Windows 10: Hacked by an ex

Looking around here, this seems to be common. Exes have usually set something up while still in good favor and with access to a PC that they then left with things set up to facilitate remote initiation of some very wicked things.


Microsoft runs the machine. At this moment I have a Kaspersky app that I can neither start nor uninstall. Is that what you guys think is useable machinery? Machinery that you can't remove accessories from? That has parts that cause trouble but can lock themselves in, leaving you no recourse other than to reinstall?


A couple weeks ago I finally found out a good way to clean reset WIN10 pro. I first tried from what was running of WIN10. Since that isn't all that was running, the hack just downloaded the software it needed, not fresh win10. It installed the wrong size.


I went back and forth with support until someone thought the issue over and offered to remote in to my pc and place the correct image file into a file on my pc. That loaded, was the right version, and has worked for the longest time. But that offer had nothing to do with a professional approach. It was done because I happened to run into a particularly nice tech.


I haven't, because I won't tolerate it, but I have seen microsoft support people not necessarily microsoft employees answer others who clearly needed their help in a snide way.


Here is an example of something that you could do about this problem with just a little bit of thinking.


My problem shows up as images gradually changing. The changes are extremely subtle. I stopped trying to show my best buddy. The face he made showed me he thought I was nuts. I looked all over the task viewer window to try to find any of the zillion windows apps to monitor by turning on the operational log. What was I looking for? What would you look for? Something like a renderer or anything else that writes to video memory. Where is that? Beats me. Maybe if I could log that I could find a way to trace it back to the next step and ultimately to how this is taking place.


But even if I could do that, there's another problem. svchost. What ever made you guys think that it's a good idea to have a do-everything whatever service host is, but not be able to plainly see what it is doing?


There are more things, but my last example. The task scheduler startup sheet I found when I began investigating. Its author one Josh Pennington, he who was an admin. There's an xml file i found by grep'ing with his name in it, most likely generated by that page. It's packed with numbers. I have no idea how to track any of that through the system. Your security is full of gigantic hexidecimal numbers that are identifiers of some sort. How difficult could it be to all a mode that would embed names of authors in that? Privacy? It's MY COMPUTER. Once you are in there unauthorized you have no privacy. You do now. But that's just because somebody somewhere, that somewhere being where they write things like operating systems that are the center of things and have a hope to do anything like this, was lazy.


We who rely on our machinery to work from home and do almost everything rely on your operating systems to give us simpletons ways to see these things rather than having to squint and tell friends who back slowly out of the room that we see things on the screen. Before the hacking decides that it should really be playing with files less frivolous than images.


You do know that your operating systems sometimes control machinery, do you not?


On the Google Play Store I easily find tools that show image metadata. At some point during any processing, every imager is in YOUR hands. Want to leave something unfixable? Instead of our operating systems, why not make it that metadata? Encrypt the metadata at each handling point to include that step and who, encrypt it and add it like steganography. Make it unchangeble without destroying the image. And everyone can read it.


How much file fiddling do you think creeps would do after that?


You can't tell me this would cause excessive overhead. Look at the bloat we have already. Nothing is written in assembler anymore. Everything is gigantic already.


But no. We have to sit here watching crap wink on to little sectors of our screen, knowing that there's no reason at all that they can modify images but can't modify passwords or certificates. While our friends think we are nuts.


Law enforcement? Locals don't know what to do with this. A friend gave me the FBI contact number.


Now you guys get a little credit. But it was hard tweezing it out of the aggravation of the last six weeks.


The solution that this tech did for me was exactly perfect. SHE chose the right file. SHE suggested and agreed to remote in and send the file so that no request I made could get modified by hackers kind of obvious, doncha think?. SHE did that, and it took a very short time. And, that file contained reboot so that partitioning came up and I was able to kill previous partitions containing who knows what. An excellent job. Where's the fly in that ointment? It's there. I'm not computer stupid by any means. It took two weeks of contact with you guys to get to that point. Hacks are getting sophisticated. Try this try that doesn't work. A perfect fresh clean start is what you should offer if the user can figure out what to do with his data right away.


I left things out myself, even after I had that. But then I'm not microsoft.


I first saved everything on my phone to the cloud. Then I factory reset it. Not a lot of fun. I did this with both my other WIN10 devices off. Phone first since I would need it for 2-factor everything else. Then reinstall using the usb drive one PC at a time, new microsoft account. It was good for days. I now also keep Bluetooth off.


But I will have to do it again. I thought about the router too late. Devices were up and on the network for a day and a half, and things looked good except I could still detect small changes in subsequetly snapped still images from my screens. So I will redo the whole thing, since I have little reinstalled anyway This time with an update of router firmware while everything is down, all new access parameters.


By the way, how did I recover from being thought nuts?


Two items. VSDC i think video editor and gimp. I either use the video editor's screen record for a half hour, load the same video into the editor twice, process one copy with negative and then add them, and shift one in time by about a minute. The static image I am video recording turns out to not be so static, and this tactic brings it out nicely to show my friends. I'm off the hook for being crazy, for that reason at least, for now.


Alternately, gimp. I start my day when the one image a day Microsoft screen background changes to a new one for the day. I screen snip full screen and save that, making it read-only. Then I snap periodically during the day. The first time I get changes. After that, the difference by gimp is constant over the screen. It was not like that a month ago. I think that who's doing this can either manually or automatically see I'm messing with resetting win10 and tightening down things that have network access, and are trying to severely limit the image updates. Regardless, I still see at least one change. The gimp treatment is simple. open the two images in gimp, it also can open multiple images. Invert one. Use the "combine" filter and just use the defaults. It will add the two. and then use brightness and contrast on the result. So for anyone else whose symptom is this and you would like those around you, if they can't get off their butts and help, to at least not look around for a strait jacket for you, to at least see why you are trying to fix a non-broke computer. Before it fixes you.



I'm starting to get Kaspersky to work a little with me. As I send them images and snippets of code, I am putting the package together for the FBI.


So dont hack, folks. It's not nice. And you will serve 85%. And they always win. Hear that Mr. P?

:)

 

Email Hacked

Hello Greg

thank you for your response and the great information you provided.

I use two step authentication for my email account and all important web sites. I also use the full version of Malwarebytes to protect my computer.

But I will do the scans you suggested AdwCleaner and Limewire.com and let you know the results.

I am worried though that the webcam installed on my laptop could have been hacked. I never use it and forgot about it, so never disabled it.

Any suggestions as to find if it was actually hacked?

thank you

mike

 

Hacked

I never used this card in a store, only on Amazon.com. As I said it was an Amazon/Chase card. I immediately had the card cancelled and got a new one by Fed Ex. The file containing my CC numbers is not encrypted, just p'word protected. I think it was probably hacked on Amazon. Will change my Amazon p'word and print off the file containing my cc numbers, then delete the file and hide the printed copy in a safe place. Anything else anyone would suggest I should do.

 

Can't run .exe file

Hi Phil,

There are several reasons why you are having issues running .exe files on your Windows 10 laptop. To assist you better, kindly answer the questions below:

• Have you made any changes to your laptop prior to this issue?
• What troubleshooting steps have you done so far?
• What is the error message that you received when running .exe files?

Regards.