Am I being Hacked

Discussion in 'Ask Baldy, Blame AceRph' started by MrPulldown, Sep 13, 2017 at 9:33 AM.

  1. MrPulldown

    MrPulldown Long timer

    Joined:
    Aug 18, 2009
    Oddometer:
    5,734
    Location:
    Truckee
    Left my work computer on this weekend. Came into work on monday and my icons are all tiled nicely, and my resolution is a little funny. This throws up a red flag for me as I have been hacked before. Ran all the malware byte and MS security essentials scans I could and nothing comes up. However on this site (Adv) in particular I get this message occasionally. See picture as well as Malware Bytes blocking a couple of outbound connections. See excerpt of the report below. WTF. I ran a custom rootkit scan and found a few files. Deleted them but still get these messages. As with all things in my life now, I am starting to turn to ADV for help. Our IT guy is worthless.

    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Domain: image.ibb.co
    IP Address: 104.27.127.62
    Port: [52855]
    Type: Outbound
    File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (end)

    Attached Files:

    #1
  2. aldend123

    aldend123 Long timer

    Joined:
    Sep 1, 2011
    Oddometer:
    4,118
    Location:
    Bristol County MA
    How did you arrive at the ADVRider URL from your screen capture? It's not like it's an index.php?threads/SomeonesRiderReportThread.1234 as typical.

    The re-arrangement and resolution is noteworthy but can also happen if your graphics driver failed, and/or was re-installed. This results in oddly low resolution (so everything appears huge) and your desktop icons all get squished tight in to the upper left corner. Then if say a reboot fixes the driver issue, sometimes the icons remain in squished arrangement.
    #2
  3. MrPulldown

    MrPulldown Long timer

    Joined:
    Aug 18, 2009
    Oddometer:
    5,734
    Location:
    Truckee
    Thanks for the description on the graphics drivers. Recall having some issues with it in the past. This could be it.

    THe ADV Url is a result of editing a post and clicking on options. Since deleting a bunch of "potentially unwanted programs" from my malware scan, I am not longer getting that message. Nor have a have the malware stop notice.
    #3
  4. MrPulldown

    MrPulldown Long timer

    Joined:
    Aug 18, 2009
    Oddometer:
    5,734
    Location:
    Truckee
    Updated my display driver. Reset my default size to 100% instead of 125. Now everything looks normal.

    Hope that is the end of it. Thanks aldend123
    #4
    barnyard likes this.
  5. aldend123

    aldend123 Long timer

    Joined:
    Sep 1, 2011
    Oddometer:
    4,118
    Location:
    Bristol County MA
    The XSS warning from chrome is still interesting. I wouldn't be surprised if it were a fluke somehow related to a messed up cache though. If it continues to occur, clear cache and/or reinstall chrome if you really want to go the distance. Then if it continues to occur, I'd be a bit concerned.

    Probably wouldn't hurt to mention this to your IT guy. If they were doing a bunch of updates over the weekend, that'd help explain some of this.

    The blocked website - could that possibly be explained by someone hosting an image on a sit (like this one) that is on the blocked list? Especially now that photobucket's busy shooting themselves in the foot people are looking for alternative hosts.
    #5
    MrPulldown likes this.