Troubleshoot My devices all hacked or being accessed by a Developer. All events by hacker logged in Event Viewer

Status
Not open for further replies.
Infected operating system
Windows 7 and Windows 10 PC, iPhone 6 Plus on iOS 11 .2 6, Samsung Galaxy Tab, Android 7
Infected device
The software I have used is Trend Micro, McAfee live, Norton Internet Security, and a VPN service
Infected device issues
I first noticed issues with my Samsung TV, then my Windows laptop about 10 weeks ago around January 15th 2018. Shortly thereafter the problems spread to my Samsung tablet and my iPhone. Symptoms of my windows PC include virtual devices being installed as well as software, Event Viewer logs showing remote access and monitoring of my computer by external users. Mobile devices show tracking of my keystrokes, strange display, strange apps not installed by me, poor operation, device appearing not to be mine, homepage changes
Steps taken to remove the infection
See above. I have replaced most of my devices two or three times including my router and have utilized tech support from my device manufacturers such as HP, Samsung, and Apple and currently have 24/7 Geek Squad support who have scanned my PC for viruses and malware and have cleaned my device and reset it to factory default settings. I have done the same thing twice with my PC and with my Galaxy tablet. And replaced my iPhone 6 + twice with new devices. No malware or virus has ever shown up on any tech support or software scans and the changes made but the hackers changes show up on my new devices within a few hours

Noonebelievesme

New Member
Thread author
Mar 25, 2018
14
I have been hacked on all my devices including Android tablet, Windows PC, iPhone, and Samsung Smart TV. They have hacked into my email accounts and all my bank and credit card accounts. I do not know what their motive is as they have not yet stolen anything that I know of. I may know who did this and they did have physical access to my house and devices and may still have access I'm not sure. It was a friend of a previous renter I had in my home and eventually i hired this person twice to help me with my computer issues and it ended up he made it much worse each time by removing all my permissions on my PC . One of them is definitely a computer Developer and part of Enterprise system as I just recently found all the events that have taken place on my PC in the Event Viewer which I was so grateful to have discovered and that they had not deleted the logs yet as it was the first hard core evidence of what I had been saying all along but people thought I was crazy

I have studied and researched and learned a lot since the beginning of all this and will share what I have observed but do know that I am not in any way a computer or tech savvy person. I know this is an Android or mobile forum and I'm going to post on the Windows Forum as well but I have to wait till I scan it with the advised scanning tool. I have to give a little background with my windows laptop as that's where it became most apparent and also easier for me to see where they have made changes on my system versus my mobile devices. It did eventually spread to my iPhone and my Samsung Galaxy tablet S2 which I am on currently and so is the hacker.

So my laptop was just a simple Dell laptop Intel 3 processor.. I had been out of town on a job assignment and had no problems with my devices until I came back. While I was gone I had rented out my home to someone that ended up to be untrustworthy any responsible. I first noticed that something was wrong with my Samsung TV and that's a whole nother story but basically somebody else was controlling my settings, my cable service Etc. To summarize what happened with my laptop was that the hacker first installs virtual or infrared input devices or adapters such as a virtual ethernet device or Bluetooth device. After that I assume they install all the applications and files which I noticed were contained in Windows 32 or system32. I also noticed a lot of reference to Windows Powershell. Within about 48 hours my Samsung tablet was completely Takin Over as well as my iPhone 6 Plus. I don't know really if there is a virus or malware but what is very clear is that there is another person or persons that have Total Access and control of my devices and are monitoring my devices 24/7.

After I gave up on that laptop I sold it and but a new HP all-in-one desktop and also paid for Geek Squad 24/7 support for one year. I brought the laptop top home and did not set it up till the next day and right after I set it up it was already infected per se with the same devices added in such as virtual and infrared Bluetooth, ethernet, and a certain Wi-Fi adapter that had the same item or ID number as the one in my previous laptop. Within a few days I know that my PC was completely taken over as well. There's way too much in the last 10 weeks to write all of it down here so I will just summarize the things that occurred and are present still:

