Welcome Guest ( Log In | Register )

Forum Announcement

Please keep your account's email current. http://lowy.at/chgEmail

Outline · [ Standard ] · Linear+

> **Surrender**NeedHelp, need IT solutions

views
     
TSmattmalam87 P
post Nov 25 2021, 05:02 PM, updated 3d ago

New Member
*
Probation
11 posts

Joined: Oct 2021
help sifusss here..i dont know how to explain what im facing right now..too much for me to handle.
i dont know what kind of hacks / malwares /virus or what else im facing now.

(1)network issue at first
(2) until i findout "someone'' was on my network and 'living' for years.
(3) slowly spying on the logs what 'they' did to me and took back my ''admin control user''
(4) and now i no longer can sneak in my router after i tried some changes. i did whatever cleaning i can,but it never ends. I dont know what kind of problems im having now it is too disturbing. Keep redirect my urls, block my searchs ,my emails account ,my credentials . I dont know how to stop it. What makes it worst is until today i saw ''something suspicious'' on my android. story ends-


I think i should just find some IT technician before it is too late. Can anyone recommend me ? Im from KL sri petaling any good one nearby? SOS , i got alot of works depending on my devices.

user posted image
user posted image

im not sure the number i censored it right anot. icon_question.gif icon_question.gif
zhihong0321
post Nov 25 2021, 05:10 PM

New Member
*
Newbie
15 posts

Joined: Nov 2006


i dont see the "some1" in your screenshot...

and there is no point Marking your LOCAL IP Address.........


are you saying your
1) router got unauthorized access?
2) or your PC was under unauthorized access?

This 2 are very different problem,


bladebreaker
post Nov 25 2021, 05:15 PM

Getting Started
**
Junior Member
91 posts

Joined: Mar 2009


looks like its already on your registry and host file.

you're better off formatting your system

fireballs
post Nov 25 2021, 05:17 PM

10101
*******
Senior Member
4,950 posts

Joined: Mar 2012
did you receive email saying that got people hack into your system, can see whatever you do
then ask you to send bitcoin?

just ignore it.
TSmattmalam87 P
post Nov 25 2021, 05:41 PM

New Member
*
Probation
11 posts

Joined: Oct 2021
QUOTE(zhihong0321 @ Nov 25 2021, 05:10 PM)
i dont see the "some1" in your screenshot...

and there is no point Marking your LOCAL IP Address.........
are you saying your
1) router got unauthorized access?
2) or your PC was under unauthorized access?

This 2 are very different problem,
*
paiseh bro im not that good so i should or should not cover the ip things.
1)router got unauthorized access? > this im not sure i didnt see any strange devices or ip on the router ,but i saw the system log and all those non friendly javascript thing on the sites. Ya i got booted out this morning after i made my router username and pwd changes, and there's no way back BUT network still running .
2) my pc for sure was/are under unauthorized access using tech like rdp? or teamviewer? encountered once fewdays back it shocked me until i straight off cpu never switch it on back tht day. Until now i still see changes on my pc even thou i tot i 'kicked' them out. Now i only see things like files missing , and came back. Some pretend to be legitimate , but got the option for sharing in between. If they do it quietly i might wont respond like this .All those txt files and logs located right on desktop for me to read.


