Computer supposedly hacked. (1 Viewer)

CiroBishop

CiroBishop

Joined
Sep 16, 2014
Messages
349
Hello.

Today, I opened my computer that runs Windows 8.1 as OS.
When I opened it, I found an application icon removed and one moved, so I worried about it.
I'm good in PC, but this time it's something new for me.
I tried to check if I had a virus, so I began to run a scan with my Antivirus, then I opened my prompt to check the [drivers] files.
I wrote "system.ini", so the string became like this: C:\Windows\system.ini.
In the text file that opened up, I found this:

; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]

I searched a bit and I found that "timer=timer.drv" is a spyware, that takes your informations by a keylogger, like the known rootkit.
Someone said that this is malicious, but other say that this could be safe.
I'm very good, but this time I'm asking help because this is something new for me.
I posted this thread on other forums, too, to get some help from other people, too.

Could you help me?
Did this happen to you, too?
How could I remove it, if this is malicious?

Thanks,
Bishop.
 
CiroBishop said:
Hello.

Today, I opened my computer that runs Windows 8.1 as OS.
When I opened it, I found an application icon removed and one moved, so I worried about it.
I'm good in PC, but this time it's something new for me.
I tried to check if I had a virus, so I began to run a scan with my Antivirus, then I opened my prompt to check the [drivers] files.
I wrote "system.ini", so the string became like this: C:\Windows\system.ini.
In the text file that opened up, I found this:

; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]

I searched a bit and I found that "timer=timer.drv" is a spyware, that takes your informations by a keylogger, like the known rootkit.
Someone said that this is malicious, but other say that this could be safe.
I'm very good, but this time I'm asking help because this is something new for me.
I posted this thread on other forums, too, to get some help from other people, too.

Could you help me?
Did this happen to you, too?
How could I remove it, if this is malicious?

Thanks,
Bishop.
Click to expand...
http://www.eset.it/download/utenti-privati/eset-smart-security-8/
 
I removed some "Estabilished" connections using the command "Netstat -ano", and on other forums other people say that this isn't malicious.
I think I'll begin to deal with it and when I'll see something moved the next time I'll completely restart it.
 
  • Dislike
Reactions: SunDwarf
CiroBishop said:
I removed some "Estabilished" connections using the command "Netstat -ano", and on other forums other people say that this isn't malicious.
I think I'll begin to deal with it and when I'll see something moved the next time I'll completely restart it.
Click to expand...
install ESET, done.
 
I don't have anything important to say but I love how Blonks last comment got ignored the whole time.
 
I didn't ignore it.
Anyway, thanks, I think I fixed it.
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Top Bottom
Back