We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijacked computer
Belnahua
Posts: 1,493 Forumite
in Techie Stuff
I have a friend who's computer is being hijacked remotely. Sounds like a falling out between family members, and the other person who once had legitimate access to this computer has installed something nasty to hijack it remotely.
I've got it off the internet for now. Basically turn it off and leave it off!
However I am going to have to fix this remotely myself. So I'm sending the XP password crack disk (as all the passwords have been locked out, which means I cannot get them in and tell me what I want to look at).
I'm going to send Malwarebytes with the latest definitions file on CD too.
The problem is I'm doing this remotely, and I have no idea what's been installed and what is going to remove it. And the person I'm going to guide over the phone is not computer literate. So joys!
Anyone out there with any idea what could have been installed on the PC, and what is likely to remove it.
I thought about giving him zonealarm and letting it re-establish the internet connections and see what comes up blocked, as I'm guessing windows firewall has been severly compromised too. Zonealarm as I know it well, and it's easy for me to do over the phone.
The plan is to get the computer up and running, then clean it (and check for file shares), and then establish new security and finally get the broadband router password changed.
Thanks for any help!
I've got it off the internet for now. Basically turn it off and leave it off!
However I am going to have to fix this remotely myself. So I'm sending the XP password crack disk (as all the passwords have been locked out, which means I cannot get them in and tell me what I want to look at).
I'm going to send Malwarebytes with the latest definitions file on CD too.
The problem is I'm doing this remotely, and I have no idea what's been installed and what is going to remove it. And the person I'm going to guide over the phone is not computer literate. So joys!
Anyone out there with any idea what could have been installed on the PC, and what is likely to remove it.
I thought about giving him zonealarm and letting it re-establish the internet connections and see what comes up blocked, as I'm guessing windows firewall has been severly compromised too. Zonealarm as I know it well, and it's easy for me to do over the phone.
The plan is to get the computer up and running, then clean it (and check for file shares), and then establish new security and finally get the broadband router password changed.
Thanks for any help!
A friend is someone who understands your past, believes in your future, and accepts you just the way you are.
0
Comments
-
Your best bet would be to get hold of the computer, remove all the data that is required and go for a format & re-install then plug into the internet at your end and run windows update for a day or two.
Then hand it back, all fresh and clear.0 -
Alias_Omega wrote: »Your best bet would be to get hold of the computer, remove all the data that is required and go for a format & re-install then plug into the internet at your end and run windows update for a day or two.
Then hand it back, all fresh and clear.
This is not an option, we're at other ends of the country! Sorry! I did suggest a local expert, but they don't know anyone, and I'm reluctant to recommend PC world (for obvious reasons)!A friend is someone who understands your past, believes in your future, and accepts you just the way you are.0 -
has the "safe mode" administrator password been changed , that normally only appears on a safe mode boot.Would give them access to remove all the other passwords , then get them to install crossloop
http://www.crossloop.com/ipage.htm?id=download
so you can remote access the PCEx forum ambassador
Long term forum member0 -
Download, install ,update and do a quick scan with http://www.malwarebytes.org/mbam.php
Next download and run hijackthis and post the logfile back on here http://www.filehippo.com/download_hijackthis/
I would recommend using Comodo defense+ but there would be a lot of warning popups and you would have to check they where safe before accepting them.0 -
ooooo i have never seen that crossloop thing looks cool ^.^has the "safe mode" administrator password been changed , that normally only appears on a safe mode boot.Would give them access to remove all the other passwords , then get them to install crossloop
http://www.crossloop.com/ipage.htm?id=download
so you can remote access the PC0 -
I have tried the usual backdoor passwords. The administrator account has been disabled.
Getting it on the net is not an option, as this person is obviously monitoring the computer and when it's turned on they turn it straight off if we try anything than leave it at the login screen.
They even turned it off while I was talking them through the intial steps of ctrl-alt-del twice to get the administrator login on, it went into shutdown. If we try any other login names on the PC, the reminder password prompt is to call this other person.
Apparently this 'person' is a known hacker, so he's quite adept and knows all the tricks. Some family feud this is turning out to be!A friend is someone who understands your past, believes in your future, and accepts you just the way you are.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.4K Work, Benefits & Business
- 601.2K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards