Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

w10 hacked - working on it

Jul 22, 2016 3:28PM PDT

I initially posted about my problem in another thread. The general thought was that I have been hacked. What happens is pretty simple. The computer boots up. When I press enter to start I get 2 boxes. One to call somebody and one to enter the key to w10. When I call I get somebody who wants 290.00 for 'an expert' to fix the problem (that one is kindofa tip off). Anyway.....

I have been trying to figure out where to go to fix whatever. First I tried to run microsoft sweeper but it couldn't find the boot drive. Then I figured out how to get to a command line. I thought I would try and run msconfig but that didn't work. I have now downloaded several different rescue disks. These are cd/dvd's that hold a number of utilities to allow the user to fix stuff. I am still messing with these.

If I could figure out where my startup programs are stored I suspect I could fix this thing but have no idea how to do that. If anybody has thoughts on that one I would appreciate it. What I think has happened is that whoever did the deed left something on my computer that boots itself up but I have no idea what it is, or where its at.

Any thoughts are appreciated. Thank you.............

Discussion is locked

- Collapse -
Answer
Or it's a startup item. Not an infection.
Jul 22, 2016 4:06PM PDT
- Collapse -
problem
Jul 22, 2016 5:05PM PDT

Thanks for the reply!

I would do as you suggest but I cannot boot up. What I can do is access the file system, work from a command line, and, in theory, edit files. I can run firefox from an xp window in memory which, at least, tells me I am connected to the net. I think I will goto firefox site and move ALL the .xpi files just for the heck of it.

I tried for safe mode but failed and tried everything I could find. I just can't get to it.

I have put programs on a thumb drive. I plugged in the drive and it flashes a red light (telling me that the computer saw it). However, when I goto my computer, on the bad machine, it doesn't show me the drive so I can't run the programs I put on it. I have also gone to the program directory and renamed firefox to old_firefox so it can't run. I did the same with skype for for the heck of it.

I am going to reboot just to see what happens. I expect nothing <G>

- Collapse -
It sounds like you have partial access.
Jul 22, 2016 5:21PM PDT

I'd log out of this account and into your spare admin account.

(Hint. Win+X)

- Collapse -
something else
Jul 22, 2016 5:51PM PDT

I googled the phone number of the hackers. Its 1-877-256-3313 There are lots of returns on this one and how to remove their crap but I can't get to it or get the machine to recognize the thumb drive, otherwise I could have at it. Its interesting however <G>

Anything to do with this machine is really going to have to be done in command mode I fear.

This is my wife's machine. I doubt there is a spare admin account unless its automatic but I really have no idea what (hint. Win+X)

- Collapse -
Win+X
Jul 22, 2016 5:58PM PDT

I was hoping you would try the command so you may be left with command line only. From there I can run control panel, create a new user account, make it admin to see if I can log into the other new account for easier go at it.

But I take it you won't press Win+X so no way to see what's up. I understand folk being gun shy when their machine is hacked.

- Collapse -
I continue
Jul 22, 2016 5:33PM PDT

I can now get to a blue screen with the following options:
lock
switch user
change password
task manager

I can also get to the task manager but still can't run programs from thumb drive

I would have edited my last but I don't think I can

- Collapse -
continuing
Jul 23, 2016 12:26PM PDT

I pressed the control/alt/delete which got me the blue screen option in the previous posting. Then I got to the task manager. From there I was able to get to the command line. That allowed me to find my thumb drive and move all the programs/utilities to the download folder. I then installed a couple of programs that folks think were good to remove my problem. Once I moved and installed I was able to run said programs with the command line (cd ../ cd Downloads/ run whatever). I am currently running the fix thing with spyhunter. If that doesn't work I also have superantispyware and a couple of others.

Hopefully I will get some success out of it all. I think one of my problems is confusion. All of my own machines are Ubuntu and I have this machine on my kvm and its a bit confusing but I continue to make headway.

- Collapse -
Spyhunter is considered scareware or malware.
Jul 23, 2016 12:33PM PDT

Now that you are installing bad software, I don't think I can help you out of the bind.

Post was last edited on July 23, 2016 12:54 PM PDT

- Collapse -
spyhunter
Jul 23, 2016 2:01PM PDT

I downloaded spyhunter, and ran it, and it fixed my problems. I am now running a couple of other malware programs. I checked on spyhunter and found that virtually everybody said that spyware was a safe program. The main problem, with that one, is that they sneak up on you and force you to buy to allow it to fix what it found. In addition it also wants to keep your credit card info for 'subscription' which, I think, means that it charges you for some kind of regular service. I got rid of all the subscriptions, etc. Oh, the people who take care of their billing also charged me for something that I had ordered back in 2011! I have told them that they either take off the bogus charges or I will have visa remove the entire bill. We will see.

I will probably go with malawarebytes for my security.

In other words I have now got rid of the mess I had and am in the process of checking everything over and over again until I am sure this computer is functioning properly.

I have been messing with this stuff for a very long time so am experienced. This deal was different in that, to fix my problem, I had to start pressing keys until I found something that took me someplace. The three button boot sequence worked well. To get to a command screen also took some doing. I could do it with shift f8 (repeatably during boot) and could also do it by getting into the task manager and then doing a 3 key boot which would take me to another option which allowed me to goto the command mode (cmd).

As far as I know I have now fixed my problem. I want to thank everybody who helped as I was at a complete loss.

- Collapse -
It's controversial and they are in court now.
Jul 23, 2016 2:08PM PDT