LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-04-2017, 02:13 AM   #1
Noobie Noobie Doo
LQ Newbie
 
Registered: Mar 2017
Location: Daytona Beach, Florida
Posts: 2

Rep: Reputation: Disabled
Unhappy Held Hostage by RAT


I need some help, the last four months I believe somebody has been remoting into my computers and locking me into the local networks on my Windows based units and I have a Linux-based unit that I'm locked onto the desktop. Being relatively new to Linux I'm not sure how do I get out of here. my Notification area is gone and I'm very limited on what I can do. I'm able to access the terminal. And I have a list of codes I've been using. But I'm not very educated on how to how to handle this problem any help would be very appreciated. This has been a very stressful four months for me. Every waking minute I have spent fighting whoever or whatever is in these computers. They've access my Windows based units my Linux-based unit in my Apple iOS base units. Any insight or any help no matter how little is appreciated
 
Old 03-04-2017, 09:28 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,960

Rep: Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827Reputation: 5827
Quote:
Originally Posted by Noobie Noobie Doo View Post
I need some help, the last four months I believe somebody has been remoting into my computers and locking me into the local networks on my Windows based units and I have a Linux-based unit that I'm locked onto the desktop. Being relatively new to Linux I'm not sure how do I get out of here. my Notification area is gone and I'm very limited on what I can do. I'm able to access the terminal. And I have a list of codes I've been using. But I'm not very educated on how to how to handle this problem any help would be very appreciated. This has been a very stressful four months for me. Every waking minute I have spent fighting whoever or whatever is in these computers.
Based on what you've posted, there is very little we can tell you.

You don't say what version/distro of Linux you're using or what desktop environment you're using, but some basic things come to mind.
  • Run a GOOD anti-virus program on your Windows boxes
  • Run a rootkit hunter/clamscan on your Linux box.
  • If 'they' are getting into your systems over the Internet, then unplug the internet to do your diagnostics.
  • You have a 'list of codes'...what, exactly, does that mean, what are they, and where did you get them???? No idea what you're talking about with this one.
If you don't know much about Linux, then focus on your Windows boxes and get them secured/stable first. How to do that I can't tell you...haven't used Windows for anything but gaming occasionally in over 20 years. Some products I do know about are ccleaner, AVG anti virus, and malwarebytes. Download those three from their respective websites, unplug your internet, and install/run them on your Windows systems, and see if that helps.
Quote:
They've access my Windows based units my Linux-based unit in my Apple iOS base units. Any insight or any help no matter how little is appreciated
So...'they' have accessed your Windows systems, Linux systems, and Apple iOS systems....any ideas WHY? Because it doesn't make sense to me...someone who wanted to hack/steal from you wouldn't do it and make it noticeable; they'd do something that would leave hardly any trace. Leaving your systems up and running, but just annoying you seems odd.
 
3 members found this post helpful.
Old 03-05-2017, 11:09 AM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,454

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
"just annoying you" sounds a lot like Microsoft's NORMAL behavior for win 10

Quote:
believe somebody has been remoting into my computers and locking me into the local networks on my Windows
what makes you think that ???
what evidence , if any ?

Quote:
Every waking minute I have spent fighting whoever or whatever is in these computers.
that sounds like microsoft and autoupdate and normal things windows dose to piss off the user
 
1 members found this post helpful.
Old 03-05-2017, 11:19 AM   #4
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora, NetBSD
Posts: 1,071

Rep: Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725
Just install Fedora Linux (which ships with SELinux, a notoriously rigorous security layer) on all your machines, put up a firewall (the default firewall config in Fedora is pretty great), and hunker down and learn how to use computers. It'll change your life.
 
Old 03-05-2017, 06:40 PM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
We need to have some indication as to exactly why you think that "someone [else] is remoting in" to your machines and doing all these very-nasty things to you.
 
Old 03-06-2017, 06:51 AM   #6
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,054
Blog Entries: 13

Rep: Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501
You should contact your local law enforcement. There is absolutely nothing anyone in a free, online forum can do for you if your suspicions have any real foundations. If you truly feel that someone is accessing your machines from a remote location, then disconnect your machines from the internet, find a way to clean all information off of them that should not be there, and consider your next step.

Very glad that you've managed to join the forum, posted a hello message as well as your first thread, however posting unclear information, stating that you have little experience, but also implying you're using the command prompt and using a list of codes, all while citing that you cannot get out of your local network, seems to be very disconnected and conflicting information.
 
Old 04-18-2017, 03:34 AM   #7
iamsteve
LQ Newbie
 
Registered: Apr 2017
Posts: 2

Rep: Reputation: Disabled
Quote:
Originally Posted by Noobie Noobie Doo View Post
I need some help, the last four months I believe somebody has been remoting into my computers and locking me into the local networks on my Windows based units and I have a Linux-based unit that I'm locked onto the desktop. This has been a very stressful four months for me. Every waking minute I have spent fighting whoever or whatever is in these computers. They've access my Windows based units my Linux-based unit in my Apple iOS base units. Any insight or any help no matter how little is appreciated
Have you checked the logs on your router? Routers have logs that track incoming connections. It will show the source and destination traffic and the type of packets. If you don't understand the log entries, you can copy and forward it to your ISP. Just explain to your ISP that you suspect someone has gain access to your computer over the internet.

BTW, hackers can also gain entry by using hidden backdoors in programs and rootkits. Most of the time this is done by getting you to install a program. For example, you may be tricked into downloading a video player to play that video.

I'm not sure if running an antivirus program will do much on an infected system. Some viruses/trojans are difficult to remove when windows's is running live. You can try running a liveDVD with clamav and mount the window's partition and do the scanning that way.

It's better to start from scratch. Backup your persoanl data and reinstall. Use stronger passphrases for wifi access and change the SSID.

For linux install gufw (GUI firewall for iptables), clamav (antivirus/malware) and rkhunter (rootkit checker).

I don't use windows, so you know what security programs to install for it.

You may want to add Malwarebytes Anti-Exploit for windows. A quote from web search.

Quote:
Malwarebytes Anti-Exploit (MBAE), formerly ExploitShield by ZeroVulnerabilityLabs, is a security program that runs in the background as a standard Windows Service and protects against zero-day exploits that target browser and application vulnerabilities, blocks exploit kits and defends against drive-by download attacks
PS: Do all this on a fresh installed system. Not when a system is already infected, if it is?

Wish you luck.

Last edited by iamsteve; 04-18-2017 at 04:31 AM.
 
Old 04-18-2017, 05:01 AM   #8
WDCreations
LQ Newbie
 
Registered: Apr 2017
Posts: 2

Rep: Reputation: Disabled
thanks for all the responses

okay I will try and answer everything about your queries.

Yes windows has a firewall but they have hacked it. set individual ports but still they get through. I have started from scratch, new drive new OS as mentioned before. once the install starts in any windows it doesn't install off CD it installs off a network somewhere, as i believe my hardware is hard coded with certain default coding. sound funny but it's my observation. BIOS, Video Card, Power supply, network adapter(WIFI) . I have informed Microsoft which they did a very short investigation into my PC deleted my findings and have not responded back to me. I informed them that their Visual Studio Suite was hacked and they are distributing these hackers software to all that download it. as well as Adobe Flash Player seems to be the same. (My Opinion only) when downloading it gets a wrapper with these hackers Certification, I get strange files appearing all around my drives, everything i do gets recorded be surfing INTERNET, and files i install seams they have their own copies that are already hacked and once install starts it goes to their servers and installs their hacked versions instead of the originals i am supposed to be installing. they use Power shell .ps1 coding, XML schema's, petser, bash coding, SQL Server, sdk tools, event logs that i did not setup. the rest is various other programming languages i am unfamiliar with. When I discovered this strange stuff happening i tried all i could to deter them removing files, code that i found, but soon they completed their newest release of their infiltrating software which got too advanced for me to keep up with their infiltration. and now it's all mainstream. I have run out of options but to see if someone smarter then me could give any kind of guidance I am going to try and see what i can do to offer Zip files for you but if you have a way to to look at or examine Registry might be a good start if your really interested in checking it out I can offer remote access if that's something that could help you as well. As i Said I am at wits end with these people and if i could send a them some kind of worm that would search their systems and infiltrate their computers and finally format their systems /u and delete their whole network I would also be entertain. I have been looking for any kind of return ip coding software but none found so far as i believe it could be hard coded in my hardware or in the many .dll's they use with their coding. I have many files that are labeled similar to this kind of file system "{02786cdc-1792-11e7-9699-fd077a256071}" I am assuming their are hash files of sorts which some contain whole packages so if I install programs without INTERNET access active they simply use these files to install their corrupt software from. i am not efficent enough in the registry to remove their coding from it but have lots of " @ieframe.dll,-10323" , " @mmres.dll,-5825" type entries i know they also use " @%SystemRoot%\System32\fveui.dll,-843",| @C:\Program Files\Windows Defender\EppManifest.dll,-1000" these i believe are all custom designed dll" I have a lot of these type files "api-ms-win-base-util-l1-1-0.dll|" they transfer data out by adding my data to "BMP files" like cab files with many various other methods.
I have lost countless of thousands of dollars worth of software that i can never replace, my coding that would take me years apron years to re-write if I even could remember everything i even had. I will include my registry for you to have a look at. some of the coding can not be offered for review as it would be too dangerous in the wrong hands. I am trying my best to get create a place on the web to show my related information and once i can offer it i will display the link. but it will be required a login. to access it.
No I am not related to WDCreations.com.uk the reason for the name is i play Stormfall Age of War online game and i crated my own training website for new players
Thanks everyone and i hope some kind of resolution will be available.
WDCreations.
On main site button top right"(hacker info link(button))" trying To get the registry (hkey_Local_Machine, Hkey_Classes_Root up and available) but have posted some pic's of temp directory which if i delete tonight will be back next time I ENABLE internet access
http://whitetig.wixsite.com/dragon-creations
guest login:
pwd: H3A3C9K5E0R2I7N
 
Old 04-18-2017, 09:05 AM   #9
JeremyBoden
Senior Member
 
Registered: Nov 2011
Location: London, UK
Distribution: Debian
Posts: 1,558

Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Please see a doctor; you may have paranoid delusions.
 
2 members found this post helpful.
Old 04-18-2017, 09:48 AM   #10
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
https://www.linuxquestions.org/quest...7/#post5698022

Seven OSs. all of them won't install and you think it's some bad actor?

#WFW and it's you. Sorry. That's a plot straight out of Television.

You are so in over your head.
And your "answers" to our questions is just you reciting the same paranoid litany of symptoms.

https://www.linuxquestions.org/quest...7/#post5679005

Don't waste time any further.
Stop the hyper-ventilating.
Take action.
Start documentation.

Last edited by Habitual; 04-18-2017 at 09:49 AM.
 
Old 04-18-2017, 09:58 AM   #11
rtmistler
Moderator
 
Registered: Mar 2011
Location: MA, USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,054
Blog Entries: 13

Rep: Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501Reputation: 3501
WDCreations, please refrain from posting unclear statements which imply nefarious or devious behavior on the part of unknown individuals.
 
Old 04-18-2017, 03:46 PM   #12
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,217

Rep: Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926Reputation: 2926
I do know that on my wan there are attempts to bypass my security almost every few seconds last time I looked at the logs.

I also have no reason to doubt that your system could have been hacked. Usually one would have to use tools to detect network traffic like wireshark or other means to monitor traffic.

One could possibly use anti-virus programs but the modern threats are difficult to find.

The best known solution is to reload all computers on lan from known good media. Any media that you have in lan may be suspect.

We can't let members post messages that are less than polite.

"Microsoft which they did a very short investigation into my PC" I find this the most unusual part. Did you get scammed into letting in a fake MS tech on your systems?

Last edited by jefro; 04-18-2017 at 03:48 PM.
 
1 members found this post helpful.
Old 04-18-2017, 08:24 PM   #13
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,852
Blog Entries: 2

Rep: Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312Reputation: 1312
when I was new would just reinstall... try: https://cdimage.debian.org/cdimage/u...y-live-builds/
http://www.linuxquestions.org/questi...0/#post5544589
&c,,, have fun!
 
Old 04-19-2017, 01:13 AM   #14
DUHHH?
LQ Newbie
 
Registered: Apr 2017
Posts: 3

Rep: Reputation: Disabled
Held Hostage by RAT

Microsoft is indeed a RAT. I say abandon all window's operating systems all over the world and make it a better place.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Never to be held hostage by windows again!!! okcalibob LinuxQuestions.org Member Intro 6 06-29-2018 05:16 AM
LXer: Web Stores Held Hostage LXer Syndicated Linux News 1 11-19-2015 08:36 PM
Rat Trojans etc a_gardener Linux - Security 6 08-31-2012 10:01 PM
Held Hostage by FC3 sembazuru Fedora 4 11-28-2004 06:56 PM
My Files Are Being Held Hostage!! biggsjm Linux - Networking 2 10-12-2003 05:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration