Operating System
Windows 7 and Windows 10 PC, iPhone 6 Plus on iOS 11 .2 6, Samsung Galaxy Tab, Android 7
Device model
The software I have used is Trend Micro, McAfee live, Norton Internet Security, and a VPN service
Current issues and symptoms
I first noticed issues with my Samsung TV, then my Windows laptop about 10 weeks ago around January 15th 2018. Shortly thereafter the problems spread to my Samsung tablet and my iPhone. Symptoms of my windows PC include virtual devices being installed as well as software, Event Viewer logs showing remote access and monitoring of my computer by external users. Mobile devices show tracking of my keystrokes, strange display, strange apps not installed by me, poor operation, device appearing not to be mine, homepage changes
Steps taken in order to remove the infection
See above. I have replaced most of my devices two or three times including my router and have utilized tech support from my device manufacturers such as HP, Samsung, and Apple and currently have 24/7 Geek Squad support who have scanned my PC for viruses and malware and have cleaned my device and reset it to factory default settings. I have done the same thing twice with my PC and with my Galaxy tablet. And replaced my iPhone 6 + twice with new devices. No malware or virus has ever shown up on any tech support or software scans and the changes made but the hackers changes show up on my new devices within a few hours

Slyguy

Level 42
Verified
Thank you for that. I will try and be more concise with my posts. So I reset my HP all-in-one desktop yesterday and restored it to factory default settings. I completely wiped Everything clean including all my data.
Now today I opened Event Viewer and it looks like to me it is compromised once again by a network of individuals. I have Windows 64bit.
Since yesterday and Reset, I have 2002 events in SYSTEM under Windows Logs. Many are suspicious and looks like they are setting up the malware and remote access to my computer. I'm not sure what the most important and relevant items to share to best enable your support . I can take pictures and download them but of which items?
Also wondering if I should switch over to the Windows forum but didn't want to lose my support people so far (warrior, Slyguy, spawn, ticklemefeet).The good thing is at least I can see how they compromise my system at the start..
Event Viewer is rubbish. It's used by scam websites you call to scare you into paying them for scam cleanups. Unless you know what you are seeing in event viewer then you are chasing phantoms.

Don't get paranoid and reactionary here, establish real evidence, then formulate a plan of attack. If you are reactionary then they can just as easily push your buttons to force you into mistakes because you will become irrational.
 
  • Like
Reactions: lowdetection

Freki123

Level 6
Verified
@Noonebelievesme Don't fix one device at a time while others are infected and active. The fresh clean device will get infected for sure (over time). Either shut down all (and start doing what slyguy said) or its a waste of time. Atleast thats my opinion as a novice user :D
 
  • Like
Reactions: Noonebelievesme

Noonebelievesme

New Member
FREKI123. Yes I've learned from experience that when one device is compromised the rest quickly follow . However I think the best thing is to Target my PC first cuz that seems to be where the hackers control center is.

Slyguy/Warrior/Others
At this point I am not paranoid or reactionary to Event Viewer
(although was a bit when suggested hackers have physical access to my home which I already kind of guessed but no one had substantiated it yet).. It's been going on too long. If the Event Viewer alone were all I was basing the hacking on that would be something else. However I find it very useful as it seems to correlate with everything that I've observed happening to my PC and router/wifi.

Here are some screen pics I took of my computer including EVENT Viewer, Device Manager, and Task Manager services. I've also included pics of my HP computer specs and installed software . Note all the Microsoft software installed, especially Visual C. Also when I look at all the Microsoft updates in Event Viewer they are not revealed in my specs. Also I have not installed one thing onto my computer as of yet. I don't think HP installed all the Microsoft software at the factory. Note that my computer name is DESKTOP- OMMGFUD (the name changes every time i reset my pc) and it's part of a work group and it will not let me change it. Found another computer ACPI x64 PC "under" my desktop heading in device manager. Note that this other computer was configured and started on 4/5/18 like all the other occurrences in the Event Viewer. Theres also yet another computer referenced in Event Viewer called WIN 7GD6RAA6V0O.

Now what are all those other computer names?

Similar to my experience with my last hacked laptop something generates a name for my current computer and it's always DESKTOP-____________ something. Last time I had two different names at two different times as shown on my router home page. Its as if someone changes my computer into a mere shell of a computer with limited capabilities and is always under the DESKTOP TAB. I've never named my computer these names and I don't know what the name is referencing. I have included photos of what I think is relevant and important but correct me if I'm wrong or let me know what would be more helpful.

Anyway the photos show what my theory is regarding a Microsoft developer or team accessing my computer remotely as well as my router/internet. Each time I get a new computer or reset my computer a new event Viewer and log begins detailing what they do to my computer. Note that I bought and brought home this PC on March 4th 2018 but reset it 4/5/18. So the events start again at 4/5/18. I don't know how they do it, the motive, and how to connect all the dots of the evidence I found, that's where I need the help of knowledgeable IT/COMPUTER/SOFTWARE individuals.

