I have been running WSA on all devices for several years. In August my droid phone started downloading a bunch of apps that became system apps that I could not disable or uninstall. Factory resets did nothing but Id end up with even more apps. I had something like 14 phone/dialer apps, 5 weather apps, 7 wallpaper apps, etc.
I started not getting calls, texts, or emails. When I'd make a call it would continue to ring on my end after the person answered and said "hello" to or three times. Sometimes I could gear music or talking while it was ringing, or it would ring after someone answered. Pretty much ever call I made would ring twice, hesitate, click, and start ringing again. I was told the same happened whsn trying to call me.
My voicemail was switched from Verizon to a global email, whatever that is, and my data, minute and text usage spiked. I went from 1/2 GB a monthe to 3GB in a couple days. Once whule my phone had a dead battery, intentional, for a week. I ended up having to to suspend my phone to avoided the added charges.
My computers all went into bootloops trying to update and install Windows (1 Vista, 1 7, and 2 8.1) within a few weeks of each other. I purchased a transformer and used it and another droid tablet until the transformer went into a bootloop. It eventually stopped with a BSOD, now it says its has no OS.
When I got one of the 8.1s out of the loop I ran a scan and it said it was clean but in reviewing the monitored processes I saw one that ran for 1-2 seconds, stopped for 1-2 seconds and restarted over and over. I got onto my online console via my tablet, which had begun to act like my phone, to review device statuses.
Console said my phone was clean, but it had the same process that was starting and stopping on my slimbook. The slimbook howeved said it had infected scans on and off since 10/2015, and consistently since 3/2016. My settings had been changed so I was not notified and the scans were only running for a few seconds, when kn the computer it showed them running for several minutes.
Further investigation showed that my Router security had been disabled, and my firewall and been set to allow any incoming or outgoing connection on any port. My fax machine and othsr printer had their security disabled and were set to printt a second printer everytime I printed, copied, or faxed anything. The memory was wiped was wiped on the fax so I couldnt see where the transmissions went, but it did show that hundreds of transmissions had been sent. Many taken from my computers via the homenetwork, thag I had previously disabled. I wouldnt have thought to check the printers or fax machine except my acces to them. and other things was restricted, and while walking by the fax I say thr LED screen said it was sending so I unplugged it.
I made several attempts to secure my devices, which of course meant unplugging my modem/router, disabling wifi, bluetooth, the homenetwork, filesharing, and my known network adapters.
When they began turning on by themselves I took them in to be cleaned and repaired.
I purchased a new netgear AC-1600 Nighthawk router. left the PCs to be repaired, bought new tablets, unplugged, powered off, or removed batteries from any smart devices before powering on tablets and modem/router fod the first time. I set up the security on the router before anything else. Disabled all radios for all channels except one 2.4gHz channel, disabled SSID broadcast, set up MAC filtering, and changed the admin wifi logon info. Finally set up AV/AW on tablets, lockdown the ports - basically did everything I could think of to secure the network and the devices.
I was fine for a few days until I got the first PC back. It had been backed up, "wiped" and had a clean install done. They had removed 219 traces of infection and said the OS was badly corrupted. I requested an external source be used for the clean install, but they did it from the harddrive. I didt turn it on for a few days, and when I did I didnt connect it to the network. I put it in airplane mode and disabled the adapters.
The whole look of the desktop was different. The wallpaper, icons, everything was different - and the touchscreen no longer worked. I shut it down for the night, and reviewed slme logs the following morning when the new tablet was much slower. The logs showed that it had not shut down, instead it spent the night trying to access my router. The last attempt lasted 323 minutes until it finally gained access -per the log.
I checked the router, and sure enough the security was set to no security. I returned the tablets, router, and repaired computer. They promised to wipe again and do a clean install from an externsl source, swearing that would fix the problem. Purchased new tablets and router and left my PCs there for another month, with the occassional call to apologize and say it was a more difficult repair than anticipated, and assure me they were deploying all of their "Black-Ops" tools and would have it repaired shortly.
I got two PCs back to have them still be glitchy, slow, and have files that said they were installed prior to their manufacture date. The next morning I opened up the slimbook to find it on, the mouse moving and something called a Shadow Root open.
My modem was unplugged, it was in airplane mode, with adapters disabled. I could not diconnect the connection, I could not use my printer to print the screen or the email address, remote key identifier, or any of the other info on the screen.
I'm aware that viruses and MW can give the appearance of a hacker, but there were folders I've never seen, such as one that said it was a profile on my attorney. And there were things like add chikd, remove child... Maybe some of the info would mean something to someone here?
There was an "Immersive Control Panel/All" open
Another window said "Shadow-root open"
in that window there was...
