-2

I'm a regular guy running two small franchise businesses with a basic understanding of computers etc, (very basic really), but I am certain my home network has been hacked and I am finding lots of new devices installed on my PC without my consent. I have been prevented from making a lot of administrator changes as I seem to not have authorisation and have even had to have my "boot system" reinstalled on one occasion after it was deleted to prevent me from accessing my freshly cleaned pc. So far I have been required to clean my pc 3 times including a complete reinstall of all software and been informed after each clean that the pc was perfect, no one believes me that it has been compromised. I believe that the hack is occurring each time I...

install my media app which connects to my phone or tablet, (non android devices), and then connect my devices to sync and backup.

Now I am certain whatever it is, is responsible for a lot of streaming activity via my home gateway and all the admin changes which mask certain tasks, prevent access and also delete a lot of data and media that I had stored on my PC. Also believe that the malicious program or virus lies dormant or ready on my devices to spring into action once they connect and reinstall. I contacted the company that invented my devices and visited their "Genius Bar", had my devices wiped and reinstalled with all the hardware before connecting them to my clean PC for the third time, but alas, it has occurred again. The virus must be behind the OS of both my windows PC and my two iDevices, on both it mirrors all programs and hides most traces of itself. Can someone please help or at least inform me of what I need to tell the self proclaimed geniuses and my trusted PC guru so I can eradicate the problem once and for all, then take steps to protect myself before I lose anymore of my treasured photos, any more of my computer running speed, my media/documentsand all my business information including my contacts and schedules? It would be nice to have someone believe me when I describe my issues, especially since all I keep hearing is that "everything from THAT company is impenetrable and does not get viruses or malware, especially that can be linked to windows in any way other than manufacture designed".

Ulkoma
  • 8,793
  • 16
  • 65
  • 95
Juicy
  • 9

1 Answers1

3

The things that I would do in your situation (as a start -- this is not a definitive list) are (in order) :

  1. To preclude the possibility that hackers have "backdoored" your router so that they can always get back into your supposedly "private" local network from the public Internet, buy a new router (a good one... not the cheapest one you can get) and temporarily lay the existing one, to one side (it may be possible to recover the latter... but I wouldn't count on it). You may also want to phone your ISP and request that your ADSL modem or cable modem be allocated a different public IP address from the last one that you were given (they may charge money for this, but it is money well spent as the hackers may be looking for the old address).

  2. Disconnect completely from the Internet (turn off your cable router or ADSL modem), configure your router and -- most importantly -- protect the router's administrator account with a STRONG password, and disable "accept remote administration sessions from the public Internet".

  3. I would recommend that you also disable IPv6 at the router (unless this is the only protocol that your ISP provides) and then permit only the following ports to send or receive traffic : 80, 443, 67-68, 53, 123, optionally 110 and 25 if you need to do conventional e-mail. For DNS nameservers I would suggest you tell your router to use 208.67.222.222 (OpenDNS primary) and 208.67.220.220 (OpenDNS secondary) to preclude the possibility of some kind of malicious DNS redirection.

  4. Do whatever you have to do to completely wipe the one (1) PC that you will test the security of your network from. This DOES mean a "complete" wipe, e.g. "the hard drive gets completely, totally wiped of ALL data". Then re-install your O/S from its original media (or better still, use a Linux-based Live CD that you got from some other network... see below). If you are reinstalling the O/S, use a STRONG administrator password, and do NOT surf the Web with the "administrator" account -- first thing you do, set up a lower privilege account and use that one, except to install software updates.

  5. Turn on your uplink to the public Internet (e.g. cable modem or ADSL modem). Wait until it fully links up.

  6. I would suggest that you boot your "test PC" with a Linux-based Live CD / DVD (you can get an excellent one from www.linuxmint.com or from xubuntu.org). (Plug the computer directly into an Ethernet cable; do not bother with wireless LANs at this point.)

  7. Just do a little surfing, and start checking the router logs to see what kinds of traffic show up. In particular, you want to look for unusual-looking inbound connection attempts, like "attempted to log in to 192.168.10.5 as ADMINISTRATOR password 123456" etc.. Particularly pay attention to originating IP addresses from places like Russia, Ukraine, China, Brazil and so on. (It really helps to have a 3G / 4G cell phone with you at this point, because you can look up addresses, etc., without having to use your potentially compromised local Internet link.)

  8. The minute that you plug in a non-Linux-Live-CD computer in to your LAN, do all your O/S security updates and anti-virus updates. Surf only using the low-privilege account that you set up earlier -- remember, a PC that has a fully-updated O/S, and whose only surfing session does not have "root" or "administrator" privileges (with a strong account password!), is extremely difficult for ordinary hackers to compromise. (If your opponent is a certain large U.S. intelligence agency, however... all bets are off.)

  9. Good luck!

user53510
  • 800
  • 5
  • 3