Held Hostage by RAT
I need some help, the last four months I believe somebody has been remoting into my computers and locking me into the local networks on my Windows based units and I have a Linux-based unit that I'm locked onto the desktop. Being relatively new to Linux I'm not sure how do I get out of here. my Notification area is gone and I'm very limited on what I can do. I'm able to access the terminal. And I have a list of codes I've been using. But I'm not very educated on how to how to handle this problem any help would be very appreciated. This has been a very stressful four months for me. Every waking minute I have spent fighting whoever or whatever is in these computers. They've access my Windows based units my Linux-based unit in my Apple iOS base units. Any insight or any help no matter how little is appreciated :confused:
|
Quote:
You don't say what version/distro of Linux you're using or what desktop environment you're using, but some basic things come to mind.
Quote:
|
"just annoying you" sounds a lot like Microsoft's NORMAL behavior for win 10
Quote:
what evidence , if any ? Quote:
|
Just install Fedora Linux (which ships with SELinux, a notoriously rigorous security layer) on all your machines, put up a firewall (the default firewall config in Fedora is pretty great), and hunker down and learn how to use computers. It'll change your life.
|
We need to have some indication as to exactly why you think that "someone [else] is remoting in" to your machines and doing all these very-nasty things to you.
|
You should contact your local law enforcement. There is absolutely nothing anyone in a free, online forum can do for you if your suspicions have any real foundations. If you truly feel that someone is accessing your machines from a remote location, then disconnect your machines from the internet, find a way to clean all information off of them that should not be there, and consider your next step.
Very glad that you've managed to join the forum, posted a hello message as well as your first thread, however posting unclear information, stating that you have little experience, but also implying you're using the command prompt and using a list of codes, all while citing that you cannot get out of your local network, seems to be very disconnected and conflicting information. |
Quote:
BTW, hackers can also gain entry by using hidden backdoors in programs and rootkits. Most of the time this is done by getting you to install a program. For example, you may be tricked into downloading a video player to play that video. I'm not sure if running an antivirus program will do much on an infected system. Some viruses/trojans are difficult to remove when windows's is running live. You can try running a liveDVD with clamav and mount the window's partition and do the scanning that way. It's better to start from scratch. Backup your persoanl data and reinstall. Use stronger passphrases for wifi access and change the SSID. For linux install gufw (GUI firewall for iptables), clamav (antivirus/malware) and rkhunter (rootkit checker). I don't use windows, so you know what security programs to install for it. You may want to add Malwarebytes Anti-Exploit for windows. A quote from web search. Quote:
Wish you luck. |
thanks for all the responses
okay I will try and answer everything about your queries.
Yes windows has a firewall but they have hacked it. set individual ports but still they get through. I have started from scratch, new drive new OS as mentioned before. once the install starts in any windows it doesn't install off CD it installs off a network somewhere, as i believe my hardware is hard coded with certain default coding. sound funny but it's my observation. BIOS, Video Card, Power supply, network adapter(WIFI) . I have informed Microsoft which they did a very short investigation into my PC deleted my findings and have not responded back to me. I informed them that their Visual Studio Suite was hacked and they are distributing these hackers software to all that download it. as well as Adobe Flash Player seems to be the same. (My Opinion only) when downloading it gets a wrapper with these hackers Certification, I get strange files appearing all around my drives, everything i do gets recorded be surfing INTERNET, and files i install seams they have their own copies that are already hacked and once install starts it goes to their servers and installs their hacked versions instead of the originals i am supposed to be installing. they use Power shell .ps1 coding, XML schema's, petser, bash coding, SQL Server, sdk tools, event logs that i did not setup. the rest is various other programming languages i am unfamiliar with. When I discovered this strange stuff happening i tried all i could to deter them removing files, code that i found, but soon they completed their newest release of their infiltrating software which got too advanced for me to keep up with their infiltration. and now it's all mainstream. I have run out of options but to see if someone smarter then me could give any kind of guidance I am going to try and see what i can do to offer Zip files for you but if you have a way to to look at or examine Registry might be a good start if your really interested in checking it out I can offer remote access if that's something that could help you as well. As i Said I am at wits end with these people and if i could send a them some kind of worm that would search their systems and infiltrate their computers and finally format their systems /u and delete their whole network I would also be entertain. I have been looking for any kind of return ip coding software but none found so far as i believe it could be hard coded in my hardware or in the many .dll's they use with their coding. I have many files that are labeled similar to this kind of file system "{02786cdc-1792-11e7-9699-fd077a256071}" I am assuming their are hash files of sorts which some contain whole packages so if I install programs without INTERNET access active they simply use these files to install their corrupt software from. i am not efficent enough in the registry to remove their coding from it but have lots of " @ieframe.dll,-10323" , " @mmres.dll,-5825" type entries i know they also use " @%SystemRoot%\System32\fveui.dll,-843",| @C:\Program Files\Windows Defender\EppManifest.dll,-1000" these i believe are all custom designed dll" I have a lot of these type files "api-ms-win-base-util-l1-1-0.dll|" they transfer data out by adding my data to "BMP files" like cab files with many various other methods. I have lost countless of thousands of dollars worth of software that i can never replace, my coding that would take me years apron years to re-write if I even could remember everything i even had. I will include my registry for you to have a look at. some of the coding can not be offered for review as it would be too dangerous in the wrong hands. I am trying my best to get create a place on the web to show my related information and once i can offer it i will display the link. but it will be required a login. to access it. No I am not related to WDCreations.com.uk the reason for the name is i play Stormfall Age of War online game and i crated my own training website for new players Thanks everyone and i hope some kind of resolution will be available. WDCreations. On main site button top right"(hacker info link(button))" trying To get the registry (hkey_Local_Machine, Hkey_Classes_Root up and available) but have posted some pic's of temp directory which if i delete tonight will be back next time I ENABLE internet access http://whitetig.wixsite.com/dragon-creations guest login: pwd: H3A3C9K5E0R2I7N |
Please see a doctor; you may have paranoid delusions.
|
https://www.linuxquestions.org/quest...7/#post5698022
Seven OSs. all of them won't install and you think it's some bad actor? #WFW and it's you. Sorry. That's a plot straight out of Television. You are so in over your head. And your "answers" to our questions is just you reciting the same paranoid litany of symptoms. https://www.linuxquestions.org/quest...7/#post5679005 Don't waste time any further. Stop the hyper-ventilating. Take action. Start documentation. |
WDCreations, please refrain from posting unclear statements which imply nefarious or devious behavior on the part of unknown individuals.
|
I do know that on my wan there are attempts to bypass my security almost every few seconds last time I looked at the logs.
I also have no reason to doubt that your system could have been hacked. Usually one would have to use tools to detect network traffic like wireshark or other means to monitor traffic. One could possibly use anti-virus programs but the modern threats are difficult to find. The best known solution is to reload all computers on lan from known good media. Any media that you have in lan may be suspect. We can't let members post messages that are less than polite. "Microsoft which they did a very short investigation into my PC" I find this the most unusual part. Did you get scammed into letting in a fake MS tech on your systems? |
when I was new would just reinstall... try: https://cdimage.debian.org/cdimage/u...y-live-builds/
http://www.linuxquestions.org/questi...0/#post5544589 &c,,, have fun! :hattip: |
Held Hostage by RAT
Microsoft is indeed a RAT. I say abandon all window's operating systems all over the world and make it a better place.
|
All times are GMT -5. The time now is 03:12 AM. |