1st time getting hacked need advice please

Discussion in 'PC' started by Toxic_Coma, Nov 4, 2024 at 5:37 PM.

  1. saccamano

    saccamano Rock Star

    Joined:
    Mar 26, 2023
    Messages:
    1,203
    Likes Received:
    481
    Location:
    CBGB omfug
    Exactly. Advice to remove firewall and a/v on an INTERNET CONENCTED DEVICE is flawed and should be ignored. This is why you have a non-connected (never, in any way. this includes wifi as well) machine for production purposes. When you install stuff you have downloaded on the non-connected production box, it should already be vetted as clean from your internet device because you're running an active a/v/malware scanner and firewall and/or sandboxie. For a non-connected machine stuff like firewalls and a/v etc, are not needed and should be removed along with other windows junkware.
     
    Last edited: Nov 4, 2024 at 9:14 PM
  2. sevente

    sevente Kapellmeister

    Joined:
    Sep 26, 2017
    Messages:
    94
    Likes Received:
    63
    Yeah, unplugging your box when you realised was the best thing you could do, ditto wiping the computer. Others have made some good points, I would just add: if you had any passwords saved in your browser you need to change ALL OF THEM, as soon as possible, as they've most likely been compromised.
     
  3. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,324
    Likes Received:
    3,225
    To continue on this point: You also need to block inbound connections with the firewall if there is a RAT involved. A trojan will use outbound connections to notify the attacker of your IP and the Port the trojan is listening for commands on each time you reboot, but does not allow connection to the machine in most cases. And outbound connection to a C&C server can allow commands to be piped back to a computer once it has solicited a connection. That outbound connection becomes "trusted" and is allowed to relay commands back to the target. This can be done via IRC as well, where the computer will join a server as a bot and then waits for commands.

    I am guessing, since VPN was mentioned, OP has a static IP address. If an attacker has your static IP, a trojan server already running and listening on a port; only blocking outbound isn't going to help. They do not need any complex outbound solicitation to pipe commands back; they can just connect directly to the machine because they already know the static ip where they can relocate the computer and portscan it; should the trojan server randomize it's port each time you reboot.

    Some of these suggestions mentioned are very much "worst case scenarios". Rootkits, pwned routers and pivot attacks, undisclosed zero days, are way beyond what has been described. Start with basics and show him how to use Netstat to identify listening ports. Look in your win and system ini files for cleartext added load= entries there. Look for bogus registry entries. Find its startup method upon each reboot. How to use a utility like Wireshark to do some basic networking analysis. The sky is not falling. Pull the ethernet cable, disable the wireless. Then figure out what happened with the machine not connected to the internet.
     
    Last edited: Nov 4, 2024 at 9:49 PM
    • Useful Useful x 2
    • Like Like x 1
    • List
  4. saccamano

    saccamano Rock Star

    Joined:
    Mar 26, 2023
    Messages:
    1,203
    Likes Received:
    481
    Location:
    CBGB omfug
    With regard to VPN - most proper VPN's will have the location node public IP address randomly changing every 3-5 seconds or so making it very difficult to run some kind of connection hack back to a supposed target machine unless the target had some sort of pre-activated telemetry running to identify itself to the attacker. I realize not all VPNs are created equal but IMO public IP rotation is an earmark of a good VPN.
     
    Last edited: Nov 4, 2024 at 10:01 PM
  5. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Yesterday
    Messages:
    11
    Likes Received:
    1
    I’ve always been cautious about sites And even more so now. More or less The advice I seek is do I need to call my Internet provider reset anything on that in versus just the username and password and I have a new Sim card on the way from my phone because he locked my iPhone and you guys pretty much answered everything about the computer part of it about how to go about setting it up but I just want to be sure that i’m taking the right measures when I setup everything from scratch. I know you guys are a lot more knowledgeable. I will say again man I appreciate everyone’s replies
     
  6. Radio

    Radio Platinum Record

    Joined:
    Sep 20, 2024
    Messages:
    522
    Likes Received:
    261
    Cyber criminals sometimes gain unauthorized access to someone else's account : for example, they use phishing emails or data leaks to steal login data. They can then log in and take over the account . They can then use someone else's online shopping account to sell illegal goods, for example. If criminal prosecution takes place, the trail initially leads to the owner of the hacked account. The actual perpetrators, however, remain hidden.

    However, cyber criminals do not necessarily have to take over someone else's account to pretend to be someone else on the Internet. Another strategy is to create a new account in someone else's name. They first collect pictures and private data such as date of birth and occupation. They then use this information to fill out a social media profile, for example, which can look deceptively real. They then ask family members of the affected person to help them out in a financial emergency, or exploit their trust to obtain sensitive data. At the same time, they send links to infected websites.

    Digital identity theft has many faces. What they all have in common is that criminals pretend to be another person on the Internet. The consequences can be serious - from financial damage to reputational damage to criminal consequences. To prevent this from happening, you should put as many obstacles as possible in the way of cyber criminals.

    How to secure your digital identity and accounts
    When you create a new account :
    • Follow our recommendations for strong passwords and use a password manager .
    • Use a different password for each service. If, for example, your social media account is hacked, your email account will not be affected.
    • Enable two-factor authentication wherever possible. If a password is guessed, published, or otherwise hacked, you make it more difficult for cybercriminals to gain access to your accounts.
    • Only reveal as much about yourself as is absolutely necessary – both publicly and to the provider of your email service or a social media platform.
    • Use different usernames on different platforms to make it harder for cybercriminals to create an overall profile of you.
    When you are on the Internet:
    • Use a screen lock for devices such as smartphones or tablets . This can use biometric data such as a fingerprint, for example. Also, do not let yourself be observed when entering passwords.
    • Check emails carefully before clicking on attachments or links. Cyber criminals use phishing emails to try to steal passwords, for example. Email attachments are also one of the most common ways to introduce malware .
    • The same applies to all links you come across on the Internet: seemingly funny or scandalous content often hides prepared websites or malware .
    • Be careful when using public Wi-Fi networks . Risks can include unencrypted data transmission and the introduction of malware.
    • Protect yourself with regular software and operating system updates . These often close security gaps before cyber criminals can exploit them .
    • Use a virus scanner on all devices and activate the firewall .
    • Use different email addresses, one for competitions, newsletters and social networks, another for important communication with close contacts.
    • Don't tell anyone about yourself online that you wouldn't tell strangers on the subway. Make your social media profiles private and carefully review friend or follow requests.
    If you are affected by digital identity theft:
    In an emergency, quick action can prevent serious consequences. We offer aInstructions for those affected by hacked accounts, especially email accounts,for those affected by identity theft on social media platformsas well as for those affected by devices infected with malware.
     
  7. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,324
    Likes Received:
    3,225
    They will not give you a new static IP address just because you had this happen. Change your password.
     
  8. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Yesterday
    Messages:
    11
    Likes Received:
    1
    Thank you brother I have never had anything happen granted I just got back into this I started way back when Soulseek was just starting probably just luck it’s never happened before never knew what a VPN was until a 1-2years ago it sucks but In general other than the stress of thinking about it here and there it’s cost me about $20-30 bucks so far and not being able to use my phone but take away as much as I can and look at it as a half full as in what not to do it next time and I got to open up my ENGL and let her breathe a little bit. Which is blasphemous I don’t use my analog gear much anymore. Haha maybe the “Toob” gods are punishing me ?
     
  9. Radio

    Radio Platinum Record

    Joined:
    Sep 20, 2024
    Messages:
    522
    Likes Received:
    261
  10. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Yesterday
    Messages:
    11
    Likes Received:
    1
    I appreciate the info man and I’m gonna go back through all these messages and take every piece of advice I’m glad I was smart enough to at least buy the computer off Amazon with a two-year warranty so worst case in the bitch in and get another one
     
  11. deathroit

    deathroit Kapellmeister

    Joined:
    Dec 29, 2022
    Messages:
    75
    Likes Received:
    57
    I agree, this is important.
     
  12. saccamano

    saccamano Rock Star

    Joined:
    Mar 26, 2023
    Messages:
    1,203
    Likes Received:
    481
    Location:
    CBGB omfug
    As someone already suggested - DL the TCPview app (not the online thing) and that will tell all. Unless you already run a firewall that shows you a REAL TIME display your network connections (the windows firewall does not do this). TCPview shows what ports/processes are listening, what ports/processes are actively shoving data thru the network and will allow you to real-time DISCONNECT any dare-do-well processes or connections that are unwanted.
     
Loading...
Similar Threads - getting hacked need Forum Date
Why do Leapwing plugins keep getting taken down from sister site? Software Sep 29, 2024
getting new processor intel xeon PC Aug 31, 2024
share your approach for getting air Mixing and Mastering Jul 14, 2024
FB hack ... any experience getting fixed? Lounge Jul 5, 2024
New study shows that songs are getting smarter Lounge Jul 5, 2024
Loading...