G
GDXV
Guest
Hi guys!
We need some serious help in our household in terms of securing our laptops/network from being remotely hacked by something or someone...
It all started a while ago when a group of young men rented the house next to us. 4 of them moved out since then but 1 guy is still in there... the house is literally next to us on zero lot like that means I can touch his wall through my window basically.(I am mentioning this because of wifi frequencies ect I'll talk more about it below)
My Xfinity outside box is right in front of my neighbors front door. The plastic Xfinity outside box was bend open. No damages or tweaks were noticed by a comcast technician.
Anyways so we are with comcast Xfinity. My wife works for comcast enterprise and uses a comcast laptop on a VPN from her company with sensitive data on it. (That could get stolen by whoever remotely connects to my laptop)
But her laptop is not the issue. It started with my own laptop. It's an Asus GL502VS gaming laptop. (I do not game i bought it for the hardware specs and a good deal) Norton antivirus, malwarebytes, spybot search and destroy, router and privacy settings configured to Maximum security and privacy.
We have a 1GB wifi network connect via MOCA on a integrated router/modem model XB6 G95CGM414X from comcast. And what we are experiencing is remote activity/access to my laptop and now on her and my cellphone as well.
Symptoms on my laptop:
Windows update turned off.
On one day, regular win10 windows didn't have any letters anymore within different window tabs.
Messages like "the it admin has blocked this app please contact your network administrator"
Unknown Certificates being installed/changed
A lot of event log error and warning messages of all kinds of remote activity going on.
All my privileges and user account controls where limited to nothing
All windows defender security options are greyed out (ransomware, real time protection,core isolation ect ect)
Windows firewall is not accessible and greyed out.
Gmail accounts where hacked but due to two factor authentication and Google authenticator app I was able to restore them.
Every time I connect and disconnect to my own wifi there is a new wifi ssid popping up starting with "Att"followed by 4 to 5 lower case letters all with the exact same frequency strength coming from the same direction for example "Attcllyp" "Attjdfgs" "Attwodjg". I can do this forever (clicking the connect and disconnect to wifi button) and end up with a whole list of these fake SSIDs..."evil twin attack?"
My assumption was we are being attacked by an "evil twin" or man in the middle attack.
Every time I removed rules and permission of all remote options within The firewall and apps they were being restored automatically.
Sometimes you can literally lean Back and watch what they are doing on the screen.
I recovered my system several times now. With 2 different system recovery USB flash drives from 2 different windows 10 laptops in our household
Every time I recover my system they somehow get a hold of my laptop again
I have Norton internet security and spy bot search and destroy and malwarebytes running. Each of them came back clean after a scan. However yesterday spybot search and destroy found 4 rootkits in the registry after doing a rootkit scan.
I switched out my full version Norton anti virus with avast and later with bitdefender free anti virus just to see if they find something but nada.
-My efforts to secure my home network:
Checked all Moca coax connections
Scheduled appointment with comcast tech to check my connections.
Comcast tech found 2 exposed lines coming out of my Xfinity box and ATT security box that supposed to be inside the ground and he fixed the issue accordingly.
He installed a brand new Point of entry Moca filter and switched out the integrated XB6 modem/router for us.
All lines and connections and splitters within the house are secured and fine based on the techs conclusion.
I have set the XB6s settings to maximum security, firewall is on maz security, any MAC address trying to connect without me adding it first, can't connect to my gateway. I got that blocked.
I watch the routers internal connected devices settings like a hawk but all MAC address are identifiable and belong to us
Changed all passwords for everything including, router, Wifi pws, phone pws, email, accounts, ect ect.
Created new outlook email to register with my windows 10 home OS build 17134 1804. 64x.
I have a weird application called remote desktop connection ink. And it the icon looks like a blank A4 piece of paper. When I click on it it says error windows cannot find c:users/username/appdata/roaming/microsof/internetexplorer/quicklaunch/userpinned/taskbar/remote desktop connection.ink.
