1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unauthorized Remote Access

Discussion in 'Networking' started by Samanthas2k, Jul 28, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. Samanthas2k

    Samanthas2k Thread Starter

    Joined:
    Jul 28, 2018
    Messages:
    2
    Hi, I have been dealing with someone remotely accessiall of my devices for at least 3 years now and cant seem to find any sort of solution. I've bought new device such as the MSI GL62VR Gaming laptop I just bought on may 5th, but no matter somehow someone sets up the same thing on each device within days of me having it. I have reset/replaced all network hardware and disconnected all devices, factory reset and reconfigured everything many times. I'm the admin for all "known" gateways and routers and changed the password immediately upon setting them up. Right after getting my laptop i kept noticing it running very hard for no apparent reason and began checking task manager and found my built in camera was running, but ive never even used my camera, i try to open the camera app and it says No camera detected. After finding no videos or pictures and seeing this multiple times i ran Stellar Phoenix Recovery and recovered half a Terabyte of videos images and files. I cant play any of the videos or see any of the images that were taken with my device, however videos and images of the same format that were also recovered and were part of an app were visible and played. There are all sorts of remote access logs ive found that detail no recognizable device details or mac addresses or ip's, some of them show information saying its been set up not to show any identifying info and some are encrypted. The windows event viewer shows many logs as well. I've checked the registry and after coming up empty, found logs of someone using registry editor which i believe does not even come with windows 10home. Also ive got all sorts of group policy's set up that prevent me from being able to do anything on my administrator account or the windows system admin account. Win10Home doesnt come with a gpedit and i cant seem to find any way around this. I bought Eset Security/Antivirus security from the store i purchased my pc from so i could install it without having to connect to anything, it was the first thing i did when booting up pc for first time. Somehow parts of it have been disabled and Im "not allowed" to change this. There are lots of programs that i can see have been used on my computer, but dont seem to actually exist. When searching the web, i am constantly finding certain topics, phrases that will return with "error" or "google found no results". All of these problems are on every device i have including a macbook pro, my android phone, android tablet and now this pc. I have monitored my network with CommView and found Sercomm, and BenuNetworks communicating and interacting with some a couple devices and also a wifi being broadcast from my gateway that was named Raspberry which i can only assume is a Raspberry Pi. Ive had to learn how to do and figure all of this out through research, youtube and google over the past few years without any assistance so i feel like i may be missing some of the basics when it comes to some areas. Sorry for the novel and I appreciate anyone taking the time to read it!
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    What are the remote access logs you are referring to?

    Regedit does come with Win 10 Home, and Professional

    "There are lots of programs that i can see have been used on my computer, but dont seem to actually exist. " Where did you find such list of programs?

    Maybe Sercomm made your broadband modem. ISP's regularly rebrand the modems so you don't see who made them. They might leave a serial / part number sticker untouched, so if you google that, you might find the true maker of your modem.

    Remote access programs have to start up with your Windows. Try using SysInternals AutoRuns. It lists many auto-start location in Windows. See if there are any that you don't recognize and uncheck it. I would leave the drivers section alone, because unchecking core drivers will stop Windows from booting up.

    Also I would recommend a 3rd party antivirus. Not that the Windows 10 built-in Defender is weak. But the 'total protection' version of these antiviruses contain a few more features that stop hackers. Google for deals, eg "antivirus 60% off" Take some time to learn what the features do.

    There is little that you can do on an "owned" PC. If they have admin control, anything you do can be de-activated. After playing detective, it is best to reset your Windows so that it is fresh, ,do a Windows Update (important), run AutoRuns and save a snapshot, and install your antivirus.

    After configuring Windows, make a new standard non-admin user account and use that daily. Because an attacker would immediately assume the rights of the account that is running upon attack. Although there maybe means to reach the admin account depending on whether the specific security weakness has been patched or not, it will stop the attacker from gaining immediate admin control.
     
    Last edited: Jul 29, 2018
  3. Samanthas2k

    Samanthas2k Thread Starter

    Joined:
    Jul 28, 2018
    Messages:
    2
    Hi, and thank you for responding!
    Wasn't sure about regedit, never found a solid answer when I was trying to figure out where mine went. I used it a couple times and now i have no access to it, cant even see an executable file, but all sorts of other files from it being used every day.
    As for the programs on my computer, one of the areas says its a "workspace" and has for example Microsoft Access, gpedit, microsoft zune video player, and windows hello for business. Access and Hello are now pinned in my start menu, but below hello it says that its not available for win10home, Access opens and asks me to log in. As for some of the other apps like zune and gpedit, i cant find the programs anywhere and i cant even search zune online or in the microsoft store.

    My gateway is by Arris and the router i bought/set up is netgear. I actually discovered something strange last night that could somehow relate. I noticed an ethernet cord plugged into my router that was spliced and connected to a old phone line that hooks up to a service box for an old cable company. its not connected to my current isp's set up in anyway, yet i connected and logged into the admin console and it was like a strange clone of my network.

    SysInternals doesnt seem to be something i can find or open. However while trying to find that, I was able to open system configuration. Start up selection is currently set to Selective start up, Load sys services, Load startup items and Use original boot configuration. Maybe thats supposed to be set that way? I can change it to normal startup - load all device drivers (have been having quite a few driver errors)

    As for antivirus I bought the Eset Pro version (cant remember exact name) when I bought my computer and disabled the windows junk. Since this computer is brand new i haven't yet done a fresh run yet, but have on all other devices multiple times, same thing happens right away. I believe someone is intentionally doing this to monitor me, but have failed to keep them from being able to do it again, and have no idea how they are getting access in the first place. Been dealing with it for a few years now and am sick of constantly having to reset devices and change passwords with no progress towards actually solving the problem so hoping playing a little detective might yield some different results lol
    Thanks again, I appreciate you taking the time to respond
     
  4. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1213672

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice