It all started not long after I had trouble installing MacAfee antivirus and logged onto a website for help. I usually check to see if it is an official website but neglected to do so this time.
A person with an India-type accent answered and said he needed to access my computer to solve my problem. Against my better judgement, I acceeded but when he tried to show
me all the problems and asked for money to fix them, I became suspicious, said no and turned computer off. Several weeks later (near end of 2015), strange things began to happen
and since then, it became obvious that someone, or more likely, an organization, was remotely accessing any computer I used.
Here are some of the evidence of this:
1. Changes occur in various CMOS settings. One favorite is the NumLock. The setting always changes to "on".
2. Attempts to delete selected files are not possible. Media Player is one but there are many. If they seem to be deleted, they pop back up again after several seconds . These
files always seem to have "Trusted Installer" listed as the Owner in the Properties-Security Tab or at least one of the Users. I have tried getting rid of Trusted Installer but usually it finds
a way to appear again in some form or another. Incidentally, one of the computer log files lists a program or service called Trusted Installer.exe that is being installed.
My favorite photo editor was free of Trusted Installer until recently but now it is infected. First, the cropping feature I was using would not open (greyed out). A look at the Security tab
showed that "Trusted Installer" was now listed.
3. The computer says it is installing Updates practically every time I turn on the computer or turn it off. Sometimes it is the Registry. It warns me not to turn off or unplug the computer
but now I do anyway with no ill effects. One of tell-tale signs that the hacker is at work is a whirling circle that appears on screen. It appears very often and some times, for long periods.
From my long experience with computers, this behavior is not normal.
4. In one case, the computer I was using would not let me use a CD with assorted utility programs. I often used it for wiping or editing the hard drive. The CD would load for about 5-10
seconds & then eject. Other CD's acted normally. There is nothing wrong with the CD as I have used it many times since then. Several attempts using DOS didn't work. I finally tried to
load Debug but on every attempt, the keyboard would go dead.
5. When I first noticed that things were not normal, I looked at the log files for Windows 7. One which was under "Perflogs" or something similar, listed what was being installed. I
noticed & remembered 2 items. One was a keyboard logger and another was to turn the audio gain to maximum. I tried to copy this file but failed. Now, every installation of Windows
7 lists the name Perflogs but it is empty. That a keyboard logger is present is evident as passwords are ineffective. Even the settings in my router keep changing after I set them up. In
particular, when I run ipconfig, I notice uPnP is being used to connect to the network so I disable this feature but it and other settings I change keep coming back.
6. I tried using some old Windows 98 installation floppies but I neglected to set the slider for editing the files. It soon became evident that the critical files like autoexec.bat & config.sys
were being changed. Using DOS, the PATH, ASSIGN,ATTRIBUTE & other commands were constantly being changed so it became very confusing.
7. I tried NMAP on some of the strange IP's I encountered and one was from a place in Russia. I wonder if I am one of Russia's netbots or whatever they are called. However, another
IP was from China so who knows?
After more than 2 years of trying to get rid of this pest, I do not have the solution. When installing Windows, he does not need to wait for me to connect to the internet. As soon as the
installation starts to load the network devices, the screen goes blank several times and I think he is now able to access the computer to at least some degree. I think he uses Media
Player but apparently any similar program that allows streaming like Gaming will do. From inspecting the register, I suspect internet radio is also used but this is only a guess. I have
contaminated my daughters computer when I used my computer while she had hers on. When she moved and got a new internet provider, he disappeared but when I visited her
months later & turned on my camera, he was back. I have even bought a new computer & gone far from any other computer but forgot that she had her cell phone. It looks like the only
solution is to buy a new computer, move to a new location, assume a new identity and pray. I'm hoping somebody on this forum has a less drastic solution.