I noticed on my new pc that there were strange Windows updates called KBxxxxxxx. I looked them up and it looks like other people had found them too and contacted Microsoft who did not supply an answer. I found in my task manager hundreds upon hundreds of service is running many of them related to a remote computer and Remote Management of my system. I learned that my hacker appears to be a computer Developer and part of an Enterprise group as my web browsers all were giving me results as if I were a business for Enterprise or Developer rather than just an individual consumer. I found again all the suspicious programs and files under windows32/WIN32, or SYSTEM32/SYS32. I got several free network analyzer software and have been able to find the hackers on my Wi-Fi router everyday. I am able to find their Mac address and corresponding vendor. They have been able to go in and configure my router and lock me out of it until I call Time Warner who helps me get back in but then the hackers go right back in themselves and reconfigure it. I subscribed to a VPN service but cancelled it because I was just providing the Packers with a VPN service to better hide their tracks. Now sometimes when I've been on Windows I can get the developer mode on the right side of my screen and I can see all the users and their usernames and their functions and everything they are writing and logging on my PC. And they are always doing screen recording and I'm sure filming me as well as they do on my Android. It has been so hard to try and explain this to other people and tech support persons but then yesterday I looked at Event Viewer again and saw that every single thing that I suspected was logged and the Event Viewer. It shows the beginning of when they started installing files, drivers Etc on my system and started monitoring. It shows all the different roles involved in monitoring and running my device. It confirms that there is a remote computer system as well as a network of external users accessing and configuring my system.

I have been able to view what devices and operating systems have accessed my accounts through my bank account as well as Google and Yahoo. It shows that the hackers have a Samsung tablet just like mine, an iPhone 6 Plus just like mine, but use a Linux and a Mac, neither of which I have.

This has been going on for 10 weeks and I have replaced my windows PC with a new HP desktop, replaced my router 3 times from Time Warner Cable/Spectrum, and replaced my iPhone 6 Plus twice. I never replaced my Samsung tablet because it actually disappeared for several weeks and then suddenly showed up again and my desk drawer . But I have reset it twice . Yesterday I saw a YouTube video on how to try and remove access from a remote computer so I went in to task manager and disabled all the services I could find having to do with a remote connection. I have done numerous factory restore/reset, have had multiple tech support including Best Buy Geek Squad ongoing support, HP tech support, Dell, Apple and AT&T, Samsung for my Samsung TV, and support from my anti malware software. Pretty much all the tech support workers just want to scan my devices for viruses or malware and then reset it to factory settings. I have explained that this does not work and that it's been done before but I guess they don't really have the time to further investigate. I am about ready to just sell my house and move to see if that solves the problem. The worst part has been the invasion of privacy and the total disruption of my normal life having spent hundreds of hours trying to detect or gather more evidence and then just the sheer amount of time it takes to go into my email then have to change the password over and over again and the fear of putting in a bank account or credit card number knowing they are reading my strokes. I could really use some knowledgeable advice and welcome any constructive thoughts, opinions, views, and questions in general as well.

I have taken pictures, screenshots and collected some data and evidence of these hackers on my devices. The best evidence however is from the hackers themselves in the Event Viewer logs, which I could always provide photos or copies of. I apologize for my very long-winded and wordy post but it is a bit complicated and difficult to summarize. Thank you for your patience..
 
Last edited:

Warrior

Level 4
Verified
Sep 2, 2014
179
If the hacker or alleged hacker had onsite access to the network and the devices , then u are in a world of hurt ..
What I dont understand is Event Viewer logs , comprising the network is one thing the devices is another thing ,, A good hacker could do this but , not to delete the Event Viewer logs Amateur mistake , makes no sence ....
 

Noonebelievesme

New Member
Thread author
Mar 25, 2018
14
I know, right? When I found the logs I kept trying to save them quickly or take pictures of them because I was so afraid they would see that I found them and erase them immediately. I am as perplexed as you what their motive is as they haven't taken any of my money yet although they did apply for a $8,000 car loan in my bank account that wasn't approved. And actually my bank hasn't confirmed that so maybe they just made the whole thing up and inserted it into my account although that seems like it would be difficult to do with the high security of online banking. I mean they show off all the time that they got into this account or that account or are on my display logging my keystrokes and passwords. They are so obvious about it they don't even try and hide anything anymore. Yesterday I found 37 voice recordings of me in the Google activity logs. Since they left the Event Viewer open I have to assume that their motive is to experiment with a build or some sort of project using my devices , Network and accounts for some reason. I would like to share some screenshots and or pictures taken on my devices but not sure how to get them into my post and this forum. If anyone has some real basic instructions on how to do that I would appreciate it. Remember you need to dummy it down for me.
 

