Hacking-can someone help me understand these URLs?

[lilliem88]

I was hacked for multiple years-many ruined pcs, smartphones, an ipad, and non-recoverable accounts. Went off the grid for awhile cause it was too stressful-unfortunately that is not sustainable in today's world.

I tried to make an account here and was taken here:

http/click.emails.purch.com/?qs=5084a53b2ece81acb90e4d522e76c58913e30e57891f18822847d017bb9f0e0e12b8d83e1e3e0eacee0477069b6c143d2a2e8d3a122e6424

after which I was taken to

https/www.tomshardware.com/login/?email=strippedEmail&message=Your%20email%20was%20verified.%20You%20can%20continue%20using%20the%20application.&success=true&supportForgotPassword=false&supportSignUp=false

I have noticed repeatedly my browser redirecting me using this pattern:%2Fsomething%2Asomething%2Asomething. Like every time I use gmail, when I tried to reset my (hacked) fb this was the link:


Webpage not available

The webpage at https/m.facebookcorewwwi.onion/?refsrc=https%3A%2F%2Fwww.facebookcorewwwi.onion%2F&_rdr could not be loaded because:

net::ERR_NAME_NOT_RESOLVED

I don't know what these things mean but it is constant on every network I use, even when I reach out to real companies for a pw reset or whatever. It seems like I never get emails that don't have that pattern "%3A$2F%2F". Professionals have told me "yeah that's weird, call the police," but the police are not going to help unless something big and obvious happens like large sums of $ moving. That doesn't happen to me, it's just my passwords constantly changing despite having 2 factor authentication, my identity was stolen 6 years ago, I moved and my mail has not been going to my old or new address for months (yes I have contacted usps.) It's like an unending nightmare.

Anyone who can give me any info on what could be happening will be greatly appreciated. Root checker says I am not rooted, but I have a file app that has "root" as one of its main folders, which is full of files with names like "CPU_CLONE_CHILDREN," so I dont know what to think.

Any guidance appreciated.

 

[Ralston18]

Some general thoughts and guidance.

First you must provide some detailed information: e.g., what operating system are you using? What browser (Chrome)? What applications?

What other anti-virus software are you using besides the root checker?

Try Herd Protect - may find and clean up some issues.

Reference: https/www.herdprotect.com/

Second focus on identifying and quantifying a specific problem. Then look for the applicable solutions. Do not just apply any fix that happens to appear in the search results. Some sites will show up no matter what problem you are addressing. Many of those sites want you to download something and/or will attempt to trick you into downloading other things as well.

STARTERS:

Regarding ERR_NAME_NOT_RESOLVED":

Here is a link that may help you start fixing things:

https/appuals.com/how-to-fix-error-err_name_not_resolved-on-google-chrome/

Another common source for website connection problems is the Hosts file.

Here is a starter link to address possible hosts file issues with respect to your system:

https/www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

You might be able to clean things up some by flushing the dns cache:

https/www.maketecheasier.com/flush-dns-cache-windows10/

Not at all sure about the "CPU_CLONE_CHILDREN". Seems Linux like..... Will leave that to a Linux person who may read your post.

Overall recover and retain control of your computer and network.

Does anyone else use your computer and/or network? Wired or wireless? Do you know if the router is secure? Have the default login/admin name and passwords been changed by you?

Begin by changing all admin logins and passwords. Do so methodically and carefully. Change only one thing at a time and verify that any changes are fully working before moving on to some other issue or matter. Keep notes in case you need to go back and undo some change.

 

[ex_bubblehead]

I can vouch for the first 2 links you posted. They are legitimate and related to the new login process, no need to worry about them.

First question, have you wiped (ie. formatted) the disk and reinstalled Windows? If not then do so before you do anything else as there may very well be remnants of previous malware hiding. Best to always start clean.

 

[lilliem88]

Thanks you guys SO MUCH for listening and giving me respectful responses. Computers don't come naturally to me and I can meander, so most people assume that I am just doing something wrong (which I'm sure I have/do) and the problems are solely in my head (they aren't.) However, given how many crazy things that have happened, I'm sure I am paranoid and see problems that are NOT due to hacking as well, and I'm not savvy enough to always know the difference. So I'm sure I'm frustrating for computer buffs. I am going to try my best to be concise and stick to facts.

ex_bubblehead - I am supposedly using a wiped laptop at the moment with win 10 reinstalled by Geek Squad, but, for example, they told me they made me just one account, with admin privileges, which was important to me because on a previously hacked MAC some human or botnet apparently got "super user" privileges and would just change all my settings repeatedly and I couldn't do anything about it. I just tried to open a document called "pfirewall.log" and it says "you don't have permission to open this file." Well, then who does if I am supposed to be the only administrator?

Ralston - I have many devices and experience similar problems with all of them, like my passwords changing constantly despite having 2fa wherever I can and on various networks-home, school, phone's data. I am using an Asus laptop, Win 10 at the moment. I have a Dell laptop win 10, an iPhone 6 and a Samsung Galaxy Amp Prime. The iPhone I shouldn't use - the other day I tried to send an airline a photo of something strange with their app and it was called "fake_path". I use various browsers but usually firefox updated to the latest version with https everywhere - I use Chrome, Safari or the stock browser on the Android oftentimes because I can't get anywhere when I'm using https everywhere and there are multiple objects blocked or cross-site scripts trying to run, but I have to just go to another browser if say, I have something due at school. At home, I have two wifi hotspots with two different ISPs. The first one used 80 gb in about two weeks and I wasn't even streaming or anything. I got a new one from a different ISP and I will share below what happened with that...I use Kaspersky Internet Security but want to try something new I think.

