Forum Thread: Need Serious Help!!!

Hello and and welcome to Null-Byte.

In my opinion "Defense is the best offense". If these hackers are coming back one after another then the best thing you should do at first is "Contact your local authorities" because if your Husband is retired Air Force computer specialist then he won't be able to cope up with the evolving hacker strategies. Secondly you can always request another IP address from your ISP (Internet service providers) because your IP address is like an address exposed to the public to pay you a visit (if the person has enough skills to do so), Use good firewall software and A 'payed' (yes I know its hard to do so. . .) premium Anti-virus, Do not open any suspicious mails or Docs (especially PDFs) And last but not least, Try to figure out why they are after you and your husband because hackers with considerable knowledge, do not target people for 'No perticular reason'..... At the end... I hope that you're problem gets solved because 'Hope' can be a ray of light in the darkest hours.. Peace.

The_unknown

Xero, is there anyway to send you a private message? My husband would give you more details what he has done and I don't feel comfortable to put it to a public web site.

Have a great weekend!!

My husband wanted to give some insight to our problem..

Things I need to know:

I removed wifi card, but they can still make changes to the computer wirelessly. I disabled all sensors in services but they still do it, How?

I bought a commercial router/firewall and they disabled it wirelessly, using my own tablet. How? How can I stop it?

I have wifi signal analyzer and a high gigs hertz spyware receiver and was able to analyze signal patters. The computers themselves send a signal out, which I presume is picked up by 6 of our neighbors routers. Comcast allowed a strange update of the modem's firmware and are always trying to find out what equipment I have. Suspect 99.99999 NSA involvement, due to my past w the US military and subsequently leaving it. Not sure why, but it's the only thing I can think of.

Continues...

Instead of closing certain ports, just turn off your WiFi altogether. If you have it, also turn off Bluetooth. I may be forgetting a few other technologies, but these are the main ways they can get on your network.

As far as antiviruses, they will most likely do absolutely nothing if you are targeted by any skilled hacker. Don't open any suspicious emails, and NEVER open attachments unless you're 100% SURE they're safe.

But right now, it seems like your main problem is the attackers using your Wifi signal against you, so again, your safest bet is to turn it off.

This is an involved and sophisticated attack. Way, way beyond "did you buy a firewall and update your computer"?
I've blocked the following ports in my firewall:
WLAN: 7235

FTP, SSH, Telnet, SNMP, Netbios, fileshare, IPv6, Remote Desktop, Remote Events, incoming DNS, incoming NTP. Blocked ports based on input from logs, but they get in anyway, how?

Correction, blocked 7235 in computer but not on router lest it kill wireless altogether.

They have modified computers firmware and my TZ400. TZ400 is not ready to be used because somehow they modified its firmware. Dell will not tell me how I can block the NSA from modifying the firewall's firmware.

I have a very persistent Trojan virus which attaches itself to the intel audio and graphics drivers, but primarily the audio. However, once infected, it resides in the motherboard. It weakens and takes over access settings, giving the hackers free access to your PC.

(Order of these messages are obviously wrong so this is the first and so on. I'm sure that you can figure that out...)

From there come the "tunnel adapters", ISATAP and Teredo primarily. Then the computer's name changes from "laptop-**** to "MININT-***. If I succeed in removing it from system restore, the hard drive and the pagefile and the registry, the pc will crash; or I'll get a CMOS needs reset warning, or the "Automatic repair" warning comes up immediately after booting up. It's driving me crazy! So hard to kill! So far, the only way is to replace the motherboard and wipe the HD. But they can then infect it again in seconds! Anybody knows how to beat this very persistent die-hard Trojan? It's so nasty it has to be done by the damn NSA! Those wonderful folks who's mission in life is to find out every personal detail of your lives just in case one day you do something. They've picked on me because I was injured at work. I haven't been able to use not even one PC in over a year because they've put these persistent viruses and they break in no matter what security you may have.

I didn't figure out the order correctly..heh
So read from the bottom to up.
Peppi

Do you know if they're local? Being close to the target is very helpful, and they may even be on your WiFi network. I may just be paranoid, but you can never be too safe...

Good luck though

Actually, yes they are using local networks. But it's not only one but six! All Xfinity networks as most of the people over here have. My husband says that it's "just" a channel for breaking in to our computers.

