Serious Discussion Cyberstalker infiltrated into my system? How?

TangentLiny

New Member
Thread author
Aug 18, 2024
2
Hello, I am looking for advice regarding rootkits and hacking.

I have been dealing with this cyberstalker person for the past several years on and off. I have tried a lot of things, and to my surprise, I was not able to stop this person from tracking me down.

This led me to conclude that I might have been hacked or rootkitted. What would be the best remedies for dealing with this?

For further context, I met this person from an online gaming community in 2018. I am not exactly sure what mistakes I might have made since it was a long time ago, but I might have clicked on something?? I am not sure. After this, this person was able to track down on all of my computer activities, and by all I mean ALL, EVERYTHING. My private DMs with friends on Telegram, Discord, my phone number, personal files, photos, games I'm playing, all activities, information, emails, all social media accounts, EVERYTHING was found.

This cyberstalker uses her advantage of having complete spying of my system to torment me and harass me by inducing panic and anxiety through deliberate attempts where she would message me things from multiple fake accounts that ONLY I should know about. She also somehow found new accounts I have made on forums, social media sites, and I used random names and random email, and no signs of any accounts were ever compromised.

An example, say I was watching a very specific porn genre on my computer and have told no one about, since you know it is porn and the genre can be pretty nasty. This cyberstalker then sent subtle texts or messages from a random fake account about that kind of porn to mess with me, you know what I mean? These kinds of harassments.

Yes, I have contacted police, but they haven't considered my situation severe enough and have not taken actions. Which is why I am now trying to seek help online. Any experts here in rootkits?

At times, there were also strange symptoms on my PC, where it would suddenly wake up in middle of night while the display was off or asleep, and that also wakes me up, which is hella spooky. I did research online for a while, and a rootkit seems like the most accurate infection that I might have, nothing else seems out of the ordinary, no detections.

Things I have tried:
  • Paid for antivirus softwares, multiples of them in fact.
  • All kinds of virus scanners and tools.
  • VPN
  • Clean reinstall of Windows.
  • Dual boot Linux.
None seemed to have worked.
What should I do?
 
  • HaHa
Reactions: TuxTalk

Bot

AI-powered Bot
Apr 21, 2016
4,192
I'm sorry to hear about your situation. It's indeed possible that your system might have been compromised by a rootkit or other malware. Here are some steps you can take:

1. **Hire a professional**: Given the severity and persistence of your issue, it's advisable to hire a cybersecurity professional. They can thoroughly examine your system for any hidden threats and take appropriate actions.

2. **Hardware check**: If your system is still compromised after a clean OS reinstall, it's possible that the rootkit is embedded in your hardware. Check your router, BIOS, and peripherals.

3. **Change all passwords**: After ensuring your system is clean, change all passwords. Use a password manager to generate and store complex, unique passwords for each account.

4. **Enable 2FA**: Enable two-factor authentication on all accounts that support it. This adds an extra layer of security.

5. **Be cautious**: Be careful with what you click on, especially in emails or messages. Avoid downloading files from untrusted sources.

Remember, it's important to involve law enforcement if you're being harassed or stalked. Keep documenting all incidents and approach them again with your evidence.
 
  • Love
Reactions: Behold Eck

Victor M

Level 12
Verified
Top Poster
Well-known
Oct 3, 2022
556
There is another possibility other than a rootkit. And that is that your modem was hacked. With that she can do man-in-the-middle attacks.

But back to the rootkit hypothesis.

Backup your data and download the ISO of Parted Magic : Parted Magic 2012-12-25 (32 and 64-bit versions) : Parted Magic : Free Download, Borrow, and Streaming : Internet Archive . Use Rufus to 'burn' the ISO to a empty USB stick. Rufus - Create bootable USB drives the easy way . Boot with the Parted Magic USB stick and click on Erase Disk to thoroughly wipe your hard drive/SSD/Nvme. Then reinstall Windows. This will guarantee you a clean slate.

When you have a rootkit, it is not always saved as a file inside Windows, it may be hidden at the very beginning the the drive or some unused part. So Parted Magic does a clean wipe. One of the erase disk options writes 0 and 1 across the entire drive. ( but it will take an hour) Nothing will be left on the drive.

