Willing to pay for someone to get me through this monster RAT/ hacket

Status
Not open for further replies.

Mikez77

New Member
Joined
Mar 27, 2023
Messages
25
Reaction score
1
Credits
302
Ill start off with asking PLEASE dont question the legitimacy of this or ask for random proof, or other questions that has nothing to do with attempting to solve it. Im so tired of it from other forums (two others).

If you can help me get rid of this, i will pay you 75$. I dont care What method or how unsafe and i also dont care about any data at all.


Ive battles this guy or even team as its definitely semi manual even if 80% is auto.

In short, first 3 weeks i made pointless Windows efforts, low level formatting, every single rescue disk you can imagine, even on random Russian and Asian forums.

So he has manipulated my uefi and kernel using his own efivars kernel in linux. I dont know how to get rid of it. The closest i got was when i hdparm'd the hd he was based in and only used my nvme ssd. Its an Acer predator helios 315 53.
 


S**t i fat fungere posted, i will add screenshots from not long ago when i was hiding in the ram with rescuezilla. When im there he keeps trying to get me in some insane way that makes my screen flash sometimes.

So he has automounted and autoscripted everything, manipulated every piece in my computer via kernel, uefi and regedit.
 
Last edited by a moderator:






There are some screens from recent.

Ive had to Google teach myself linux/ubuntu real quick but im barely a beginner.

So his overlay is rooted as /Cow and his main thing is the virtual cdrom he is mounted as. I believe that is the x: partition in Windows that he resides in as base. It cant be touched at all. Tried everything diskpart related etc.

Dban wont do anything since it doesnt touch the hpa.

I can not get a new computer either atm.

Side info, he has hijacked two of my phones too with similar kernel style. Rather insane. He has some virtual hotspots he can connect to and dont ask me how, but there are like 5 wifi spots he can use that has a crazy reception and proximity as if they were just feets from my computer or router



Phones are less important and i rooted them but will deal with them once my computer is restored
 
If you don't need any info on your machine then use a live usb with linux and make sure it has gparted installed by default (Ubuntu, Linux Mint, Expirion has it as well as a lot of others ) - boot the live usb and open gparted select the drive that is infected and delete all the partitions, this action will wipe the drive - reboot again and go into the BIOS and change it from UEFI to Legacy save the configuration - reboot with the Live USB and install it in Legacy mode should be fine - Legacy mode turns off UEFI, Fast Boot and Secure Boot - Linux does not need them to run, drive should be clean
 
If you don't need any info on your machine then use a live usb with linux and make sure it has gparted installed by default (Ubuntu, Linux Mint, Expirion has it as well as a lot of others ) - boot the live usb and open gparted select the drive that is infected and delete all the partitions, this action will wipe the drive
And it might be worth writing random data or zeros to that drive using dd, not sure if gparted live does that?
In short, first 3 weeks i made pointless Windows efforts, low level formatting, every single rescue disk you can imagine, even on random Russian and Asian forums.

So he has manipulated my uefi and kernel using his own efivars kernel in linux. I dont know how to get rid of it. The closest i got was when i hdparm'd the hd he was based in and only used my nvme ssd. Its an Acer predator helios 315 53.
Downloading and running random stuff from any sort of stuff isn't the best idea to do. Do you mean you already wiped your partitions before, reinstalled your system and that that person still got in again?
 
And it might be worth writing random data or zeros to that drive using dd, not sure if gparted live does that?

Downloading and running random stuff from any sort of stuff isn't the best idea to do. Do you mean you already wiped your partitions before, reinstalled your system and that that person still got in again?
About 50 times, yes. So there is something really odd. He also can access to me live when every connectivity core in my home is pi
 
Im on a tails usb now, i want to kill off all non phys connectivity for good. Do i have to open my laptop up?
 
And it might be worth writing random data or zeros to that drive using dd, not sure if gparted live does that?




Downloading and running random stuff from any sort of stuff isn't the best idea to do. Do you mean you already wiped your partitions before, reinstalled your system and that that person still got in again?

About 50 times, yes. So there is something really odd. He also can access to me live when every connectivity cord in my home is pulled. Also, cool he just removed all wired connectivities via his manipulative kernel. Rip me
 
Also im an idiot posting here on a phone he has full control over
 
I am not really a security expert, but I do suspect that more than just your computers and your phone might be compromised (going by the 'accessing me live even with connections unplugged'), and that even your network hardware (router, modem, you name it) might also be compromised and likely acting as a backdoor.

The compromised phones and possibly also network hardware are likely acting as a way for this individual or group to access the devices in your network, and a solution might not really be as easy as just getting rid of the offending malware in your computer.
 
Last edited:
Without taking care of compromised devices from top-to-bottom (router (likely compromised) >> phones >> computer >> anything else that uses internet in your home), while keeping everything else unplugged (to avoid cross-infection), it is likely that the attacker will obtain access through one of the backdoors that they likely have set up.

Quite frankly, I do believe that starting over on a clean slate, new router, new ISP, new computer, new phone, would be a far more definitive solution because rooting out such an insidious attacker is very difficult, if not impossible, without specialized knowledge, and there is always the possibility that if the attacker is sufficiently sophisticated, something else in your computer other than your hard drive is probably compromised as well, and lying in wait as a dormant backdoor / sleeper cell in a 'plan b' fashion if you manage to remove the attacker's presence from your hard drive.
 
