Spyware, Viruses, & Security forum

Question

I'm experiencing a major compromise of all of my devices

by dconn1to5 / August 5, 2017 5:01 AM PDT

HI, I'm hoping someone can shed some knowledge on my situation. I'm in the middle of a nasty divorce and child custody case. I know that all of this might sound unbelievable, but I have some fairly knowledgeable friends who are helping me. So here goes. I was given an iPhone 6s+ under what I now think were suspicious circumstances. My friend, who is friends with my wife, said that she got it as a replacement from asurion (phone insurance co), but had already bought a new one and that they didn't want it back. I strongly believe that the 6s+ was brand new. My wife had been bugging me endlessly to get a phone so I took it. Shouldn't it have come back to my friend, who has Verizon, as a CDMA phone? Well, either way, I never had a chance to activate it. When it got near my desktop Gateway computer at my shop, it showed ATT 28.3, and is attempting to download 7 +/- gigs of god knows what. I have not put a sim card in it. Does that mean that it's trying to install via bluetooth? I only had a few songs and some small files on my iCloud, which has been hacked and emptied. I have charter internet, but I've always just paid the ATT bill to keep my email address because of the hassle of changing over all of the email nonsense. The only line that we have running into the shop is the charter cable line, and a line to the fax. The ATT service is DSL, correct? I have no known ATT routers. Now the phone system is locked out. I don't mean the 6 digit passcode, I mean the 4 digit account pin. It says "yahoo", but I can't get to it. I shut it down and haven't turned it on since (approx. 4 months ago). A week prior I noticed strange activity in the Gateway tower. A Malware scan revealed 1 virus in processes, 0 in modules, 4 in registry keys, 1 in reg. values, 6 in folders, and 24 in files. 341405 objects scanned. a SUPERAntiSpyware scan on 5/10/17 revealed 0 memory, 0 registry out of 72542, and 1041 out of 41811 in files. Right after this Admin. login activity began remotely, with a new computer name and domain. This is when the iPhone activated and began to download. A SUPERAntiSpyware scan on 5/12/17 revealed 0 memory, but now 20 registry out of 76777 and 33 file out of 9369. I did quarantine all of the viruses, but printed a log first. I then pulled the plug on the tower. Because I have to communicate with my attorney, I bought a Lenovo 80R9 running Windows 10. I fired my first attorney due to very unusual behavior, and my new attorney told me on 6/26 that she and my former attorney had a phone conference scheduled for 6/28/17 at 2p.m. On 6/27 the systems log on the Lenovo started to go crazy, with dozens of repeated operations, clock manipulations, Admin. activity, file manipulation, etc. This continued until 6/28, and while I was composing a critical email to my new attorney regarding the inconsistencies of my previous attorney, at approx. 11 am, the entire system crashed, damaging the "C" drive. I copied the bulk of the system logs to thumb drives. I went out and bought an identical Lenovo and had an electrical engineer friend compare the compromised unit to the unused unit. One item that showed up was Winstore.app.exe. We suspect that it was used to manipulate the Admin. accts. It appears to be a Microsoft file but is, at least in this version, not. So now I'm wondering how to find via the event log how the 2 day old Lenovo was forced to crash. Having that evidence in court would be huge. The apple store doesn't get it, they just want to wipe the phone. I want to discover Point of Sale, IP Addresses, Repair logs, pre-installed lock out software, and of course the gigs and gigs of info that have not yet installed. I should mention that I let the ATT service plan (internet 12) go in Feb. I think, but then I got a bill stating that the restoral fee and 2 months have been back payed. By who? Well, according to the credit card, me of course. I also have an iPhone 5 that showed a white screen with black lettering stating that all systems had crashed (now passcode protected), and an older 4 that still works, although I see some unfortable stuff installed on it (mostly porn). I haven't used it in years, I gave it to my son years ago and frequently monitored it. I had a Galaxy S7 edge that my wife smashed, but we extracted some text using the voice command as the screen was destroyed. One day it said" turning on", "accessing files", "remov...." that's as far as they got before I yanked the battery. I see more clearly what is going on here. She has the help of someone in the business of "enforcement", and he's made himself cryptically known and I'm at the receiving end. She's gotten most of the texts with incriminating evidence against her. Meanwhile, she's keeping me from getting online to do what I do best, ebay. My faxes from my wholesale accts. are being re-directed. I made the mistake of buying a new HP fax with direct WiFi, and my employees phone has connected with it and it's transmitted over 8K packets in the few days that it's been on. I've been trying to write on my new Lenovo, which has never been online, has no router connection, and is in Airplane mode has has still had the following processes running: WCNSVC, UPnP device host, Timebroker, TCP/IP netbios helper, SSDP discovery, Remote access auto connect, Network loc. awareness, Network list service, IP Helper, Dist. Link Tracking, Background Transfer, Network broker, WCNC Connect Now, Win HTTP proxy auto connect, Wlan Auto Config. Wyse Remote Access, Wyse cloud, Cryptographic Setup, Must-not-fail remote access fe80::64
f5.vpb.client I.D. Neighbor discovery-ICMPv6-4. This is just one page. So, after all of that, and trust me there is not much more, what in the world am I supposed to do. Court is commings oon.

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: I'm experiencing a major compromise of all of my devices
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: I'm experiencing a major compromise of all of my devices
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
Your post is hard to read.
by R. Proffitt Forum moderator / August 5, 2017 6:34 AM PDT

It's a wall of text. But I did see you write about a Court appearance.

Now that is where your attorney tells you how to prepare as well as getting help with evidence collection.

This is not something you would take to the open market or forum as it's all about your legal case. Your attorney must guide you here.

All Answers

Collapse -
Answer
No doubt divorce is difficult
by James Denison / August 5, 2017 8:01 AM PDT

But I think you are too paranoid about "happenings" and ascribing it all to your wife and "friends". Not even the CIA, if you've read wikileaks lately, can do all that, as efficiently as you described. The biggest threat to any computer system is the person at the keyboard.

If you are truly that concerned about being hacked on computer, then always boot to a LIVE Linux DVD and use that "read only" system when on internet, saving anything you want to the hard drive instead. Buy your own phone, maybe a Tracfone, and use that instead of something you were given. Just remember phones have wifi on them now and they do try and connect to wifi signals. They have apps on them which will try and do that even when you have the wifi turned off. If you don't need the apps, then uninstall them from the phone. That may not stop all wifi attempts to connect, but will stop a lot of it. If you want a fairly secure phone at home, pickup a Magic Jack Plus and plug into your router and hook a standard phone on the other side. Make sure your attorney knows about all these happenings, how upset you are, and maybe he can point you in the right direction to help deal with it.

Collapse -
Answer
Me too
by Ilovesushi3657 / August 26, 2017 12:05 AM PDT

I have been dealing with the same thing with my asurion devices , this is my fourth one with the same problem ,

Collapse -
Re: same thing
by Kees_B Forum moderator / August 26, 2017 3:11 AM PDT
In reply to: Me too

That's not really clear, for 2 reasons:
1. Asurion seems to be a company that insures your phone, not a company that makes them
2. The top post is so long that's impossible for me to see what it's about. So I don't have a single idea about what you experienced.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?