Also download the iso of Windows and use Rufus to burn that to another USB stick and boot that to install Windows.

The second mistake people make is re-install applications that they have previously downloaded and kept as part of their backup. Don't do that, because hackers know you will be doing that, and she will embed her rootkit inside one of your setup programs. Don't keep any old programs, download them fresh after you have installed Windows.

Anti-malware is only good for mass-distributed malware. If your hacker is a skilled hacker, then she would never spread her rootkit around trying to infect everyone in the world. That is a sure way to get anti-malware vendors to notice you can try to capture your malware. Instead the hacker will only use it for chosen targets.

So, as you re-download your facorite programs, go upload every one to VirrusTotal: VirusTotal . That site uses some 40 anti-malware programs to scan the file you uploaded to make sure it is clean.

As for firmware viruses that infect your BIOS, that is possible too. So go to your motherboard vendor like ASUS or your computer maker like DELL and download the latest BIOS, BIOS usually have 2 ways be getting installed, a) is thru the BIOS upload menu. You boot into your BIOS and find the upload page and upload your new BIOS. b) is a program. You run that BIOS installer exe and it does the updating. Note: don't poweroff mid way thru the update, you will Kill your machine.

Changing all your online passwords is a good thing to do. Or you can simply just configure multi-factor authentication. (MFA/2FA) . Download MS Authenticator onto your smart phone. Go to the web site 's account password section and enable 2FA. It will show you a bar code block for you to take a picutre of with the Authenticator. Once you took the picture it will display a unique code for you to enter into the web page. The code will check out, and you will have registered.

Having MFA/2FA means that everytime you logon to the web site, not only do you have to key in the password, your Authenticator will generate a unique one time code for you to enter as well. So that is something your know - your password; and something you have - the Authenticator's generated code. So if the hacker has a keylogger as part of her rootkit and captured your password, it will now be useless, because she doesnt have the Authenticator's code as well.

Here is an in depth hardening guide for Windows Home. It is meant for people like you.

Now that takes care of your web sites. I don't use Telegram or Discord so I can't help you there.

If you have any more questions, send me mail, at the top right corner of the screen, envelope icon,
 
Last edited:

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
tv show drama GIF by Pretty Little Liars


I think this is heavily inspired by Pretty Little Liars. The stalker is -A.
 

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,561
A Rootkit that can boot a computer in the middle of the night?
I'm an IT technician and I've never seen anything like it!
Especially since all malware disappears when Windows is reinstalled (because I think you're formatting, which goes without saying).

Either your modem has been hacked (there's malware that can do this), or you've been watching too much Mr.Robot.
Sorry to be very sarcastic, but this is totally incoherent...

If the PC is turned off, NO malware (whether worms, Trojans or anything else) can turn it on.
And you don't need malware to retrieve your personal information (what we call a doxx), apart from your passwords with a stealer...
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
Any experts here in rootkits?
A rootkit is malware like any other, the difference is it includes a driver which allows it to operate in kernel mode, as opposed to malware operating in user mode.

Once malware enters kernel mode, it can do all sorts of activities, usually, first and foremost, it will remove security software.

Certain rootkits will tamper with system features and will prevent you from accessing security-related websites (years ago done through manipulating host file, which nowadays is not respected by the browser).
Or they will terminate security software installers.

Certain rootkits historically have used hard disk drivers and manipulations, which prevented AVs from detecting rootkits by hiding the malware files.

Nowadays, the issue with kernel-mode malware is not as heavily emphasised because:
  • It is very difficult to gain kernel level privileges. Installtion of unsigned drivers is long blocked, the most mainstream way is BYOVD abuse. Vulnerable drivers get discovered at one point and are detected by some vendors
  • Antivirus software now uses direct disk access and memory scanning
  • Early launch anti-malware literally initiates 4-5 highly critical drivers, before your AV is initialised. All drivers from there onwards are scanned for malware and remediated.
  • Kernel-level malware does not survive Windows re-installation, because this deletes and recreates all drivers. There have been very few cases where malware infects firmware as well. These have been used as part of state sponsored attacks against governments and businesses. Under normal circumstances, unless you are going on malware portals and executing everything shared there, you will not get your hands on such malware. The teams that are capable of pulling this malware off are not interested in you and your porn history.
  • Fileless malware in WMI, scheduled tasks and registry can quietly maintain persistence for long and can still do quite a lot, specially when combined with a UAC bypass. Kernel-level privileges are not an absolute must for attackers.

