Saw My Computer Being Hacked Right Now!

Ulysses31 on 28/07/2024 - 15:15
Last edited 28/07/2024 - 16:53 by 1 other user

Hi guys, major panic.

Fastest & most effective way to stem damage?

Walked up to my PC being hacked online. I took over the mouse while they were trying to buy G2A gift cards with PayPal (on my phone and PC it auto approve), it appears. I couldn't think fast enough on WTF was happening, just shut the PC down. Now on phone

What now? I'm a scatter brain where to start changing, locking, resetting. PayPal, CommBank, Bitwarden…reset or lock the lot? Nothing looks spent.

I thought I was very good with security. 30+ years never hacked.

But of course, it HAS to be a dodgy program I just grabbed from Usenet a couple of hours ago. Didn't work, tried again. Tried again, gave up. ONE idiot mistake is all it takes. Should ran in sandbox, if I needed it that much.

Everything is 2FA (phone, email, authy), fingerprint on phone and I use Bitwarden with a very complex master.

Internet

Comments

  • Ulysses31 on 28/07/2024 - 15:16
    +12

    All these years, I never planned for WHEN someone/something will eventually breach.

  • MaKa on 28/07/2024 - 15:23
    +51

    Isolate your computer from the internet, restart it and run a virus scanner

    • Ulysses31 on 28/07/2024 - 15:31

      Thanks.
      I'm wondering about safe mode without networking (is that still a thing) or boot it, and immediately turn wifi off.
      At the moment, I'm trying to reset as many passwords as I can to banking etc.
      They had an email tab open, searching for the word crypto, and found coinjar.

      I know PayPal has limited function on mobile, which isn't helping me right now

      • Kail on 28/07/2024 - 15:33
        +51

        If you unplug your modem, your PC can't connect to Wifi on boot.

        • MaKa on 28/07/2024 - 15:36

          This

        • Ulysses31 on 28/07/2024 - 15:41
          +25

          Thanks. Classic simple advice, but my brain is dumb right now. Panic

          I've disconnected NBN (FTTP).

      • mantra on 28/07/2024 - 15:38

        some motherboards bios let you switch off wifi before windows can do anything
        either that or switch off wifi router then switch off wifi in windows and/or disable it in device manager
        safe mode without networking is also still a thing but is awkward to get into without first booting into windows

      • ATTS on 30/07/2024 - 12:58

        Oh wow they can hijack ur computer from downloading a dodgy program?

        Did ur AV say it was a PUW before your computer got hijacked?

        I once was about to install a program and my AV said it was PUW, so immediately aborted. I assume if i aborted my computer wouldn't havr been compromised? Is that correct?

        • I like freestuff on 30/07/2024 - 20:02

          Would hazard a guess that OP disabled their AV because they were trying to install some dodgy program from 'Usenet' as per OP.

          • ATTS on 30/07/2024 - 20:36

            @I like freestuff: Thanks!

            Is Usenet like torrents?

            Also what site is good to download programs? Is file hippo any good?

            I wanted to get back into torrents clients, but was concerned as went in official sites, but they said the torrent client was a PUW

            • The-Real Team Doge on 31/07/2024 - 16:16

              @ATTS: For torrent clients qBittorrent, Deluge, Transmission, and PicoTorrent have been my gotos over the years.

              fmhy[dot]net (if I can say that), has really good updated info on where and how to cosplay as a pirate in the digital age. 😼

      • anonymous01 on 31/07/2024 - 01:06

        Mind telling us what program you downloaded? Just so we can avoid..

  • Axelstrife on 28/07/2024 - 15:32
    +30

    Pull ethernet cable or turn router off.

    Start cancelling cards and changing all passwords.

    Turn PC on (without internet) and copy important files then wipe and reinstall windows (if using windows)
    Virus scan those files aswell.

    • Ulysses31 on 28/07/2024 - 15:49

      Back in the day, we'd remove the main drive & virus scan with a clean PC. Is that still a thing, I wonder. And that's only the main drive. This machine has 2 internal SSD, and 12 externals

      • Axelstrife on 28/07/2024 - 17:05
        +10

        Im sure you can but personally im a big fan of not risking it, wipe and reinstall fixes it.

