Welcome! Log In Create A New Profile

Advanced

I Keep Getting Hacked by Disney and RIAA

Posted by memetic 
I Keep Getting Hacked by Disney and RIAA
May 12, 2016 07:30PM
The first time they got into my machine and my wife's. They got our credit card numbers and bought stupid stuff. Like they tried buying me a $5 on how to knit and some other, low cost, random girl items. They tried to buy a subscription to Match.com and some other dating service.

I redid both are machines including reflash of BIOSs.

The next time, they just started @#$%& up our application and internet connectivity.

I redid both are machines including reflash of BIOSs.

This last time, they went into one of my hardrives and deleted all the movies, but left the folders, subtitle files and other non movie files. They were all deleted on the same exact day and time.

I finally did some research and found out that hackers can get into firefox and set it up as a kind of server. I will never use firefox again -- it used to be the safest, now it is the least secure of all browsers.

Has any of this happened to any of you? Are there any other apps that we can use to protect from these asshats?

I have the full Kaspersky suite on both machines. I turn PeerBlock on when I login.
Re: I Keep Getting Hacked by Disney and RIAA
June 04, 2016 08:39AM
You can do as follows:

- Setup a virtual machine (e.g. XP-mode) and do all your internet stuff there (may be in RAM-disk).
- Delete all changes to the VM at every shut down!
- Tunnel all your network traffic through host into VM (no access from host to internet) as describes here:
[forums.peerblock.com]
- Replace the firewall rules at every boot from file (Autostart cmd)! Hackers use to open the firewall only once for their app.

It's quite impossible to get from VM to host for standard hackers.

- Use c:\ only for system. Backup after new install (e.g. Paragon) and after every change, but restore the backup before changing some stuff, because in other case, you backup some bad stuff too. Then you can restore always to fresh and safe system.
.
.
.
To delete XP-mode changes (.vbs):
Dim objFileSystem, objShell, strZiel, objFile
Set objVS = CreateObject("VirtualPC.Application")
Set objVM = objVS.FindVirtualMachine("Windows XP Mode")
If objVM.State = 5 then
objVM.Turnoff()
WScript.Sleep 10000
End If
objVM.DiscardUndoDisks
Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace("C:\Users\Administrator\AppData\Local\Microsoft\Windows Virtual PC\Virtuelle Computer\")
Set objFSO = CreateObject("Scripting.FileSystemObject")
For Each objFile In objFolder.Items
' Set objFile = objFSO.GetFile("C:\Users\Administrator\AppData\Local\Microsoft\Windows Virtual PC\Virtuelle Computer\VirtualPCUndo_Windows XP Mode_0_0_11485302112011.vud")
Wscript.Echo objFile.Name & " --> " & objFile.Size/1024 & " KB"
Next
Wscript.Quit(1)
Re: I Keep Getting Hacked by Disney and RIAA
June 18, 2016 11:08AM
avatar
Sounds a lot like you have a trojan installed but could be something else.

Also, a software firewall like Kaspersky is only as good as the person operating it. Only allow legit programs through its firewall. If it's set up to automatically allow certain programs, change that to it's most annoying mode ever.

Make sure your wifi password is a strong password and that it's using WPA2, else any neighbours can possibly brute-force their way in and access your local network.

Do a scan with the following free software:
Adwcleaner
Roguekiller
Malwarebytes Antimalware

Also make sure that your Windows is up to date.

You can also scan for open ports on your router here: [www.grc.com]
Click proceed and do a "All service ports" scan.

It should give you a result of Passed on TruStealth Anaylsis. If it doesn't, you need to modify the firewall on your router.




Beta Testing Rig: Windows 10 x64 Pro 1607, Intel Core i5 2500K, 16GB DDR3, Avast! Free Antivirus
Re: I Keep Getting Hacked by Disney and RIAA
June 20, 2016 04:27PM
You can check your computer systems internet activity, identifying which process / what app is generating network traffic?
Process Monitor - Procmon.exe (Mark Russinovich) - [technet.microsoft.com]
Uncheck buttons:
Show Registry Activity
Show File System Activity
Show Process and Thread Activity
Leave only:
Show Network Activity

... and you can check, if something logging your visited websites on your computer:
Disk Pulse Free, search for file access entries after every browser click
[www.diskpulse.com]
Re: I Keep Getting Hacked by Disney and RIAA
August 14, 2016 10:03AM
memetic Wrote:
-------------------------------------------------------

> I redid both are machines including reflash of
> BIOSs.
>
> The next time, they just started @#$%& up our
> application and internet connectivity.
>
> I redid both are machines including reflash of
> BIOSs.
>
> This last time, they went into one of my hardrives
> and deleted all the movies, but left the folders,
> subtitle files and other non movie files. They
> were all deleted on the same exact day and time.


What you are describing is impossible (a virus infection surviving a reformat of the hard drive), unless you are re-installing the operating system or other software, after the format, from an infected backup. Or if you have not properly reformatted (reformatting the C: partition alone is not adequate).

You need to scan the software backups you have, using an uninfected computer, with a full range of anti-virus and anti-malware tools. Don't rely on a single anti-virus program, use at least two (there are lots of excellent free ones available).

Don't reinstall any back-ups that have not been thoroughly scanned.

In my opinion, if you are running Windows it is almost impossible for your Windows installation DVD to be infected, if you obtained it from a legitimate source. So if you have a Microsoft retail DVD, or an OEM DVD, concentrate on the software backups or image backups that you have created yourself.

As both your computer and your wife's computer were infected, probably one of them infected the other. It is useless to reinstall clean software on your machine, then connect it to your wife's infected machine, and thereby get it re-infected. If you have them networked together, you must determine whether the software backups for *both* are clean.

I strongly recommend not reconnecting the network, until you are completely satisfied that neither machine remains infected. Also, while you are doing the disinfecting, never switch both machines on: keep one turned off while working on the other.

And then install real-time protection on every computer on your home network. I strongly recommend running all of the following programs in real-time mode (some of these require a paid subscription, but they are worth the money), and update them daily:

1. AVG Anti-Virus Free Edition [free]
2. SUPERAntiSpyware LIFETIME Professional Subscription [not free]
3. Malwarebytes Anti-Malware Home (Premium) [not free]
4. Trend Micro Browser Guard [free]
5. WinPatrol [free], or WinPatrol PLUS [not free]
6. Spyware Blaster [free]
7. The MVPS HOSTS file [free]

The MVPS HOSTS file is a free download from [www.mvps.org]

PeerBlock is only intended for p2p activities. As a blocklist, it can keep your ip address protected during filesharing, but all of the above 7 items do things that PeerBlock can't do for you.
Sorry, only registered users may post in this forum.

Click here to login