[27672][28448][05:00:47.700] P: WindowState: WIN DEATH: null
[30824][18436][05:00:47.976] P: LauncherEx: MonitorThread: top_activity=com.android.launcherex.MainActivity
[30824][18436][05:00:47.976] P: LauncherEx: SocketThread: sendMessage: top_activity:com.android.launcherex/com.android.launcherex.MainActivity
[30824][18436][05:00:47.976] P: LauncherEx: MonitorThread: pending killing start
[26544][29656][05:00:47.997] I: [STARTUP] StartKernelThread: dwError=0
[26544][29656][05:00:47.997] I: [STARTUP] StartKernelThread: Close Session...
[26544][29656][05:00:47.997] I: [STARTUP] StartKernelThread: Close Session Done
[26544][26688][05:00:47.998] E: pipe_ipc_stream::accept: ConnectNamedPipe Fail Error=109
[26544][28920][05:00:48.003] I: ReportThread: get_report_data exit!
[26544][30748][05:00:48.010] I: local_audio::play_back_waveout_worker: exit!
[26544][29656][05:00:48.010] I: [STARTUP] StartKernelThread: Exiting...
[10128][36952][21:02:34.526] P: AOWCreate: ExePath=\Device\HarddiskVolume4\program files\TxGameAssistant\ui\AndroidEmulator.exe
[10128][36952][21:02:34.526] P: AOWCreate: DriverPath=\Device\HarddiskVolume4\program files\TxGameAssistant\ui\AOW_DRV_X64_EV.SYS
[10128][36952][21:02:34.529] P: AOWCreate: DriverMD5=AE6286057DB88F2C60C462634724B03E, CurrentDriverMD5=AE6286057DB88F2C60C462634724B03E
[10128][36952][21:02:34.530] I: [STARTUP] StartKernelThread: cmdline="\??\D:\Program Files\TxGameAssistant\UI\aow_exe.exe" --kernel --root "D:\Program Files\TxGameAssistant\AOW_Rootfs" --share "D:\Temp\TxGameDownload\MobileGamePCShared" --rom 0
[10128][31600][21:02:34.657] I: ReportThread: get_report_data try again!



user posted image

so i really dont know what im facing now, too tense.Just someone help me get rid of it. Doorstep service / i walk in to the store also can.
TSmattmalam87 P
post Nov 25 2021, 05:45 PM

New Member
*
Probation
11 posts

Joined: Oct 2021
i might think wrong on those guesses. But 1 thing for sure is that my cpu need some attention.I seriously dont recognize all those thing , never see or use it before.
zhihong0321
post Nov 25 2021, 06:47 PM

New Member
*
Newbie
15 posts

Joined: Nov 2006


this is quite common, with Trojan.

honestly a fully updated Windows 10
especially cleaned 1. is quite secure.


easiest solution?
a clean reset would do.
PRSXFENG
post Nov 25 2021, 08:59 PM

Casual
***
Junior Member
373 posts

Joined: Nov 2020


If you suspect malware, download and run malwarebytes, adwcleaner, hitmanpro

As your your pics, dont see much with problem1 pic, problem2 pic seems like normal typical connections that your browser and other background apps will make

regarding the 192.168 html file, seems like you might have saved your router's login as a html file?

Is your router provided by ISP (TM/Maxis/whatever) or self purchased? If ISP they do indeed have the ability to change settings on it, but that is as far as they can do, they cannot "hack" you pc

The pile of logs you posted seem to be for Tencent Gaming Buddy/ Gameloop, do you use that, or play PUBG?

Feels like typical "your pc is hacked" fear tactics were used on you...

TSmattmalam87 P
post Nov 26 2021, 09:05 AM

New Member
*
Probation
11 posts

Joined: Oct 2021
QUOTE(zhihong0321 @ Nov 25 2021, 06:47 PM)
this is quite common, with Trojan.

honestly a fully updated Windows 10
especially cleaned 1. is quite secure.
easiest solution?
a clean reset would do.
*
can reset can do it alone by myself anot?im not good on it.
how to keep or backup those files ?
enclashz
post Nov 26 2021, 09:10 AM

New Member
*
Junior Member
26 posts

Joined: Apr 2012


Try install Malwarebytes first. Usually this software can remove trojan/malware so far for me okay compare to others.
TSmattmalam87 P
post Nov 26 2021, 09:16 AM

New Member
*
Probation
11 posts

Joined: Oct 2021
QUOTE(PRSXFENG @ Nov 25 2021, 08:59 PM)
If you suspect malware, download and run malwarebytes, adwcleaner, hitmanpro

As your your pics, dont see much with problem1 pic, problem2 pic seems like normal typical connections that your browser and other background apps will make

regarding the 192.168 html file, seems like you might have saved your router's login as a html file?