To remove suspected rootkits:
  • Reset device firmware. Check your device manufacturer for instructions how this is done.
  • Use Windows Media Creation tool on a friend’s computer to create bootable installation drive, then use your boot menu key to initiate Windows installtion. Nowadays, it takes about 10-15 minutes and is very straightforward.
  • Reset your router firmware. For more information, contact your ISP.
  • Change all passwords, secure accounts with 2FA.
If your problems still persist, either contact a local IT security specialist or get other help that you need.
 
Last edited:

Studynxx

Level 3
Jan 20, 2023
209
There is another possibility other than a rootkit. And that is that your modem was hacked. With that she can do man-in-the-middle attacks.

But back to the rootkit hypothesis.

Backup your data and download the ISO of Parted Magic : Parted Magic 2012-12-25 (32 and 64-bit versions) : Parted Magic : Free Download, Borrow, and Streaming : Internet Archive . Use Rufus to 'burn' the ISO to a empty USB stick. Rufus - Create bootable USB drives the easy way . Boot with the Parted Magic USB stick and click on Erase Disk to thoroughly wipe your hard drive/SSD/Nvme. Then reinstall Windows. This will guarantee you a clean slate.

When you have a rootkit, it is not always saved as a file inside Windows, it may be hidden at the very beginning the the drive or some unused part. So Parted Magic does a clean wipe. One of the erase disk options writes 0 and 1 across the entire drive. ( but it will take an hour) Nothing will be left on the drive.

Also download the iso of Windows and use Rufus to burn that to another USB stick and boot that to install Windows.

The second mistake people make is re-install applications that they have previously downloaded and kept as part of their backup. Don't do that, because hackers know you will be doing that, and she will embed her rootkit inside one of your setup programs. Don't keep any old programs, download them fresh after you have installed Windows.

Anti-malware is only good for mass-distributed malware. If your hacker is a skilled hacker, then she would never spread her rootkit around trying to infect everyone in the world. That is a sure way to get anti-malware vendors to notice you can try to capture your malware. Instead the hacker will only use it for chosen targets.

So, as you re-download your facorite programs, go upload every one to VirrusTotal: VirusTotal . That site uses some 40 anti-malware programs to scan the file you uploaded to make sure it is clean.

As for firmware viruses that infect your BIOS, that is possible too. So go to your motherboard vendor like ASUS or your computer maker like DELL and download the latest BIOS, BIOS usually have 2 ways be getting installed, a) is thru the BIOS upload menu. You boot into your BIOS and find the upload page and upload your new BIOS. b) is a program. You run that BIOS installer exe and it does the updating. Note: don't poweroff mid way thru the update, you will Kill your machine.

Changing all your online passwords is a good thing to do. Or you can simply just configure multi-factor authentication. (MFA/2FA) . Download MS Authenticator onto your smart phone. Go to the web site 's account password section and enable 2FA. It will show you a bar code block for you to take a picutre of with the Authenticator. Once you took the picture it will display a unique code for you to enter into the web page. The code will check out, and you will have registered.

Having MFA/2FA means that everytime you logon to the web site, not only do you have to key in the password, your Authenticator will generate a unique one time code for you to enter as well. So that is something your know - your password; and something you have - the Authenticator's generated code. So if the hacker has a keylogger as part of her rootkit and captured your password, it will now be useless, because she doesnt have the Authenticator's code as well.

Here is an in depth hardening guide for Windows Home. It is meant for people like you.

Now that takes care of your web sites. I don't use Telegram or Discord so I can't help you there.

