Fresh Install Hacker Still Trying To Break In and Making Threats

I decided to go with a new thread since I did a fresh install this morning-reinstalled Comodo and set it to pretty high security levels-right now my GMail accounts are constantly redirecting to an unopenable URL (too large for Google) (Update: rather bizarrely this redirect problem only exists with Firefox, not Internet Explorer and is definitely malicious.)

These are new threats by Mr. X sent via text message this morning:

New trojan htk2 suprize 4 u scumbag

■■■■■■ that all u no how 2 say that it ur gettin new remote axcess toolbar

And there’s this from last night:

Hairy ■■■■■■■ ur m o r o n think u more smart than bot install on MY SONY VAIO not chance scumbag (referring to MY computer)

(Expletive deleted) gps traker know every time u disable bluetooth ha ha ha m o r o n u think i cant do zero day exploit watch me (expletive deleted)

Restart ur disable 3party drivern win soc interface ha h, ha ur (expletive deleted) ■■■■■■■

(Old Thread, Same Catergory): Possible For Hacker To Commandeer Comodo DNS Servers?)

Also please note: I was signed out of this account somehow and had a very difficult time getting back in.

Edited: I deleted the comments that didn’t have to do with computer hacking that were related to real world crimes as this person is stalking us both electronically and physically in the interest of making this more on topic with the purpose of the forum and less personal in nature-also to make it more palatable for people who read the thread. If, by chance, the rest of it interests you it can be found here along with my contact information:

www.myspace.com/370392338

Apparently IPhone has been broken into and the password changed-it is now disabled even after connecting to ITunes as per the phone’s instructions. Now what?

Edited to add: Even though its disabed I keep getting calls apparently from the same number in Ethiopia.

The computer itself is working fine at the moment but I did roughly three or four fresh installs yesterday to accomplish that-and I can’t seem to find the option to boot from recovery discs anymore either.

your computer needs major work. The only true way to protect you would be to start from scratch. I would unplug it from the net, take out the hard drive. Reflash the bios to make sure it’s clean. Get a bootable AV and boot from that, use as many bootable AV as needed to clean out the hard drive. Reinstall Comodo and set everything to max. Like I said I highly recommend taking it to a shop.

It’s under three year extended warranty from Sony until February 25, 2012. But what is it I’m supposed to tell them?

What are you saying? That this many reinstalls are damaging or something else is going on even though its working fine?

I got a private message I tried to reply to about downloading Comodo VPN. I did, but it wouldn’t let me log in. I’m interested in trying this again to see if it works with the fresh install. Last time it kept disconnecting the computer connection immediately.

I THINK I FOUND A SOLUTION FOR YOU BUT WILL TAKE SOME TIME

READ YOU PM :-TU

gps traker know every time u disable bluetooth
I can see it ■■■■■■ them off when you disabled bluetooth, so we're one the right track. I guessing when bluetooth was disabled, you were fine for a while. Then your attacker found another way
Apparently IPhone has been broken into and the password changed-it is now disabled even after connecting to ITunes as per the phone's instructions. Now what?
your attack was able to monitor your changing of the iphone password
gps traker know every time u disable bluetooth
This is not true, that's a half-assed scare tactic

=============================================

can you run “prevx”
http://info.prevx.com/downloadcsi.asp
install it, change settings and increase “heuristics” to maximum)
then run scan, choose deep scan
what ever it finds you’ll have to manually delete, if you can’t FIND IT, write the location of it (put the mouse over it so it will show the complete locate of it. Write it on paper and save it for monday for me
When we’re done with prevx, we’ll “uninstall it”

=======================================
P.S. The only alternative suggestion that can work is this
As much as I hate to say this, but I think your going to have to stop using windows and use linux
I would recommend ubuntu <—It’s the closest to windows based as your going to get and as about as simple as it gets
http://www.ubuntu.com/getubuntu/download

Windows trojans and such will be useless agaist linux, It will require a different set of skills to attack linux and it won’t simple either. Your attacker will also have to learn a whole new set of commands and jargon too :slight_smile: . I promise your attacker will be really ■■■■■■ and if your attacker wants to try and attack linux, It will require alot of studying, so it should give you a nice break :-TU.

===========================

Thanks to those of you who have helped, are trying to help and are still helping-very much. The computer is fine right now, just downloaded 81 Windows updates-but maybe a dozen failed. I’m being advised now to download another file that apparently has to do with the other files failing.

I finally restored the IPhone but every bit of data and everything else that was on it is gone. However, surprisingly it still works since it was first generation and is on an AT&T pick your plan and not a long tern contract.

I have some of what sound like angry messages I’m guessing from the Ethiopia phone number so there might be something in the attacks related to that.

He’s trying a bunch of other things-this is the second time I’m typing this after a reboot.

They include freezing the mouse but I’m able to get around it. The HP computer was destroyed by a rapidly moving and uncontrollable cursor-I get a bunch of Firewall messages that have to do with the Synaptics touch device and if I allow them the problem stops. (Still have the external mouse from the HP and have to use it when this happens.)

Also a bunch of pages are loading slowly as if a virus is also loading so I often have to find a different way in to them (Google, etc.)

He's trying a bunch of other things
Good, Then were on the right track

Basicly, your attacker is contrentrating on your mouse and keyboard (basicly your attacker wants to control these as well as monitor it, You know this because the mouse is freezing and among other thing.

Let’s close this other gap (based on above)

GET THIS IMMEDIATELY before your infected again, it’s a anti-keylogger, It’s good for 15 days, but I’ll send you an activation key for it (it’s legit) ← in a few days. This anti-logger doesn’t rely on signitures and is best among the industry and is used by banks :slight_smile:
http://www.zemana.com/download.aspx?product=ZAL

Also a bunch of pages are loading slowly as if a virus is also loading so I often have to find a different way in to them (Google, etc.)
Disconnect the power cord to the router (about 10 seconds) then plug it back in.

I will have to try that a little later the computer is once again useless and is being reformatted. It used to be able to be reformatted with recovery discs but this a s s h o l e did something to destroy that option. It takes about an hour to reinstall everything from scratch. I tried everything to avoid doing so with no results.

I certainly hope there are people reading this forum who take an interest based on all this in putting Mr. X back in prison-again-where he belongs.

Let’s try the VPN thing again a little later after the reboot.

I’m back but unable to log in through the computer-this is from my newly restored and freshly wiped IPhone. Firewall has blocked 82 intrusion attempts I would estimate roughly 50 of those are windows operating system intrusion attempts all from this IP: 72.9.241.58 it looks like that one gave up for a while and other IPs are having a go at the same thing among them: 208.71.113.221, 89.138.127.201, 202.73.10.67, 91.62.31.55, 84.108.5.5 and a bunch of others.

Just tried to get the zemana anti logger not supported on windows 64 bit systems. Again typing from iPhone really lucky it still works I never updated it because I was afraid it would brick without an AT&T contract-was led to believe that anyway.

If it is in connection with an alleged breach of law, please do not name individuals on these forums.

If you were smart, you would not name them in public as it could leave you open to prosecution.

Ewen :frowning:

P.S. I will be editing all publicly accessible posts containing this individuals name.

I understand your position and the companies position-sorry this whole thing has been very frustrating and frightening at times among other things. There are some active investigations so I’m not worried about the legal things he could try to do to me since there’s a lot of evidence of things he’s done and is doing.

I very much appreciate the help from people in this forum. I think I’ve learned more about computer security here than anywhere else and certainly more than most average people will ever need to know.

Looking at the firewall log of what is now 538 intrusion attempts probably in a little over an hour most on windows operating system I see they are listed as type 10, type 3, type 13 and type 1 to me but they all seem to be sent as type 3-any idea what any of that means?

Unrelated to my problem but figured someone here who lives in the Los Angeles area like I do might financially benefit from this. I’ve been looking for part time jobs and came across this just now on Craigslist:

Hi there: This is just a one-time job but I am willing to reasonably compensate someone for it. I am looking for someone who is very good at dealing with computer problems to retrieve most of the files from my old computer’s internal hard drive and upload them to an external hard disk drive. It is a black 15" Dell Inspiron 1525 laptop or notebook computer that I purchased from Best Buy around July 2008. It suddenly stopped working within the past couple of weeks. I believe that there is some sort of problem with the internal hard drive because I found postings on the Internet suggesting that this problem is very common among Dell computers. The computer now makes a clicking noise when the power is turned on. It also has some sort of error message stating the computer has “no bootable device.” Please send an email with information about your credentials, the type of equipment that you have to retrieve the files for me or that I need to buy for you, the amount of compensation you want, and the amount of estimated time this task will take.

