Jump to content

Longterm security breaches of smart devices


Recommended Posts

I hope everyone in the above mentioned Clearwater team is safe. I am in Bradenton, and found myself in St. Pete earlier tonight in a quest for gasoline. I began feeling a strong Road Warrior vibe for a few minutes during the quest for fuel. I also want to come clean and admit even though that was my answer, I did confirm which planet is second before submitting it. 🙂

 

OK, so, I should have probably come here months ago. Beginning on Thanksgiving night '21, I was hacked. And, when I say hacked, I mean, for a a period of time, I lost control of my laptop, my samsung mobile, tablets including Samsung and Fire, all my important email addresses including the gmail that I needed to reset my phone (same phone I needed to unlock my gmail), even my moms clam-shell phone was hacked. I've dealt with multiple takeovers of my browser's cursor (much like battling a demon for control of a Ouija Board! I believe this started as an attack by someone known personally, but, I haven't been able to confirm 100%, or I jokingly say I may be the class project for a group of N. Korean HS students.

The stone cold proof I have found multiple times since then....I found a NTUSER.DAT file that was programmed in Macintosh. I own nothing Apple (this was the only thing that stopped MS support from treating me like a child) when I used the "H" word. Since then, I have tried countless Windows reinstalls, and Samsung factory resets, using programs like minipartition tool to wipe my drive clean, even installing a brand new never used SSD before a clean reinstall from a bootable USB using rufus, that I went so far as to create at the library, and I feel my router had been compromised. I even (perhaps) found what seemed like our wired modem had been manipulated (an Arriss, mention of a backdoor vulnerability online). I recently swapped my ISPs rented router (a new style IPV6 that has a literal lock (Spectrum) on it to limit all the ways it can be used. I am now using an EERO. I use a paid VPN, a PW mgr (bitwarden) I purchased a Yubi key, I have opened an account on Proton Mail, I have even installed and have been trying to learn Wireshark. I am open to lnstalling Linux (Cinammon?) on a VM.  Yet, as recently, as last month, I found another Macintosh programmed file in system32. I admittedly probably have some PTSD related paranoia at this point....

Besides the Mac files and just seeing things that look a little weird to me (I have learned a great deal since this started and almost want to become a Bluehatter, lol. But, the intensity of the breaches is no longer an attack but, a sneak. Although, even with my VPN. It seems like my packet volume seems out of control, like a DDS almost.

Tonight, I randomly came across another post from here, and the person downloaded FARBAR and posted a txt file of a scan. I actually wound up with two seperate txt files. I will post both..I have no proof but suspect somehow my OneDrive is perhaps being used.

There are probably other details and you probably already are like dude, shut up and  post the file. I just want to reveal how much this has gutted my day to day life in many ways. This person literally took control of my moms tablet, wiped and locked it. She cried. CRIED. An 82 year-old mother. She lives her days to play Words with Friends and that trash took that simple joy from her for a short time. I have gone so far as.....looking to hiring fire to fight fire. However, haven't. Perhaps you might notice something. It would honestly help me so much from what has turned into a nearly yearlong mindF***.

 

So, I truly appreciate any scrap of advice you may procure and pass along to me.

 

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:      @duv1940ms

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

Well, to start off, this computer is not setup correctly to function properly or protect itself. It is missing quite a few drivers for the system.

 

==================== Faulty Device Manager Devices ============

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

You're using a basic, trimmed down version of Charter Security Suite for F-Secure
Not that it is terrible, but if you're going to use an antivirus suite I'd recommend getting the proper full version.

 

The current logs do not indicate an obvious infection. Some odd entries for software, etc. but not necessarily an infection.

My advice would be to do some basic general clean up, then install all the missing drivers, then check for Windows Updates and other Software updates and go from there.

 

Please give me the exact Model number of your computer.

Is it a Desktop or Laptop computer?

 

Thank you

 

 

 

 

Link to post
Share on other sites

Thanks for the response. I did notice the missing settings for PCI stuff, post scan in the txt file.  I can't explain that, naturally, although I have been using that Revo uninstaller and maybe I got a little heavy handed with it..  I also did not turn off the Fsecure before running the scan. Just noticed that. I do have a paid account for McAfee Life Safe (who appears to own Security Suite (?).  Would that do the trick or would you rec something better?

I am running a laptop. HP Envy x360 convertible 15m-cn0xxx from Best Buy, with an updated Western Digital 500GB WD Blue SN570 NVMe Internal Solid State Drive SSD - Gen3 x4 PCIe 8Gb/s, M.2 2280, Up to 3,500 MB/s - WDS500G3B0C.. I will be go update, that would be in hardware manager, correct? When you say general clean-up?.....how so? Sorry, it's late here and I could probably use some sleep myself.

One of my 2 USB ports will not work no matter how many deletes and driver reinstalls. I guess that means bad hardware but, wanted to mention it. Another hard to confirm suspicion, much of this is happening via Powershell. But, it's not worth my explanations😂

I have used WAN directly from my router via USB cord to do installs, etc. Not having a data port, I have used a USB adapter cable. Another hard to proof claim: I feel like they were able to access it before, and block it. But, it was months ago, and I can use the one still.

I am going to go back and double check the guidelines in your post and make sure I didn't miss anything else. I greatly appreciate your time and help. Thank you.

 

Link to post
Share on other sites

  • Root Admin

At this point, you might want to backup all of your personal data to an external USB drive. Then do a Factory Reset

The computer was not sold to you with all those items and drivers missing. Doing a Factory Restore should put it back the way it was when you bought it.

You just need to make sure you have a copy of all your personal data and software before doing that.

Let me know how you'd like to proceed

 

Link to post
Share on other sites

Hi. We are still without power likely through Wednesday, please excuse delayed responses. I will do the factory reset. Unless I can use wifi from a friend, it may not happen until end of week, assuming you are suggesting a factory reset via Cloud. I do appreciate your continued responses and will first do a back up before the reset and give you an update once that occurs.

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.