If you have any more questions, send me mail, at the top right corner of the screen, envelope icon,

Not to be a d#ck but I think OP's a troll account. Because if what he says is true, then he's got issues with some super advanced hacker, and I say this with no sarcasm. Like, embedding rootkits into his setup programs? To do that, she'll have to reverse-engineer the original program first. Etc. Pretty crazy

If true, OP should either re-image the modem and router first, or honestly just buy another one.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
Like, embedding rootkits into his setup programs? To do that, she'll have to reverse-engineer the original program first
Not necessarily, you can package the original setup with the malware and the kernel-driver. But this scenarios is highly unlikely. It is a troll account for sure. Some people are very lonely (for a reason) and desperate for interaction. They are ready to make themselves look like clowns, just so someone would talk to them.
 

SpiderWeb

Level 12
Verified
Top Poster
Well-known
Aug 21, 2020
593
Please. No regular cyberstalker has software that can persist over a clean install unless you restored a backup with that rootkit which in that case you just undid what the clean install was supposed to achieve. There is a very slight chance that your modem/gateway might be hacked. That can also be solved with a factory reset that no rootkit can survive. I am taking your question seriously and if you truly believe you are being stalked, then update everything, backup your personal data only, and factory reset everything that gives you an option to do so.
 

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,125
Paranoia can come from other sources, if you are sincere, consider that you, being hacked can be a spiritual attack, as this is not a site for this(for the sake of argument ,my opinion) consider seeking this possibility. I have known personally of paranormal activity; may the Lord bless you
 
Last edited:

Victor M

Level 12
Verified
Top Poster
Well-known
Oct 3, 2022
556
It is a troll account for sure
When my site was active I make $2000 - $3000 per year, selling the script kit for $8 each.

There Are people who get hacked and they don't know where to turn to and rely on searching the web to help themselves.
 
Last edited:
  • Like
Reactions: Dave Russo

TangentLiny

New Member
Thread author
Aug 18, 2024
2
First, I am not a troll. I don't know where to turn to or go to so I am seeking help online from forums.

Thanks for the comments, I also have suspected modem, router or network attack. Because the only thing that's consistent in all of these fuss is the same network. Unfortunately, I don't own the router/modem, I don't pay for it, it's provided to me for free by a family member so I have no say or any control over it. Though can someone explain to me the Middle of the Man attack more? And modem/router hacking? How is that supposed to allow her to watch all my computer activities?

And yes, this person is quite advanced in her tech, I did some digging and know that she studied computer science in the past, she has a group of friends who are also tech savvy and it seems to me like an online cybergang more than friend group. She also was capable of somehow spamming online dating apps like Tinder or PoF with 100s of bot accounts which I don't know how it is being done. She also did the same thing with Reddit, spammed 100s+ of accounts, so this person I'm dealing with is tech savvy yes, she knows her stuff.

Originally, when I first noticed of the stalking, I thought it was just a simple google search, persistent effort on finding someone using public tools or obsessive digging so I never took it seriously which is why I didn't care much about it and kept going on my days and create new accounts and move on with my life. This is when I start to notice that it is not the case because these new accounts I made were somehow found as well, the only explanation for that is infiltration of my system/hacking. As time goes on, the stalking escalated and harassment started, and that's when it kinda got to my mental health and wellbeing. I cannot even make a post online without being trolled by the person, basically say I posted an ad online on a website to sell my throwaway items at home, this person sees it and would create fake accounts and pretend to be interested in buying my items and then ghost me to waste my time. Or find my dating profiles on dating apps like Tinder and PoF that I mentioned and try to match with me and troll me.

Also, the harassment is not just porn, it is simply an example that I gave. Anything I do on my computer, anything that can be used to hurt and attack me, this person will do it. Any insecurities I vent online, anything I say about my life and myself, this person will use it against me like some sort of weapon. I have zero privacy rights because of this person, I feel my rights are constantly violated and don't have freedom to privacy at all.

Anyways, let's get back to the technicals. I will read that PDF on hardening windows 11, and I will delete things I don't need on my backup files, especially exe files. Also, my computer doesn't turn on in middle of night, it's more like the display is turned off after 15 minutes, and randomly it turns on by itself, the mouse is supposed to be moving or keyboard pressed for that to happen, it happens randomly for no reason. No, it doens't turn itself on after sleep or shutdown I didn't mean that when I write.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top