Welp, I was hacked. "I never get hacked" :/

Woke up and saw that my Gmail password was changed, after trying 3 times, I crapped my pants.

Changed my Gmail back, so far Facebook, SRL, PayPal are all good, (E: Amazon is safe too).
I'm in the process of checking other things.

My Sythe account password was changed! But as far as I can see no posts/damage was done! And I recovered the account.

My question now is, I feel so nude and vulnerable, what do I do now to resecure everything?! Can someone link me to an article/guide/checklist with step by step instructions on how to resecure myself?


E:
After further examination it seems like it's just some Sythe noob who (idk how?!) hacked my email and changed my Sythe password. Besides that no noticeable damage has been done anywhere.

E:
So it seems like someone just (idk how?!) got my Gmail password, and used it to change my Sythe password, and that's it...
nothing was even done/posted/PMed at Sythe, and all of my other stuff seems to be just fine.

All I'd say is complete re-install of your OS, and a change of all Passwords, this is what I did.
Also I change my FB, Paypal, RS, Passwords ever month.
Mat

No time for reformat :/, was planning to do one next week though since I got a SSD waiting to be put in!
:/ ALL passwords! I have so many lol, but only a few are to things that 'actually matter' or can be used maliciously.
As for changing every month, even if I did to that it wouldn't have helped any, it happened 6 hours ago when I was sleeping.

Thanks!

http://www.techrepublic.com/article/youve-been-hacked-what-to-do-in-the-first-hour/5034945
http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm
Sad to hear about this man. Have you been doing/browsing any different sites than the usual sites your visit, within the past few days?

Yeah dude reformat is the key. My os never stays the same for more than a semester, might be a hassel but its a good habit to have

As mentioned, there is really no true way to know that you got everything malicious off your PC unless you wipe it clean. Certainly your payPal account as well as the others mentioned are worth a couple hours to partition and reinstall, YoHo. Better than risking a greater loss I should think anyways.

Registry Check:

Run Regedit.exe

HKLM and HKCU to /Software/Microsoft/Windows/CurrentVersion.

Check for anything that looks sketchy. Then go to /CurrentVersion/Run and /CurrentVersion/RunOnce.

Look for any awkward keys. Keys that run programs that you don't recognize. Even if you do recognize them, copy their links and go to their folders to make sure it's legit.

Check %AppData% and %Temp%. Find anything sketchy. Run Process-Explorer from SysInternals and see if any weird processes are being started. If so, terminate that process and see if it starts again. If it does, it could possibly be a virus.

If you find anything you cannot delete and you know it's a virus. Do a TakeOwn on it in CMD and terminate it then delete it.


Other than that, Wipe your PC lol.. It's the only sure fire way to get rid of every single thing if any.

Yeah when things look suspicious on any of my pcs I reformat them in an instant I normally don't have anything worth while on my computer so quick reformat download and update everything which takes a day max and should be good as new and also faster which is always a benefit, as for the hackings just watch your step on what you go onto and what you download the next few days just to make sure you don't do it again, trace back your steps must of been something malicious recent :(

Reformat is probably the way to go! It helps a lot! I was sure this was a joke when I read the title!

If you don't have time to do a clean install now change your passwords again after you re-install. Until then make sure you have a realtime anti-virus installed (ie:avast or avira) and run lots virus scans.

Their are tons of good free virus scanners.

use 2 step verification with Gmail, prevents you getting hacked or changed in future as any attempt to log in requires a secure key, generated via a timecode or sent to your phone, this can be annoying, but you can now trust computers so its all fine :).
The main thing that this is good for is changing and account settings requires the 6 digit code, also try checking the login- logs as Google timestamp and IP grab every login attempt

use 2 step verification with Gmail, prevents you getting hacked or changed in future as any attempt to log in requires a secure key, generated via a timecode or sent to your phone, this can be annoying, but you can now trust computers so its all fine :).
The main thing that this is good for is changing and account settings requires the 6 digit code, also try checking the login- logs as Google timestamp and IP grab every login attempt

o wow. Didn't know about this :o, I'm going to set this up over Christmas for sure!

I've got the IP address of the hacker, can I do anything at all with it? (Doesn't match anyone at SRL). Can I take legal action or something :p? Assuming he wasn't using a remote computer....

Wow, that sucks.

Setup 2 step on Gmail and Facebook, that's what I do. It would notify you if someone tried accessing your account.

Reformat, that's the only thing you can do.

EDIT:
I would contact Google with the IP of the hacker, just to see if there's anything they can do.

As stated in private, I had an IP check done across the major java bot forums, the IP matches a banned user from powerbot. He was banned for posting malicious jars. Later, it was determined that the jars connect to lunarisle.com (I haven't checked the site itself). The IP matches no other users. However, a check on the IPs of all posts made containing malicious jars that connects to lunarisle.com showed that they are all in the same 98.xxx... region.

I (guess?) I got hit by a JDB.

I was under the assumption that if you go to malicious/JDB links, you will get a pop-up asking weather or not you wish to allow Java to run.
Apparently the very well made sites bypass this or something. I did in fact visit a LunarIsle.Com website, so I assume that's how it happened.

reformat would be best imo.

I (guess?) I got hit by a JDB.

I was under the assumption that if you go to malicious/JDB links, you will get a pop-up asking weather or not you wish to allow Java to run.
Apparently the very well made sites bypass this or something. I did in fact visit a LunarIsle.Com website, so I assume that's how it happened.
I've been wondering about this too, and there's 3 hypothesis:
1. You can never get infected by simply visiting a website, only if you enable some plugins etc.
2. You won't get infected as long as you have the proper firewall/browser settings (turning some auto-play off etc).
3. You can get infected even with firewall on, as there are vulnerable ports etc that can be used to infect the PC. I doubt this is the case though or else there will be millions of people getting hack every moment?

Does any expert here know which of the above 3 is true? There are contradicting information on this from google searches.

I've been wondering about this too, and there's 3 hypothesis:
1. You can never get infected by simply visiting a website, only if you enable some plugins etc.
2. You won't get infected as long as you have the proper firewall/browser settings (turning some auto-play off etc).
3. You can get infected even with firewall on, as there are vulnerable ports etc that can be used to infect the PC. I doubt this is the case though or else there will be millions of people getting hack every moment?

Does any expert here know which of the above 3 is true? There are contradicting information on this from google searches.


#1 is false for sure, unless you are ONLY loading basic HTML, but if any plugins or javascript can run, you can get infected

#2 i would argue its dependant on how good the firewall you have is, so its still possible

#3 I'm fairly sure most routers have decent enough firewalls to stop hackers actually accessing your pc like that, but if you got infected via browser and they remote accessed you etc, still possible, but if you have a cheap router, who knows

I'd say your best off just staying away from websites you dont trust, dont trust the person who sent the link or the link they sent you looks like they have a virus thats sending the link (E.G. Notorious "check out my naked pics" etc on msn/skype) :)

Also, have good anti virus installed, plenty of half decent free options, i dont click URLs that i dont recognise, and i have not been hacked ever, for any game :)