I agree that it's scary stuff, very scary. Only time shows what really is behind of all this. I have said to my husband that let's go back several decades and learn to live without Internet. Problem would be solved! But not a easy solution... He is not ready to give up yet. It's driving me crazy and making his health deteriorate. Not funny.

I tell you, you are not paranoid but a person who has noticed that things are not like they appear to be we want it or not.

Thank you for your response.
Have a great week!

Maybe try using ethernet only, and decreasing your WiFi signal or turning it off altogether?

Using ethernet won't do anything, it would still allow them to mitm, arp poison etc.

The only reason I was saying to use ethernet would be to prevent them from doing those attacks. If they turn off their WiFi signal, the attackers would only have ethernet to do those attacks, right?

As far as I know, yes.

Hello again and I hope that you and your husband are in a good health.

First the mate above has said the true thing that ARP poisoning is done with WIFI so turning off Wifi can be significantly beneficial... Because then they'll have to tap into your Ethernet to use MITM attacks... Hope and prays are always with you that your Husband gets well soon~

P.S Secure your Ethernet router if you are to turn off the WIFI, also regularly change password of your WIFI if you want to keep WiFi , Please check if you have WPS enabled because it makes your Wifi Damn vulnerable.

At the end as always... Peace~

The_Unknown.

Set up one or more honeypots. Find out what kind of malwares and tools they are using.

Latest one is "backdoor poisoning Trojan". Extremely hard to remove and basically takes over your computer.
Read this:

"Backdoor:Win32/Poison.E is a backdoor Trojan that permits remote cybercriminals to obtain backdoor access and control over the compromised PCBackdoor:Win32/Poison.E aims at copying itself to the corrupted PC as a harmful file, which is named similarly to a genuine Windows file and exists by default in the same folder; therefore, the copy attempt possibly fails. Backdoor:Win32/Poison.E creates the registry entry so that it can launch automatically whenever you start Windows. Backdoor:Win32/Poison.E connects to a distant server to get commands, which enables a remote cybercriminal to obtain access of the infected computer. To evade common firewall programs, Backdoor:Win32/Poison.E opens an 'iexplore.exe' process and adds itself to it. When added to this process, Backdoor:Win32/Poison.E contacts a distant server to getcommands."

Hello Peppi, I hope that you and your husband are safe and healthy.

First of all , I would like to inquire how did that file get into your computer. I have already advised that Do not open suspicious emails and files, Also Do not let any person near your computer (like if someone arrives being technical support) Did you get that Anti-virus installed? also try re-doing your windows it will revert the registry file back to normal and then without opening any partition download a good anti-virus or install it by DVD/USB and then scan your whole computer, Make that an extensive scan and add priority level to high.

Hope that'll rid you of those pesky hackers.As always Hopes and prayers are always with you.

The_Unknown.

Phishing, this is an attempt... "Please I need a "Hacker" to E-mail me directly to help combat these bad people!" If this was legit then go to your ISP or someone with authority.

Null pipe, here is something for you: At first, yeah the title is lame but it doesn't mean that it's fake. We are desperate and it was a cry for help. And yes, my husband has already been dealing with our ISP (Actually we are going to change to a business account, maybe the security is better, MAYBE....I have my doubts) and we have talked with police and FBI. No response from FBI yet but we are, for sure, going to get their attention. My husband has more than enough evidence to show that behind of this all is more than some neighborhood teenagers playing bad boys.

So thank you for your trust, I have to find help from somewhere else. Too bad, I thought that I could find some real help from you guys but I thought wrong I guess.

Apology from your side would be appreciated.

We're doing all we can. There's only so much we can figure out about your situation without any images or screen output. We have provided many solutions based on what you have told us, but we need much more information, and we need to know if our suggestions have done anything to fix the problem.

Sorry we couldn't help solve your problem, but I don't think anybody else will either with what you have given us.

Oh I do apologize from Null Pipes because I think he is new and kinda straight forward. But as I've been trying to give you the best answer possible please do not forsake my words as I've put alot of efforts into helping you out of the mess you are in.

Also I hope that by taking my advise and of others here, You might be able to cover yourself up. Cheers~

The_Unknown.