Warrior

Level 4
Verified
Sep 2, 2014
179
insert image icon,, next to the smiley face top right of your post screen , click it find images , select and click open ..... 4204323-picture-of-a-flower.jpg
 
Last edited by a moderator:

Noonebelievesme

New Member
Thread author
Mar 25, 2018
14
insert image icon,, next to the smiley face top right of your post screen , click it find images , select and click open .....View attachment 184807
Thank You, I'll try that. Although curiously my PC/hard drive is down since my post here so unable to take pics of my windows issues at this time but can download pics and screenshots of my Android issues
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Extremely difficult to read your messages. Phone scammers generally use the Event Viewer to trick computer users into thinking something is hacked or corrupt.

You'll say no, but have you done anything illegal, wanted by the state or traveled to conflict zones? Has any of your online services warned you about State-sponsored attacks?
 
  • Like
Reactions: Warrior

Noonebelievesme

New Member
Thread author
Mar 25, 2018
14
No nothing like that. I get background checks and fingerprinted for most of my jobs because of my profession. But I did get one bogus voicemail stated that I had four serious offenses against me and that I should return their call. It was from some State I've never even been to. I just kind of laughed it off.
Just as an update, last night I could not get into any of my applications including the start menu and settings. I called HP tech support because I was still under warranty and after remotely viewing my PC the tech stated that I would need to call or contact Microsoft as it was all Microsoft applications that I couldn't access but could access others. He also told me to tell Microsoft that my issue was with "microsoft.com/kb319726. I'm not sure what that is or if it's referring to a Windows update but the Windows update I had concerns about is Windows update kb 4057247. I've been researching it and many people have had problems with it and can't seem to uninstall it. 1 person mentioned that it was referenced on several different websites yet Google as well as Microsofts own KB database says it doesn't exist. Well my computer is starting completely cleaned and reset so we'll see what happens.
 
F

ForgottenSeer 69673

What about your smart tv and phone. they use same wifi connection?
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I never replaced my Samsung tablet because it actually disappeared for several weeks and then suddenly showed up again and my desk drawer . But I have reset it twice.
And you don't think this would be at all suspicious?? I would burn it.

Buy a new Android tablet, visit a family or friends place to change your passwords in case your router is compromised.

For Google:
Review your security activity and recent devices
myaccount.google.com/security#activity

Review apps connected to your account
myaccount.google.com/security#connectedapps

Run through the security check-up
myaccount.google.com/security-checkup

Last of all, check out this program (purchases required)
Google's Advanced Protection Program

*Review - don't just look at it, remove anything remotely suspicious or even everything.

You can repeat the same for your Microsoft and Apple iCloud account(s).

Well my computer is starting completely cleaned and reset so we'll see what happens.
Not a hardware-related issue? Is your HP desktop or laptop Windows 10 compatible? How old is it?
 

Imelda Bilda

Level 1
Dec 3, 2017
11
Well, same case here. I've been doing my own research since no one can help me. just try this to post coz every report and access to security website is also blocked by the hacker. I just hope we can get through this nightmare.
 

Imelda Bilda

Level 1
Dec 3, 2017
11
@Noonebelievesme
don't trust tech support coz in my case and observation all website I visited are fake. I mean just like microsoft when you try to ask for assistance the hackers also are the one responding. And what bothering me right now is I found out that every devices that comes close to the infected device will get infected also. like real virus, the attack is spreading so fast. Even not connected to the internet and even low end mobile telego the one I'm using now got infected too. Just like you It seems I am crazy telling anyone bout the issue, even the anti cybercrime unit in the nearest police station where I reported my case are not aware. I already found out how they are doing the attack. We really need the help from cyber security expert and website like this malwaretips.com, the problem is this is also monitored for sure after this message I'm not sure if I can still access malwaretips.com website.
 
  • Like
Reactions: SumTingWong

Warrior

Level 4
Verified
Sep 2, 2014
179
[B]Spawn[/B] is right , as for the Android tablet resenting it is not the answer as malware could have been loaded into the recovery partition , I would have taken a power drill to it , then burned it ,,,
and as for the router did you
replace it with the same make and model ? ,,,
and I still waiting to see the pictures of the Event Viewer logs>.....
 
F

ForgottenSeer 58943

I can't read through walls and walls of text, but this is my speciality. From base level loser hackers, all the way up to the kids at the NSA that think they are more intelligent than anyone else. (protip, they aren't)

I don't even know where to begin, can someone summarize all of this to me? Also some key GENERIC points..

1) If you lose physical possession of any device, it's all over, get rid of it.
2) If any device won't update properly, or you cannot apply firmware, factory reset it. If it still cannot apply firmware or updates, get rid of it, it's compromised.

Without actually consulting with you, examining the threats, vector of attack, and locality of the attacker I can only make generalized suggestions. If you were close to my proximity I would knock them off your tail and fix everything up for you in a couple of hours. Alas...

1) Buying a new router won't help unless you properly secure the router. There are threads here to show you how. If you don't secure it, disable extra features, remove WAN admin they'll be right back into that in a few minutes. Unfortunately this requires research and some level of nerd skills. So check out threads here on how to secure a router, specifically posts written by me.

2) Your attacker has open vectors. We've seen all kinds of things like this but you can usually trace it with some basic computer knowledge. Once you close off their avenue of attack you generally can start to win the battle. Find out obvious areas of attack and egress, close them off.

To be honest, without spending hours dealing with this here's what you SHOULD DO in this order. This works against most of the fairly complex well funded hackers. If you are dealing with anyone beyond this then you'll require personal assistance from a professional.

1) Turn off your internet. Literally unplug your modem.
2) Order a cheap Hotspot from your cellular provider. DO NOT turn this on yet.
3) Disable the network card in ALL of your devices. Turn your portable devices to Airplane Mode.
4) Turn OFF all devices after you've disabled their network cards/airplane mode.
5) Shove all of the devices into a SCIF bag. If you don't have one, toss them in your clothes dryer. (but please put a sign on the dryer not to use it, and so you don't forget)
6) Go to the library, UPS Store, etc, Login to EVERY ACCOUNT and change passwords to complex passwords, HAND WRITE THEM DOWN. Ensure you log out of each one on the public computer. You'll be changing these again later, don't worry.
7) PHYSICALLY go to a computer store and buy a CHROMEBOOK.
8) You'll be using the Chromebook in GUEST MODE until further notice.
9)Fire up the hotspot, create an STRONG SSID and Passkey to connect to it.
10) Connect your Chromebook to this hotspot. Now you are 'securely' back online.
11) Log into EACH ACCOUNT you changed at the public location, and change the passwords AGAIN, this time using Bit Warden to generate and save complex passwords on the CHROMEBOOK. Make sure your master password is STRONG.

So now you are back online with a reasonably secured, anonymous data connection using Chromebook, the strongest, most secured environment you as a general user can probably easily use. Now your goal is to 'recover' each device in succession in a SAFE manner.

12) Take your phones AWAY from your location while off. One at a time. (I'm talking physical location, different tower, not near your SSID's)
13) Turn on the phones, perform an on-boot factory reset.
14) Take the phone back to the store, tell them it shuts down constantly, crashes, locks up, whatever. GET NEW PHONE.
15) Setup the new phone with ALL NEW credentials, new email address, new accounts. Your old ones are damaged goods, DO NOT log back into them for now.
16) Once your phone is back up and running call your provider IMMEDIATELY after you leave the store. Report that someone is harassing you and threatening you and your number has to be changed immediately. They'll give you a fresh number for no charge.

Now that you are back online with a HOTSPOT on a CHROMEBOOK and your phone is completely refreshed we'll move to getting you off the hotspot and back on the normal internet. Since you unplugged your modem your WAN DHCP will change, the hackers will not know your new WAN IP or even the scope you are on. Your provider - by this point - will have moved you off due to the DHCP Lease Time with ISP's.

17) Call your ISP and tell them your modem cuts out constantly, you need a new one. They'll dispatch a tech to check it out and 100% of the time bring a new modem with them. Presto. New gear. If they ask why you unplugged the old one, explain it smelled like it was burning and you got worried. The tech will install the new modem and fire it up, grabbing a new WAN IP on a new Mac addressed modem.
18) If this is an all-in-one (DG or TG gateway, etc), just use that for now. Login to the default settings and CHANGE the default logins.. For Comcast it's 'cusadmin/highspeed' or whatever, google it.. Change it. Disable WAN access for ADMIN immediately.
19) Setup new SSID's (strong, use Keygen for SSID name). Setup STRONG password for WiFi.
20) Now you are back. Cut off the hotspot, connect to your new safe router/SSID's.

Now you can 'slowly' re-introduce other devices but only after you reformat them. But to be safe, DO NOT login to your accounts on those devices as you introduce them, instead, utilize only your Chromebook for the majority of your activity.

Windows boxes should be flattened to the ground with DBAN or whatever, then fresh installed. The moment they are formatted you install a GOOD AV with a GOOD firewall, Voodooshield/OSArmor and sysHardener all on, and running before you even think about doing anything. DO NOT use any USB sticks you have. Toss them in the trash and physically buy new ones at a local store (NO SHIPPING!).

