1st time getting hacked need advice please

Discussion in 'PC' started by Toxic_Coma, Nov 4, 2024.

  1. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,303
    Likes Received:
    528
    Location:
    CBGB omfug
    Exactly. Advice to remove firewall and a/v on an INTERNET CONENCTED DEVICE is flawed and should be ignored. This is why you have a non-connected (never, in any way. this includes wifi as well) machine for production purposes. When you install stuff you have downloaded on the non-connected production box, it should already be vetted as clean from your internet device because you're running an active a/v/malware scanner and firewall and/or sandboxie. For a non-connected machine stuff like firewalls and a/v etc, are not needed and should be removed along with other windows junkware.
     
    Last edited: Nov 4, 2024
  2. sevente

    sevente Kapellmeister

    Joined:
    Sep 26, 2017
    Messages:
    95
    Likes Received:
    64
    Yeah, unplugging your box when you realised was the best thing you could do, ditto wiping the computer. Others have made some good points, I would just add: if you had any passwords saved in your browser you need to change ALL OF THEM, as soon as possible, as they've most likely been compromised.
     
    • Agree Agree x 2
    • Like Like x 1
    • List
  3. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,615
    Likes Received:
    3,346
    Best Answer
    To continue on this point: You also need to block inbound connections with the firewall if there is a RAT involved. A trojan will use outbound connections to notify the attacker of your IP and the Port the trojan is listening for commands on each time you reboot, but does not allow connection to the machine in most cases. And outbound connection to a C&C server can allow commands to be piped back to a computer once it has solicited a connection. That outbound connection becomes "trusted" and is allowed to relay commands back to the target. This can be done via IRC as well, where the computer will join a server as a bot and then waits for commands.

    I am guessing, since VPN was mentioned, OP has a static IP address. If an attacker has your static IP, a trojan server already running and listening on a port; only blocking outbound isn't going to help. They do not need any complex outbound solicitation to pipe commands back; they can just connect directly to the machine because they already know the static ip where they can relocate the computer and portscan it; should the trojan server randomize it's port each time you reboot.

    Some of these suggestions mentioned are very much "worst case scenarios". Rootkits, pwned routers and pivot attacks, undisclosed zero days, are way beyond what has been described. Start with basics and show him how to use Netstat to identify listening ports. Look in your win and system ini files for cleartext added load= entries there. Look for bogus registry entries. Find its startup method upon each reboot. How to use a utility like Wireshark to do some basic networking analysis. The sky is not falling. Pull the ethernet cable, disable the wireless. Then figure out what happened with the machine not connected to the internet.
     
    Last edited: Nov 4, 2024
    • Useful Useful x 2
    • Like Like x 1
    • List
  4. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,303
    Likes Received:
    528
    Location:
    CBGB omfug
    With regard to VPN - most proper VPN's will have the location node public IP address randomly changing every 3-5 seconds or so making it very difficult to run some kind of connection hack back to a supposed target machine unless the target had some sort of pre-activated telemetry running to identify itself to the attacker. I realize not all VPNs are created equal but IMO public IP rotation is an earmark of a good VPN.
     
    Last edited: Nov 4, 2024
  5. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Nov 4, 2024
    Messages:
    13
    Likes Received:
    1
    I’ve always been cautious about sites And even more so now. More or less The advice I seek is do I need to call my Internet provider reset anything on that in versus just the username and password and I have a new Sim card on the way from my phone because he locked my iPhone and you guys pretty much answered everything about the computer part of it about how to go about setting it up but I just want to be sure that i’m taking the right measures when I setup everything from scratch. I know you guys are a lot more knowledgeable. I will say again man I appreciate everyone’s replies
     
  6. Radio

    Radio Audiosexual

    Joined:
    Sep 20, 2024
    Messages:
    1,334
    Likes Received:
    759
    Cyber criminals sometimes gain unauthorized access to someone else's account : for example, they use phishing emails or data leaks to steal login data. They can then log in and take over the account . They can then use someone else's online shopping account to sell illegal goods, for example. If criminal prosecution takes place, the trail initially leads to the owner of the hacked account. The actual perpetrators, however, remain hidden.

    However, cyber criminals do not necessarily have to take over someone else's account to pretend to be someone else on the Internet. Another strategy is to create a new account in someone else's name. They first collect pictures and private data such as date of birth and occupation. They then use this information to fill out a social media profile, for example, which can look deceptively real. They then ask family members of the affected person to help them out in a financial emergency, or exploit their trust to obtain sensitive data. At the same time, they send links to infected websites.

    Digital identity theft has many faces. What they all have in common is that criminals pretend to be another person on the Internet. The consequences can be serious - from financial damage to reputational damage to criminal consequences. To prevent this from happening, you should put as many obstacles as possible in the way of cyber criminals.

    How to secure your digital identity and accounts
    When you create a new account :
    • Follow our recommendations for strong passwords and use a password manager .
    • Use a different password for each service. If, for example, your social media account is hacked, your email account will not be affected.
    • Enable two-factor authentication wherever possible. If a password is guessed, published, or otherwise hacked, you make it more difficult for cybercriminals to gain access to your accounts.
    • Only reveal as much about yourself as is absolutely necessary – both publicly and to the provider of your email service or a social media platform.
    • Use different usernames on different platforms to make it harder for cybercriminals to create an overall profile of you.
    When you are on the Internet:
    • Use a screen lock for devices such as smartphones or tablets . This can use biometric data such as a fingerprint, for example. Also, do not let yourself be observed when entering passwords.
    • Check emails carefully before clicking on attachments or links. Cyber criminals use phishing emails to try to steal passwords, for example. Email attachments are also one of the most common ways to introduce malware .
    • The same applies to all links you come across on the Internet: seemingly funny or scandalous content often hides prepared websites or malware .
    • Be careful when using public Wi-Fi networks . Risks can include unencrypted data transmission and the introduction of malware.
    • Protect yourself with regular software and operating system updates . These often close security gaps before cyber criminals can exploit them .
    • Use a virus scanner on all devices and activate the firewall .
    • Use different email addresses, one for competitions, newsletters and social networks, another for important communication with close contacts.
    • Don't tell anyone about yourself online that you wouldn't tell strangers on the subway. Make your social media profiles private and carefully review friend or follow requests.
    If you are affected by digital identity theft:
    In an emergency, quick action can prevent serious consequences. We offer aInstructions for those affected by hacked accounts, especially email accounts,for those affected by identity theft on social media platformsas well as for those affected by devices infected with malware.
     
  7. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,615
    Likes Received:
    3,346
    They will not give you a new static IP address just because you had this happen. Change your password.
     
  8. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Nov 4, 2024
    Messages:
    13
    Likes Received:
    1
    Thank you brother I have never had anything happen granted I just got back into this I started way back when Soulseek was just starting probably just luck it’s never happened before never knew what a VPN was until a 1-2years ago it sucks but In general other than the stress of thinking about it here and there it’s cost me about $20-30 bucks so far and not being able to use my phone but take away as much as I can and look at it as a half full as in what not to do it next time and I got to open up my ENGL and let her breathe a little bit. Which is blasphemous I don’t use my analog gear much anymore. Haha maybe the “Toob” gods are punishing me ?
     
  9. Radio

    Radio Audiosexual

    Joined:
    Sep 20, 2024
    Messages:
    1,334
    Likes Received:
    759
  10. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Nov 4, 2024
    Messages:
    13
    Likes Received:
    1
    I appreciate the info man and I’m gonna go back through all these messages and take every piece of advice I’m glad I was smart enough to at least buy the computer off Amazon with a two-year warranty so worst case in the bitch in and get another one
     
  11. deathroit

    deathroit Kapellmeister

    Joined:
    Dec 29, 2022
    Messages:
    79
    Likes Received:
    67
    I agree, this is important.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  12. saccamano

    saccamano Audiosexual

    Joined:
    Mar 26, 2023
    Messages:
    1,303
    Likes Received:
    528
    Location:
    CBGB omfug
    As someone already suggested - DL the TCPview app (not the online thing) and that will tell all. Unless you already run a firewall that shows you a REAL TIME display your network connections (the windows firewall does not do this). TCPview shows what ports/processes are listening, what ports/processes are actively shoving data thru the network and will allow you to real-time DISCONNECT any dare-do-well processes or connections that are unwanted.
     
  13. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Nov 4, 2024
    Messages:
    13
    Likes Received:
    1
    My dudes appreciate the advice more than you guys could realize :beg:Im currently factory resetting everything off my laptop as well to be used for what got my ass here in the first place. which is like 1.6GHz/4ram/ (stil had SL2 scratch live software from around 2007 w ttm56 owners manual) that was from a even older pc..i did that even though it was off and disconnected from the Internet at the time all the shit. Regardless if that was truly needed or not I figured it could only help mildly speed up when using it
     
    Last edited: Nov 5, 2024
  14. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,740
    Likes Received:
    2,296
    Location:
    Heart of Europe
    yea I'd probably factory reset router/modem and configure everything from scratch (including different username and password) just to be sure
     
  15. panaman

    panaman Kapellmeister

    Joined:
    Jul 8, 2017
    Messages:
    252
    Likes Received:
    46
    not sure which is worse, your situation or my entanglement with a lawyer on the fitgirl page, he ripped 1300 out of me already for just one complete download and one i had cancelled after a few seconds, changed my mind. and he could always come back for more. btw, how safe is rapidgator?
    so any suggestions for a vpn please, something with min. 12tb bandwidth and really safe for germany?
     
  16. itisntreal

    itisntreal Ultrasonic

    Joined:
    Apr 7, 2023
    Messages:
    75
    Likes Received:
    25
    Location:
    Twilight Zone
    if it is someone with really bad intentions that will not help you you can factory reset your pc or format your hard drive write zeros to drive until your drive is literally broken some experienced hackers keep coming back no matter what
     
  17. Radio

    Radio Audiosexual

    Joined:
    Sep 20, 2024
    Messages:
    1,334
    Likes Received:
    759
    Rapidgator is supposed to be pretty safe, they even have security guards at your door.
    This company is owned by Kim Dotcom https://mega.io/de/ you also get storage space and a unique key.

    The Opera browser has a built-in free VPN server.
    1. NordVPN: Unsere 1. Wahl für Deutschland. Etablierter Anbieter mit über 10 Jahren Erfahrung und einem der größten Servernetzwerke. Hervorragende Verbindungsgeschwindigkeiten. Bietet eine 30-tägige Geld-zurück-Garantie.
    1. NordVPN: Our 1st choice for Germany. Established provider with over 10 years of experience and one of the largest server networks. Excellent connection speeds. Offers a 30-day money-back guarantee.
     
  18. Toxic_Coma

    Toxic_Coma Newbie

    Joined:
    Nov 4, 2024
    Messages:
    13
    Likes Received:
    1
    Dude no question I’d think yours is rougher, yeah hearing some of the stories I feel like a dick for even bringing it up really because I hear more and more stories and they turned out to be horror stories money related or what have you it’s just cost me little bit of cash and inconvenience as a motherfucker but I will say holy shit man can you elaborate a little bit more as in what you’re describing is it a personal lawyer you hired and got charged 1300 or the dude @fitgirl (hacker) is pimping you out of money.? € worth a good Bit more than our $.
     
  19. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    7,615
    Likes Received:
    3,346
    Sure. But the minute he turned off/disconnected the router, his network is basically air gapped from the internet. After that, you have open network shares to be concerned with the infected machine could spread malware to. After that, the sequence you do the later steps does not matter.
    Wiping the system drive also erases anything you could use to figure out what really happened.
     
  20. deathroit

    deathroit Kapellmeister

    Joined:
    Dec 29, 2022
    Messages:
    79
    Likes Received:
    67
    MullvadVPN - No registration, no card number required. You can send money in an envelope mi get a scratch card with an activation code in the return letter. Or through Amazon. And strict no-log policy https://mullvad.net/en/blog/mullvad...-search-warrant-customer-data-not-compromised

    I would not trust Opera. They are owned by the Chinese company Kunlun. Would you trust a VPN from Google or Meta? I wouldn't.
     
Loading...
Similar Threads - getting hacked need Forum Date
How are they getting their waveforms this LARGE without clipping? Working with Sound Dec 9, 2024
Getting EZDrummer 3 to see Elements Software Nov 23, 2024
having trouble with getting libraries to work on mac Kontakt Nov 14, 2024
Why do Leapwing plugins keep getting taken down from sister site? Software Sep 29, 2024
getting new processor intel xeon PC Aug 31, 2024
Loading...