Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Think I've Been Hacked

Mar 20, 2018 2:25PM PDT

I have been called repeatedly during the last few weeks by 844-578-9547 which shows up on my Caller ID as 800 Service. I did not answer the calls until today out of curiosity. I spoke to a man with a foreign sounding accent who told me my actual email address and that messages were being sent from my email address from states that I have not been in. I asked him if he worked for AOL which has my email server and he said yes. I did not believe him and I told him that I did not trust him because I got ripped off* last summer by another outfit. I guess to demonstrate his honesty he told me that he was going to show me that he knew my computer ID. I followed these instructions from him: hit the Windows and the letter R buttons at the same time. This brought up a screen where I typed cmd which brought up the black screen. I then typed assoc which brought up a bunch of stuff. On the line starting with _sfsent to target= he read me the letters and numbers that followed which he told me was my computer ID. He then wanted me to give him remote access to my computer to check something out which I refused. He then abruptly hung up.

My question is how did he know my computer ID or whatever is was? Does he or anybody else have access to my computer and is there any way for me to check it?

Before I finished typing this question I got another call from the same number by another man with a foreign accent who gave me the same line that my email address was being used from other states but this time he said it was being used to send spam and malicious software. He said he worked for Verizon. This time he said he was going to see if anybody else was controlling my computer. Instead of typing assoc he had me type netstat and said that any line that said ESTABLISHED under the State heading was someone controlling my computer. Again he wanted me to give him access to my computer which I refused to do. I told him I wanted to get a second opinion and I asked for and he gave me a number where he could be reached. I called that number and reached a retirement community.

Is what he said about the the ESTABLISHED lines true and, if so, can I do anything about it?

*As I mentioned earlier, last summer I hit a webpage that caused a message to pop up saying that my computer was infected by a virus (I think my Norton had just expired), it froze my computer and the message gave me a number to call to fix my problem. I called the number, gave them remote access to my computer, and about $300 later they fixed my problem. Several weeks later I had a problem updating so software so I called the people again because they told me I had also purchased service contract. Again, after giving them access to my computer, they fixed my problem and told me I needed a firewall which they sold to me for another $300. Several months later I hit the icon for the Dell firewall on my desktop and it turned out to be Autoruns so I got ripped off. I also wonder if they left something on my computer that allows them to control it.

Sorry for the long message. I hope someone can help me. Thanks.

Discussion is locked

- Collapse -
Answer
I fear you went too far.
Mar 20, 2018 2:36PM PDT

I can't IMAGINE WHY YOU FOLLOWED THEIR DIRECTIONS. These instructions are often to finish the hack job by getting the user to finish the exploit or like an old social exploit prove that a file is bad.

I can't guess why you didn't block that phone number and delete, mark as spam what they sent you since that's what I do and I've yet to be hacked.

"I called the number, gave them remote access to my computer" is another bad sign. Too many PC support sites you find on the web are just scams. They might fix your issue (most don't) but giving remote control is handing over the keys to your kingdom.

-> In short, what you shared is all bad news. Time to research how to backup what you can't lose then factory reset this PC.

- Collapse -
Answer
reinstall your entire system
Mar 20, 2018 5:27PM PDT

Too risky to keep it "as is".

- Collapse -
Thanks to both of you
Mar 20, 2018 11:09PM PDT

I understand and agree with what you are saying. But you you know what the ESTABLISHED after typing netstat means?

- Collapse -
(NT) just means a connection to a site was made.
Mar 21, 2018 4:54AM PDT