Author Topic: Help! Laptop being taken over remotely or by bot [solved]  (Read 21771 times)

0 Members and 1 Guest are viewing this topic.

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Help! Laptop being taken over remotely or by bot [solved]
« on: March 24, 2015, 05:51:09 pm »
My wife has a pretty new Lenovo Yoga II running windows 8. Either someone or a bot takes it over. It takes control of the mouse, highlights text moves around goes to different websites like wikipedia, you tube, Amazon and more. It has also been into the registry and I don't know what it's doing. It also opened and was in the mouse properties also.

It did it about a week ago and I ran malwarebytes, and superantispyware and Ccleanr in addition the the Kapersky anti virus running on it and it cleaned up a lot of stuff. It was OK for a while but now it just did it again. The laptop is unusable when this is going on.

I am concerned about security especially since my wife does banking and pays all our bills online. My wife does a lot of prison ministry here in San Diego, she suspects it is the government because they stop at nothing to prosecute these guys and they are in for serious offenses. (Don't know just putting it out there)

When the laptop is restarted it seems to be OK but I know it's not fixed.

Do you think I should do a factory reset to get rid of it? Any help is appreciated. Thanks, Joe

P.S. My wife took a video of it from her phone while it was doing this. Click on the link to view:
https://www.dropbox.com/s/jzai9bwro1j4adb/20150324_171933.mp4?dl=0
« Last Edit: April 06, 2015, 06:47:43 am by jmk909er »
Joe K
Learn by Trial and Error (Lots of Error)

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #1 on: March 25, 2015, 06:01:05 am »
I have been researching online about 'superfish" is it possible that this is the problem? We uninstalled it but maybe that didn't get rid of it?
Joe K
Learn by Trial and Error (Lots of Error)

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #2 on: March 25, 2015, 06:52:45 am »
As Superfish leaves a backdoor open for sensitive details to be stolen, it's possible the incursion took place before you removed it.

A factory reset should certainly remove any hack but you would have Superfish back on and running Lenovo's removal tool first after creating a robust Admin password account and creating a local user account for normal use should prevent any further incursions.

Is this the removal tool you used before to get rid of Superfish http://support.lenovo.com/us/en/product_security/superfish_uninstall

Once it is back up and running you should update to Win 8.1 or did you mean it was running 8.1 ?
« Last Edit: March 25, 2015, 07:04:43 am by Boggin »

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #3 on: March 25, 2015, 07:25:30 am »
Thanks Boggin, My wife uninstalled it and she is pretty novice, I'm sure she just used the uninstall program. Is the link that you have given me the one I should use to remove it after I reset?

So do you think that this is the problem?
Joe K
Learn by Trial and Error (Lots of Error)

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #4 on: March 25, 2015, 07:37:24 am »
Yes, Lenovo's tool also removes Superfish certificates and Windows Uninstall is pretty hopeless anyway unless you don't mind leaving residue in the registry.

Have you thought of putting IOBit's Uninstaller on there ?

It's quite a serious hack when someone takes over your computer as the computer is no longer yours and your wife should use your computer to change all of her passwords for her sensitive web sites ASAP.

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #5 on: March 25, 2015, 07:46:20 am »
Thanks Boggin, yes you told me about IOBit before and I will install it to remove some of the bloat ware. Thanks  :wink:
Joe K
Learn by Trial and Error (Lots of Error)

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #6 on: March 25, 2015, 07:50:45 am »
Does your wife have much to back up before the factory reset ?

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #7 on: March 25, 2015, 08:05:46 am »
Not that much, I will move it to dropbox whatever she has.

I may change the antivirus also, we are running Kaspersky just because Best Buy gave it to us free for a year but I also have McAfee corporate edition for free through my work that I might put on it instead. Do you have any thoughts on which is better?
Joe K
Learn by Trial and Error (Lots of Error)

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #8 on: March 25, 2015, 08:21:31 am »
I've never had much faith in McAfee as I've seen it problematic in the past when one of its Definition updates blocked Internet connectivity and McAfee had to do a MS and release a patch.

Kaspersky is currently in top spot but there's this http://www.theregister.co.uk/2015/03/19/kaspersky_lab_denies_its_handinglove_with_russian_security_services/

Of the two I think you should go with whatever you feel safe with - up until now I assume Kaspersky has kept you safe and it is highly recommended.

Have a Google for the top paid for AV programs and while the top slots may vary slightly, Kaspersky will be up there.

I don't think any AV program would have been able to prevent the hack if it has come through a back door provided by the computer vendor.

This is what makes these PuPs dangerous as they aren't malicious in their own right, but they can make a computer vulnerable.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #9 on: March 25, 2015, 01:20:56 pm »
Well it does look like someone was controlling the system. The best way to find out if someone was controlling it or if it is a program doing it instead is to go and unplug the power to your modem, that way the internet drops.

Once the internet drops and if it is someone over the net controlling it, then it should stop right then and there. If it keeps on going then it isnt someone on the net controlling it but instead a program on autopilot.

Shane

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #10 on: March 25, 2015, 01:28:10 pm »
That's a great idea Shane if it starts doing it again I will try that
Joe K
Learn by Trial and Error (Lots of Error)

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #11 on: March 30, 2015, 03:37:21 am »
Well it does look like someone was controlling the system. The best way to find out if someone was controlling it or if it is a program doing it instead is to go and unplug the power to your modem, that way the internet drops.

Once the internet drops and if it is someone over the net controlling it, then it should stop right then and there. If it keeps on going then it isnt someone on the net controlling it but instead a program on autopilot.

