Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am being remotely accessed for 2 years


  • Please log in to reply
1 reply to this topic

#1 Remotee

Remotee

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 18 April 2018 - 07:53 PM

It all started not long after I had trouble installing MacAfee  antivirus and logged onto a website for help. I usually check to see if it is an official website but neglected to do so this time.  
 
A  person with an India-type accent answered and said he needed to access my computer to solve my problem. Against my better judgement, I acceeded but when he tried to show 
 
me all the problems and asked for money to fix them, I became suspicious, said no and turned computer off.   Several weeks later (near end of 2015), strange things began to happen 
 
and since then, it became obvious that someone, or more likely, an organization, was remotely accessing any computer I used.
Here are some of the evidence of this:
 
1. Changes occur in various CMOS settings. One favorite is the NumLock.  The setting always changes to "on".
 
2.  Attempts to delete selected files are not possible.  Media Player is one but there are many. If they seem to be deleted, they pop      back up again after several seconds . These 
 
files always seem to have "Trusted Installer" listed as the Owner in the Properties-Security Tab or at least one of the Users.  I have tried getting rid of Trusted Installer but usually it finds 
 
a way to appear again in some form or another.  Incidentally, one of the computer log files lists a program or service called Trusted Installer.exe that is being installed.
My favorite photo editor was free of Trusted Installer until recently but now it is infected. First, the cropping feature I was using would     not open (greyed out). A look at the Security tab 
 
showed that "Trusted Installer" was now listed. 
 
3. The computer says it is installing Updates practically every time I turn on the computer or turn it off.  Sometimes it is the Registry. It warns me not to turn off or unplug the computer 
 
but now I do anyway with no ill effects. One of tell-tale signs that the hacker is at work is a whirling circle that appears on screen. It appears very often and some times, for long periods. 
 
From my long experience with computers, this behavior is not normal.
 
4. In one case, the computer I was using would not let me use a CD with assorted utility programs. I often used it for wiping or editing  the hard drive. The CD would load for about 5-10 
 
seconds & then eject. Other CD's acted normally. There is nothing wrong with the CD as I have used it many times since then.  Several attempts using DOS didn't work. I finally tried to 
 
load Debug but on every attempt, the keyboard would go dead. 
 
5. When I first noticed that things were not normal, I looked at the log files for Windows 7. One which was under "Perflogs" or something similar, listed what was being installed.  I 
 
noticed & remembered 2 items. One was a keyboard logger and another was to turn the audio gain to maximum. I tried to copy this file but failed.  Now, every installation  of Windows 
 
7 lists the name Perflogs but it is empty. That a keyboard logger is present is evident as passwords are ineffective. Even the settings in my router keep changing after I set them up. In 
 
particular, when I run ipconfig, I notice uPnP is being used to connect to the network so I disable this feature but it and other settings I change keep coming back.
 
6. I tried using some old Windows 98 installation  floppies but I neglected to set the slider for editing the files. It soon became evident that the critical files like autoexec.bat & config.sys 
 
were being changed. Using DOS, the PATH, ASSIGN,ATTRIBUTE & other commands were constantly being changed so it became very confusing.
 
7. I tried NMAP on some of the strange  IP's I encountered and one was from a place in Russia. I wonder if I am one of Russia's netbots or whatever they are called. However, another 
 
IP was from China so who knows?
 
After more than 2 years of trying to get rid of this pest, I do not have the solution. When installing Windows, he does not need to wait for me to connect to the internet. As soon as the 
 
installation starts to load the network devices, the screen goes blank several times and I think he is now able to access the computer to at least some degree. I think he uses Media 
 
Player but apparently any similar program that allows streaming like Gaming will do. From inspecting the register, I suspect internet radio is also used but this is only a guess.  I have 
 
contaminated my daughters computer when I used my computer while she had hers on. When she moved and got a new internet provider, he disappeared but when I visited her 
 
months later & turned on my camera, he was back. I have even bought a new computer & gone far from any other computer but forgot that she had her cell phone. It looks like the only 
 
solution is to buy a new computer, move to a new location, assume a new identity and pray. I'm hoping somebody on this forum has a less drastic solution.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:11 AM

Posted 19 May 2018 - 09:38 AM

No one has answered as we need a deeper look.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users