Congratulations, you've shaken them off. Practice hyper-vigilant security over the next months. Don't click text links, blah blah blah. Common sense.
 

Noonebelievesme

New Member
Thread author
Mar 25, 2018
14
Uhhhh....i think ill just move

No just kidding. Thank you so much for investing so much time and a possible solution for me. Sorry I haven't posted the pics because my PC crashed and just loaded it back up so can't get any new pics of the Event Viewer but I can download the ones I have which I will do.

Just so you know the hacker was on here when I first posted, I'm on my Galaxy tablet right now, and tried to mess up my post by duplicating every paragraph like 5 times. I would try and delete it and then it would appear again. Anyway given all your sound advice I hope that he or she can't stop me despite them knowing my plans.

Funny you should mention a Chromebook because I thought the same thing as far as safety and went out and bought an Acer 15 inch for $200 at Walmart. Within a few hours the hacker was on there as well. What he did was set up the Google open source whatever it is which tells you exactly how to do it right when you open the Chrome book. I I was reading it to see if I could do it and the next thing I know the hacker had done it. I tried to load the Opera browser at one point that one point and I was told that Linux did not support that browser (Hacker uses Linux) and it suggested I download the Chrome browser. My Chromebook suggested I download the Chrome browser! Well that was it for me so I took it back.

Now I understand the advice to just trash my tablet Etc but in the beginning they were very aggressive and blocking me from any communication with the outside world and I never want to be in that position again. Even if my devices are hacked I've learned to live with it because I have to have communication through the web somehow on something. I don't think anyone realizes how deeply dependent we are on it until you get blocked from accessing it. Also these devices are worth a lot of money. I totaled up the cost including my Samsung TV, my iPhone 6 plus, the Samsung tablet which I just bought last year, and my laptop. It's well over $2,000. I thought of filing a claim with my homeowner's insurance although I have a $1,500 deductible. But I'm not sure how to present my case as they are not physically damaged but hacked but try explaining that to an insurance adjuster. If anyone out there has ever tried to file a homeowners or renters claim for being hacked let me know. By the way also when I was very very frustrated one day after being at the AT&T store and using their phone to try and safely connect to AT&T after my SIM card failed twice, I finally called the police. They came out to the house and when I told them what was going on they actually laughed at me. I had first reported all this to the California doj and made the mistake of mentioning that the person might have had access to my home so at that point they told me that it would be under the jurisdiction of the local police. When I told the policemen that he just looked at me incredulously and snickered explain they don't have a cybercrime person or division Etc. Anyway so no help there.

So the hacker was just on here right now and started typing away several sentences as i watched. I videotaped it. Don't know if I can send video tape but basically it just looks like I was dictating it. Anyway if you see really poor grammar or repeating sentences or paragraphs it's because the hacker is accessing the screen and doing it I'm probably trying to hurry and get something written and post it before he messes it up.

About my router and ISP: so I've had my router replaced 3 times but did not set it up the way you (ForgottenSeer 58943) suggested. This last time, I did enter the Mac addresses of the unknown devices on my network and block them but I find that often the only ones on my network are my device IP addresses but somehow the hackers are still getting to me so I don't quite understand that. Also the MAC address of my router and the manufacturer name (ubee interactive gateway) have changed now. It is now showing that the device is Hon Hai electronics which I looked up and is a electronic manufacturer either in China or Taiwan. Now this may sound really paranoid so I can relate to the previous poster Imelda but I swear that my ISP / Spectrum seems to be in on this. It's too time-consuming to share in detail why I think this but I have thought that. It seems like every tech support person is in with the hacker may be getting a kick back I have no idea, especially those Geek Squad tech support people. Honestly I insist to them that just resetting and restoring my device is not going to take care of the problem and they absolutely refuse to believe me or listen to me or address the matter. I'm going to ask for a refund.

What I was wondering is would it help if I got my own router, and would it help to get something like the Fing box where I could quickly block or kick off any strange Mac addresses that I find on my network? Any opinions out there on that?

