Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Hacked, Then Hijacked [Closed]


  • This topic is locked This topic is locked

#106
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I do not know if you are gone, but I am done for. So I have to quit for today. I MUST get to town tomorrow by 2 so will do all I can to get an earlier start.

I just got up to see the results of a Norton scan--no threats. Though the computer was instructed to stay on after the scan, it did not.

When I got to the signin window, I saw SWITCH USER--it was hidden in the shut down menu on that page and only there when she was online before. Now it was large under the password box and disappeared shortly after I turned the computer on, but it also showed me as logged on. And this time, the wireless light is off.
I saw Switch User yesterday too. Also I found something in my Start menu: TraitorSoul, which turned out to be a video. I do not watch videos, and it quickly disappeared.
She is not gone.

Toshiba has a feature I cannot find. There is a place where anyone can get into the intranet without a password, though she may have dug herself in deeper into this computer. The admin should be able to see all users and their permissions, and to edit, add, remove user. It was easy to find til she hid it. And this time, the wireless light is off.

Is there a way to find hidden items, like my wifi, and her acct? I ran across a window before where she had hidden my drivers but I have too many notes and know time is of the essence online and personally. One clue leads to another so I follow. I will let you know when I am denied access as mentioned earlier, or when I see something like this.

Another redirect to email while typing the above paragraph. Then another redirect to IBM Flex System overview (second time for that one).

Edited by traveler818, 17 January 2013 - 08:38 PM.

  • 0

Advertisements


#107
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As it stands the only way any one can get on your system is to be there physically

I believe I have done as much as I can from the online perspective, it may need someone physically there to reset and secure the system
  • 0

#108
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
That's how I got into this mess.

Last night, I unplugged the Toshiba cord when I cut power, and had to restart broadband. I clicked on an option where anyone who wants to access this computer wirelessly has to know the network name, but that is the name of the modem, which she could obtain by calling ATT--though it would only prompt her for network name, she would know exactly what that was.

The wireless light was on again today when I turn on the power, then off. I want to switch ISP's, which could provide a new modem hopefully.

My other yikes on this is this town is so isolated that we only have one computer tech--before, he did not want a job as big is reformatting the system. I can try to find him, but there is essentially none here.

Or (it would be the third time), is there anything I could do if I restored to factory default again?

If it tells anything, new messages started appearing in the last week or two--when I sign on, it says, "please wait for the group policy manager", then I log in and see "Please wait for the user profile." Until last night, they went by too fast and there was a slight variance ie group manager today, but it went by too fast--it was just one word I think.

If the command prompt says: system 32, can I change it to system 64?-- now it says C\windows\system 32

Edited by traveler818, 18 January 2013 - 09:59 AM.

  • 0

#109
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can do a full reinstall and when you do ensure that 64bit is selected. Once you have done that then password protect your account (at the login screen)
The syswow folder shows that 64bit is installed
[attachment=62521:Capture.JPG]
  • 0

#110
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Thank you. The signin page has been password protected through this whole ordeal. She has created an account, probably an admin acct (?), and hidden it. Is there a way to find hidden accts, drivers (wifi),etc.?

Do I need 32 bits at all?

I know 64 bits is installed, but she had written a command to hide it. I wonder if we ran the same tests with the command prompt changed to C\windows\system 64. (I haven't tried to change it because it is something I do not understand and do not want to screw up--SOP).

It only scanned anything 32-bit as far as I could see. If so, I would like to see what shows up with a 64-bit command prompt. The scans would consume less time with me if you posted them because I have done them once. I know reading them takes time too--it amazes me.

If changing the command prompt to 64-bit is not possible, then when I know whether I need 32 bit software at all, or if I can unselect it during the reinstall, I will go from there.

I suspect just rebooting from the 64-bit windows disk would not get rid of system 32. Am I right?

Under Action Center in the Ctrl Panel, under troubleshooting, she has it set so that windows update never installs drivers. Will check to see if the troubleshooter fixed that when I can figure out how.

I found out why startup was SO slow. She had it set to run all the Toshiba files. I deleted them.

(How do I read the comments from other users?)

Edited by traveler818, 18 January 2013 - 12:13 PM.

  • 0

#111
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your system is running as 64bit and there is no way that can be disabled. The majority of programmes will run in 32bit mode so that cannot be removed.

Once you have reinstalled and set the password you will be the only administrator (apart for the system hidden one.. But very few know how to access that) and no one will be able to access any part of the system unless they know the password

This is how windows updates should be set up
[attachment=62525:Capture.JPG]
  • 0

#112
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Here goes--but I want to read other user comments and can't figure out how.
  • 0

#113
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Which comments would they be ?
  • 0

#114
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
On the list of posts, it is under stats--right now there are 112 replies and this is number 114--I think the number refers to replies between you and I since the numbers match, so cancel that unless I am wrong--under it is shown how many people have viewed the post, which is why I thought some were adding replies.

