Twitter account hack, email account compromised, possible browser problem

Status
Not open for further replies.
I hope the sfc /scannow command can figure some of these problems out.

I've tried researching as much as I could before we lost our electricity here, then I had no wireless connections throughout the house.
I had to call our ISP provider to get back online......go figure.

I had to pull the power from back of my router for a minute or two then it all connected back.

OK, what I've found I'll list and let you read over because I do not know of any miracle cure for whats going on.

I was pretty surprised to see it was back to default, my best guess is, during a power outage and restart it somehow reset to default.
that I was hacked while my router was in default status and prior to the VPN being installed, thus, I'm suspicious of the router itself as contributing to my problem.
Click to expand...
It can, what you've mentioned is possible.

while I do have Oracle VB on my computer, I have never used it and don't know how to either.
Click to expand...
If it were on my machine, I would remove it.
Go to the "Start" (shell), "Contol Panel", "Programs and Features". A list of installed applications will be displayed in alphabetical order. Left click "Oracle VM VirtualBox" so it is selected, then "right click" it and choose "Uninstall" from the menu.
Uninstalling it wont remove it from Host network, follow the link below.

How do I remove a VirtualBox host only network adapter
https://superuser.com/questions/854...only-network-adapter?answertab=active#tab-top

How to remove extra host only network interfaces created by vagrant on windows 10?
https://stackoverflow.com/questions...rk-interfaces-created-by-vagrant-on-windows-1

See if you can follow the topic below for any hints on your internet, if that doesn't help you might want to call your ISP.
Windows 10: Disabled wifi qualcomm atheros
https://www.tenforums.com/network-sharing/33217-disabled-wifi-qualcomm-atheros.html

~~~
I have come across an article you might want to read over that was created for someone who had been hacked.
Help: I Got Hacked. Now What Do I Do?
https://technet.microsoft.com/en-us/library/cc700813.aspx?f=255&MSPPError=-2147217396
 
Routers and links

I do need to contact my Internet service again because when I look at the router firewall setting in the configurator page, it says, it is set too low. I'm not sure if the Norton firewall settings cover the router but they are secure (as far as I know) for my computer, but obviously someone is getting into my system somewhere or the VB network adapter wouldn't have been there. For sometime, every time I reset my router or the power goes out, it restarts in a "walled garden" mode and I have to go through the setup and configure routine to get online again. That may be a hardware or software issue, I'm not sure, but it is annoying and I'm considering upgrading, especially in light of my recent network situation. At any rate, I was able to run the scannow tool in Admin PowerShell mode, since I'm not sure how to save/post a log, I'll attach a screenshot but if it ran correctly, it appears to be okay. (Good time to mention that during a restart about a week ago, it ran the "checkdisc/repair" program automatically before starting.)
I have uninstalled the Oracle VB from my computer and next I'll go into the links for removing the network adapter version, many thanks for that info in advance, I'll let you know how that goes. currently my network icons in the systray appear to be normal, that resolved itself during the scannow run amidst a lot of disconnect/reconnect activity... (Update) Interestingly enough my network adapter currently shows nothing but the connections I would expect to see, no Virtualbox network, although I wouldn't expect uninstalling the Oracle program from my machine would remove the adapter that I had, I'm cautiously optimistic and will still use the links you supplied to see if I'm missing anything.
The links and info your providing are very much appreciated, they save a lot of time searching and narrowing down issues that I'm dealing with, again thanks. I'm pretty sure the hacking I experienced through Twitter wasn't the result of bored kids messing around, that site is a hackers playground second only possibly, maybe to Facebook. Since this isn't technically a malware issue, I hope I'm not posting in the wrong section but I do find the info here very useful and relevant.
At this point, I'm off to do some reading in your links and will let you know how its progressing as I get things figured out. :)
 
scannow txt was blank

I think we're both on a learning process here....
There are so many possibilities of what a hacker can do once their in your computer.....In my mind, to make sure it's completely safe and clean is to reformat.
I've got to throw that out there so that you know this machine may or may not be secure.

I would also take precautions and notify your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
~~
The issue of Walled Garden maybe coming from your router. I found info on this (different types of routers or ISP provider) people had to connect to the router manufacturer for a better connection
Walled Garden
https://www.bleepingcomputer.com/forums/t/626321/centurylink-suddenly-put-router-in-walled-garden/

There have been public notices sent out that Twitter and Facebook accounts are being sold online
https://help.twitter.com/en/safety-and-security/twitter-account-compromised
Twitter has been forced to lock around 33 million accounts after their security details were posted online for sale.

How to tell if your Facebook has been hacked, and what you can do about it
https://www.cbsnews.com/news/how-to-tell-if-your-facebook-has-been-hacked-and-what-you-can-do/

I may have post the below link, not sure
https://www.computerhope.com/issues/ch001539.htm

compromised-home-router-devices
https://www.reuters.com/article/us-...compromised-home-router-devices-idUSKCN1IQ2DY
 
Last edited:
A quick note

Yup, I'm definitely on a learning curve here, I attached the wrong file, trying again.
I was fortunate enough to secure the bank business right off, the accounts linked to my email are the biggest problem for me at this point, but I'm working on that.
 

Attachments

  • Power Shell scan.PNG
    Power Shell scan.PNG
    32.9 KB · Views: 1
network drivers and stuff

I'm still going over the links you posted, a lot of good info there. While reading on removing the VB host network, I noticed a tip about going into device manager and disabling any VB hosts you find. That seemed like a simple enough process, so I opened the DM, expanded networks and didn't find any VB hosts. This seemed like good news but then I noticed a lot of networks, only a few of which I recognized. I'll attach a SS to illustrate, the first three I recognize but the rest are a mystery. Do you have any idea what they could be?
Upon reading the link "I got hacked, what do I do now?" I realized, this guy is right, I'm going to have to format and start over.:sad: There is an upside to this though, I'll get a fresh install and likely lose some glitchy performance that's been bugging me for a while. I'll get back to work on this end because my router is back to disconnecting again, I was just curious about the extra networks I show and wondered if disabling the unknown ones might not be a bad idea.
 

Attachments

  • device manager networks.PNG
    device manager networks.PNG
    16.9 KB · Views: 2
router is back to disconnecting again
Click to expand...
Wonder if the router is failing, call your ISP for them to check your connections?, just a thought.

didn't find any VB hosts. This seemed like good news but then I noticed a lot of networks, only a few of which I recognized. I'll attach a SS to illustrate, the first three I recognize but the rest are a mystery. Do you have any idea what they could be?
Click to expand...
Your seeing the SSID being broadcast, your not connecting to them, if you look at signal strength you'll see you can't connect.
And most likely you don't know their password.it is how it supposed to work. When I open mine up I can see my neighbors routers names, theres one I wish they would change their name since it's somewhat offensive.

good article below.
https://www.howtogeek.com/331816/ho...bors-wi-fi-network-from-appearing-on-windows/
~~~~~~~~~~~~~

