Unauthorized Linux Server Connections

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
9,975
Reaction score
8,874
Credits
45,255
This from new Member @Jennie Johnson - please address all responses to her as the OP, I will clean up later - Wizard

I have been having a big problem for over a year. Some smart hacker learned he could use a Linux PhPAdministrator account and/or cPanel to connect directly to both my desktop and laptop computers' Windows 10 operating system. Now my computers dual booth to both my local computers and a Linux server host. This was confirmed by running the Kaspersky Rescue Disks which tried to quarantine the WinSxS folder that contains the corrupted booth files, but the updates will not load during rebooth. I have also seen scripts run with "su" and other Linux commands.

I have spent hundreds on technical support (Techvite, Netgear, Best Buy Geek Squad) to no avail. Every time a technician cleans my computers, whoever is doing this overwrites with one of my old OS and takes control of my computers again. Nothing has worked.

I am wondering if someone in this forum knows how I can backtrack to the LInux server and break the connection. Please help if you can.

Jennie Johnson, Today at 3:36 PM
 


Hi Jennie,
On both computers change your username and passwords. Sounds to me like your ISP/Host has been compromised. I'd change host's first, then I'd look to replace both of my computers. Why change your host? That changes your online IP address, and your current host is compromised. Why replace the computers, that will change your Mac ID. Replace your router, get the firewall up a secured on the new one. Update the new router to the latest firmware. Then, I'd look into encryption, and dual login for everything. Lot's more to do, I'm thinking in circles at this point.
 
Thank you for this response, Bayou.

My problem is that I paid $900+USD for a new ASUS M32CD last year and $700+USD for a new HP envy last week trying to correct flush out the hacker. As soon as I connected to my network, I lost control of both computers again.

I am sending this message from my new laptop that I cannot access about 65% of functions because it says I am "Access denied". I am unable to install or load Microsoft office. My desktop screen is currently black and displaying this error message" Location is not available: C:\Windows\system32\config\systemprofile\Desktop is unavailable. If this location is on this device ...."

Since I do not have another $1,000USD to invest in computers that will fall victim to the same hacker, do you think replacing the router would work?
 
I'd replace the router, and I'd get a new internet service provider. This will change your internet IP. This will make you harder to find for that hacker. The new router can be configured to change your internal network to a different IP, plus it will have a different Mac address from the old router. Additionally your old router's firmware is probably infected too. I wouldn't connect any computer you own to this new network or provider until you do a clean install of the computers operating systems. The virus infected hard drives will "phone home" as soon as they get online. This means removing the hard drives and cleaning them with a different computer, preferably a computer running a Linux OS. I can't guarantee any of this will work, but you should try to get some help from someone locally that can help you do this. Best Buy's Geek Squad isn't a place I'd go looking for help. They're too expensive and the experience level of their employees is suspect. See if you have a small local computer shop that can help.
 
Since you mentioned a "php Administrators" account and cpanel, I assume you have your own website? And the hacker found you through this website of yours? If so I would consider losing your website host for sure, and also consider a domain name change.
 
Hi Jennie, sorry to hear you're having such trouble! You have described so much going on that it seems just about impossible to troubleshoot problems going back over a year. You may need a serious computer professional (not Geek Squad) to visit your home/business to really get to the bottom of all this. Both of your computers may have been compromised with malware or spyware, and you may need to reformat the hard drives on both computers and reinstall Windows. We would normally advise you to carefully backup all of your important data before reinstalling Windows, but you are also in a position that you must be very careful or else you could easily bring back malware/spyware when restoring your backups after reinstalling Windows. Perhaps this is why you haven't been able to keep the system clean after getting previous help.

As @Bayou Bengal also asked, are you controlling your own website somewhere? If so, that may be compromised too. If you do have a website and conduct any financial transactions, I'd suggest disabling that until you get everything fixed. If you do personal banking or other financial transactions on your home computers, I think I would think real seriously about stopping that too until your problems are fixed.


I have also seen scripts run with "su" and other Linux commands.
How have you seen this? Are you using Linux? If so, which distro and desktop edition?


Every time a technician cleans my computers, whoever is doing this overwrites with one of my old OS and takes control of my computers again.
Assuming you are using Windows, there is a built-in service called "Remote Desktop" that technicians often use to work on your computer without visiting your home/business personally. This is nice in some ways, but it is also risky to let someone take over your computer. There have been many phone scams where people have answered a call and told by someone claiming to be from Microsoft (or wherever) and that your computer is causing a problem... and they will help you fix it.... by getting you to turn on Remote Desktop. Do you remember ever having an episode like this? Or perhaps anyone else in your household?


Again, I think you need a trustworthy professional to visit you personally to help guide you through fixing all of these issues. If you are a Windows-only user, then most or all of your troubles and solutions are probably going to be beyond the scope of what we do here.

If you want to try Linux, we could normally help guide you to install a full Linux operating system on a USB flash drive that you could run on one of your crippled computers, and it would probably run Linux normally (and not be affected by any malware/spyware). But if both of your computers are misbehaving badly, you may not be able to create a Linux USB flash drive yourself unless you have a third computer that works properly. You can also purchase Linux on DVD's (about $6) or on USB (about $15).... but there are many available and you should ask us for more details before buying anything.

Good luck!
 

Staff online

Members online


Top