Now I'll try to describe a little bit how they access my mobile devices. On my iPhone at least in the beginning it was like they had an alias or alternative me and would inject that Alias onto my phone. I believe I had at least two different aliases in addition to me. So that alias would have a name such as " users iPhone", or "iphone6", whereas my name would be "Tricia's iPhone" (on iPhones you can find your device name under General then About". I could tell when they had taken over my phone with another alias because of the device name, and their downloaded apps were not the apps I had, and then also using Google Maps I would look at my location and get directions to my home and often that location was not where I was at. I could just tell when it was my screen and interface versus one of theirs. So they would intercede and get my voicemails and messages and sometimes I would get like 5 of my voicemails all of a sudden but two or three days late. Same with my messages. Also I would text or call myself or email myself and it was like it was a different person. When I would call it would ask me for my password to connect to my number so they had set up some sort of phone call system where each person had to have a password. Now as far as email they would set up a different name but use my real email address and then have their alias as a alternate email within my profile so that when someone emailed me it would also go to there Alias address. I found pages and pages of emails sometimes that I never received. It really would get very very confusing when I would call or email myself I couldn't remember who was me and who wasn't.

Pretty much the same thing goes on with my Galaxy tablet without the messaging and phone calls . With my tablet I will find all the Android APK apps that the hacker uses because I don't know even how to access them or what they are usually . I have downloaded an Android file viewer to try and translate the files into basic English but haven't been successful at that. I don't know how to apply the file viewer to that particular program for translation. I think they just use the keystroke logger and monitor my devices remotely and of course get on to my devices and take over.

Today I got my second Financial alert as somebody charged $1 to my credit card for a Google service. I've been getting alerts from my bank that someone setup a special "payment service" and also "mobile bank account" in my bank account. I have talked to the bank's security officers several times and they finally just told me the safest thing is to block all online account access but that would also mean blocking me. I have not yet taken this drastic step as I can't imagine not being able to access my account online. I'm too afraid that the hacker will find a way to continue and I will be the one locked out. I need to be on there monitoring my account and seeing if they're accessing it. I'm not sure of the solution here. I'm not panicking right now because my credit cards are almost maxxed out and don't have a lot of money running through my accounts. I haven't worked since all this happened initially due to the stress of it all, but allowed me time to further investigate. Honestly I did not know one thing about computers phones TV's at cetera. I remember the first thing I looked up was "what is an IP address". Soon however i will be returning to work and don't know how I'm going to manage all this when I'm working or away 9 to 10 hours a day. On the positive side I may be doing a travel contract so I would not be living here and it will be interesting to see if they follow me out of town.

Which brings me to what ForgottenSeer 58943 was saying about going somewhere else and changing passwords, accessing my account safely Etc. Now I have done this to try and set up a VPN as well as change my passwords while on a public Wi-Fi network such as Chili's and Starbucks. Well it was unsuccessful. When I tried to download the VPN I was sitting in the parking lot using their Wi-Fi for two hours and I got blocked every time when it came to the part where they send me a link to reset my password. I also tried to use public Wi-Fi and change my Yahoo password and I kept getting the message stating that the Yahoo server was down. So I don't know if they actually follow me and are somewhere in the parking lot (its possible) blocking me and accessing my device or they can just continue to access it remotely no matter where I go.

Anyway thank you all for your responses ForgottenSeer 58943, Imelda and Warrior and anyone else I might have missed. I want to get this sent because I spent so much time on it and then I will try and download photos. I will try and follow your suggestions ForgottenSeer 58943. I think I got most of it but may have to hit you up with some questions later on.
 

Imelda Bilda

Level 1
Dec 3, 2017
11
@ForgottenSeer 58943 thank you very much for that info. That's exactly what I'm planning to do on our devices though it's a bit expensive on our part.

I'll try to summarize my case but pardon my terms since I am not a tech savvy, my knowledge on computer thing is little.

In my observation and base what I've learn about the types of malware, all the signs that each attack are present on my case like code injection (dll sideloading,process hallowing,apps powerloader,SIR thread execution highjacking and all other attack). And I read about spectre and meltdown, base on my understanding on the deacription possible cause also.

Everytime I watch on youtube, they redirect me to their fake youtube site. and google playstore.

all my accounts and my website was compomised also. From being broke I tried to learn new skills from the free information online, I started to do affiliate marketing and made a blog site for the hope that I can earn some. I just joined clickfunnels, clickbank, and jv zoo. I'm afraid to market a product thinking that the link will also be redirected to them and the commission will go to them also.

please see attach screenshot for reference.

can't change my apple id password even I typed the correct code

i changed google password many times still they can access my account

they cloned every website i visit

iphone model supposed to be A1332
 

Imelda Bilda

Level 1
Dec 3, 2017
11
I just want to bring back my normal online browsing and put into action my plan of pursuing my purpose and also I am on my journey of self transformation where all my sources of informations are online, this problem get me stuck once again. But as I've learn that for every problem we encounter we must take it possitively and try to find opportunity associated with it. While I am stuck with this hacking issue, I got this idea to make an e-book. I patiently handwritten my research and used digicam for some proof and when everything is back to normal I will just type everything. My goal is to give awareness about cybercrime especially here in my country, I just found out that only few are aware of this issue given that Philippines is number 8 among countries vulnerable to cyber attack.
I just hope and pray that this nightmare will end the soonest.
With the help of our friends here at malwaretips.com.
Though I still have doubt, I wondered after how many times I tried to post and ask assistance here only this one succeeded.
 
F

ForgottenSeer 58943

I gave you the plan of action and it must be implemented in that order with extreme caution each step of the way. If you don't have the knowledge/experience to isolate the vector itself then you need to work from a mindset that everything is compromised. If you have knowledge/experience to isolate the actual attack vector, then you can work backwards from there securing everything. This is a process that has to be worked through, meticulously so.

As for 'cloning' websites, it's possible you are getting Quantum Injections. All of the popular websites have been duplicated. With Quantum insert they inject into the TCP stream 'faster' than your normal resolution. So let's say it takes 112ms for you to session to Youtube, they'll inject in before this with QI and divert you to their mirrored version where they perform intelligence operations. TCP modification methods are also available to them. The bad part is, almost all consumer technologies are oblivious to all of this, and you need something like a Fortigate appliance to detect and block it. Also Kaspersky Gateway Security on ZyXEL Appliances detects and blocks it. I can show you logs of incessant quantum insert and packet tampering on seemingly 'normal' company and consumer networks, indicating they've deployed this on a vast scale and it is no longer individually targeted.

But I am confused by this;

Funny you should mention a Chromebook because I thought the same thing as far as safety and went out and bought an Acer 15 inch for $200 at Walmart. Within a few hours the hacker was on there as well. What he did was set up the Google open source whatever it is which tells you exactly how to do it right when you open the Chrome book. I I was reading it to see if I could do it and the next thing I know the hacker had done it. I tried to load the Opera browser at one point that one point and I was told that Linux did not support that browser (Hacker uses Linux) and it suggested I download the Chrome browser. My Chromebook suggested I download the Chrome browser! Well that was it for me so I took it back.

This paragraph has me confused. This kind of activity shouldn't be possible unless the attacker has physical (L1) access to your devices. If that's the case then you need to establish L1 security first and foremost, Bi-Locks on the doors, security system, cameras, etc. If this didn't involve physical access I'd be concerned you are facing actual intelligence agents themselves and are under active interdiction. ChromeOS user space protection should block this kind of thing. I should have mentioned, don't use Intel based Chromebooks, go for the ARM chips for added security. Now in your defense here from ridicule. WE ARE currently evaluating a SUCCESSFUL attack on one of my Chromebooks. They utilized a method to establish a secondary VPN bridge on the ChromeOS. We've got Chromebooks in a honeypot configuration right now to see how this was done or if it was user error, configuration error or an anomaly on update. So I am not fully capable of declaring Chromebooks invulnerable in light of this. But they are as close as a normal joe can come to a secured OS without experience/knowledge.

Remember though, going to 'Starbucks' isn't going to help you if you don't do it from a NEW, SECURED DEVICE. If you keep taking the same computers/tablets to different locations it's utterly pointless. I'm telling you to physically go to a location and use THEIR COMPUTERS to change your passwords/secret questions, logins. NOT to use your crap and connect to a VPN. Please follow my instructions if you are serious about this.

Now here comes the obvious question. What are you doing to gather this much active intelligence? If you really are getting hit this bad then that means they probably have LOCAL ASSETS deployed against you. I've seen this type of thing on a wide variety of folks.. People that come up with cures. Folks that invent new high security programs. People that 'stir the pot'. UFO investigators. Abduction Researchers. Whatever.. Something clearly drew scrutiny and you are discovering that they are pit bulls when they latch on to you.

Fingbox.. It just so happens I know a LOT about Fingbox so you are in luck..

Fingbox would help virtually everyone.. What Fingbox does is control connectivity to a SINGLE SUBNET, preferably your WiFi Subnet. Any new devices connecting are 'ARP POISONED' by Fingbox and unable to traverse traffic UNTIL you authorize the device to connect. So yeah, it works.. You can suppress devices with with block or pause, which ARP POISONS the device rendering it incapable of traffic. As you've discovered, Mac Address Filtration is largely useless. Also, I recommend ALL of your SSID's be GUEST ONLY. That is applying guest network checkboxes to your SSID's will institute a sort of VLAN for those prohibiting wireless from reaching your internal network. Also you should check off restrict inter-SSID communication to prevent devices connecting to each other on the same wireless subnet.

