to return to safe mode and keep reminding you every few mins. It still alert you if the app is trying to connect to the net. It can be a bit annoying with the popups as its learning things but once you have that down it only alerts you with new activity. Besides the usual geeky tinkering with the settings you don't really need to play with the settings. The COMODO AntiV isn't good tho, apprently this should change when V4 is out but for now I'd recommend not installing the AV part and just install the firewall. Then get AVAST installed. COMODO might be a bit hardcore for some but if you want to know want apps do when you double click them it can be interesting to watch
OK, well i had the same ting happen to me... all you need to do is start your computer in safe mode, go to your internet browser and delete Everything... history, cookies, passwords, all of that and the problem will go away. The ghost chat is simply a cookie tracker that breaches your firewall. This worked for me and I hope it works for you.
Did you not read the thread?? Ghost chat is a backdoor/keylogger. Going to safe mode and deleting "everything" does absolutely nothing. Cookies don't breach firewalls, that's how websites work. Only AV will delete ghost chat.
So after your suggestion i'm going to install the Comodo Firewall as my Norton Antivirus is expired and is CONSTANTLY reminding me to subscribe to update yadda yadda... What's the best FREE anti-virus out there?
AVG is quite good but resource intensive on some systems - not sure why some and not all. Avast is another one that's available for free to home users. I actually don't keep an AV on any of my many computers but they are all behind routers and have additional software firewalls and other measures.
I used to run AVG but it started getting bloated so I switched to Avast. You can't go wrong with either though.
Hello I prefer protect my mac and for it i use ProteMac Netmine protemac. com .It's firewall which controls all the network.In my opinion it's really good soft.
