nuisance hack

Started by pogo, January 16, 2024, 10:17:49 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

pogo

My system was hacked on Dec. 5, '23.  The hackers started by changing PW on my fav games then moved to e-mail & all entries.  I first had a tech go through the computer. He found an extraneous connection.  Then I had a tech come to my home.  He restored my passwords.  I have: added Spectrum Security suite, gotten a new Spectrum router, added Norton 360 security.  I've disabled all Remote connections in Services.msc, set up the Norton VPN, set up the Norton secure Browser.  I tried a number of antivirus programs: Windows Security, AVG (free), Spectrum Security, Norton 360, Charter Online Scanner, fsdiag, FORTECT scan (I haven't paid for any repair yet).  I did a harddrive wipe & renewed the OS. NONE of the antivirus programs identify a problem.  The hackers continue.

My system:

Intel i7-9700K 3.6 Ghz
Windows 11 home
MSI Z390-A Pro 32 Gb RAM
AMD Radeon 580 GPU 8 Gb memory
Samsung digital memory 1 Tb
2 HDD 2 Tb

What can I do next other than another complete wipe and re-install? 

SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
QuoteHe restored my passwords.
Restoring them is not the same as changing them. You need to make sure there is only ONE AV active on your computer. More than one can cause a lot of problems.
QuoteI did a harddrive wipe & renewed the OS.
How did you wipe the drive?

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Windows 8 and Windows 10 dual boot with two SSD's

pogo

Thanks for the reply, SuperDave. 

1.  This is not an infection.  These guys are talking to me, in a way.  My antivirus software doesn't find any problem.  I have
     limited their access somewhat by disabling the Remote connection software.

2   The Windows 11 OS has been reloaded once, the C drive was wiped and OS reloaded fresh by the Tech who built the computer
     and the OS was last reloaded by me w/o wiping the drive.

3.  It will take me s little time to remove the AVs.  The Spectrum software is a large download.

4.  I understand that restoring a password is not changing it.   I use a minimum of 12 characters with all 4 of the rows of keys
     plus shift key.  I changed all of the important passwords. 

5.  I need to stop here, back tomorrow after I take care of AV software.

pogo

Dave, I tried to do as you asked:  1) The only adwcleaner I found is by Malwarebytes.  When I click on your link, the
                                                      response is
                                                    "This toolslib.net page can't be found  No webpage was found for the web
                                                      address: https://toolslib.net/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
                                                      HTTP ERROR 404"
                                                 
                                                 2)  The scan is attached.
                                               
                                                 3)  I'll find adwcleaner by Xplode on another computer.  Give me a day or 2.

SuperDave

The only way to completely wipe your harddrive is to use Dban] here.. You don't have to remove the AV's just disable them. I find that Windows Defender is a reliable Av. Adwcleaner is no longer available from xplode. Sorry.
Windows 8 and Windows 10 dual boot with two SSD's

pogo

SuperDave.   

I have been researching types of computer hacks, today.  Being a total novice on computer malware, I picked up on  DNS tunneling.  The description fits my problem pretty well.  The problem is that the fix is, as a tech describe it to me, "burn the computer and buy a new one".

Question:  where do think my problem is stored?  DNS tunneling isn't stored anywhere!  The C\ harddrive has been overwritten so much that data is scattered all over the other drives as well as ONE drive. 

Comment:  Once hackers get hold of my DNS MAC address, they're in until I change it.  I'm still struggling with opening my new router.  My tech friend said: "fire and flame!"  "Or sell it."

SuperDave

The only thing I can suggest is to wipe the drive with DBan and start over again.
Windows 8 and Windows 10 dual boot with two SSD's

pogo

SuperDave,

This evening, one of the hackers started putting up bible quotes from Ezekiel.  I questioned it on Jesus's teachings and got answers, not AI jargon, for a short while.  Then, I got web site answers from "https://www.gotquestions.org/search".  My point is; that these hackers are reading my input in real time and have access to anything they want.  Generally, they hinder access to Spectrum, Norton and Windows security pages.

Does this help define the hack?  I know, the kind of hack isn't relevant anymore.  But still, I can get a new computer and they will find their way back in.  I want a way to block them.  I am tired of changing passwords and playing patsy to these kids.

SuperDave

As you mentioned your computer was infected in December /23. There must have been something that was done before that date that allowed the hackers to get access to your computer. Can your remember anything that might have happened prior to that date? That is why I suggested wiping the drive with Dban and starting over again.
Windows 8 and Windows 10 dual boot with two SSD's

pogo

SuperDave,
yes I was trying to fix my computer because it had died.  I thought the motherboard went bad. 

1.  I had my tablet-Samsung 10" G. Tab A7- open for a week.  I had forgotten that there was a SIM card in it that wasn't connected to any sites.

2.  I had an old computer on line (ASUS Z97, Intel i5-4570 S, 32 Gb RAM, Win. 10 PRO)  that had AVG (free) antivirus.  I was using it to order a used Z390 A Prime mobo to replace the one I thought was bad..

3.  I had my (supposedly) dead computer on line sometimes simultaneously with the old one.

4.  I got the "dead" computer restarted some way and went back on line with AVG (free) antivirus.

5.  During all this, I bought a used Cisco router that could run 100/1000 mbps because Spectrum upgraded my account to 300 mbps.  my Belkin router was only good for 10/100.

6.  Running the "dead" computer, I began to have password problems.  War Thunder and World of Warships passwords being
     changed & invalidated now and then.  Next, passwords to my e-mails & banking accounts were messed with.

  Any of those things could have let them in.  I really wasn't paying atttention to security. 

SuperDave

Hackers usually gain entry through malicious software or by getting a person to click on a link. That's why it is so important to think twice before downloading software and especially clicking on unknown links.
Windows 8 and Windows 10 dual boot with two SSD's