Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide: Hotspot Shield VPN review

Hacker Harassment Continued - - Requested by dennis_I

Started by AngryOne1Continues , Feb 23 2024 11:27 AM

Next

Please log in to reply

33 replies to this topic

#1 AngryOne1Continues

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 11:27 AM

here's the FRST LOG you requested...

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024

Ran by hagar (23-02-2024 11:20:35) Run:2

Running from C:\Users\hagar\Downloads

Loaded Profiles: hagar

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

Tcpip\..\Interfaces\{fb4390e7-a7cf-47b1-b480-fdc241a059dc}: [NameServer] 100.120.248.1

End::

*****************

"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fb4390e7-a7cf-47b1-b480-fdc241a059dc}\\NameServer" => removed successfully

==== End of Fixlog 11:20:35 ====

Now running the Eset... will post here when finished.

thank you!

Edited by AngryOne1Continues, 23 February 2024 - 11:36 AM.

Back to top"> Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 dennis_l

Malware Response Team
3,141 posts
OFFLINE

Gender:Male
Location:UK
Local time:03:58 AM

Posted 23 February 2024 - 11:38 AM

Ok thanks.

It can take quite a while to do a full scan.

Back to top"> Back to top

#3 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 02:34 PM

here you go...eset scan

2/23/2024 14:30:54 PM

Files scanned: 300808

Detected files: 0

Cleaned files: 0

Total scan time: 01:21:30

Scan status: Finished

Back to top"> Back to top

#4 dennis_l

Malware Response Team
3,141 posts
OFFLINE

Gender:Male
Location:UK
Local time:03:58 AM

Posted 23 February 2024 - 02:45 PM

That's looking good.
Apart from your email issues, could you please advise if there are any other remaining symptoms of intrusion, following the steps we have taken?
This would be a good point to run a security check.

Download SecurityCheck by glax24:
If SmartScreen blocks the file click on More info and then Run anyway.
Right-click with your mouse on the Securitycheck.exe and choose Run as administrator and allow it to proceed.
When the scan has finished, it will open a text file named SecurityCheck.txt.
Close the file and Copy and paste the contents in your next reply.
The file can be found in a folder located at C:\SecurityCheck

Back to top"> Back to top

#5 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 03:08 PM

My question is:

That name server, wasn't that the connection that THE Violator was using to stick their BEAK in my business?

And if so, since they already been in my device, can't they find another way to pop in? How do I keep them out for good since I have Avast that is supposed to STOP unwanted traffic from getting through?

Seems the Hacker locked me out my email tagged to my previous angryone1-account by changing my password.

REMAINING ISSUES: YES

For some reason I keep getting disconnected. Could it be that the Hacker has my network login credentials? I just got disconnected again and then reconnected!!! Somebody is doing something behind the scenes, clearly they have nothing better to do!

I just recently changed settings on my bank and THEN said Hacker goes and Disconnects me and THEN Reconnects me. So, I KNOW I still got a BORED INTRUDER. Seems they want me to know they are still right there messing with me.

Edited by AngryOne1Continues, 23 February 2024 - 03:34 PM.

Back to top"> Back to top

#6 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 03:24 PM

file downloaded but is stuck in transmission to open and run, smh!

I appreciate your help!

Edited by AngryOne1Continues, 23 February 2024 - 03:24 PM.

Back to top"> Back to top

#7 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 03:26 PM

here you go...

SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]

WebSite: www.safezone.cc

DateLog: 23.02.2024 15:20:51

Path starting: C:\Users\hagar\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe

Log directory: C:\SecurityCheck\

IsAdmin: True

User: hagar

VersionXML: 10.95is-23.02.2024

___________________________________________________________________________

Windows 10(6.3.19045) (x64) Core Release: 2009 Lang: English(0409)

Installation date OS: 20.06.2023 02:09:44

LicenseStatus: Windows®, Core edition The machine is permanently activated.

LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Windows is in Notification mode

LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode

Boot Mode: Normal

Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

SystemDrive: C: FS: [NTFS] Capacity: [27.9 Gb] Used: [27 Gb] Free: [0.9 Gb]

------------------------------- [ Windows ] -------------------------------

User Account Control enabled

Security Center (wscsvc) - The service is running

Remote Registry (RemoteRegistry) - The service has stopped

SSDP Discovery (SSDPSRV) - The service is running

Remote Desktop Services (TermService) - The service has stopped

Windows Remote Management (WS-Management) (WinRM) - The service has stopped

---------------------------- [ Antivirus_WMI ] ----------------------------

Total AV (disabled and up to date)

Windows Defender (disabled and up to date)

Avast Antivirus (enabled and up to date)

---------------------------- [ Firewall_WMI ] -----------------------------

Avast Antivirus (enabled)

--------------------------- [ AntiSpyware_WMI ] ---------------------------

Windows Defender (enabled and up to date)

---------------------- [ AntiVirusFirewallInstall ] -----------------------

Avast One v.23.12.6094

--------------------------- [ OtherUtilities ] ----------------------------

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update

------------------------------- [ Browser ] -------------------------------

Google Chrome v.121.0.6167.187 Warning! Download Update

Microsoft Edge v.121.0.2277.128

------------------ [ AntivirusFirewallProcessServices ] -------------------

aswbIDSAgent (aswbIDSAgent) - The service is running

C:\Program Files\Avast Software\Avast\aswidsagent.exe v.23.12.8700.0

C:\Program Files\Avast Software\Avast\aswEngSrv.exe v.23.12.8700.0

C:\Program Files\Avast Software\Avast\AvastUI.exe v.23.12.8700.834

C:\Program Files\Avast Software\Avast\afwServ.exe v.23.12.8700.0

AvastWscReporter (AvastWscReporter) - The service is running

C:\Program Files\Avast Software\Avast\wsc_proxy.exe v.21.4.6162.0

aswbIDSAgent (aswbIDSAgent) - The service is running

Avast Firewall Service (avast! Firewall) - The service is running

Avast Antivirus (avast! Antivirus) - The service is running

C:\Program Files\Avast Software\Avast\AvastSvc.exe v.23.12.8700.0

Avast SecureLine VPN (SecureLine) - The service is running

C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe v.5.29.9426.0

Microsoft Defender Antivirus Service (WinDefend) - The service has stopped

Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped

----------------------------- [ End of Log ] ------------------------------

Back to top"> Back to top

#8 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 03:58 PM

AGAIN, Yes remaining intruder issues...

I reset my bank info and logged out and then tried logging in again ONLY for it to tell me, my info is wrong! This happens on a regular basis and for the bank's reset page to always be unavailable? Shaking my head (SMH).

Edited by AngryOne1Continues, 24 February 2024 - 03:46 AM.

Back to top"> Back to top

#9 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 04:54 PM

.

Edited by AngryOne1Continues, 23 February 2024 - 06:13 PM.

Back to top"> Back to top

#10 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 23 February 2024 - 05:56 PM

FYI, I changed a few passwords yesterday after the clean up scans and FOUR of them don't work!

SO, even though you had me run those scans there is STILL another issue of somebody lurking/peeping and harassing me by changing my passwords on me.

Edited by AngryOne1Continues, 23 February 2024 - 06:12 PM.

Back to top"> Back to top

#11 dennis_l

Malware Response Team
3,141 posts
OFFLINE

Gender:Male
Location:UK
Local time:03:58 AM

Posted 24 February 2024 - 08:12 AM

I am sorry to hear about your problems, but there is no evidence to support that this is due to malware on your computer.
Based on what you have said, I would take a look at your Wi-Fi network and there are some good tips in this article.
There is some more advice here., which offers some useful advice on network security.
------------------------------------------------------------------------------------------------------
I also suggest that you do this.

Turn the router off.
Disconnect the power cable from the back of the router.
Wait at least 1 minute
Plug in the power cable.
Turn on your router.
Give the device time to reconnect.

Then set a new secure password.
-----------------------------------------------------------------------------------------------------
Let's also reset your firewall as follows.

Right click on the FRST icon and select Run as administrator.
Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
End::

Click on the Fix button just once and wait.
When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.

Back to top"> Back to top

#12 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 24 February 2024 - 12:46 PM

I agree with you on the no malware issue, as I have suspected it's a network credential issue as I have done the very thing you are telling me several times but Before the scans and Fixes.

Ok, will do the next Fix.

Back to top"> Back to top

#13 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 24 February 2024 - 12:48 PM

Here you go...

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.02.2024

Ran by hagar (24-02-2024 12:47:39) Run:3

Running from C:\Users\hagar\Downloads

Loaded Profiles: hagar

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state ON

End::

*****************

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

==== End of Fixlog 12:47:41 ====

Back to top"> Back to top

#14 AngryOne1Continues

Topic Starter

Members
31 posts
OFFLINE

Gender:Not Telling
Local time:10:58 PM

Posted 24 February 2024 - 01:34 PM

Ok, did like instructed with both of them but strangely while I was doing the second instruction SOMEBODY deleted my note to you at 12:46pm, which was:

"I agree with you on the malware issue and have suspected it was a network credential issue via my cable account."

The gist of it which confirms my suspicion and since said hacker doesn't want me removing their hooks IS why I believe I've been getting a hard time along the way of following your instructions as they kept tossing roadblocks at me! SO, since I was in the system doing the unplugging waiting and re-plugging said Hacker was right there DELETING my 12:46pm posting to you so I'm thinking all that I did was you teaching me the order of things but what good is it WHEN THE DAMN HACKER is STILL right here messing with me? I appreciate your help, I do! Thank you just frustrated with these ongoing annoyances.

Edited by AngryOne1Continues, 24 February 2024 - 02:21 PM.