      • Hardly Normal on 29/07/2024 - 22:24

        If it didn't catch it executing it is unlikely it will catch it in a random scan. There is more nuance to the topic but that is pretty much the summary. Additionally, you would be worried about any backdoors that were placed down some of which could be using legitimate programs that you already installed.

        Tl;dr: Unless you have the knowledge and are prepared to spend considerable time diving through system artifacts (event logs, MFT, prefetch, amcache, shimcache, SRUM, shellbags, MRUs, etc.) call it a day and reimage the box. The only benefit you will get is an understanding of exactly what happened.

  • freefall101 on 28/07/2024 - 15:44
    +5

    Was your password manager locked at the time they were using it? Doesn't matter how good the password is on your vault if it wasn't locked, they can just open it and copy any passwords

    If you use gmail, make sure you log out of all gmail instances and reset the password on that. Whatever your phone account is (apple/google) reset that. Reset any Microsoft programs.

    And for future, for gods sake don't download applications off usenet if you're not 100% sure on them and don't trade security for convenience. Paypal should require 2FA every time, it takes 2 seconds. Don't assume this was one mistake, how many other applications have you downloaded off usenet? They were all risky, this is just the time you were caught out.

    • Ulysses31 on 28/07/2024 - 15:54
      +1

      Solid advice, thank you.

      By memory, bitwarden in Firefox is always open (why haven't I twigged??) But chrome it needs master every single view.

      PayPal on my PC and phone always says "we recognise you", based on IP and other factors, I'm guessing. I wonder if I can force them to ask. I mustn't have 2FA on that, or I've allowed them to bypass if they deem fit.

      Only other software I've grabbed off Usenet was a keygen, ran in a sandbox.

      Resetting passwords regarding emails, vaults, phone accounts etc is probably a strategic art, knowing what one needs to be first.

      • freefall101 on 28/07/2024 - 16:03
        +2

        I'd do email first. It's very unlikely they have your vault password.

        Bitwarden has a variety of settings on when it auto locks, it sounds like you've set Firefox to "never"

        • Ulysses31 on 28/07/2024 - 16:16
          +2

          Hmm, found this on PayPal, when checking 2FA:
          "You've chosen to skip 2-step verification on 9 devices and browsers you trust. You can revoke this permission any time."

          Yeah, that's revoked now. And I deleted bank accounts & cards attached

          I have 5 email addresses (old practice, moving acrotto 1 proton & 1 personal domain), and they're all reset & sessions cancelled, devices untrusted now. 1 was missed in my annual checkup, hadn't been changed in 3 years

      • noz on 28/07/2024 - 17:42
        +6

        Sometimes PayPal will auto-trust a browser, and then tell me about it afterwards. I would need keep going in to PayPal settings to un-trust the browser. Whoever at PayPal thought this was a good idea really needs an upper-cut. Admittedly, I haven't seen it happen for some months now.

      • A-mak on 30/07/2024 - 02:34
        +1

        Just FYI, saved passwords in chrome can easily be retrieved using this tool: https://www.nirsoft.net/utils/chromepass.html

        Also, a year or two ago my sons pc became compromised where my account was admin, I found out by someone trying to payID (which luckily failed) to someone random in my bank acc.

        The steps I took:
        -Kept kids pc turned off and changed all main passwords (microsoft acc, paypal, google, facebook, myGov, steam, Ozbargain, etc)
        -called the bank and they created new accounts and shut down my old ones. They wouldn't give me access to internet banking until I provided a clean virus scan (even tho it wasn't my devices that were compromised).
        - Formatted kids pc via usb using windows media creation tool to make a bootable USB. If you have needed data on your pc you could use a Live USB like Hirens bootable usb (also has many great utilities on it) or a linux live usb, I wouldn't recommend safe mode.
        - Changed most secondary passwords.
        - No longer save bank password and primarily switched to banking app (which needs biometrics to login)

        Most things I use require 2fa, I highly recommend 2fa for paypal. I get the sms code within 5 seconds and if you use 'Your Phone' in windows you can just copy it from that.

