Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Hacked, Then Hijacked [Closed]


  • This topic is locked This topic is locked

#121
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I couldn't find the download for MBAM on Major Geeks, and the other window was different than yesterday.
--
Major Geeks kept saying run reimage repair--I did and it found a virus: Appl/Installbrain.gen.

Then I downloaded and ran MBAM from the first link and it came out clean. The virus is still there and the reimage report also reported damage to Windows is HIGH (the only word in caps).

I am wiped out. Will run a couple of scans, but mostly rest. Do you take Sundays off?

On my first 2 restore to factory defaults, I did select restore without saving user data. When I selected it in Toshiba, it made some changes, but restored the computer essentially to where it was before I wiped it clean (and it was wiped clean)--for example, all my emails are there. She removed the wifi icon, it did not get put back, only the power gauge.

All the changes the hacker made to the system are there--Switch User is one--the menu to the right of the start menu was also changed. I do not know the sum total of the changes. I was so tired I mostly ran scans.

When I put the computer in safe mode to run a deeper MBAM scan, drivers loaded :)

Edited by traveler818, 20 January 2013 - 04:07 AM.

  • 0

Advertisements


#122
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you press the following keys together and see if that enables the WIFI : FN+F8
Details on page 141 here
  • 0

#123
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I really tried. The instructions in the manual said to check the signon screen for the symbol for wifi that shows the signal going out in both directions. It's not there.

That was page 141, I think, since I tried that, after trying the hot keys, first. It referred me to pages that made no sense to me--to go to the Device Manager and see if wifi is recognized--I looked under devices, and whatever seemed to apply, but it did not do what the manual said--though it did say that some of the instructions were for advanced users. The message I got most was to ask myself (admin) for help.

I have called Toshiba before. When they put in 4 new parts,all 4 were listed on the paper that came back with the computer.. I have taken so many notes, I cannot find it, but they refused to tell me even what the other 2 were despite knowing it was no secret--I have to get REALLY lucky to get someone decent.

In short, I got nowhere today. But I ran their Driver Tuner which is supposed to check and download all the outdated etc drivers--if I buy the !@#% program. That scan said the Windows driver was either improperly installed or out of date (seems to agree with reimage). It also said 28 devices were out of date and I could download them from the websites but wifi as far as I know, has no website--I need to take a closer look to see if the websites are listed--I was focused on finding wifi--the hacker seems to have deleted the 2 icons I need to make it work. Now what? For the record, when I restarted DSL, wifi did not install. I realized the battery was out, and it seems to do more than provide power, and begged her to let me try again with the battery plugged in, but she refused. That was all I could think of to do. She was not helpful--her life is denying what other people experience (back to the Toshiba website again--another redirect).

I just found a number of videos that were not there yesterday. I didn't install them. Now they are gone, but there is a lot of music that was not in the media center before.

She put favorites on the same list as control panel, computer, etc next to the start menu. One of her favorites is LogMeIn from Toshiba, which allows remote access. I password protected it, and it says no remote users are online at this time.

BTW: The text on this site sometimes gets huge, tiny, huge again while the page starts scrolling--I don't know what finally stops it. And another redirect to the Toshiba website. Now, another, and this page scrolled up.

Edited by traveler818, 20 January 2013 - 02:11 PM.

  • 0

#124
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A question why are you letting her use the computer ?

The driver updater I use is Slimdrivers
Download, install and then run
It will then show what drivers are outdated and update as required
[attachment=62593:Capture.JPG]
  • 0

#125
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I am not letting her or anyone else either use the computer or even come into the house. She has not been welcome here for a couple of months at least--not since I discovered what she was up to, so the last time she came into the house may have been October. I ALWAYS keep the house locked up, even if I am inside.

She & her husband say they had a computer repair shop in Salt Lake City. She has the knowledge to make me believe it.

Edited by traveler818, 20 January 2013 - 03:37 PM.

  • 0

#126
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case there is no way that she can access it

Are you prepared to use the driver updater ?
  • 0

#127
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I already ran the updater--it was mostly Intel files/chipset--she showed a strong interest in Intel before.

If she can't access it, who installed all the music in the media center?--I listened to YouTube one night--that is it. And have installed no music--this is a full-time job. She has made the media center fairly impossible for me to use. She does this regularly--installs music or videos, then retrieves them. I deleted all the music files, but she got the videos off today. I don't know how she does it, but she does.

She could have used Toshiba's Logmein--that is now password protected. It's purpose is to allow remote access to the computer, not remote control, but she wouldn't need that. Or she may be using the intranet access. Or she has a hidden acct somewhere on the computer--she did before and may still be using it. In trying to make this run in compatibility mode with XP service pack 3, could she somehow have merged the two computers. If anything is even remotely possible, she can probably do it. Nothing has stopped her yet.

I am still unable to find the page that shows all users and their permissions, even when the window I can get shows only me. She had added "Authenticated Users" and disabled the R click that would allow me to see who they were. This is also the window where I could add & remove users, which she also disabled. But it is hidden again.

Just FYI: My cell phone isn't working as a cell phone--it has to be plugged in & doesn't always ring. But one day, it did, and the window said she was accessing my web browser. I shut the phone down immediately. Verizon promised to disable the web browser, but did not. Now I keep it unplugged and it has a lock code--I need to research that later--Verizon was no help. I just mentioned this because I was really surprised that anyone can access my phone remotely, and use it. The lock code was off that day--I had been deleting etc. Another redirect to Toshiba.

How can I get Take Ownership?

Edited by traveler818, 20 January 2013 - 05:28 PM.

  • 0

#128
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Shares are disabled by default within windows 7

I will see if I can find the wifi drivers
  • 0

#129
traveler818

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Shares are disabled take 2--it deleted itself--what does that mean?

And a big thanks for searching for the wifi drivers. She hid a lot, but I just don't recall where. Most of what I find is by chance. Taking notes is pointless with as much paper as I have.

I found this:

>>> 1/20/2013 13:56:11:718
GFX Coinstaller (1.2.30.0) I
Version not found for file: C:\windows\SysWOW64\Intel_OpenCL_ICD32.DLL
Version not found for file: C:\windows\SysWOW64\OpenCL.DLL
No Destination file resolution: Install
Error encountered while copying file.
Copying and renaming 32-bit dll
Version not found for file: C:\windows\system32\Intel_OpenCL_ICD64.DLL
Version not found for file: C:\windows\system32\OpenCL.DLL
No Destination file resolution: Install
Error encountered while copying file.
Copying and renaming 64-bit dll
Found disable value in registry; aborting

I am concerned about the last sentence--italics are mine.


And these under system information in slimcleaner:

nativewifip NativeWiFi Filter c:\windows\system32\drivers\nwifi.sys Kernel Driver No Manual Stopped OK Normal No No

vwifibus Virtual WiFi Bus Driver c:\windows\system32\drivers\vwifibus.sys Kernel Driver No Manual Stopped OK Ignore No No

I think you are done for today and I am beat. I may check in when/if I can this evening.

Edited by traveler818, 20 January 2013 - 10:14 PM.

  • 0

#130
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go Start > Search programmes and files (an empty box below all programs)
Type in services.msc
Double click the file that appears
Locate WLAN autoconfig and let me know if that service is running and set to automatic

[attachment=62608:Capture.JPG]
  • 0

Advertisements


#131
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP