ACCOUNT TAKE OVER

 

Hi, we are sorry we can not help you or the condition.  Good Luck.

"Remote / IT Admins" I smell a troll post.

Thank you for your service sir. And your response. What does Remote IT Admin/ smell a troll mean?

Your post smells trollish and full of fluff and paranoia

Download and install min-toolbox from here: https://www.bleepingcomputer.com/download/minitoolbox/
 

 

With the following:
 
Last 10 error messages from the logs
Installed Application
Problematic Devices 
List users and partitions

A remote admin wouldn't have access to a new laptop.

Well I am not a TROLL and fluff IDK maybe that is the lingo used. IT is not my trade. Concerned parent. All I can do is ask for help when I don't understand what is going on. I do know that Malwarebytes found a ROOTKIT and I have ongoing Fraud via debit and credit cards, having to get a new card every few months. Numerous crashed mobile devices, icloud and gmail issues being locked out. If you call that fluff then so be it! AND yes it has created paranoia.  Apple and Google advised my to call the police. Two reports filed and nothing. Thank you for the Toolkit. A lot of errors and issues.Code integrity errors. Especially the router- pinging Google and YAHOO.I don;t have either installed on this laptop. Have a nice day!

Edited by Bionda, 21 June 2023 - 09:21 AM.

A rootkit on a new 45 day old computer?

Can you run the above tools?

The rootkit was found on another device. I have still have the log and can pull it up if you would like to know more. It seems to follow me. At one point "they- i call remote admin" had my network connected to theirs. As well as every smart device I owned. I felt like i was being traced and trace 24/7.

2021 I sold everything! House, car, all devices and electronics with bluetooth capabilities. New phone, number and email.:"They followed, and continue to gain access.

I did run the tools. A lot of issues, network, connectivity, router/server, code integrity.

And this just happened below. I contacted admin support to get back in. They said I got hit with a bad spam filter.

ERROR IN POSTING

[#1001]

You are not allowed to visit this community.

Need Help?

    Our help documentation
    Contact the community administrator

Just to ask, who exactly is this "remote IT" who are accessing your machines and disabling your firewalls?

How did you first find/contact them?

Is it also them who are showing you the changed logs?

Because what you say sounds like an IT support scam.

PS. Does your Windows version actually say "22H2ijack"? Can you screenshot that and post it here?

Edited by Nukecad, 21 June 2023 - 10:50 AM.

Thank you for responding. I honestly, don't know. I have my suspicions on who and where the access is coming from. The MITRE/Triage 100 page report reflect direct access remotely. Authentications/tokens.  I call it remote admin but that could be the wrong terminology.

IT is not my field of expertise by any means. What I have learned ( not much) is from my learning on my own. A friend that is a software engineer did the set up on this device. Not long after he exited my laptop via remote, the firewall settings were disabled, as well as windows updates. Also, somehow installed an old version of windows. I ran the logs through event viewer and saved them. I should have known better than to connect my new computer to a new modem and router prior to installing a wired network switch firewall. I believe "they" gained access through a one of my devices-TV, mobile phone, or printer from a MAC address. Also I  know that for the past couple of years I had issues with browser redirects. I thought I was working with customer support for Microsoft, ATT and Adobe but not so. My friend looked at the emails and said NO those emails are not authentic. I believe that customer support issue is happening again on this laptop with AVG and Malwarebytes.

 

Fast forward a few weeks. I was referred to another IT guy. We spend 6 hours looking at the laptop together and he did not see anything that looks suspicious. I had my doubts. The toolbox kit I ran tells me there are MANY issues and the router is being redirected.I don't know how to explain it other than It is kinda like a ghost mirroring my devices and the ultimate MF and nightmare for me ...

Edited by Bionda, 21 June 2023 - 11:15 AM.

Sorry, but you have been told this 'support' is not genuine but you are still contacting them and letting them access your new machines.

That would be stupidity and why your posts here do not ring true.

Although I do often help people with mental health issues, so am less quick to judge about odd behaviours
(Screenshot of the Windows version?)

Edited by Nukecad, 21 June 2023 - 11:22 AM.

No major company would ever remote into your computer to help you solve an issue not even your isp.

This is exactly when and how it started. Issues with my iPhone, iCloud, apps and Mac Book. One thing lead to another compromising PC, laptops, and other devices

Apple fixes zero-days used to deploy Triangulation spyware via iMessage

Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7," the company says when describing Kernel and WebKit vulnerabilities tracked as CVE-2023-32434 and CVE-2023-32435.

The two security flaws were found and reported by Kaspersky security researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin.

Kaspersky also published a report earlier today with additional details on an iOS spyware component used in a campaign the cybersecurity company tracks as "Operation Triangulation."

"The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted," Kaspersky said today.

"Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers.

Used by U.S. state hackers per FSB claims

The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day

Apple also patched today a WebKit zero-day vulnerability (CVE-2023-32439) reported by an anonymous researcher that can let attackers gain arbitrary code execution on unpatched devices by exploiting a type confusion issue.


The list of affected devices is quite extensive, as the zero-day affects older and newer models.

Since the start of the year, Apple has patched a total of 9 zero-day vulnerabilities that were exploited in the wild to compromise iPhones, Macs, and iPads.

Last month, the company fixed three more zero-days (CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373), the first reported by Google Threat Analysis Group and Amnesty International Security Lab researchers and likely used to install commercial spyware.

You aren't a target for government / state based hackers and those with the intelligence and intellectual ability to attack you a commoner.

They woukd go after people like me who is/was a government employee with a clearance.

Not going to jump in here but you need to look in your browser/s and check if they are using Google or Yahoo DNS, switch to another if available.

 

One time all browsers could set what DNS Provider and those 2 were options.   Mine I switched long ago to CIRA Canadian Shield and seem to be locked in to that.

 

You were given and told to run the MTB and to post the results so that we could help you.  

 

With out doing as asked there can be no help provided.

 

Do this please :  

Please Post a "link" of Speccy Report.
Please install Speccy Free : https://m.majorgeeks.com/files/details/speccy.html
Use Custom Install
  At the Top Left Corner of Speccy --> Click File and then Click Publish Snapshot Report, a window will popup and Click YES. --> Another popup will appear and then Click "Copy To Clipboard" then Paste that "link" to your next reply in your thread.

 

Download Minitoolbox from the below link :
http://www.bleepingcomputer.com/download/minitoolbox/
  Run the tool and only select the following tick boxes.
    -List last 10 Event viewer errors
    -List installed programs
    -List devices
    -List users, partition and memory size
Now click "Go" and Copy/Paste and post the output text in your next reply