OK I HAVE 60 PHOTOS,
isnt that too many to download here? Is there a limit?
I'll wait to get an answer before I start posting pics..

Thanks as always
 
Last edited:

Noonebelievesme

New Member
Yes i will certainly follow slyguy`s advice (to the letter). And I will post an update on how it all goes. Problem is right now I have to have constant Wi-Fi access as I am job seeking and communicating with recruiters frequently throughout the day. I can't pause this at this point as income is a necessity right now. I also can't go get a Chromebook just yet unless I can talk HP or Best Buy into refunding me on my PC. Already tried that with HP and they said no because it was not a hardware issue. Tried to make it a hardware issue but they didn't buy that. Anyway I am grateful for the advice and looking forward to resolving this nightmare hopefully..

Just waiting to see how many pics i can load..may be helpful for supporters to get a better idea of the issues involved..
 

Noonebelievesme

New Member
Staff member question:
Can u pls help me to copy or move this thread to the Windows forum? I feel that this is more about my PC right now than my mobile devices and dont want to irritate others in the mobile forum..
 

Noonebelievesme

New Member
And you don't think this would be at all suspicious?? I would burn it.

Buy a new Android tablet, visit a family or friends place to change your passwords in case your router is compromised.

For Google:
Review your security activity and recent devices
myaccount.google.com/security#activity

Review apps connected to your account
myaccount.google.com/security#connectedapps

Run through the security check-up
myaccount.google.com/security-checkup

Last of all, check out this program (purchases required)
Google's Advanced Protection Program

*Review - don't just look at it, remove anything remotely suspicious or even everything.

You can repeat the same for your Microsoft and Apple iCloud account(s).


Not a hardware-related issue? Is your HP desktop or laptop Windows 10 compatible? How old is it?
I was reading about Google's Advanced Protection Program you referred to above. If assuming i'm correct and there are hackers accessing my devices remotely, using a keystroke logger on me, and take control of my devices, do you think this program, specifically using the 2 physical keys, would prevent the hackers from accessing my accounts? I'm willing to try anything but thinking if they can see my keystrokes not much I can do to safely use any app/device??
 

Prorootect

Level 53
Verified
I just want to bring back my normal online browsing and put into action my plan of pursuing my purpose and also I am on my journey of self transformation where all my sources of informations are online, this problem get me stuck once again. But as I've learn that for every problem we encounter we must take it possitively and try to find opportunity associated with it. While I am stuck with this hacking issue, I got this idea to make an e-book. I patiently handwritten my research and used digicam for some proof and when everything is back to normal I will just type everything. My goal is to give awareness about cybercrime especially here in my country, I just found out that only few are aware of this issue given that Philippines is number 8 among countries vulnerable to cyber attack.
I just hope and pray that this nightmare will end the soonest.
With the help of our friends here at malwaretips.com.
Though I still have doubt, I wondered after how many times I tried to post and ask assistance here only this one succeeded.
So Imelda Bilda wrote:
"I just want to bring back my normal online browsing and put into action my plan of pursuing my purpose...While I am stuck with this hacking issue, I got this idea to make an e-book....I just hope and pray that this nightmare will end the soonest. With the help of our friends...Though I still have doubt...here only..."

It is necessary to be able to read between the lines
 

Slyguy

Level 42
Verified
It is necessary to be able to read between the lines
I agree..

As for Chromebook, a powerwash totally wipes the device, so Best Buy is correct in that it probably isn't a hardware issue. I'm unaware of a powerwash not cleaning EVERYTHING unless you re-login with the same account and reload the same crap stored in the same account. Which is why I said to use ChromeOS Guest Mode.

I have no further information to add to this thread and have no interest in helping someone author an E-Book. :sneaky:
 

Spawn

Administrator
Verified
Staff member
15) Setup the new phone with ALL NEW credentials, new email address, new accounts. Your old ones are damaged goods, DO NOT log back into them for now.
Do you recommend the Google Advanced Protection Program for the new Google account, or are the new accounts temporary?

iCloud accounts cannot be deleted / terminated, but if OP has nothing of value on Microsoft or Google accounts, should they request account closure for them?
 

Slyguy

Level 42
Verified
Do you recommend the Google Advanced Protection Program for the new Google account, or are the new accounts temporary?

iCloud accounts cannot be deleted / terminated, but if OP has nothing of value on Microsoft or Google accounts, should they request account closure for them?
I suppose he/she could use GAP. I was thinking more like just making keygen temporary accounts for now. I'd close all accounts with little to no value as you note. If there are many important things on them, I think they should evaluate their methods for securing important things. IMO.
 