"Nexus 5 #08ae8c2700f43a61" ... couple digits may be off I was writting quickly....
"Owner: dtapsuka@chromium.org"
"Chrome: 49.0.2632.105"
"Port forwarding: 5000"
"Local Host: 73.."
"Remote Key Identifier: 513606511......" (Not sure if this is sensitive info that could result in additional unauthed access.)
"CR Bug: #607349"
"Color: white"
"Roboto seqoe ui, tahoma" (?)
"crisper.js:1262....."
"crisper.js 5316......"
then stuff on a DOM api, MAP api, remove child, add child...
After a few minutes of trying to disconnect a black screen popped up and all I could see was my mouse. Shutting down and rebooting worked after several tries, but thats probably because they were done and logged off. That was 8/26/16.
I ended up returning the tablets again, getting a prepaid phone, and replacing two PCs. The security was disabled again. Returned devices, purchased new ones, disconnected home internet completely and onky connect via a prepaid hotspot amd remove the battery when not in use.
One of the PCs purchassd in November says it has no OS. The other now has a GNU Grub beta subsystem, and a side by side os. os 0 is unknown, and os 1 says its Windows 10 with a mui? My administrator account is disabled, I have a remote admin I cannot disconnect from, unknown network adaptdrs that connect via PAN, WAN, VoiP, P2P, Wifi-Direct, and an Air channel(?).
The day after getting this phone it went into Odin mode and downloaded a custom OS. I took out the battery when I couldnt stop it, but it completed the install. I know have hundreds - literally- active connections all the time. I have things calles watchdogs, signal catchers, binders, file observers, input dispatchers... its a long list.
Ive gone to countless, techs, security, Microsoft, Malwarebytes, of course Webroot, the police.... who wouldnt give me a report, even with the identity theft, fraud, mail theft, - because its "all online" and they only deal with "local crime", but if I or my bank figures out it someone local to call and they will arrest them.
Ive reported it to credit bureaus, banks, ccs, identitytheft.gov, FTC, and gotten exactly no help. But I am treated like a liar and a criminal even though I hadnt had a late payment in my entire life. I have a a copy of a forged document that a P.I. used to run my credit.
Trust me, I realize how out there this all sounds. I was convinced I was losing my mind, particularly when my home number (dsl no phone connected) called me everytme I left the house. I considered checking into a funny farm. but I bought a new printer and have printed hundreds of logs so no one has to take my word for it, well most of it.
So, I would dearly love any advice, suggestions, anything, except telling me its impossible or to submit a ticket. Heard it. Done it.
I apologize for the rant. Thank you, if you actually read all that.
Sorry for all the typos. My phone is difficult to type on and tends to jump around so I end up typing on a different line than I previously was. And I sent it quickly bc I get "No Sim Card" a lot, and just replaced the sim card.
I thought it may help to give a little context, and it may make a bit more sense to some if I explain that I'm currently suing my ex for breaching our divorce contract and he is ex military and works in.... personal and cyber security. He also had possession of all but one of the old PCs and tablets, and everything else I own for four months after I left bc he tried to kill me and I left in a hurry. He was served papers 2/17/16 and I was consistently compromised in 3/2016. The infected scans were deleted from my console when I lost access to it and my other online accounts, so I cant give an exact date.
Also, we had a court date for this suit in September which I had to postpone due to all the money being drained from my accounts and cards being maxed out.
I dont know if i it is possible to update or alter the firmware on say a smart TV, printer, nikon camera? Or install a nic or something that would allow him acces to my network or devices or what is going on but Id really like to feel safe in my own home again, and have a little privacy or peace of mind. The only service still running to my house is Directv. Idk if that could be an access point?
I do also have a couple peer devices I cant locate and a hidden network.
I thought it may help to give a little context, and it may make a bit more sense to some if I explain that I'm currently suing my ex for breaching our divorce contract and he is ex military and works in.... personal and cyber security. He also had possession of all but one of the old PCs and tablets, and everything else I own for four months after I left bc he tried to kill me and I left in a hurry. He was served papers 2/17/16 and I was consistently compromised in 3/2016. The infected scans were deleted from my console when I lost access to it and my other online accounts, so I cant give an exact date.
Also, we had a court date for this suit in September which I had to postpone due to all the money being drained from my accounts and cards being maxed out.
I dont know if i it is possible to update or alter the firmware on say a smart TV, printer, nikon camera? Or install a nic or something that would allow him acces to my network or devices or what is going on but Id really like to feel safe in my own home again, and have a little privacy or peace of mind. The only service still running to my house is Directv. Idk if that could be an access point?
I do also have a couple peer devices I cant locate and a hidden network.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.