Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am hacked, all programs disabled


  • Please log in to reply
8 replies to this topic

#1 sweetpotato

sweetpotato

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 10 August 2016 - 06:37 PM

Thankfully, I am able to boot in safe mode with networking, but while I was installing and running

    Emsisoft, the hacker disabled everything...I can't open system services, control panel, command prompt, my browser (firefox) or IE, the snipping tool, everything is disabled since I got on the computer this afternoon...I had been looking at you-tube videos on how to detect and remove a RAT, as I know I have key logging by this hacker...He has been on my back for almost 2 months.  Usually he has my network adapters and settings disabled, but I went into services and changed as many of the things he disabled as I could...I'm sure, that since I've been able to get online in safe mode, that will be disabled next, so I may not be able to respond to an email if you answer me...I am planning to reset to factory default, awaiting a new Win. 7 CD to arrive.  If I do that, will it get rid of the RATS?  Per LifeLock, my info was sold on the black market, so I've had a number of hackers online with me, but I think most of them have dropped out, since there's nothing on this computer to get them any money.  Please tell me what to do....I will sit here online as long as he lets me stay online.  Oh, Emsisoft came up with 0 threats, and Webroot had, too...so he's under the radar, tracking everything I do, and disabling all my programs.



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:16 PM

Posted 10 August 2016 - 06:59 PM

The reality is that if your machine has a backdoor you can never trust the current installation again.

 

There is only one logical thing to do in your situation.

  • disconnect from the internet
  • backup your personal data
  • reinstall Windows using either the built in recovery partition or a Windows disk
  • hard reset your router, then before reconnecting it to the internet log in via your fresh PC and change the admin and wifi passwords to something secure.
  • then you can reconnect your system to the internet

After doing this you need to

I hope this helps

 

TsVk!



#3 sweetpotato

sweetpotato
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 10 August 2016 - 08:24 PM

Thanks so much!  I am not even on wifi, I'm ethernet connected, which really baffles me. He disabled my internet cards long ago, and since he does it daily, I just gave up trying to use the router he has invaded...I'm not sure this installation of Windows has a boot partition, so I'll wait until my new disk arrives, 2-3 days, and then reset the computer.  Hate to do it, but it's the only way out. Do you think he'll find me again, after the reset??



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:16 PM

Posted 10 August 2016 - 09:11 PM

If you hard reset the router and reset your router password (the admin password: VERY IMPORTANT!... google up your router model online and fine out how to do these things) as well as cleaning your system I don't see how.

 

Of course if someone knowledgeable enough is keen to get into a system there is no stopping them. But generally kiddie hackers are looking for easy targets, not people who have taken security measures. And professional hackers are looking to monetize, they're not interested in messing with people just for fun. Waste of precious time.

 

After one bad attack a some years ago I called my ISP, explained what was happening and got them to change my IP address. They did this without too many questions. This is the equivalent of moving house, virtually. Your ISP may or may not be as co-operative with your request if you go this direction. As I use smaller more specialized ISP's they have time for me, unlike the Verizon's of the world.



#5 sweetpotato

sweetpotato
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 10 August 2016 - 11:34 PM

This is definitely a pro, but I think it's revenge because I didn't buy a "security" program they tried to sell me.  It started with a re-direct when I was trying to get to Toshiba Support, I got this geek squad and let them into my computer, then I got the willies, and decided I'd made a mistake (oh what a mistake!!)  So this one has been with me since the first part of June. I disconnected my router long ago, he key logged and changed every password as fast as I could put them in, so I connected directly into the modem.  So now, he has my modem MAC and IP and joins me whenever I'm online, disables everything I have, today, even disabled my browser, cmd, as I said before everything...my new Windows CD just arrived, so tomorrow, I can clean this computer up, but the isp says I need to get a new modem now that he is coming in that way, so now I'll have to order a modem before I reset. I need to find out how to make a boot partition when I install the new Windows CD.  It doesn't come with instructions.  Thanks for your comments

PS. Time Warner Cable wouldn't change my IP because I bought my own modem, and am not renting from them. Never mind that I pay them $50 a month for the internet...nice..



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 10 August 2016 - 11:41 PM

There are people here can help you with boot partition.

 

Changing your ip I am not sure about....but am sure someone will have a solution for you.

 

Dont give up.....You may need to start a new topic when all your new gear arrives.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#7 sweetpotato

sweetpotato
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 11 August 2016 - 12:00 AM

Thank you...I will do that...start a new thread when my new modem is here.  Great idea.



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:16 PM

Posted 11 August 2016 - 01:26 AM

I can't see why you would need a new modem... your ISP sales person is lying to you. They just want you to pay for a new one from them.

 

Just get your network username and password from the ISP to reconnect after the hard reset (enter them after you change your admin password of course).

 

The Windows disk will reformat and make your boot partition also. Don't worry about that either.

 

The only thing you are missing from the list in post 2# is entering your internet username&password from your ISP. You can probably locate this on your router without even calling them, though they can provide it to you with a call.


Edited by TsVk!, 11 August 2016 - 01:27 AM.


#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:16 PM

Posted 11 August 2016 - 01:28 AM

If you have the Windows disk you could do it now, and be free of this in a few hours.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users