So right now I am starring at my freshly recovered laptop screen, it worked for about 2 hours and the moment I connected to my hidden wifi SSID things started to get weird again.
Current status: router plugged out and shut down. I can't open the search bar I cant open the start function when pressing start, my keyboard doesn't work. When I hit the explorer button it says class not registered explorer.exe.
Task manager won't open. Not via mouse or control alt delete.
No windows defender button in the show hidden icons tab.my windows file explorer folder that was pinned to the taskbar is gone.
Also to mention. When I had access to my file explorer a few hours ago, I saw I had 2 home groups tabs, 2 network tabs. 2 this device tabs and 2 this PC tabs.
When I go to user accounts I only see my account listed as local account administrator password protected..
I got an error message %windir%system32/rundll32.exe when trying to open ANY of the user account options and when trying to open the task manager.
Sometimes I think whoever is inside my system created a virtual copy of my laptop or device... but idk I'm just a normal guy with common sense and don't have any IT background.
Yesterday our android phones (two galaxy s9s) started to act weird. Apps where removed and unknown apps installed for example "systemrestartapk" or root files ect....
I understand you get a hacker he snoops around your device and finds or does t find an uh thing and moved on to the next one
But in this case whoever or whatever it is, Is very persistent and keeps coming back even after dozens of wifi factory resets, phone factory resets, hardware changes ect. We think it could be somebody around us, but who knows.
We are about to get a VPN tonight but God knows if this will help.
What should I (we) do next? This is becoming extremely annoying and if I could locate the source it would make things so much easier.....
Thanks in advance
GD
P.S. I forgot to mention. I used to have the FING wifi analyzer app on my phone. At it didnt list our previous router a XB3 but instead a phone was listed acting as our router. The model name of the phone was Kyocera Hydro Reach which is a waterproof phone that you buy at boost mobile for cheap. I thought maybe this device was buried somewhere close to us and acted as a point of entry or our router ect. I remember the connection settings mentioned within the app were layerfowarding 3, wanipconfig and something else... idk
If you need me to post any protocols please let me know I am happy to do so
Continue reading...
We need some serious help in our household in terms of securing our laptops/network from being remotely hacked by something or someone...
It all started a while ago when a group of young men rented the house next to us. 4 of them moved out since then but 1 guy is still in there... the house is literally next to us on zero lot like that means I can touch his wall through my window basically.(I am mentioning this because of wifi frequencies ect I'll talk more about it below)
My Xfinity outside box is right in front of my neighbors front door. The plastic Xfinity outside box was bend open. No damages or tweaks were noticed by a comcast technician.
Anyways so we are with comcast Xfinity. My wife works for comcast enterprise and uses a comcast laptop on a VPN from her company with sensitive data on it. (That could get stolen by whoever remotely connects to my laptop)
But her laptop is not the issue. It started with my own laptop. It's an Asus GL502VS gaming laptop. (I do not game i bought it for the hardware specs and a good deal) Norton antivirus, malwarebytes, spybot search and destroy, router and privacy settings configured to Maximum security and privacy.
We have a 1GB wifi network connect via MOCA on a integrated router/modem model XB6 G95CGM414X from comcast. And what we are experiencing is remote activity/access to my laptop and now on her and my cellphone as well.
Symptoms on my laptop:
Windows update turned off.
On one day, regular win10 windows didn't have any letters anymore within different window tabs.
Messages like "the it admin has blocked this app please contact your network administrator"
Unknown Certificates being installed/changed
A lot of event log error and warning messages of all kinds of remote activity going on.
All my privileges and user account controls where limited to nothing
All windows defender security options are greyed out (ransomware, real time protection,core isolation ect ect)
Windows firewall is not accessible and greyed out.
Gmail accounts where hacked but due to two factor authentication and Google authenticator app I was able to restore them.
Every time I connect and disconnect to my own wifi there is a new wifi ssid popping up starting with "Att"followed by 4 to 5 lower case letters all with the exact same frequency strength coming from the same direction for example "Attcllyp" "Attjdfgs" "Attwodjg". I can do this forever (clicking the connect and disconnect to wifi button) and end up with a whole list of these fake SSIDs..."evil twin attack?"
