I need some help, the last four months I believe somebody has been remoting into my computers and locking me into the local networks on my Windows based units and I have a Linux-based unit that I'm locked onto the desktop. Being relatively new to Linux I'm not sure how do I get out of here. my Notification area is gone and I'm very limited on what I can do. I'm able to access the terminal. And I have a list of codes I've been using. But I'm not very educated on how to how to handle this problem any help would be very appreciated. This has been a very stressful four months for me. Every waking minute I have spent fighting whoever or whatever is in these computers. They've access my Windows based units my Linux-based unit in my Apple iOS base units. Any insight or any help no matter how little is appreciated

Based on what you've posted, there is very little we can tell you.

You don't say what version/distro of Linux you're using or what desktop environment you're using, but some basic things come to mind.

• Run a GOOD anti-virus program on your Windows boxes
• Run a rootkit hunter/clamscan on your Linux box.
• If 'they' are getting into your systems over the Internet, then unplug the internet to do your diagnostics.
• You have a 'list of codes'...what, exactly, does that mean, what are they, and where did you get them???? No idea what you're talking about with this one.

If you don't know much about Linux, then focus on your Windows boxes and get them secured/stable first. How to do that I can't tell you...haven't used Windows for anything but gaming occasionally in over 20 years. Some products I do know about are ccleaner, AVG anti virus, and malwarebytes. Download those three from their respective websites, unplug your internet, and install/run them on your Windows systems, and see if that helps.
So...'they' have accessed your Windows systems, Linux systems, and Apple iOS systems....any ideas WHY? Because it doesn't make sense to me...someone who wanted to hack/steal from you wouldn't do it and make it noticeable; they'd do something that would leave hardly any trace. Leaving your systems up and running, but just annoying you seems odd.

3 members found this post helpful.

"just annoying you" sounds a lot like Microsoft's NORMAL behavior for win 10

what makes you think that ???
what evidence , if any ?

that sounds like microsoft and autoupdate and normal things windows dose to piss off the user

1 members found this post helpful.

Just install Fedora Linux (which ships with SELinux, a notoriously rigorous security layer) on all your machines, put up a firewall (the default firewall config in Fedora is pretty great), and hunker down and learn how to use computers. It'll change your life.

We need to have some indication as to exactly why you think that "someone [else] is remoting in" to your machines and doing all these very-nasty things to you.

You should contact your local law enforcement. There is absolutely nothing anyone in a free, online forum can do for you if your suspicions have any real foundations. If you truly feel that someone is accessing your machines from a remote location, then disconnect your machines from the internet, find a way to clean all information off of them that should not be there, and consider your next step.

Very glad that you've managed to join the forum, posted a hello message as well as your first thread, however posting unclear information, stating that you have little experience, but also implying you're using the command prompt and using a list of codes, all while citing that you cannot get out of your local network, seems to be very disconnected and conflicting information.

Have you checked the logs on your router? Routers have logs that track incoming connections. It will show the source and destination traffic and the type of packets. If you don't understand the log entries, you can copy and forward it to your ISP. Just explain to your ISP that you suspect someone has gain access to your computer over the internet.

BTW, hackers can also gain entry by using hidden backdoors in programs and rootkits. Most of the time this is done by getting you to install a program. For example, you may be tricked into downloading a video player to play that video.

I'm not sure if running an antivirus program will do much on an infected system. Some viruses/trojans are difficult to remove when windows's is running live. You can try running a liveDVD with clamav and mount the window's partition and do the scanning that way.

It's better to start from scratch. Backup your persoanl data and reinstall. Use stronger passphrases for wifi access and change the SSID.

For linux install gufw (GUI firewall for iptables), clamav (antivirus/malware) and rkhunter (rootkit checker).

I don't use windows, so you know what security programs to install for it.

You may want to add Malwarebytes Anti-Exploit for windows. A quote from web search.

PS: Do all this on a fresh installed system. Not when a system is already infected, if it is?

Wish you luck.

okay I will try and answer everything about your queries.