Here’s the E-Mail if anyone would like to follow through and talk to the guy:

job-ubr9a-1487490701@craigslist.org

As for dell computers, I know based on what I seen is they tend to be underpowered. <—general info

anyway,

72.9.241.58, 208.71.113.221, 89.138.127.201, 202.73.10.67, 91.62.31.55, 84.108.5.5
IP address [?]: 72.9.241.58 [Whois] [Reverse IP] IP country code: US IP address country: ip address flag United States IP address state: Georgia IP address city: Atlanta IP postcode: 30310 IP address latitude: 33.7257 IP address longitude: -84.4309 ISP of this IP [?]: Global Net Access Organization: Comodo Local time in United States: 2009-11-30 08:18
IP address [?]: 208.71.113.221 [Whois] [Reverse IP] IP country code: CA IP address country: ip address flag Canada IP address state: Ontario IP address city: Toronto IP postcode: m5j2n1 IP address latitude: 43.6667 IP address longitude: -79.4167 ISP of this IP [?]: Neutral Data Centers Corp. Organization: Neutral Data Centers Corp. Local time in Canada: 2009-11-30 07:19
IP address [?]: 89.138.127.201 [Whois] [Reverse IP] IP country code: IL IP address country: ip address flag Israel IP address state: please signup IP address city: please signup IP address latitude: please signup IP address longitude: please signup ISP of this IP [?]: please signup Organization: please signup
IP address [?]: 202.73.10.67 [Whois] [Reverse IP] IP country code: MY IP address country: ip address flag Malaysia IP address state: please signup IP address city: please signup IP address latitude: please signup IP address longitude: please signup ISP of this IP [?]: please signup Organization: please signup
IP address [?]: 91.62.31.55 [Whois] [Reverse IP] IP country code: DE IP address country: ip address flag Germany IP address state: please signup IP address city: please signup IP address latitude: please signup IP address longitude: please signup ISP of this IP [?]: please signup Organization: please signup
IP address [?]: 84.108.5.5 [Whois] [Reverse IP] IP country code: IL IP address country: ip address flag Israel IP address state: please signup IP address city: please signup IP address latitude: please signup IP address longitude: please signup ISP of this IP [?]: please signup Organization: please signup

Your attacker is probably using a proxy based on this

You should report this to your local fbi office, on the phone(preferably NOTUSING YOUR IPHONE) including the ip addresses with the contry names and everything else you have avaiable, call your ISP company and ask for your complete records of internet useage and ask for a pen trace and to have it monitored if possible.

Comodo has been added to my list of inacessable websites from computer (iPhone here again)

I was at the FBI when this started a few times and recently filed with IC3. They apparently do nothing or take forever.

The iPhone is probably more secure right now with a new set of software and a password worse comes to worst I restore it again.

I’m guessing the problem with comodo and other web sites is a stealth redirect.

And there’s this:

Comodo set uplinksy bot spyware Trojan toolbar hack 5127 no stopping now ■■■■■■■

(Comodo is once again accessible from the internet almost as soon as I typed this post before the edit here-part of the time these guys are dangerous-then at other times they’re just really, really annoying)

By the way
You really should remove the 2 sentences that start with "By the way" at least in the public forums here.

[quote]They apparently do nothing or take forever. [quote]
If they ever do anything, they’ll never tell you the progress of your case, but your case my be too low of a priority for them to do anything about it too.

1)Have you ever considered switching ISP companys for internet???

2)If your not going to be downloading software, have you concidered using the "guest account for logging on the computer. A lot of infections rely on administrator access.

MOST IMPORTANLY, this is what I put on my pop’s computer because I got tired of fixing it.
3)Why don’t you use windows steadystate, It’s just like comodo time machine
http://www.microsoft.com/downloads/details.aspx?FamilyId=D077A52D-93E9-4B02-BD95-9D770CCDB431&displaylang=en#Requirements

When your computer is perfect and using steadystate, if your computer gets infected. It won’t be a big deal. Just don’t save anything on shutdown. The only time something gets saved on the computer is if you click on save iteams on shutdown(something like that
A good example
I can intentally infect myself with some of the nastiest stuff, but if I don’t save the changes during shutdown, nothing gets saved. It’ll go back the way it was, the time before

Please read about microsoft steadystate when you have time. <-----This might be your only solution, next to using linux.

BTW, LAPD really doesn’t know much about computer attacking

I’ll try that-I recently did switch ISP’s from a wired connection to wireless-and the problems worsened.

How is it even possible to save anything during shutdown? You mean some people do it after the process has started?

Oh-and you’re likely right about the FBI considering individual computer attacks low priority. Anyone can see there are real world problems out there involving violent crime and high dollar crime they use their resources on first. If he was doing this to CNN or a high profile company, it would be a different set of priorties. We’ve found the same with the cell phone companies-that the problem is widespread.