Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
3 replies to this topic

#1 horseface


  • Members
  • 3 posts
  • Local time:12:31 PM

Posted 26 February 2014 - 06:04 PM

I have had an ongoing problem with my ex-boyfriend hacking into my computers.  Last summer, he somehow set up a VPN connection the directed all of my Internet activities to a server at his house.  (I had installed a program - don't remember which one - that gave me a physical map of my network and it showed his house.  I live about 60 miles away from him, so there was no mistaking the location.)  I have gone through multiple "clean installs" of Windows 7, but each time I do, it seems he still has access to my laptop. 


A couple of months ago, I took the new Windows 7 disk and decided to do the install myself so I could check Event Viewer and see if it told me anything.  It did show that the VSS was trying to write to the disk at the same time Windows was installing, but from what I've read, that may be a normal process (?).  :huh:  One other thing I've noticed is that the administrator accounts gets remaned to "administrators" with an "s".  I always use lower case to name the computer, but the name gets changed to all caps and a "$" added to the end.  In Event Viewer, in the Security folder there are over 100 entries where the computer is being queiried for  accounts and passwords, then someone signing on as one of those accounts.  It also showed where Windows Firewall rules were changed, Norton files were changed from "auto" start to "demand" start, Windows Defender was disabled, and a number of other things, including a bunch of new users such as "ANONYMOUS" and "REMOTE USER". 


I found an iCamera installed on the laptop before I did the Windows 7 install, and from comments he has made, I suspect there is a camera installed in my bathroom somewhere. It is VERY unnerving, to say the least. 


I felt like I could never trust the security of my laptop  so, after getting a wireless security system installed in my apartment, I bought a new All-In_one PC with Windows 8.  Within 2 days of having it, I started seeing the same issues as all of those above.  I installed a forensic program and it said that I was a workstation and part of a virtual network.  I have EVERYTHING even remotely connected (no pun intended) to any type of sharing turned off or disabled.  I have disabled a number of services that I see as not being essential to the operation of the computer, one of which is the Remote Desktop Connection.  A couple of hours after disabling that service, I rebooted the PC for something else and when I checked the services, it was enabled again.  There have been times when it has gone from being disabled to being enabled even without my rebooting.


To top it all off, I had stepped away from the PC for a minute and when I came back, my mouse was moving around on the screen!!


I've reset the PC to factory default settings 3 or 4 times in an effort to get rid of him/it, but it doesn't seem to work.  Last time I tried, I got an error msg that said some of the necessary windows files were missing and it could not be restored.


Now I have TWO useless computers.  I access the internet now from the library but am limited to one hour per day (ugh!!).


Can anybody help me??







BC AdBot (Login to Remove)


#2 horseface

  • Topic Starter

  • Members
  • 3 posts
  • Local time:12:31 PM

Posted 28 February 2014 - 02:54 PM

Out of all those people that read this post, can't someone please offer any solutions??  Or at least some ideas to try?

#3 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,704 posts
  • Gender:Male
  • Location:US
  • Local time:03:31 PM

Posted 01 March 2014 - 04:41 PM

You need to go to the police.

I can tell you that a few of the phenomena you describe is just intricacies to how Windows works internally, but others are quite suspicious. Sadly, the level of threat you're claiming is something that we're not equipped to handle, nor would it be beneficial to you for us to attempt to do so. If you are indeed as compromised as you believe to be then trying to solve the issue via an online medium is difficult if not futile. First and foremost you need a legal investigation to take place so that any perpetrator can be brought to justice. Any computer system, given time and appropriate resources, can be compromised. The trick to security is to make obtaining access more costly in some way to the attacker than he is willing to pay. If your attacker is as highly motivated as it seems then the best way to regain your security is to stop the attacker. Disconnect your network from the internet so that he can't change anything else, and call the police.

If, for some reason, the police are unable or unwilling to assist, I would recommend hiring someone to come to your house and examine your network and machines, and beef up security. Having physical access to the network is all but required to uncover what kind of things are going on. Sadly, that can't happen on a free support forum like this.

I'm sorry that I don't have a magical fix for your problem. . . but I will say that with the very limited amount of information I have about your situation currently, the router seems to be the most likely point of entry for attack. Likely a weak administrative password. If your router is compromised then he has easy access and control over all your internet traffic.

However, I again implore you. Go to the police.

Best of luck,


Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+

#4 horseface

  • Topic Starter

  • Members
  • 3 posts
  • Local time:12:31 PM

Posted 03 March 2014 - 04:11 PM



I sincerely appreciate your response.  I have gone to the police, but without sufficient evidence that says its the ex-boyfriend doing all of this, they are unwilling to investigate. In addition, because this has spanned 4 different counties (where I've moved to in the past 2 years) and 2 different states (he lives in a neighboring state), I can approach local law enforcement only with the things that have occurred in this county.  In addition, the evidence that does point to it being him, I think, is written in the logs of the computers, which I am not knowledgeable enough to get to. 


It is a vicious cycle.  With at least one camera in my apartment (the bathroom), I'm fairly certain there is at least one other in the living room, watching my comings and goings so he knows when I'm home and when I'm not. That also means that, no matter what security measures I try to take, he knows what they are before I'm even done.  The router I was using belongs to a national cable company, which I thought was fairly secure.


I've stopped using either of my home computers and access the internet at the library, which makes it extremely difficult to look for work.  Consequently, I am not financially able to have a forensic computer expert look at either of my computers. 


Can you separate the things I mentioned above into what are "normal" Windows internal workings and what are suspicious (besides the obvious mouse moving on its own)?  At least then, maybe, I can narrow down what I am fighting against?  I can't just sit here and do nothing and let him keep contolling my life! 


One other thing:  I turned my laptop on last week. My wireless adapter is disabled in the device manager and I was not connected to the Internet via ethernet, either.   I had downloaded a number of the malware, trojan, virus tools from your website and ran them.  I was going through the event viewer afterwards and saw that the Secondary Logon service, along with a number of other network services, had started.  It looked like there were new drivers downloaded to some devices that showed up in device manager as "Base System device".  Also, in the past, I've seen the event viewer show where an "L2PT adapter arrived".


If I wasn't connected to the internet via wireless or ethernet, and the WWAN and WLAN services were disabled, how is he gaining access to my laptop?  A better question is, "How the hell can I stop him from continuing to access my laptop??" 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users