        • furyou on 31/07/2024 - 11:23
          +3

          I want to share my experience. My case my phone number was stolen. This means i cannot login to anything with 2fa, while the thief was calling around my banks trying to "reset forgotten pw"

          2fa is a thing, but not a solution

          • A-mak on 31/07/2024 - 17:08

            @furyou: That would have been a horrible experience. How did you find out about that?

            There are other methods of 2fa, code to your email (moot if all passwords are compromised), specific app on your phone (Microsoft, Steam, Facebook, Google Authenticator) but they can also be a pain if your phone breaks.

            I have a mixture of all 3.

            At the end of the day, it is just about having another barrier of protection.

            • furyou on 31/07/2024 - 17:18

              @A-mak: One day my phone just had no reception and I thought it was the building and then it didn't come back and that was it.

              what do we do Whatever we try it seems the hackers are the ones that know all the ins and outs.

              It's just so hard and I have a password manager with different passwords everywhere. Changing all your passwords are hard enough when you are not under duress.

              I don't know how those other methods of 2FA work but imagine if someone stole your phone where are you going to get a new phone and instal Google authenticator and do whatever you need to get it up and running? So you got home in 20 minutes and you pick up the phone from your cupboard that is wiped clean, It would take an hour to set everything up. I just recently tried to set up a backup phone and trying to put your main Google account on a new phone - if you don't have your old phone you are probably out of luck.

              • Kelpei on 01/08/2024 - 23:55

                @furyou: Haven't had to transfer my number in a while but this got me thinking. It's actually quite easy to transfer/port a mobile number to a different provider. Correct me if I'm wrong but all you need to do is enter some personal details and the number you wish to port. Do telcos actually check with each other to make sure the details on both ends line up?

        • Shonky on 31/07/2024 - 19:46

          You realise the security hole there right? They get access to your computer like OP. Then PayPal sends code to your phone. Except your phone is linked to your PC so thief can just get code without phone. If you can easily copy paste then so can they.

          • A-mak on 01/08/2024 - 19:11

            @Shonky: That is assuming 1. They are using a remote desktop viewer like OP and 2. That you let your phone auto-connect to pc all the time.

            There is an argument for every security measure, similar to yours: use a password manager, hacker gets master password via keylogger. Write all your passwords down in a book, burglar breaks in and steals book.

            It is all about harm minimization now, the quicker you are alerted to something suspicious; the faster you can act. In OP's case they were very lucky to notice such behaviour just by the chance of walking past their PC. Checking phone, no reception when there should a bit less of a chance. Getting email/sms alerts (if you have email setup on your phone) is even less chance.

            Why don't you explain what you recommend? I was simply saying having 2fa is better than not having it.

  • Downvoter on 28/07/2024 - 15:46

    Some flop hacked my Facebook and instagram and I can’t access either. Pretty annoying.

    • MS Paint on 28/07/2024 - 19:10
      +27

      No loss really.

    • Cave Fire on 28/07/2024 - 20:59
      +1

      …… lost my twitter account from 2011 this way. the hacker also placed a fake auction for a steam deck on my user…

    • JIMB0 on 29/07/2024 - 09:05

      I'm sure there's plenty of other sources for pointless videos.

      • Downvoter on 29/07/2024 - 10:24
        +3

        I don’t care about the videos, more so the family pictures etc from Facebook 15 years ago

    • solidussnake on 29/07/2024 - 13:02

      I lost my Facebook, Had a recovery code on my phone at 2am which they joined their random Instagram account to my Facebook and got it banned !

      • Downvoter on 29/07/2024 - 13:29

        Yeah same here. They changed all my details, phone numbers, what’s app, email etc and got me banned from both. Can’t even make a new one as the apps are such pests to deal.

        I have backup codes etc but they can’t even provide them as no means to.

      • kiitos on 30/07/2024 - 18:52

        How did they get the recovery code? Or am I misunderstanding?

    • centrelink on 29/07/2024 - 21:31

      For some reason I have another account with the same email address of someone else’s profile.

  • bargaino on 28/07/2024 - 15:52
    +2

    Unplugging from the internet will stop banking hacks, but not ransomware.

    If your computer is compromised, better to pull the power. Do not reboot! Either boot from an external drive, or remove the hard drive and attach to another computer.
    Then you can attempt to recover your data, before reformatting and re-installing Windows (if you must).

    Though if you could see them manipulating your desktop, it sounds like a very crude remote desktop attack. A more sophisticated approach, even by script kiddies, and you'd never know it was happening.

    • Ulysses31 on 28/07/2024 - 16:21
      +1

      That's exactly what I thought. I saw remote desktop behaviour, but didn't recognise the icon bottom RHS.

      I was trying to right click & close, they were trying to complete a purchase up high on the screen. I continued the rug of war long enough to shut the computer down

      • bargaino on 28/07/2024 - 16:23
        +2

        Pull the plug! Not the time to worry about an orderly shutdown.
        Damn these laptops with wifi and non-removable batteries. Holding the power button for a few seconds should force it.

        Advice for the future: I'm normally a desktop/laptop guy, only use phone if no PC handy. But online banking is only on my phone as it is a bit more secure.
        My bank uses SMS for 2FA, which I do not trust. Too easy to port a mobile number.

        Are you saying they got access to your phone??

        • Ulysses31 on 28/07/2024 - 16:41

          Couldn't reach a cable quick, but I could find the button - while eyes were glued to the screen. Total of my seeing activity, realising, to killing the power was less than 10sec.

          Phone is fine. I'm using that to reset everything. I had a memory that PayPal didn't allow password resets via mobile (even mobile browser) - incorrect. Maybe CommBank (doing now).

          I agree with the SMS (even email) 2FA thing. I use authy. Was google, but I'm almost entirely off that nipple

  • 7ekn00 on 28/07/2024 - 16:44
    +5

    When using those sort of things from Usenet you can't rely on Defender alone :/

    Look into BitDefender or Kaspersky (KIS has a sandbox with detection for those sort of things) …

    First thing to do is take your HDD out, salvage any data needed (by plugging it into another device, just to read) and wipe the drive …
    (can be done with a Linux Live distro like Mint that can be run from USB if you don't have a 2nd system to read the HDD)

    Then re-install windows and apps :/ It is likely that if you boot back into that windows install (to do "virus scans"), all sorts of crapware may be launched!

    • Ulysses31 on 28/07/2024 - 20:29
      +1

      Thanks.

      I've opened by browser history, wondering if I can do anything with it (as the URLs have codes/account details? in them)

      They opened gmail, searched for BTC, then for crypto. Opened my coinjar account, couldn't get it. Then opened Paypal, then G2A (looks like unique URL has their details?), then got paypal linked, and were about to purchase US$200 iTunes card when I caught them.

      • 7ekn00 on 28/07/2024 - 20:31
        +2

        Doesn't matter what they did, what matters is the malware / RAT is still active on your system …

        Which means on re-connection more malware could be downloaded or more RAT access …

    • Hardly Normal on 29/07/2024 - 21:14
      +2

      If it got around Defender there is a decent chance it was going to get around any other anti-virus. Defender is actually quite good due having access to Microsoft's telemetry. Sandboxing is also fairly trivial to bypass.

      • 7ekn00 on 30/07/2024 - 09:15

        Unlikely, people over-inflate the usefulness of "Defender" because it's "Microsoft" and they must know better …

        Review almost ANY security blog / channel to see tests of "Defender vs Zero Day" or "Defender vs Randsomware", etc etc and you will certainly see that Defender is not all it's cracked up to be … software packages with "Behavioral Analysis" (ie. Bitdefender / Kaspersky) do far far better against "Zero Day" and "Randsomware" ;)

        Sure, Defender is great with "signature based" detection, just like any of the other million apps …

        • Hardly Normal on 30/07/2024 - 18:07
          +2

          Replace Defender with 'AV' in your example and I would agree.

          Defender has behaviour detections, is free and has detection rates equivalent to the main players. You can look at how AVs fair with detecting different types of malware within Virus Total if you are interested. Most of the AV vs X blogs are just veiled advertising.

          I will be the first to admit that Kaspersky has a competent product. I just wouldn't pay for it given the minimal difference. You don't really get system wide behaviour detection until you hit EDR/XDR which is expensive as a human sits in the loop to triage the alerts.

          Regarding the prevalance of 'I evaded Defender' content that is just because it generates the most clicks and is easiest to test against due to being everywhere.

          Behaviour detection isn't the be all and end all. Just another tool with a decent amount of research available on how to bypass it.

        • smalltime0 on 30/07/2024 - 21:03

          So, how's crowdstrike working out for you?

      • noshopping on 31/07/2024 - 09:14
        -1

        Every hacked PC I see is because they use Microsoft Defender.
        Most decent AV apps have decent outbound firewall blockers enabled by DEFAULT. It won't allow anything to communicate out unless you approve it.
        If this malware had been installed in the background and was waiting in memory, come time it tries to communicate to master server, it wouldn't of been able todo without a physical human at the desk approving the prompt.

        • smalltime0 on 31/07/2024 - 20:46

          If you're running programs you downloaded from Usenet whilst using an admin account - there is literally no anti-virus suite on the planet that will save you.

      • PeelThis on 31/07/2024 - 11:34
        +1

        Might not be a failure of Defender or any other AV as such.
        It sounds like it could be a legit program such as VNC (that was installed as part of that software from usenet) if they had visible remote control (RDP locks display and kicks off the remote session on logon).
        Once someone has remote access with an admin account all bets are off as they can then install what they want and they can disable or turn off any warning the AV might show.

        • smalltime0 on 31/07/2024 - 20:45

          Yeah, OP was running stuff from usenet. It could've been an authentic program executing via bash or something.
          If you're going to run stuff you've downloaded from use - know what you're doing protection wise.

  • neoleo on 28/07/2024 - 17:08

    I only use my phone for online shopping and online banking. I only put cards that can be disabled for online payment feature in Paypal and other online shopping. We don't do online shopping with card every day, right? When I want to shop online, then I'll enable online payment feature in my bank apps or Wise app.

    I have Authy 2FA also and disable access other than my own devices. I do sometimes install softwares outside official Windows store or official websites or use portable version of the softwares. I have NextDNS in all my devices and also Adguard app in my phone too. Remote access is disabled in my computer.

    For unofficial apps that I installed in my phone, usually only apps that I trust or know. Many apps that I think do not need access to internet, I block the internet access to that apps. For example, I block internet access for Adobe reader, file manager app, gcam apps etc. in the app setting and also use Adguard app as firewall to block internet access for apps that I think don't need access to internet.

    My phone number cannot be ported, even if anyone have access to the pin code sms. Porting will fail. Secret reason for this.

    • Typical16-bitEnjoyer on 28/07/2024 - 18:47

      Ditch Authy, they got hacked recently. 2FAS or Bitwarden are the best alternatives.

      • neoleo on 28/07/2024 - 19:37
        +1

        More effort to ditch it. I know about the Authy bad news. But I don't have to worry as only approved devices can access my account. I put the limit.

        • VW-Kombi on 29/07/2024 - 08:40

          Same here - I have a few pages of authy's now - and I remember the pain when I had google authenticator with a third of that amount, phone died while O/S, no backup capability. Now authy is on three phones. The authy hack was only phone numbers of accounts I believe - I saw too much effort to replace - and only time before the replacement will be hacked too - its never ending it seems.

      • Ulysses31 on 28/07/2024 - 20:53
        +2

        I had Google, but I'm trying to stop being a product. Did a heap of searches & came-up with Authy for obvious reasons at the time. But I'm absolutely open to change. Thanks for the suggestions. A 2 sec search mentioned products & brands I'd never heard of getting SOLID reviews.

    • Ulysses31 on 28/07/2024 - 20:49
      +4

      Felt like i was in a cheap movie. I kept whizzing the mouse around to mess with what they were doing, dying to know WTF they were doing, while also knowing I had to stop it NOW

  • GordonD on 28/07/2024 - 17:20
    -3

    Some of the advice being given here about installing a new version of Windows and checking your drives no longer works, as of Windows 11 Pro, and in some cases Windows 10 Pro.

    Windows Pro now encrypts drives by default. And you don't even know its doing it, or has done it, until you need to read a drive on another PC or after re-installing Windows. You can end up in the situation where doing what used to be the right thing makes your data unrecoverable.

    Not only does that reduce the speed of SSDs by up to 45%, because it does it in software using the CPU, even if the drive has its own hardware encryption capability, it makes recovery after a malware attack more difficult. As a lot of businesses found out after the CrowdStrike debacle where the security software itself was the problem.

    • Ulysses31 on 28/07/2024 - 20:47

      Interesting info - thanks.
      I've got 2 quality SSDs in the PC. One is purely OS & games, the other is "downloads" and disposable crap. Like a working drive.
      I keep everything important on external drives, duplicated 3,2,1. Including cloud, but I'm uneasy about constant costs & it's "out there"

    • xylarr on 29/07/2024 - 07:36
      +1

      I thought even with the speed of SSDs, decrypting and encrypting is still orders of magnitude faster than the underlying drive. Yes, decryption and encryption isn't free, but it doesn't slow down your drive access. You just get a little spike in CPU.

    • 2025 on 29/07/2024 - 09:13
      +4

      By default, it won’t encrypt the drive until it saves the recovery keys somewhere, either to a personal MS account, AD, or whatever

      It’s not just windows pro, standard windows will enable device encryption on qualifying PCs, it has been a thing since windows 8 logo program, think Surface Pro etc. not sure why all the shock now when it’s been around for atleast a decade lmao I guess it’s the current bandwagon to get angry about because IT procurement did not see the value in vPro before the events from a few Fridays ago.

      So the advice about wiping or connecting to another PC is valid, the drive can be read on any other PC when you get the recovery key from IT team or your MS account. The bitlocker partition can be deleted without the recovery keys. If you manually enabled bitlocker, you’ll have the txt file somewhere that the wizard forces you to save.

      Also OP, a virus scan might not detect the tool that they are using for remote access, because quite often it is a legitimate tool used for nefarious purposes.

      All security comes at a cost, even the lock on your front door slows you down when you have your hands full and need to reach for the keys with bags full of groceries.
      Encryption protects your personal data from physical theft of the drive, and in many cases the data is worth more than the drive that it sits on.

      • GordonD on 29/07/2024 - 09:56
        +1

        the drive can be read on any other PC when you get the recovery key from IT team or your MS account

        If you have an IT team.

        Or an MS account.

        My computer is MY computer inside MY house where it is safe from theft courtesy of the locks on MY front door.. Microsoft imposing the security against drive theft that might well be important to a corporate-owned laptop with commercially valuable information on it is oppressive and annoying. Let them do what their IT experts think they need, and let me not have to do it because I don't. Can't Microsoft understand that?

        • banana365 on 31/07/2024 - 18:51

          Microsoft imposing the security against drive theft that might well be important to a corporate-owned laptop with commercially valuable information on it is oppressive and annoying.

          There's nothing oppressive about it, and any annoyance is minimal and fleeting. I have my drive decryption key saved in a way that's nothing to do with Microsoft. It took about 5 seconds to do.

      • CodeXD on 29/07/2024 - 10:03

        What happens if you try to connect it to another PC? Do you get an "uninitialised" error? I've literally lost an entire 1tb ssd when I upgraded it thinking I can just use an enclosure and hook it up to get all my data back. I've never seen any recovery key on my MS account.

        I even tried to repair windows using usb bootable drive and it said no windows found. There was never any prompt to enter the recovery key either. I proceeded to install windows and saw that the partition had 931gb free space out of 931gb. At minimum it should have recognised windows partitions.

