Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have end of computing malware


  • Please log in to reply
4 replies to this topic

#1 Spangled

Spangled

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 May 2017 - 06:16 AM

I will try to be brief as possible.
I clicked on a Windows 10 Update pop up and someone started talking to me via pop up messages. I noticed after 10 mins I was being hacked as things began to disappear and slowly but surely my computer became disabled and I lost Admin rights, even the hidden Admin said Enabled when I turned it on but I had no control.

But why I'm possibly over reacting about the end is this, everything on my network got infected, even my phone but I have another phone not connected to the network and within 10 mins the hacker had control. For some reason he took me to a fake Windows Help site and posted all my folders and files which I stupidly couldn't stop laughing at and I think I made him angry.
I wiped the whole disk USA defence standard and made a fresh instsall. I thought I was ok until I visited a web site and amazingly he removed all the clickable buttons till all that was left was the Disable site access security button.
Then I wiped disk again and installed Ubuntu but he came back again.
I tried to put a password on BIOS but he changed it. Somehow I can still boot up but in BIOS menu Password says Enabled but it is greyed out and I can't click on it.
Both phones are Android 5.1
I'm using Safe Mode on phone which I Factory Reset as that is supposed to be virus proof and I don't want him to mess with this site.
I updated the BIOS on my PC using USB Flash because I didn't have to boot up, thinking this would bypass the malware but it's still infected. It feels like AI because he can't be stalking me all the time yet when I think everything is OK all my Programs will disappear. It seems to get very angry when I download Malewarebytes. But when I run it, both it and Bit defender report everything clear.
If it can infect Windows, Linux and Android and be undetectable how can it be countered? Especially infecting a phone with WiFi disabled.
I hope someone can help but I'm dreading him seeing this and engaging the BIOS password and totally destroying my computers.
Hope that wasn't too long, in 16 years I've never been infected, it's quite scary.


Edited by hamluis, 13 May 2017 - 09:19 AM.
Moved from W10 Spt to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,882 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:39 AM

Posted 13 May 2017 - 01:36 PM

The only thing I see you haven't done is performing a RESET of the router and RESECURING of the router with a new password, enabling the router firewall and

blocking remote access. Just hold in the RESET button for several seconds and then release. Access your router and resecure.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Spangled

Spangled
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 14 May 2017 - 03:49 PM

Hi Buddy,
Thanks for replying, really appreciate it. I've reset my router about 20 times literally because I thought it might be a weak link. Disabled WPS, Remote Access, Password (usually first so I can make other changes more securely) and Upnp. But it doesn't seem to work. Like for instance I'll go to router after setting it up and the original log in screen will appear so ohiI enter Admin and WPS which is how to log in but I'd disabled WPS. Then I look at WiFi security and the password changes I made are still the same. It's like he's toying with me. When I tried to log in to reply to you it said wrong password even though I wrote it down. Then I entered email to reset password and it said account doesn't exist. So I entered username instead and that sent it to the email I entered cause I double checked it.
I phoned my ISP and asked for the latest model please as this is year 2000. But the guy was just patronising saying don't worry your router cannot get infected this is impossible. But nothing is impossible if it's connected to the net I'm sure. And routers are the main point of entry. But the BIOS changes are worrying.
Thanks again. Oh yeah, installed malwarebytes on phone and I can't run it, keeps taking me to mobile access when I click on it and whether I enable mobile access or not it takes me round in circle to desktop on mobile.

#4 buddy215

buddy215

  • BC Advisor
  • 12,882 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:39 AM

Posted 14 May 2017 - 04:06 PM

Just curious...what country are you in and what is the name of your ISP?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Spangled

Spangled
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 14 May 2017 - 04:30 PM

Hi buddy215,
I'm in UK, Virgin Media ISP. I've not read of any findings. Their previous model displayed all information for 7 seconds when booting up. I did notice something strange about a week before infection. Folk in my block went to the electrical box and suddenly there was a blackout but just this block as I looked outside and everyone else was lit up. Then 5 or 10 mins later the same people were at box and everything came back on. Now I'm wondering if they needed to reboot modem as I never turn it off. Looks like a lot of data is transferring when I turn everything connected to it off, lights flashing like crazy. Of course I am aware that it could be paranoia. Was just a strange off on they performed. However, things really went mad after I clicked on Windows 10 Update button. That's when he started talking to me and I didn't take it seriously even when directed to Windows Help site and he posted all my contents. I couldn't get them removed either but after a while I think a good Samaritan helped me out or maybe he'd copied everything by then. I'm not bothered about that, couple of embarrassing letters maybe but everyone got silly stuff like that.
Why is he insistent on leaving it active? He has everything possible to get. Thank goodness Ubuntu is quite a low learning curve for windows as he doesn't seem to mess with it as much, still a few things though like having to change my password here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users