My assumption was we are being attacked by an "evil twin" or man in the middle attack.
Every time I removed rules and permission of all remote options within The firewall and apps they were being restored automatically.
Sometimes you can literally lean Back and watch what they are doing on the screen.
I recovered my system several times now. With 2 different system recovery USB flash drives from 2 different windows 10 laptops in our household
Every time I recover my system they somehow get a hold of my laptop again
I have Norton internet security and spy bot search and destroy and malwarebytes running. Each of them came back clean after a scan. However yesterday spybot search and destroy found 4 rootkits in the registry after doing a rootkit scan.
I switched out my full version Norton anti virus with avast and later with bitdefender free anti virus just to see if they find something but nada.
-My efforts to secure my home network:
Checked all Moca coax connections
Scheduled appointment with comcast tech to check my connections.
Comcast tech found 2 exposed lines coming out of my Xfinity box and ATT security box that supposed to be inside the ground and he fixed the issue accordingly.
He installed a brand new Point of entry Moca filter and switched out the integrated XB6 modem/router for us.
All lines and connections and splitters within the house are secured and fine based on the techs conclusion.
I have set the XB6s settings to maximum security, firewall is on maz security, any MAC address trying to connect without me adding it first, can't connect to my gateway. I got that blocked.
I watch the routers internal connected devices settings like a hawk but all MAC address are identifiable and belong to us
Changed all passwords for everything including, router, Wifi pws, phone pws, email, accounts, ect ect.
Created new outlook email to register with my windows 10 home OS build 17134 1804. 64x.
I have a weird application called remote desktop connection ink. And it the icon looks like a blank A4 piece of paper. When I click on it it says error windows cannot find c:users/username/appdata/roaming/microsof/internetexplorer/quicklaunch/userpinned/taskbar/remote desktop connection.ink.
So right now I am starring at my freshly recovered laptop screen, it worked for about 2 hours and the moment I connected to my hidden wifi SSID things started to get weird again.
Current status: router plugged out and shut down. I can't open the search bar I cant open the start function when pressing start, my keyboard doesn't work. When I hit the explorer button it says class not registered explorer.exe.
Task manager won't open. Not via mouse or control alt delete.
No windows defender button in the show hidden icons tab.my windows file explorer folder that was pinned to the taskbar is gone.
Also to mention. When I had access to my file explorer a few hours ago, I saw I had 2 home groups tabs, 2 network tabs. 2 this device tabs and 2 this PC tabs.
When I go to user accounts I only see my account listed as local account administrator password protected..
I got an error message %windir%system32/rundll32.exe when trying to open ANY of the user account options and when trying to open the task manager.
Sometimes I think whoever is inside my system created a virtual copy of my laptop or device... but idk I'm just a normal guy with common sense and don't have any IT background.
Yesterday our android phones (two galaxy s9s) started to act weird. Apps where removed and unknown apps installed for example "systemrestartapk" or root files ect....
I understand you get a hacker he snoops around your device and finds or does t find an uh thing and moved on to the next one
But in this case whoever or whatever it is, Is very persistent and keeps coming back even after dozens of wifi factory resets, phone factory resets, hardware changes ect. We think it could be somebody around us, but who knows.
We are about to get a VPN tonight but God knows if this will help.
What should I (we) do next? This is becoming extremely annoying and if I could locate the source it would make things so much easier.....
Thanks in advance
GD
P.S. I forgot to mention. I used to have the FING wifi analyzer app on my phone. At it didnt list our previous router a XB3 but instead a phone was listed acting as our router. The model name of the phone was Kyocera Hydro Reach which is a waterproof phone that you buy at boost mobile for cheap. I thought maybe this device was buried somewhere close to us and acted as a point of entry or our router ect. I remember the connection settings mentioned within the app were layerfowarding 3, wanipconfig and something else... idk
If you need me to post any protocols please let me know I am happy to do so
Continue reading...