You may want to file a complaint with the Internet Crime Complaint Center

And purchase a new router/modem or going into the router/modem and changing the configuration and the password and passkey/passphrase.
 
  • Like
Reactions: Zev
I have only one question

How....did this happen in the first place?

Is this as a result of you visiting questionable sites ?
 
Last edited:
If you don't need any info on your machine then use a live usb with linux and make sure it has gparted installed by default (Ubuntu, Linux Mint, Expirion has it as well as a lot of others ) - boot the live usb and open gparted select the drive that is infected and delete all the partitions, this action will wipe the drive - reboot again and go into the BIOS and change it from UEFI to Legacy save the configuration - reboot with the Live USB and install it in Legacy mode should be fine - Legacy mode turns off UEFI, Fast Boot and Secure Boot - Linux does not need them to run, drive should be clean
In a nutshell.....That is the way forward for you
 
I'm curious what our Moderators @KGIII and @wizardfromoz have to say concerning this situation?

I'd say we're unlikely to do anything for money and that (I hope) all assistance will be rendered in public and for free.

Other than that, I don't have much to say. There's nothing here that violates any rules.

Oh, and when in doubt burn it all to the ground... By that, I mean, clean and fix everything in the chain. If there's a legitimate hack, start with securing all the devices - including things like your router.

Yup. That's about all I have to say on the subject. Folks here appear to be doing what they can, 'cause they're awesome like that.
 
Back in the old days of windowz if this happened...a clean install fixed the problem but never happened in Linux.
m1213.gif
 
I'm curious what our Moderators @KGIII and @wizardfromoz have to say concerning this situation?

For the most part I concur with David @KGIII above.

You may want to file a complaint with the Internet Crime Complaint Center

The OP is not from the USA but I am not at liberty to say from where he is.

I note the OP has said

Im so tired of it from other forums (two others).

and that is in reference to the following (brought to my attention by a Member, thank you)

https://forum.xda-developers.com/t/hello-all-kind-of-heavy-first-post.4568145/

and here

https://www.linuxquestions.org/questions/linux-newbie-8/first-question-not-a-small-one-4175723333/

and here

https://www.linuxquestions.org/questions/linux-newbie-8/urgent-help-needed-4175723450/

although I note that one of those has since been closed by the forum concerned.

To that end, and in addition to the advice posted above, I would, if it were me

  1. Contact the cyber crime authorities in my state or nation and ask what I can do
  2. Subject to their advice Contact a cyber professional who can clean my systems and implement safeguards for the future.
I also note he said elsewhere that he may lose his job over this, and that is something only he can weigh up.

Chris Turner
wizardfromoz
 
Without taking care of compromised devices from top-to-bottom (router (likely compromised) >> phones >> computer >> anything else that uses internet in your home), while keeping everything else unplugged (to avoid cross-infection), it is likely that the attacker will obtain access through one of the backdoors that they likely have set up.

Quite frankly, I do believe that starting over on a clean slate, new router, new ISP, new computer, new phone, would be a far more definitive solution because rooting out such an insidious attacker is very difficult, if not impossible, without specialized knowledge, and there is always the possibility that if the attacker is sufficiently sophisticated, something else in your computer other than your hard drive is probably compromised as well, and lying in wait as a dormant backdoor / sleeper cell in a 'plan b' fashion if you manage to remove the attacker's presence from your hard drive.

I believe you are right to be honest, because this is something really extraordinary. Ive felt rather crazy pulling out my router and keeping phones shut and putting everything in the basement.
Ive made sure my WLAN is completely down and non functional now, i also turned off VXD^VDT or whatever they are called in linux, all i read was Virtualization something and that was enough for me to nope them off

So this is the closest ive gotten, i dare not install windows or anything until this is unrooted fully, i cant seem to get rid of the loops, rather this 2.8gb mounted at rofs, and the /cow
Ive done a full crypto sanitizier wipe this morning on my NvMe ssd
I also put my sata hdd in powerdown mode and then powered up trying to get it unfrozen to wipe it, but its still frozen. It has to be there.
Anyone got advice of how to get rid of the remnants?
Also the mounted at cdrom is very annoying, i cant get rid of that either, i dont think its my usb, hes had that virtual cdrom as a base for long and i cant get rid of that either
Hes also left me this creepy note, is anyone able to understand what he means by this?
"sh because pkexec is broken under xfce/lxce http://pad.lv/1193526"
Link is safe, i checked it, its to a very old bug report in ubuntu
That is where it links to
 

Attachments

  • Screenshot from 2023-03-28 14-39-55.png
    Screenshot from 2023-03-28 14-39-55.png
    186.2 KB · Views: 137
  • Screenshot from 2023-03-28 14-40-52.png
    Screenshot from 2023-03-28 14-40-52.png
    206.4 KB · Views: 114
  • Screenshot from 2023-03-28 14-41-14.png
    Screenshot from 2023-03-28 14-41-14.png
    262.4 KB · Views: 143
  • Screenshot from 2023-03-28 14-41-33.png
    Screenshot from 2023-03-28 14-41-33.png
    232.9 KB · Views: 151
Status
Not open for further replies.

Members online


Top