Programs Opening Randomly

  • 5 April 2013
  • 3 replies

Well, yesterday I went to our computer office to put down some stuff. The home-screen was visible, so I saw the wallpaper. I couldn't notice if any windows were open, but anyways, I returned to the computer a few minutes later and lots of windows were open. Nobody was on it. I remember iTunes was the current task, and I looked down at the desk and heard music. iTunes started playing a song by itself.... I can't remember if I clicked another song, but another one started playing. I eventually closed iTunes and Firefox windows started opening. I typed Ctrl + Alt + Del and went to the tab 'Users' and all I could see was the Owner (us). So I started closing out a bunch of other programs and went to YouTube to see a video on how to see who's hacking your computer... I opened up CMD during the video, and when I went back to type, all the text was gone. I didn't see the program being opened during the video and I didn't see text being erased either.
At this time, I already was doing a scan with Webroot and another program. It was taking over 7 minutes to scan. (Results were no threats found). I went to CMD again and saw lots of 'ESTABLISHED' state IPs, but I did have other programs open (Firefox and more). So I eventually rebooted and searched through CMD to find any hackers, but I couldn't find any that didn't match up to programs like Skype.
I think whatever happened is gone since it hasn't happened since, but I am worried for our protection on the computer. It really makes me scared to know someone was hacking our computer, and how they found our IP. But, I don't know for sure if it was a hacker. Another question I have is, are viruses capable of doing what I described? And finally, what can I do to make sure we have a good firewall?

3 replies

Userlevel 7
Hey there ClassicRock_FTW,
First of all, welcome to the Webroot Community.
I am really sorry to hear you've experienced such a perplexing issue-it's definitely not something we see often. It's also surely going to require further investigation, and at this point (due to the nature of a possible infection as well as the fact that our social media hours are more limited during the weekend), the best way to go about this is to submit a support ticket , categorize it as "Threat-Virus/Spyware Infection", and describe the issue at hand (you can just copy the same message you posted here on the Community). This way, one of our threat researchers can more quickly see the ticket and be able to take over your case via the support ticket system.
Regarding your questions, there are many different types of attacks and malware, but it is really difficult to tell just by the sound of it whether or not you're dealing with an infection. In regards to the firewall, our firewall is very effective in monitoring outbound traffic and works together with the Windows firewall, which monitors inbound traffic. For a more comprehensive breakdown of our firewall and how to ensure it's functioning properly, please take a look at this guide.
Please follow the aforementioned instructions to submit a support ticket-while I'm glad to hear that the issue seemed to have go away, I want to make sure that your computer doesn't have any infection and that WSA is protecting it properly. In the meantime, we can keep an eye out on your ticket (just PM me or another moderator the email address you used to submit it). For reference on the forum, could you please let me know if how long scans are taking on your computer now? Was Webroot scanning at normal speeds before the incident?
The scans work as normal before it happened. Nothing strange happened before these events took place. I had just come home, and checked on the computer. And, scans are working better now. I just ran one and it lasted 2 minutes. Also, thank you so much for replying.
Userlevel 7
You're very welcome and I am happy to hear that scans are running normally now. That said, this adds to the strange nature of the case and I highly recommend submitting a support ticket to make sure your computer isn't infected. I will be back in the office Monday morning to check my PM's and take a look at your ticket. Please keep in mind that while our social media/community support hours aren't 24/7 like the support ticket system hours, we do have some social media support on the weekends so if you update the thread should you have more questions, another moderator or Community member can chime in as well.
Have a great weekend!