Is your router provided by ISP (TM/Maxis/whatever) or self purchased? If ISP they do indeed have the ability to change settings on it, but that is as far as they can do, they cannot "hack" you pc

The pile of logs you posted seem to be for Tencent Gaming Buddy/ Gameloop, do you use that, or play PUBG?

Feels like typical "your pc is hacked" fear tactics were used on you...
*
thanks for your advice bro.
1)im on malwarebytes already.. other software i dont dare to try simply as previously my avast im using was a fake too.Just found out after my window do some of the job for me. Those software u mention can settle my job once and for all?

2)the 192.168 html file what do u mean i save my router's login as a html file..i dont understand , im actually saving my router's login at the setting page.Im dont know that kind of tech u saying.

3)This was router was mine previously from other property (TIME) , i only suspect the old router i was using providing from 'whatever' ISP. I thought they can access it and do something to monitor our activies( i know all this just by google and just found out nowdays only) as i said for years i never check or scan my pc.

4) i only download prawn , i dont play games . What to do with mobile game on pc?

5)thanks for the advice i think i will just stick with some software before i find the technician i need it.
ktek
post Nov 26 2021, 09:17 AM

워터파크
********
All Stars
10,335 posts

Joined: Jul 2006
is your computer that kena
TSmattmalam87 P
post Nov 26 2021, 09:32 AM

New Member
*
Probation
11 posts

Joined: Oct 2021
QUOTE(bladebreaker @ Nov 25 2021, 05:15 PM)
looks like its already on your registry and host file.

you're better off formatting your system
*
sorry for the late reply i only managed to reply 3 times perday only. Ya i think im facing this registry problem.I saw something like coinhive or what.This registry not virus right?how come those file got problem i scan it with those softwares directly they state it as clean?how to remove all this registry.


QUOTE(fireballs @ Nov 25 2021, 05:17 PM)
did you receive email saying that got people hack into your system, can see whatever you do
then ask you to send bitcoin?

just ignore it.
*
another issues i started notice,1 accounts that i long never use since secondary school 1 of it microsoft suspended. Yes i received ALOT of phishing mails there,1 of it are AIA lagi almost fall for it lucky never.
high tech things i dont know to play one, got bitcoin i wont even bother him just straight change 1 new set gaming set rclxm9.gif
But i do really trade or use wallet once in a while.I think i got to delete every thing and reinstall back only can use. Those registry key really wont go off.

*coinhive* is this thing serious? i saw this and i ready about it .Those crypto mining stuff using peoke's cpu.

QUOTE(mattmalam87 @ Nov 26 2021, 09:16 AM)
thanks for your advice bro.
1)im on malwarebytes already.. other software i dont dare to try simply as previously my avast im using was a fake too.Just found out after my window do some of the job for me. Those software u mention can settle my job once and for all?

2)the 192.168 html file what do u mean i save my router's login as a html file..i dont understand , im actually saving my router's login at the setting page.Im dont know that kind of tech u saying.

3)This was router was mine previously from other property (TIME) , i only suspect the old router i was using providing from 'whatever' ISP. I thought they can access it and do something to monitor our activies( i know all this just by google and just found out nowdays only) as i said for years i never check or scan my pc.

4) i only download prawn , i dont play games . What to do with mobile game on pc?