Yes windows has a firewall but they have hacked it. set individual ports but still they get through. I have started from scratch, new drive new OS as mentioned before. once the install starts in any windows it doesn't install off CD it installs off a network somewhere, as i believe my hardware is hard coded with certain default coding. sound funny but it's my observation. BIOS, Video Card, Power supply, network adapter(WIFI) . I have informed Microsoft which they did a very short investigation into my PC deleted my findings and have not responded back to me. I informed them that their Visual Studio Suite was hacked and they are distributing these hackers software to all that download it. as well as Adobe Flash Player seems to be the same. (My Opinion only) when downloading it gets a wrapper with these hackers Certification, I get strange files appearing all around my drives, everything i do gets recorded be surfing INTERNET, and files i install seams they have their own copies that are already hacked and once install starts it goes to their servers and installs their hacked versions instead of the originals i am supposed to be installing. they use Power shell .ps1 coding, XML schema's, petser, bash coding, SQL Server, sdk tools, event logs that i did not setup. the rest is various other programming languages i am unfamiliar with. When I discovered this strange stuff happening i tried all i could to deter them removing files, code that i found, but soon they completed their newest release of their infiltrating software which got too advanced for me to keep up with their infiltration. and now it's all mainstream. I have run out of options but to see if someone smarter then me could give any kind of guidance I am going to try and see what i can do to offer Zip files for you but if you have a way to to look at or examine Registry might be a good start if your really interested in checking it out I can offer remote access if that's something that could help you as well. As i Said I am at wits end with these people and if i could send a them some kind of worm that would search their systems and infiltrate their computers and finally format their systems /u and delete their whole network I would also be entertain. I have been looking for any kind of return ip coding software but none found so far as i believe it could be hard coded in my hardware or in the many .dll's they use with their coding. I have many files that are labeled similar to this kind of file system "{02786cdc-1792-11e7-9699-fd077a256071}" I am assuming their are hash files of sorts which some contain whole packages so if I install programs without INTERNET access active they simply use these files to install their corrupt software from. i am not efficent enough in the registry to remove their coding from it but have lots of " @ieframe.dll,-10323" , " @mmres.dll,-5825" type entries i know they also use " @%SystemRoot%\System32\fveui.dll,-843",| @C:\Program Files\Windows Defender\EppManifest.dll,-1000" these i believe are all custom designed dll" I have a lot of these type files "api-ms-win-base-util-l1-1-0.dll|" they transfer data out by adding my data to "BMP files" like cab files with many various other methods.
I have lost countless of thousands of dollars worth of software that i can never replace, my coding that would take me years apron years to re-write if I even could remember everything i even had. I will include my registry for you to have a look at. some of the coding can not be offered for review as it would be too dangerous in the wrong hands. I am trying my best to get create a place on the web to show my related information and once i can offer it i will display the link. but it will be required a login. to access it.
No I am not related to WDCreations.com.uk the reason for the name is i play Stormfall Age of War online game and i crated my own training website for new players
Thanks everyone and i hope some kind of resolution will be available.
WDCreations.
On main site button top right"(hacker info link(button))" trying To get the registry (hkey_Local_Machine, Hkey_Classes_Root up and available) but have posted some pic's of temp directory which if i delete tonight will be back next time I ENABLE internet access
http://whitetig.wixsite.com/dragon-creations
guest login:
pwd: H3A3C9K5E0R2I7N

Please see a doctor; you may have paranoid delusions.

2 members found this post helpful.

https://www.linuxquestions.org/quest...7/#post5698022

Seven OSs. all of them won't install and you think it's some bad actor?

#WFW and it's you. Sorry. That's a plot straight out of Television.

You are so in over your head.
And your "answers" to our questions is just you reciting the same paranoid litany of symptoms.

https://www.linuxquestions.org/quest...7/#post5679005

Don't waste time any further.
Stop the hyper-ventilating.
Take action.
Start documentation.

WDCreations, please refrain from posting unclear statements which imply nefarious or devious behavior on the part of unknown individuals.

I do know that on my wan there are attempts to bypass my security almost every few seconds last time I looked at the logs.

I also have no reason to doubt that your system could have been hacked. Usually one would have to use tools to detect network traffic like wireshark or other means to monitor traffic.

One could possibly use anti-virus programs but the modern threats are difficult to find.

The best known solution is to reload all computers on lan from known good media. Any media that you have in lan may be suspect.

We can't let members post messages that are less than polite.

"Microsoft which they did a very short investigation into my PC" I find this the most unusual part. Did you get scammed into letting in a fake MS tech on your systems?

1 members found this post helpful.

when I was new would just reinstall... try: https://cdimage.debian.org/cdimage/u...y-live-builds/
http://www.linuxquestions.org/questi...0/#post5544589
&c,,, have fun!

Microsoft is indeed a RAT. I say abandon all window's operating systems all over the world and make it a better place.