  • Like
Reactions: lowdetection

Noonebelievesme

New Member
So I don't believe I power washed my Chromebook before returning it to the store. I think I just reset it according to the Chromebook settings. It was my Windows PC, not the Chromebook, that Hewlett-Packard tech support said I could not get a refund or exchange because it was not a hardware issue but advised me that it was " a Microsoft issue" and that I should get in touch with Microsoft.

So here's a few pics of my screens of my Android tablet, PC's Event Viewer, task manager, original specs on my HP when purchased on 3/4/18, device manager to show the current Hardware installed, and a few pics of my router settings. In the specs it shows all the software installed including microsoft but I have not downloaded anything at all.

If anyone can make anything of these pics I'd be glad to hear it.. at least if someone could confirm or deny, based on the pics, if it looks like my computer and/or my router/wifi network are being accessed remotely...

Screenshot_20180326-013535.pngScreenshot_20180326-013342.png
 
Last edited by a moderator:

Noonebelievesme

New Member
Oh geez! i just spent over an hour attaching all the files of my PC screenshots but they didn't show up in my previous post. I wonder why. They showed up as I chose each one but there was a line drawn through the title but I still figured they would send. Theyre .jpg files..

Anyone know what went wrong or how to load them correctly?
 

Noonebelievesme

New Member
OK I HAVE 60 PHOTOS,
isnt that too many to download here? Is there a limit?
I'll wait to get an answer before I start posting pics..

Thanks as always
The beginning.jpgHPspecs1of4.jpgHPspecs2of4.jpgHpSpecs3of4.jpgHPspecs4of4.jpgDevice manager inventory.jpgMore devices.jpgMore devices to.jpgStrange device.jpgNotmydeviceinstall.jpgStrange device2.jpgTask manager services1 of 4.jpg
 
Last edited by a moderator:

Noonebelievesme

New Member
Well my apologies I just spent a very long time trying to insert the photos of my corrupted devices but the hacker is thwarting my efforts rearranging my pics replacing them with other pics so I give up.. seems he doesn't want me to share those pictures. Anyway I've got your advice Sly in previous post so got the help I needed or at least a starting point so thank you. I'm going to print and save it then carry it out when I can..
 

Spawn

Administrator
Verified
Staff member
@Noonebelievesme I've cleaned up some of your posts (removed blank quotes), change images to thumbnails only (click to view).

Android:
Disable the Developer options in the Settings.

Windows:
You do realize that Advanced Micro Devices is AMD, which is the CPU of your PC.

Cannot really give any advice, since level of confusion is over 1000.

Staff member question:
Can u pls help me to copy or move this thread to the Windows forum? I feel that this is more about my PC right now than my mobile devices and dont want to irritate others in the mobile forum..
MRA for Windows is run by our Malware Removal Experts. Please create a new topic in MRA for Windows if you feel that your PC has malware.

Read the following ([MANDATORY] Preparation Guide Before Requesting Malware Removal Help) before posting in Malware Removal Assistance For Windows
 

Warrior

Level 4
Verified
What i see
1) record of Powershell trying to remove some McAfee files
2) device driver issues with Pnp most likely caused by Advanced Micro Devices ,,, u will find AMD Micro Devices and HP issues all over the web Here for a start
What I dont see
1) Is any evidence of a hack , or a rat, or hardware intrusion ...

I also think TwinHeadedEagle should have a look ,
it will be interesting...........
 
  • Like
Reactions: Deleted member 178
D

Deleted member 178

I have hard time to believe in the seriousness of this thread...some stuff said are just nonsense...maybe im wrong, but my instincts rarely fail me...
 

AnonymousIwish

New Member
This is no joke . I have the exact same probleman. Even some of the same processes ect. It's definitely government . I discovered files for a remote smart card, Google device policy, and Intel PROSET/wireless . Not only that but files for biometric scanning ect. When I tamper with the files to make them malfunction they will either brick the device or disable the internet with their Intel PROSET tools. They even went as far as to leave me a gif saying "good job" after I caused the first malfunction. Shortly after my tablet was soft bricked. And the next morning PlayStation Network informed me that my account was locked from too many login attempts from a different location. The threat is real people. I will post my pictures if I can get the internet on my laptop to work again. This is unethical to destroy devices of people under uinformed surveillance.
 
D

Deleted member 178

This is no joke . I have the exact same probleman. Even some of the same processes ect. It's definitely government . I discovered files for a remote smart card, Google device policy, and Intel PROSET/wireless . Not only that but files for biometric scanning ect. When I tamper with the files to make them malfunction they will either brick the device or disable the internet with their Intel PROSET tools. They even went as far as to leave me a gif saying "good job" after I caused the first malfunction. Shortly after my tablet was soft bricked. And the next morning PlayStation Network informed me that my account was locked from too many login attempts from a different location. The threat is real people. I will post my pictures if I can get the internet on my laptop to work again. This is unethical to destroy devices of people under uinformed surveillance.
Oh a reply after 5 months LOL
indeed very credible...