Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacker is actively preventing me from obtaining assistance


  • This topic is locked This topic is locked
6 replies to this topic

#1 Avolate

Avolate

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 28 October 2013 - 07:38 PM

I dont know how he is doing it but the hacker is trying to stop me from getting help to remove my infection.

 

 He made it so that I could not access my thread where i was reciving help.

 

 

  This is the thread I made descriping the ongoing persistent problem iam having with a Hacker.

 

 

http://www.bleepingcomputer.com/forums/t/512093/reformatted-flashed-bios-but-still-cant-remove-infection/

 

 

 

  But last night he blocked me from being able to go to that thread somehow.   I tried it on my phone and with another computer in my house but the page wont load.  Everything else will load but my thread.

 

 So what I did was go into disk management and I did a long format of my 1 tb samsung storage drive.

 

 And then as soon as the format was done I turned the power off to the PC and I had to go to bed because all day long I had been trying to put windows on since the morning.

 

 

 When I woke up today I took the PC and Opened it up and I removed the Crucial M4 SSD hard drive.

 

  I suspect the virus is on that hardrive and its spreading and reinfecting every time I re install windows.   I dont think that the quick format I did and delete of the partition in the windows setup is good enough to remove the persistant virus that is on my Crucial M4 SSD.

 

 So I started a Reinstall on my computer fresh with windows 7 on my Samsung 1tb drive and I have my SSD drive that I think is infected sitting here on my Desk and I dont know what to do about it.

 

 Now iam on my HDD and my computer is slow because I dont have a SSD anymore.

 

 

 I did a scan with DDS just now without the SSD and the Disk Error I was getting seems to be gone now.

 

 So iam thinking that the persistant virus is on my SSD and it spreads whenever I try to put windows on it because the virus is hiding somewhere on the SSD itself.

 

 

 

  Last night I was about to post the ark.rar file of the GMER scan I did but that is when the hacker made it so I couldnt go on that thread.

 

 Sorry for making a new post about this.

 

 I would post the ark.rar here but it wont let me


Edited by Avolate, 28 October 2013 - 07:39 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 29 October 2013 - 03:11 AM

Hi Avolate,

I´ve told you before that this isn´t hacker activity but a faulty system. You completely formatted the disk and did a clean reinstall so there isn´t anything suspicious now.
In addition, you are running windows on a different disk drive now.


Why aren´t you able to "go to your thread"? Is the page not loading, do you get an error message or what?
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Avolate

Avolate
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 29 October 2013 - 04:06 AM

 Yea when I try to go to that thread the page times out,  

 

 I dont know how he did it but this infection is undetected and in the wild right now.

 

 It most certainly is hacker activity because I can see when he was logging onto my origin account over and over.

 

 It still exists in my SSD drive and I want to find a way to remove it from my drive or I will have to buy another soon.

 

 The error on the drive is false, there is nothing wrong with the drive other then its infected with some kind of bad persistent virus. 

 

 It must live in the Boot Sector and I dont know how to clean it.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 29 October 2013 - 04:17 AM

I´ve also told you before that someone may abuse your origin account from somewhere else - it doesn´t have to be your local computer.
If for example I had the password, I coul log into your account from here in Central Europe, without even being in the near of your machine.

It lives in the boot sector? Well, than we should check that.

Attach the SSD and run aswMBR and TDSS-Killer:


Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).



Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  • Please post the contents of that log in your next reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Avolate

Avolate
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 29 October 2013 - 05:04 AM

I´ve also told you before that someone may abuse your origin account from somewhere else - it doesn´t have to be your local computer.
If for example I had the password, I coul log into your account from here in Central Europe, without even being in the near of your machine.

It lives in the boot sector? Well, than we should check that.

Attach the SSD and run aswMBR and TDSS-Killer:


Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).



Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  • Please post the contents of that log in your next reply.

 

 

 I saw that someone else was logging onto my Origin account from another computer because when they log on I get a message and it kicks me offline.

 

 The first time I saw that I changed the password on another computer then I reformatted windows on the SSD drive.  I did the windows quick format in setup and put fresh windows on.

 

 I had all my data on my 1 tb storage drive.

 

 But after the reinstall and the password change I saw that the hacker logged into my origin account again.

 

 So i thought that both my drives were infected.   Then I saved a bunch of my data onto a flash drive and I changed my pass on another PC again.  Then i reformatted both my drives and put windows on.

 

 I took my data from the flash drive and put it onto the storage drive again.  Thinking everything was fine.   But then a few days later the hacker logged into my origin account again.   Iam not using any funny programs on these clean installs iam only downloading programs from known popular sources so its not like iam re infecting myself stupidly by using an Exe or something.   Iam actually doing nothing and waiting to see if I can spot him again.

 

 So I started to get really aggravated and I took everything off my PC and had it on the flash drive and I didnt put the flash drive or any flash drive into the PC.   I did a long format on my 1 tb drive and the only format I can do on the SSD is in the windows setup when you install new windows.

 

 I totally installed a fresh copy of windows on the SSD and I had a totally formatted storage drive.  And by 8 pm that night the hacker was already loggin into my origin account with a new password that I had changed a few hours before.

 

 

 Its possible that the drive I have now is infected also.

 

 The only way I can tell is if he loggs back onto my origin account.  Because that is the only tell I have had that I even have an Infection.

 

 

 Somehow he can take my password each time I type it into Origin and then he uses my account to play Battlefield 3.

 

 He has some kind of Keylogger and he can probably read everything i just typed.

 

 If I have this infection cleaned from this drive I think he still might be lurking.

 

 

  iam worried about what he might be able to do If I plug that SSD back in.

 

 If I did put it back into my machine I will have to unplug my 1tb drive that iam currently using for windows and then boot up with the SSD.  And when i do that he will be able to have the control he had before.

 

 And I believe he was able to block me out of that thread,  And somehow that persists through the reformat and windows install.   So its creepy its like he modified my router or modem to not load that page.  I looked in my router settings and I didnt see any additions that would block out that web page but maybe he did it hidden.

 

 And if he can do that who knows what he could do when I plug that SSD back in,  he could totally block me from this website  or others and it would persist.

 

 So I dunno if I want to risk it lol.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 29 October 2013 - 05:12 AM

If he can read everything you´re typing, then your newly installed system is infected already, right?
So there is no harm done when you reattach your SSD.

Do that and run the tools - we have to get some information, otherwise we cannot find the problem.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 05 November 2013 - 04:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users