Here are two examples that make me think I am being hacked or something isn't right. I use VPN.ac and was supposedly connected to an American server using OpenVPN ECC, port UDP-443. I looked at my Kaspersky network activity. This is what my incoming/outcoming info looks like: open ports include 1900, Microsoft SSDP Enabled discovery of UPnP devices (but in network settings, I have no private networks/network discovery/file sharing options). Also open 445, Microsoft-DS Active Directory; Windows shares and SMB file sharing. The vast majority of these are under the "processes" of TCP/IP Services Application, Host Process for Windows Services, Microsoft Edge Content Process, or simply "System". The ip addresses are almost always 0.0.0.0, ::, occasionally the ip address I'm trying to not show. The one process "OpenVPN daemon" was under a netBIOS port (I don't know what Active Directory and netBIOS mean except very vaguely, I just know that they were involved in the the "hack" used to gain access to my MAC, according to Apple). When it showed the VPN's ip, it came up a couple times in ports 138 and 139 and 9 I believe.

The other just completely bizarre occurrence was on wifi hotspot number 2 - I went to the page http/my.jetpack to change the admin password. It doesn't allow a secure connection apparently. I changed the password and clicked save, then on the device itself where it also says the pw, it changed from what it came with to to, not what I wrote, but, I swear to god, "usaidwataboutUkraniansjquery15numbersjQuery15numbers". It was creepy because when my fb was hacked, the last known ip was in the Ukraine so I have a private joke with friends about Ukranian hackers. I saw that and just turned it off, the guy at the ISP store factory reset it but I haven't used it cause that was so weird. Oddly, when he tried to help me over the phone, the two different companies and devices sent me to the same site, even though one is ATT Netgear and one is something else.

Sorry - that was a lot - I hope that answers your question that no, my network is not secure, but I have no idea how it is happening. When I try to secure my admin pw, that's the kind of thing that happens. I have developed good habits, but my passwords are changed constantly. I'm not a spy, I'm NOT rich, and to my knowledge I have no one out to get me that I know. My identity was stolen and I spend way too much on data, so I am assuming those are motives for hacking. If those open ports aren't hacking, isn't it unusual to have the majority of your ip addresses be all 0s, in the past 127.0.0.1, and ::?

I will try your various suggestions and thank you so much. It's obviously quite overwhelming to me, so I think I'll have someone else look at it, see if it is in fact wiped, then perhaps come to my home to try to help me secure my network. When the hotspot connects to the computer, it doesn't say the computer name, just *, and there is always a hidden network with full strength.

P.S I use hotspots because I live in a home with people who do not want to be on the same network as me. I do not blame them.

 

[BFG-9000]

For you, I recommend a read-only OS. Booting from a Live CD gives you a fresh install with each boot, and even if it gets hacked it will only be for that session. It's pretty disturbing that something is even intercepting your http access to the hotspot's web configuration page.

Webconverger is a completely GUI-less OS, and while it runs Debian underneath, the only thing it runs is Firefox so essentially it's a locked-down, bootable web-browser. As you haven't had much luck with Apple or Microsoft, it's time to try Linux and this is as painless as it gets. About the only issue with it is the free version is ethernet-only, so won't be able to connect via WiFi. You can ask someone else to download and burn the .iso

BTW no software can detect malware in the BIOS, or service tracks of the hard disk. The firmware of the HDD is stored in the latter so can easily reinfect any OS that is installed later. And of course the Intel Management Engine or AMD Platform Security Processor are entire 2nd computers in the chipset, which can access disk, memory and network without the main CPU knowing about it because it runs in a lower ring. So your best bet is to remove the HDD, flash the BIOS and boot from CD. Good luck!

 

[lilliem88]

BFG 9000-
You and the other posters may have restored my faith in humanity! No one was condescending, implied that I was just mistaken and didn't know what I was talking about, or mentally ill (yes, before I brought my MAC in to the "genius bar," an employee actually threw out the word "schizophrenia"!) The same has been true for other message boards. All I have wanted is to be believed and to find a solution so I can get on with it and be a normal person with one phone and computer.

Yes, most people I have gone to for help agree that if I just reinstall windows or macOS, further problems can only be explained by my installing new malware. But things happen too quickly for that to be the only explanation.

You mentioned the cost of Webconverger. The reason I have so many devices is because it seems no matter what I do, I get hacked. The single most inexplicable thing was buying a new Android with a new ISP, fake name, fake city, brand new gmail, new #, and I hadn't had TIME to make a mistake because I was hacked before I got home! The 2fa I'd set up with gmail was somehow not protective by someone (something?) changing the new 10 digit # but adding the country code, as I got a text that my settings had been changed and that was the only difference, then they were able to change the pw and lock me out. I got a notification text as I was pulling into my driveway. I never could get back in to not just the email but the entire phone. The only link is that I used my credit card, and I got that text as I was pulling into my house that has a wifi network. Even then that's an awful lot, very quickly, very unlikely and as I said before I am NOT someone a hacker would put such effort into. That led me to wonder about inside jobs. I know someone who COULD have that sort of power (but we broke up 8 years ago and I don't think he has that kind of grudge.) This is about when I start getting the sense that people just assume I am crazy. But that is exactly what happened, and I was with a sane individual the whole time to vouch for it. It just makes no sense whatsoever. