Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Everything is hacked!!


  • Please log in to reply
11 replies to this topic

#1 Emm_24

Emm_24

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 21 September 2017 - 05:02 PM

I have been battling this issues for about 2 weeks. Orig my my Wi-Fi was going into limited connection here and there on all my devices (Pc, laptop, 3 cells, 3 smart Tv's, & a Roku) . I went in to adjust some of my router settings and noticed then something was off. My port forwarding and upnp were enabled and I would never have done that. I started snooping through my pc and found some questionable files and two extra pc's lostee in my devices. I also saw briefly the double computer srwen notification in my task bar but it disappeared quick. I tried running malewarebytes but it downloaded an imposter and my browser redirecting anything I attempted to do (even your sight wouldn't load) long story short I did a factory restore. I even had an IT friend remote in the next day, he thought I looked good. Well I wasn't good. My computer has become reinfected again. Not only that my daughter's laptop too! I have port forwarding disabled but static routes keep getting created. I thought my router had to be the source so I bought a new one. I cleaned out my daughter laptop running vista and made sure every possible remote access was disabled. I uninstalled the Bluetooth divers (bc we don't use Bluetooth). My copmututer I wasn't able to get in, it would just load to a screen with wallpaper. Things seemed to have been ok. Last night I was able to boot my pc. I did another factory restore and have been running diffren anti virus/malewarye apps. Everything was coming back clean. Then Mcafee said I had and update and restarted my pc. Since the its been back. I was cleaning things out and deleting and disabling anything that could allow remote access. I am now booted out and and unable to log in. Oh, and my admin rights were taken away prior to my pc shutting down. I am at the log in screen but it doesn't log on. Is there any hope??

BC AdBot (Login to Remove)

 


#2 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 27 September 2017 - 11:06 AM

Ok, I really need help. I've done or tried everything I've read to do. I have a windows 8.1 repair/reinstall to run but I think the options to do this or the rights rather are blocked. What can i do???

#3 Hacked2theByte

Hacked2theByte

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 04 October 2017 - 11:58 PM

You are in a virtual machine, there is a floppy drive that replaces your optical drive if u have one. Start looking at github, puppy Linux, Wiki Media the group responsible for this, and more. Message me I will give u my cell, Ive been fighting for 3 months, I got the whole floppy drive, I got tons of logs, and have an understanding of how. I posted the ip of all their servers on fb, but I have so much more, Ive been in the servers, I use the apps and programs they are using, but they are many, and have many bots to redirect your traffic and mimic webpages, but continue to fight it.

#4 Hacked2theByte

Hacked2theByte

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 05 October 2017 - 12:05 AM

On windows anything Microsoft is bad, turn off updates and drivers. They use window media player to install the packages that they pull once they lock your ip and dns servers down. Also hackers using a version of Hirens boot cd called Hiriam that runs Dos programs from a live version of Windows 98 with scripts. When you do a fresh install you need to move fast, open everything up you can as administrator and then learn cod and powershell

#5 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 05 October 2017 - 10:07 PM

Thank you for replying. I am stumped once again. I got the repair/recover/reinstall to finally run. First time I logged in it went to hell again. I was trying to turn off all remote access settings before I connected to wifi. Long story short I'm out now and stuck in a recover screen loop. Can't do anything to bypass it. The only option that works is F2 and that takes me go UEFI. I did find that I have 2 partitions??? And I passsd all my component test lol...i can't run another recover disk and the recover flash wouldn't work either. I found out from my flash dive that my driver have a virus. I am about to pull my hair out. I am using an old router and my phone seems ok, finally. The laptop, I threw out finally. I need this to be over.

#6 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 07 October 2017 - 12:27 PM

The trusted installer is a built in user on windows. Also Administrators, with the "s" on the end, can be created by Norton I believe, if you're running that. I know it gets crazy trying to sort through every thing. I used TCPView that i downloaded from here. That will give you a better picture as to whats running of remote connections. I had my guest acct actually activated and in use, that concerned me. No one uses pc but me and i do not do any file sharing or have any user groups that should have ever been created. My media player built in apps all showed up on my last scan. I had attempted to delete all of those games and other Reltek apps but they kept showing back up.The scan that detected the most for me was Emsisoft. Unfortunately the scan was unable to complete and remove all the malware and junk. If I can get back in ever again...i will run that for sure. I only downloaded tools from this site bc I know free security apps online are not always safe. I'm still not sure 100% about the extra process that was running. That I am concerned about. I am about to attempt another reinstall and see where I'm at. I haven't had any issues since this pc has crashed and i ran security scans on our phones and followed the instructions on removing malware from android. Good luck. I know I have about lost it dealing with this whole mess. Hacker, malware, adware, or virus!! Whatever it is I want it gone.

#7 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 14 October 2017 - 10:31 PM

I have not a clue!! I am having problems on my new laptop. I tried to uninstall McAfee and it said I have to activate before I could uninstall...I do not know if this is where it is stemming from but my system has gone crazy again. McAfee kept downloading additional files and Emsisoft was notifying me that it was not safe. Emsisoft has also been blocking remote access and websites  all day. I am at at loss. My ISP reconfigured my modum, I did a factory reset on my router (the newest one LOL), and my Laptop is brand new!!! How is this happening?? I have had problems with my Android, mainly with browser redirects. I wonder if its an app associated with an acct I have like GOOGLE or even worse associated with all accounts I was logged in on my old pc!!!!  I will look into vipre. If I act fast I can possibly get a hold on it this time. I haven't lost my admin rights or anything, as of yet! I do think my malwarebytes keeps installing an older version and I think my settings in Emsisoft have been changed now.



#8 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 19 October 2017 - 04:49 AM

Is there somewhere else I need to post to get help? I can not run scans at the moment, unable to access certain programs and files, admin rights taken away. I did run emsisloft and there were several things detected. I could not read the quarantine page but took a photo of the log.

#9 pistol22cal

pistol22cal

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 19 October 2017 - 07:26 AM

Do you know how to use Hirens Boot CD?

 

Hirens, or any live ISO will be needed.

 

Further, unplug everything. Now...unplug it all. Computers, Routers, Switches, Modems, Everything.

 

Now, leave it all off for about 15 minutes.

 

1. Boot a computer into safemode with networking.

 

2. Power on your modem while holding the factory reset button

 

3. Connect the computer to the modem via ethernet

 

4. Get on the internet

 

5. You need two programs - Rufus and Hirens - and maybe 7zip if you dont have it

 

Rufus - https://rufus.akeo.ie/

Hirens - http://www.hirensbootcd.org/files/Hirens.BootCD.15.2.zip

7zip - http://www.7-zip.org/a/7z1701.exe

 

6. Now you want to make a bootable usb with hirens on it.

7. Use hirens to scan all computers one by one 

8. While using hirens you can safely connect to the internet using your modem.

 

Note, if you have DHCP ip address from your ISP leaving your modem off for 15 minutes will prompt the ISP to "check" your connection. 

 

If you have a static IP ask for a new static IP that is not a Dynamically Allocated Block you want a true static IP --- IF this is applicable.

 

Most people have and use DHCP - PPPOE or Cable

 

Something is infected on your network and you are going to have to take it slow step by step, one computer at a time.

 

I would HIGHLY recommend you only having 1 computer at a time on at anytime and only one computer connected to your modem at a time, further any smart devices should be disabled, turned off, or secured.


Edited by pistol22cal, 19 October 2017 - 07:28 AM.

I Love Lamp!


#10 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 20 October 2017 - 04:12 PM

Thank you so much. I'm checking this away from home because I am unable to access Wi-Fi at the moment. I will start on this today! I am on able to access the one computer now. It's the new one I got last week. My desk top won't boot to Windows. All other devices are smart phones and a tablet. I have already unplugged my router from my modem and connected via Ethernet to access internet with the laptop. I hope that won't cause any problems.

#11 Hacked2theByte

Hacked2theByte

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 20 October 2017 - 06:14 PM

I am facing same situation, I used Hiren (HBCD) but downloading it from a hacked computer just adds some trouble because a config files will be injected upon burning or mounting. Clearing the cmos did help I just pulled the battery for short time. Whatever this hack is its big, every device infected and any new device brought into house gets it too. Comcast router was hit many time with DDos attack causing a buffer under flow, now it belongs to the bad guys. It was a SYN TCP attack on port 65534 I believe.

#12 Emm_24

Emm_24
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:55 PM

Posted 26 October 2017 - 10:30 PM

ok, so internet went out and just got it back up today. I have hirens boot cd, just not sure what you wanted me to run off of it. I am starting on my new laptop running windows 10 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users