I don't like to tell people that they should clean and reformat but, there are times it's the best thing to do.
 
Pros and cons

Since my problem obviously doesn't fall in the Malware category I should probably put an end to this thread, however I haven't due to the info I'm learning from all the links is so interesting, as well as relative to what I need to know.
The last time I posted, my "10" was working on a major update. I'm able to get steady internet by hard wiring through Ethernet but wifi is really irregular so I'll have the ISP go over things and wouldn't be surprised to find out I need a new router. One thing I noticed lately is that when I look at sysconfig, I am on 1 core at boot and start up is set on "selective" rather than normal. I'm unable to change these settings, do you have any thoughts on that situation?
 
1oldman said:
I'm able to get steady internet by hard wiring through Ethernet but wifi is really irregular so I'll have the ISP go over things and wouldn't be surprised to find out I need a new router. One thing I noticed lately is that when I look at sysconfig, I am on 1 core at boot and start up is set on "selective" rather than normal. I'm unable to change these settings, do you have any thoughts on that situation?
Click to expand...
Either the router or your WIFI network card? which equals hardware?...I don't know.

I know in earlier versions of windows, if you were in selective startup it was because you had disabled items not to load when the computer booted up to create a faster bootup. Some think of it was junk or bloatware and all machines come with it.
IF, you were to reset all things to load and run when you reboot your computer, again my opinion is, it's going to take longer for everything to load.
Now, with windows 10, of which I don't have, I kinda think it still works along the same line, my opinion of course, is that items have been disabled.
Your logs show
=== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-901587214-2200967626-3004657440-1003\...\StartupApproved\Run: => "KOab1err"

I found a couple of links for you to read over that might help with changing from selective mode to normal mode.

Msconfig in selective startup
https://www.bleepingcomputer.com/forums/t/591725/msconfig-in-selective-startup/

Windows 10: Add, Delete, Enable, or Disable Startup Items in Windows 10
https://www.tenforums.com/tutorials/2944-add-delete-enable-disable-startup-items-windows-10-a.html

I am on 1 core at boot
Click to expand...
LOL, beats me!, don't know if I can help with that.
https://answers.microsoft.com/en-us...g/8769e42f-a076-44c2-a7ac-7bf78b44fe22?auth=1
 
Glad we could help.
SakDYGv.gif

Since this issue appears resolved ... this Topic is closed.
 
Status
Not open for further replies.
Back
Top