I restored to factory default, but this time, it did not go the same--Toshiba did the whole process which took all the time i had. After a week of doing this all day, despite how much I want to check things out, I am exhausted. Toshiba never gave me the window you posted or any of those update options,but it installed many updates.

Wow there are a lot more programs on the machine now, and I will be back at it tomorrow to see what's what. I am taking snips of windows with specs. They are Captures--I think FileAssassin (in mbam) unlocks them, and I am putting them on a DVD as soon as I can reconfigure the way the system does that.

Out of curiosity, I found only one acct (though I haven't yet found the Main Users window), hopefully I will tomorrow. It showed only me, as admin. I clicked change account and got the message that there needs to be a second admin to, I guess, take over if I quit. I never got that message before--it is hopeful. It also told me elsewhere that no one can get in. I will know more tomorrow when I have more time to explore.

I am still looking for drivers. I have many, most not active. When I got home, the wireless light was on but no switch user or logged on--not sure what that means, but it is promising.

I am going to try to play music all night (from You Tube), thus the computer will stay on, and if she can get in, may not try--she seems to want the computer off (or me off). I will check in here tomorrow and then look around for signs of her.

The computer has another new name, and I changed the logon password.

If I see signs of her, I will try again to do the windows version of restore to factory default. Phew. Goodnight. Do you take weekends or Sundays off?

Which web browser is the most secure?

Edited by traveler818, 18 January 2013 - 08:31 PM.

  • 0

#115
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I currently use IE10 only as I find firefox and chrome to much of a pain to set up securely

As long as the login password is secure (i.e. not something easily guessed) you should be OK
  • 0

Advertisements


#116
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I haven't seen IE 10--it usually updates automatically so maybe I have it--will check: I have the same issues with Firefox and Chrome. I keep seeing do not use IE as it is the least secure (?). Yet the only one that is user friendly. What do you think (ie IE security)? The gmail password is too easy--I will reset it. since I do not use words anymore, my passwords elude me too.

I did not expect to find everything I deleted with the last restore to factory default. My gmail acct with all the emails is back--that is all the time I had so far--this week has left me wiped out.

I did play Youtube last night--I have 101 songs, but still at some point, the computer went to sleep. I have not seen the wireless light, but did see Switch User on the signon page. When I left, the computer was in Youtube. This a.m., it was on the system summary page.

I still don't have wifi, and I haven't seen this machine load any drivers--she had it set not to.

Is she gone? I don't know. I will go look around and check in here periodically but will have to get some serious rest this afternoon.

Edited by traveler818, 19 January 2013 - 04:02 PM.

  • 0

#117
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
IE10 is available here at the moment it is called a preview so will not be offered by windows updates.. I have found it exceptionally stable though

With a secure password on the login ..she is gone
  • 0

#118
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I think so too (that she is gone)--not sure why Switch User was on the signin page though--it was only there when she was online, but I will check again.

My signon password is good. I can pm my method, prefer not to post it.

I will need a rest soon. I haven't seen much yet (I had to tell my friends I am back).

I am still having lots of redirects, cursor jumps, text deleting itself and windows jumping. If it isn't malware (and I know you know your stuff), what is causing it?

And how do I get my wifi back?

How do I get the computer to start downloading drivers?

I will check in, but also need a rest. My illness doesn't allow the amt of time I spent on this, but it was too big a loss. I am so tired.

Edited by traveler818, 19 January 2013 - 04:14 PM.

  • 0

#119
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The switch user screen will come on if the system is left idle for a while (no one can use it whilst you are not there)

What wifi do you have on your computer ? I know that somewhere you told me what computer you had .. Could you repost that information

Windows will only download drivers if they are needed

You can check yourself using a small programme if you wish

Does MBAM still show clean ?
  • 0

#120
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ie switch user, it didn't do that before, but I will take your word for it. I tried an experiment: I shut down, cut power, and when I restored power the wireless light was on and switch user was not there. I wonder if there is some other reason that light comes on whenever I restore power.

I think Toshiba (I selected restore to factory default) restores some things, but when it put everything back, it left all settings as they were so far as I can tell.

The computer is a Toshiba Satellite Pro L750.

I did not know there were different kinds if wifi, so do not know how to answer that question. I wonder if there is another reason why whenever I restore power, the wifi light is on.

Yes, I want to check ie drivers because if that same window where the hacker told the computer not to load drivers got restored, the machine will not install drivers.

I installed IE10--hopefully that will improve performance. No, I was typing up above, now I am here--cursor jumped.

I need to troubleshoot why startup is SO Slow. I had deleted all the Toshiba files in my startup folder-I never put them there.

I need to run an MBAM scan now to see. BRB Oops--nothing on the desktop was restored. I am trying to figure out where your link was to download it again.

Edited by traveler818, 19 January 2013 - 05:56 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP