locked
Linux Hack has stolen my operating system RRS feed

  • Question

  • Dear IT Pro's and the rest of you who have added much to my knowledge base. My Hp Pavillion, p6710f [Win 7 Home premium] was hacked last January 2011 by an IT guy to whom I trusted my computer for some general repair. Since that time, my computer has been controlled remotely...or at sleast by files leftover from then.   I have been educating myself, and have tried everything possible from a user perspective. But this hack is so deep that it protects itself at every level.

    I have tried fixes at every level. Briefly, I  have discovered a virtual device manager in the MMC, and from there, of course, Windows firewall, protected by a fake Norton with embedded security vulnerabilities. I am amazed by the efficiency with which my security programs are are replaced with ineffective clones. Can't change the registry. Can't do a DiskPart. But I have recently unhid files which at least allowed me to delete many tasks not  standard for my machine. Prior to that,I could watch my desktop as a remote operator substituted their Agere modem for my Actiontec, and then substitute another OS [Vista I think] for mine. I have removed a remote\wireless card from my previous machine, but then I made the mistake of turning on my external drive which, unbeknownst to me, reinfected my computer again!

    So I have been fightng back but have now concluded that my knowledge is too limited to do this alone. Please....I mean PLEASE help me get back to my computer defaults. I am ever so grateful for anything you can tell me. Thank you for your help. I humbly await your respomse.

    Thank you, Miss B

    • Moved by BrianEhMVP Friday, June 17, 2011 2:48 PM client OS issue (From:Virtual Machine Manager – Hyper-V)
    Friday, June 17, 2011 1:00 PM

Answers

  • Miss B.

    I think you are in the wrong forum but I do understand how you got here. But I will give the answer that I think will help you the best. If you are not satisfied over the course of my answer you will be able to find an appropriate forum.

    First things first visit this page:

    https://consumersecuritysupport.microsoft.com/default.aspx?productkey=pcsafetymalware&faq=1&task=diagnostics&st=1&wfxredirect=1&altbrand=true&&locale=en-us

    And follow the instructions as that will lead you to the resolution.  But if you want to look into alternate resolutions which I wrote before I found that link, read below.

     

    It seems to me that your tech person used a common technique for invading your privacy as well as giving himself access to your computer for who knows what.  But remember it is common for support technicians to install a variety of programs for remote access such as TeamViewer, WinVNC, LogMein, etc. so the technician can later resolve any issues that may come up without the need of you bringing the computer back to him.  Unfortunately, many of these tools also provide access to other people especially if your technician is using an outdated version or not following proper security techniques.

    But first let's understand what is going on:

    1. Virtual Device Manager is a service that is part of the operating system so he did not install this. 

    2. You say you are seeing someone control your computer remotely

    3. Your Operating System is being replaced with another one

    4. Your external drives are being infected as well

    POSSIBLE ISSUES

    1. Your so-called IT person installed an application giving himself remote access.

    2. This so called IT person is either using your computer for malicious attacks or someone else has taken control of what he thought was a helpful tool.

    3. During the work on your computer he installed a Virtual OS (possibly)

    4. There are also scripts, or progs infecting external drives and preventing you from disabling what he has done.

    SOLUTION

    1. BACKUP FILES - Backup all of your important files that you have on your computer and on your external drive to DVD. WRITE in BIG RED SHARPIE "INFECTED". Remember only backup the important .doc, .xls, etc. There are tons of links on how to backup important files. Follow those instructions.

    2. RESTORE TO FACTORY SETTINGS - Once your files are saved to DVD follow your support guide on how to restore your computer to factory settings.  Most computers now have a restoration partition.  With a restoration partition a few quick keys and your computer will start restoring itself to factory default settings. 

    Unfortunately, most of the idiots at the local computer Hack shop remove this partition when they use a lame drive imaging tool to quickly overwrite your LEGAL installation with a hacked version of Windows.  This saves them time, and eventually costs you a computer.

    2. MANUFACTURER SUPPORT OR WARRANTY - Check to see if you still have a Warranty or free Telephone Tech Support. Any computer less than 18 months old usually has some support left. If it doesn't you can usually buy an additional 3 yrs for around $150. Which I bet is less than you paid this idiot to work on your computer.

    3. USE YOUR SUPPORT - Once you get Manufacturer support Call them, and tell them your computer has been compromised and you want to restore it to factory settings. When you are going through this process inquire about adding a BIOS password. To be super safe you might want to ask him to walk you through Flashing the BIOS with the latest update.

    NOTE: It always amazes me how many people take their 6 month old $800 laptop to the corner computer hack store due to virus issues, or some other weird issues. As long as the person maile din the warranty card tehy have free phone support and most of the time free telephone support, that may log in remotely and resolve the issue quicker then you can run to Best Buy.

    3B. MICROSOFT SUPPORT - If your Manufacturer cannot help you call Microsoft they will help you for a per-incident fee. Check out this page: http://www.microsoftstore.com/store/msstore/html/pbPage.Help_Technical_Support


    My apologies for not being able to walk you through these steps. But in my opinion the best method for resolving this issue is to restore your computer back to the Factory Default settings and stay away from these people that are not certified to work on computers.  Also make sure you download Microsoft Security Essentials and visit the following link often, this will provide answers to security and vius issues.

    http://www.microsoft.com/security/default.aspx

     


    Shane O. Sparks MCP A+ Security+
    Friday, June 17, 2011 3:29 PM