        EDIT: I googled it and said recovery keys are stored here https://account.microsoft.com/devices/recoverykey

        for me

        You don't have any BitLocker recovery keys uploaded to your Microsoft account.

        • 2025 on 29/07/2024 - 14:47
          +3

          No, you don’t get that uninitialised error. That is a separate issue. You will see the partitions in disk management and windows will pop up asking for the key if it’s Bitlocker encryption. It’s likely the enclosure or drive was faulty, or something corrupted the partition table.

          My computer is MY computer inside MY house where it is safe from theft courtesy of the locks on MY front door..

          Your front door can be easily brute forced in 5 seconds. The same cannot be said about the encryption on the drive. I for one welcome protecting my personal data, and they do provide a way to opt out. My PC has a lot of personally identifiable information, from saved credit card details to drivers license. Everyone keeps different stuff on their PC, sure, I get that, and protecting it is not on everyone’s priorities

  • Shifter0183 on 28/07/2024 - 17:42
    +3

    Don't forget to revoke all sessions for your email accounts even after changing your password. Sometimes it won't force you to re-login until the cookie expires unless you explicitly have revoked them and if they extracted your browser cookies, they may still have access.

  • thatonethere on 28/07/2024 - 17:54
    +1

    Ive spent a fair time over the last year shifting sms 2fa to a secondary esim. Als making sure no browser had any permissions to bypass 2fa for services.

  • TEER3X on 28/07/2024 - 19:06

    Hope you get it all fixed.

    Would a malware scan of the dodgy usenet program/app some prevented this from happening?

  • MS Paint on 28/07/2024 - 19:11
    +2

    I would perform a fresh os install with a wiped drive.

    • pharkurnell on 28/07/2024 - 19:51
      +1

      agree

    • Ulysses31 on 28/07/2024 - 20:30

      Completely agree. IMO, wiping windows every few years is a must.

  • Mumbles on 28/07/2024 - 20:09
    +3

    For your future setup I'd recommend not using Windows apps to access Usenet. The Windows operating system attracts the most viruses and spyware. I'd recommend running a Linux OS as its way more secure.

    When I last accessed Usenet a decade ago I did it from a Linux operating system on a dual boot setup. I'd use Linux for everything internet related and only run Windows for games or apps that Linux doesn't have (eg. Adobe Lightroom).

    Running Linux also addresses all the other fears mentioned above eg. recovering data from HDD, ransomware and other apps being auto installed on restart, etc.

    • Ulysses31 on 28/07/2024 - 20:44
      +1

      I'm just your average dude, but 30-35 years daily experience of messing with hardware & software. I do everything I can with the limited time & zero formal IT education I have.
      My commonsense radar got me into using a password vault & 2FA, getting off google, disposable accounts with useless info. Separating private from internet contacts. Even my firefox has some extra settings, along with uBlock Origin etc. I'm trying to be a speck of dust.

      And I honestly buy the software I use. Pay for all subscription services etc. My steam account is no-joke. But-yes, I love collecting high quality nostalgia, and torrents aren't always the way. One went 0-byte on me, and I tried downloading a random software to try recover it. FAIL.

  • boomramada on 28/07/2024 - 20:18

    Saw My Computer Being Hacked Right Now!

    How did you manage to achieve that? Did you click on the hot-bum-crack.jpg.bat attachment?

    • Ulysses31 on 28/07/2024 - 20:33

      My PC is running 24/7. I walked passed it (after 3 hours of no use), and saw the screen awake, strange. Walked closer & saw a strange website I know i didn't visit. Looked closer, and sat down… that's when I saw the mouse active… someone was accessing remotely.

      The garbage exploit I enabled was from a .bat file I'd ran 3.5 hours earlier… and was dumb-enough not to read it first. Looking-now, it's jam-packed full of dodgy/weird code, with @ echo off (hide from user) written first).

      • boomramada on 28/07/2024 - 20:59
        +5

        That's what I thought, PCs aren't that easy to hack these days unless you activate an exploit.