5)thanks for the advice i think i will just stick with some software before i found the technician i needed i cant risk with my job. Any recommendation here bro??
*
fireballs
post Nov 26 2021, 09:46 AM

10101
*******
Senior Member
4,950 posts

Joined: Mar 2012
Suggest you start fresh if you paranoid

New router go claim from time
New SSD new install

Change all your email password

This post has been edited by fireballs: Nov 26 2021, 09:47 AM
mashimarow
post Nov 26 2021, 09:52 AM

Regular
******
Senior Member
1,725 posts

Joined: Aug 2006
From: Selangor


just copy out your important file to a pendrive and nuke your boot drive.
wipe the partition and create a new one, then reformat and install windows again.
put up a security first and scan your files on pendrive before putting it back. Malwarebytes is not bad, I also wonder Avast got fake one? you download from link or direct from Avast site?
and never ever use those driverbooster or something, download everything from official site, and make sure it is https and read clear the website name you entered, they are capable to recreate an exact bank site for you to enter except different website name

This post has been edited by mashimarow: Nov 26 2021, 09:54 AM
netmatrix
post Nov 26 2021, 03:43 PM

The machine... it sees everything.
*******
Senior Member
5,971 posts

Joined: Jan 2003
From: Zion


Dude.... you like paranoid schizophrenic only.

If you suspect you are compromised, a simple scan with 3rd party apps like Malwarebytes or hitman Pro usually can verify that.

https://www.malwarebytes.com/

https://filehippo.com/download_hitmanpro/

The worst kind of virus trojan attack at the moment is still Ransomware based. And it acts very quick.

Another simple way to know if you are compromised without installing anything is to look at Windows Start Up. If you see things that does not make sense in the list, then you can start worrying. sweat.gif
sHawTY
post Nov 26 2021, 04:08 PM

Frequent Reporter
********
All Stars
13,743 posts

Joined: Jul 2005

QUOTE(mashimarow @ Nov 26 2021, 09:52 AM)
I also wonder Avast got fake one?
Pirate la tu whistling.gif
TSmattmalam87 P
post Nov 27 2021, 07:32 AM

New Member
*
Probation
11 posts

Joined: Oct 2021
QUOTE(mashimarow @ Nov 26 2021, 09:52 AM)
just copy out your important file to a pendrive and nuke your boot drive.
wipe the partition and create a new one, then reformat and install windows again.
put up a security first and scan your files on pendrive before putting it back.  Malwarebytes is not bad, I also wonder Avast got fake one? you download from link or direct from Avast site?
and never ever use those driverbooster or something, download everything from official site, and make sure it is https and read clear the website name you entered, they are capable to recreate an exact bank site for you to enter except different website name
*
trying malwares now..idl bout this avast thing..even google also advice me to remove the extension that idk when i put in on my browser.

QUOTE(netmatrix @ Nov 26 2021, 03:43 PM)
Dude.... you like paranoid schizophrenic only.

If you suspect you are compromised, a simple scan with 3rd party apps like Malwarebytes or hitman Pro usually can verify that.

The worst kind of virus trojan attack at the moment is still Ransomware based. And it acts very quick.

Another simple way to know if you are compromised without installing anything is to look at Windows Start Up. If you see things that does not make sense in the list, then you can start worrying.  sweat.gif
*
never check all this things for years.. after window did some job for me now i can see alot of things i dont recognize in my pc. Hidden files and sharing stuff la idk tu la made me paranoid sia. I rarely use it only for videos and pawn.
MCO made everyone tense ,cari makan susah bro.

QUOTE(sHawTY @ Nov 26 2021, 04:08 PM)
Pirate la tu whistling.gif
*
bought this cpu set from a store few years back. Im going back to look for him after i settled this thing. Idk what he pasang on behalf of me seriously ,i conlanfirm something to do with him. Doesn't make sense anyone can do things like that remotely without my notice
mashimarow
post Yesterday, 01:42 PM

Regular
******
Senior Member
1,725 posts

Joined: Aug 2006
From: Selangor


Avast is free to download, I use more than 10 years without a single issue. Is your windows legit or buy from pasar malam, it could be infected with trojan once your install it.

As you suspect also, could be your friend prank you setup remote desktop without you notice

 

Change to:
| Lo-Fi Version
0.0172sec    0.55    5 queries    GZIP Disabled
Time is now: 30th November 2021 - 01:46 AM