Shane

yes maybe autopilot... its a bigger possability, how to get rid of autopilot spamawear we wonder?

Shane, you know, you have a program for checking this type of thing. did your forget that :)
maybe send him the link from your tools...

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot [solved]
« Reply #12 on: March 30, 2015, 05:59:29 am »
Sorry guys I forgot to report back. I did a factory reset to my wife's laptop and then removed the superfish thing as the first order of business. I got all the backup files restored to it and everything is running fine.

Thanks you guys are great! :smiley:
Joe K
Learn by Trial and Error (Lots of Error)

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #13 on: March 30, 2015, 06:34:34 am »
Yes, a clean slate is the best way to get rid of any on board infection and thanks for the update.

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #14 on: March 30, 2015, 08:44:07 am »
Yes, a clean slate is the best way to get rid of any on board infection and thanks for the update.

tick tock, lets see for how long!

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #15 on: March 30, 2015, 09:18:21 am »
Safe browsing is the key and not clicking on any links in e-mails even when they appear to be from someone you know in case their e-mail has been hijacked.

If in doubt, call that person to confirm the e-mail is genuine.

I think you can also pass on to look for unwanted bundled software when downloading/updating  :smiley:

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #16 on: March 30, 2015, 07:25:31 pm »
My wife has a pretty new Lenovo Yoga II running windows 8. Either someone or a bot takes it over. It takes control of the mouse, highlights text moves around goes to different websites like wikipedia, you tube, Amazon and more. It has also been into the registry and I don't know what it's doing. It also opened and was in the mouse properties also.

It did it about a week ago and I ran malwarebytes, and superantispyware and Ccleanr in addition the the Kapersky anti virus running on it and it cleaned up a lot of stuff. It was OK for a while but now it just did it again. The laptop is unusable when this is going on.

I am concerned about security especially since my wife does banking and pays all our bills online. My wife does a lot of prison ministry here in San Diego, she suspects it is the government because they stop at nothing to prosecute these guys and they are in for serious offenses. (Don't know just putting it out there)

When the laptop is restarted it seems to be OK but I know it's not fixed.

Do you think I should do a factory reset to get rid of it? Any help is appreciated. Thanks, Joe

P.S. My wife took a video of it from her phone while it was doing this. Click on the link to view:
https://www.dropbox.com/s/jzai9bwro1j4adb/20150324_171933.mp4?dl=0

this may help?
http://www.tweaking.com/content/page/remote_desktop_ip_monitor_blocker.html

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #17 on: March 30, 2015, 07:28:04 pm »
Safe browsing is the key and not clicking on any links in e-mails even when they appear to be from someone you know in case their e-mail has been hijacked.

If in doubt, call that person to confirm the e-mail is genuine.

I think you can also pass on to look for unwanted bundled software when downloading/updating  :smiley:
yes, its time go back to text only messages with file attachments until spyware blaster type programs can upgrade to include email too

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #18 on: April 01, 2015, 08:55:06 pm »
My wife has a pretty new Lenovo Yoga II running windows 8. Either someone or a bot takes it over. It takes control of the mouse, highlights text moves around goes to different websites like wikipedia, you tube, Amazon and more. It has also been into the registry and I don't know what it's doing. It also opened and was in the mouse properties also.

It did it about a week ago and I ran malwarebytes, and superantispyware and Ccleanr in addition the the Kapersky anti virus running on it and it cleaned up a lot of stuff. It was OK for a while but now it just did it again. The laptop is unusable when this is going on.

I am concerned about security especially since my wife does banking and pays all our bills online. My wife does a lot of prison ministry here in San Diego, she suspects it is the government because they stop at nothing to prosecute these guys and they are in for serious offenses. (Don't know just putting it out there)

When the laptop is restarted it seems to be OK but I know it's not fixed.

Do you think I should do a factory reset to get rid of it? Any help is appreciated. Thanks, Joe

P.S. My wife took a video of it from her phone while it was doing this. Click on the link to view:
https://www.dropbox.com/s/jzai9bwro1j4adb/20150324_171933.mp4?dl=0

I have a question;
Are you using user accounts?
Do you have a password setup on each account?
Do you keep a master folder of passwords on the system like most people do?
Do you protect that master folder with another password?



Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #19 on: April 02, 2015, 06:09:43 am »
Quote
I have a question;
Are you using user accounts?
Do you have a password setup on each account?
Do you keep a master folder of passwords on the system like most people do?
Do you protect that master folder with another password?

Yes to all the above
Joe K
Learn by Trial and Error (Lots of Error)

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: Help! Laptop being taken over remotely or by bot
« Reply #20 on: April 06, 2015, 12:27:08 am »
Quote
I have a question;
Are you using user accounts?
Do you have a password setup on each account?
Do you keep a master folder of passwords on the system like most people do?
Do you protect that master folder with another password?

Yes to all the above

Under user accounts, set them up as standard only without administrator privileges.
be sure all user accounts have passwords.

have you downloaded and installed shane's remote IP tracker?

Offline jmk909er

  • Jr. Member
  • **
  • Join Date: Feb 2015
  • Posts: 66
  • Location: San Diego
  • Karma: 0
    • View Profile
    • Jozep Fit4Life
Re: Help! Laptop being taken over remotely or by bot
« Reply #21 on: April 06, 2015, 06:47:09 am »
No I did a factory reset and no longer have this issue but thanks.
Joe K
Learn by Trial and Error (Lots of Error)