Otherwise, I think you need to follow my original reply, to the letter, not skipping any steps. If you pick and choose from my recommendations you'll be back to square one again. They've got their tentacles into you at a pretty deep level so it's time to play ball.

Your IT Hygiene needs to go up 100%. Moving won't help unless you go off grid and become unpredictable. Beyond all of this, I cannot really help you without getting involved at a deeper level. Mind you, I am fearless and have no problem doing that, but it's time consuming and I am not cheap. I've been known to do it in the past just to prove I am better than they are, but it's still a time consuming effort, and you'll need to drop some coin to do it right.

I mean if you want to buy a FortiGate 30E and a FortiAP 221C access point I will set it up for you from remote and they aren't getting through it. I'll put a bulldog mode sideload on the 221C to actively SEEK their signals out and launch a local DDOS attack on them each time they mess with you. Among other things. Not sure what else I can do for you. Good luck! IF you were close to me we would have a LOT OF FUN with all of this... Especially capturing their tools and technology then sending them to the appropriate engineers for analysis. Exposing the techniques used, etc.. Lots and lots of fun..

Consider one of these. Which by the way I use, despite all of my security.

make_wp04_internetkillswitch_finished.jpg
 
F

ForgottenSeer 69673

Sly this is a quote from the first poster.

"I have been hacked on all my devices including Android tablet, Windows PC, iPhone, and Samsung Smart TV. They have hacked into my email accounts and all my bank and credit card accounts. I do not know what their motive is as they have not yet stolen anything that I know of. I may know who did this and they did have physical access to my house and devices and may still have access I'm not sure. It was a friend of a previous renter I had in my home and eventually i hired this person twice to help me with my computer issues and it ended up he made it much worse each time by removing all my permissions on my PC . One of them is definitely a computer Developer and part of Enterprise system as I just recently found all the events that have taken place on my PC in the Event Viewer which I was so grateful to have discovered and that they had not deleted the logs yet as it was the first hard core evidence of what I had been saying all along but people thought I was crazy"
 
F

ForgottenSeer 58943

Sly this is a quote from the first poster.

"I have been hacked on all my devices including Android tablet, Windows PC, iPhone, and Samsung Smart TV. They have hacked into my email accounts and all my bank and credit card accounts. I do not know what their motive is as they have not yet stolen anything that I know of. I may know who did this and they did have physical access to my house and devices and may still have access I'm not sure. It was a friend of a previous renter I had in my home and eventually i hired this person twice to help me with my computer issues and it ended up he made it much worse each time by removing all my permissions on my PC . One of them is definitely a computer Developer and part of Enterprise system as I just recently found all the events that have taken place on my PC in the Event Viewer which I was so grateful to have discovered and that they had not deleted the logs yet as it was the first hard core evidence of what I had been saying all along but people thought I was crazy"

I missed that in the wall of text I skimmed.

As I said in one of my posts, the level of compromise I am seeing here indicates a L1(Layer 1) compromise, that is physical. Until protection of the L1 is established, everything done will be entirely futile. So focus on establishing full L1 integrity with all points of ingress before spending another moment on securing systems. Also check for hidden cams and Pineapples in your vicinity just in case.

Bi-Lock or Bowley lock deadbolts. Shim proof window latches. A couple ARLO Cameras, Simplisafe Alarm, and you are good to go. I only recommend Bi-Lock and Bowley locks these days, not the crap at Home Depot or Lowes. Not even custom Schlage 90's.

Get that in order, then work on exorcising the loser off your systems.
 
  • Like
Reactions: lowdetection

Noonebelievesme

New Member
Thread author
Mar 25, 2018
14
Thank you for that. I will try and be more concise with my posts. So I reset my HP all-in-one desktop yesterday and restored it to factory default settings. I completely wiped Everything clean including all my data.
Now today I opened Event Viewer and it looks like to me it is compromised once again by a network of individuals. I have Windows 64bit.
Since yesterday and Reset, I have 2002 events in SYSTEM under Windows Logs. Many are suspicious and looks like they are setting up the malware and remote access to my computer. I'm not sure what the most important and relevant items to share to best enable your support . I can take pictures and download them but of which items?
Also wondering if I should switch over to the Windows forum but didn't want to lose my support people so far (warrior, ForgottenSeer 58943, spawn, ticklemefeet).The good thing is at least I can see how they compromise my system at the start..
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top