      • Shifter0183 on 28/07/2024 - 21:32
        +3

        I would hazard a guess the payload is likely either encoded via base64, compressed using a compression function or uses inline encryption/decryption to hide what it does to a casual viewer of the batch file.

        If you still have the batch file, you could upload it to virustotal and it should spit out a report on it. Or if you want you can even upload the contents to pastebin and I could reverse engineer it and explain what it actually did to your computer.

      • Homr on 29/07/2024 - 09:27
        -1

        Will Eset anti-virus stop that hack?

        with @ echo off (hide from user) written first).

        What is that?

        • boomramada on 29/07/2024 - 10:11

          I can't comment on that and these days I don't even have an anti-virus installed. It is best not to click on .bat./.exe or anything that comes form of file attachments in emails or USBs that you don't know.

          If you still can't trust yourself, create a non-admin user account and use that. They might help.

        • Antikythera on 29/07/2024 - 12:05
          +1

          https://www.makeuseof.com/tag/write-simple-batch-bat-file/

          a batch file, witch has a .bat file extension, will run a series of commands in order.

          the normal behaviour of the batch file is to print each line to the screen as it runs.

          however the "@echo off" command turns off this default behaviour so that only lines of code beginning with "echo" will print to the screen.

      • Hardly Normal on 29/07/2024 - 22:33

        If you have the .bat, PM me the contents or upload it to Virus Total and send the hash. It is probably a downloader.

  • bazingaa on 28/07/2024 - 21:17
    +1

    it HAS to be a dodgy program I just grabbed from Usenet a couple of hours ago.

    OMG! This gave me PTSD vibes from KAzaa days

    • May4th on 29/07/2024 - 07:49
      +2

      good old days with kazaa. I'm sure I've had every virus downloaded to my pc. too bad for hackers the only thing they could get off me was my nintendo GBA roms

    • smalltime0 on 30/07/2024 - 23:14

      You don't know what you're downloading… they don't know what you've downloaded…

  • hopper on 29/07/2024 - 07:56
    -1

    Live like John Connor

  • numloxx on 29/07/2024 - 08:21

    This reminds me of when my late mother thought someone was in her computer moving the mouse. I tried to explain to her that she wasn't using the mouse pad I bought for her, and she was using her mouse on the shiny surface of her desk and the mouse was skipping.

  • skillet on 29/07/2024 - 09:21
    +1

    If you want to use your PC for unknown USENET or 'cracked' programs whatever on Windows, get on the HyperV and do it on a VM. You can learn this quickly or a few hours(if cpu 80286) guides all over google, youtube you know the drill. You might think that the rouge software has pass virustotal.com with green colours but hey you never know it could facilitate as a screen recorder or acted as a keyboard logger. You can run all sorts of dirty programs on the brothel VM and you would be enjoying maximum pleasure without any protection unless you are really stupid to also do net banking on the dirty VM. Unlike sandbox, you can create snapshots so you can roll over to the state you like without a clean start.

    Speaking about net banking, these days mobile phones are real cheap, why not buy a special phone just for banking? No need for a sim, WiFi goodenough. You can login to the bank apps on your special banking phone then 2FA to your main daily phone. Just bank apps on the phone nothing else, turn it off when not required.

    • kmwa on 29/07/2024 - 14:49

      Good idea about the special phone just for banking.
      I used to have a second phone for this, but when I changed to Cmobile, I realised I no longer needed it.
      Cmobile is the only Australian mobile phone provider that implements a Porting Pin.
      This prevents SIM porting or SIM swapping, so I now feel safe with just one phone.

      • neoleo on 29/07/2024 - 15:34

        I think porting pin applies to all providers include MVNO. Recently I helped my friend moved from monthly TPG plan to Optus yearly plan with cashback (got porting pin too).

    • numloxx on 30/07/2024 - 07:32

      Usenet is still active? omg… I can't remember the last time I used it. I think it was to download 1mb photos on dialup. Took a good hour or two. you kids are spoilt these days with your fancy fibre and laser connections. Back in my day….

Login or Join to leave a comment
Login Join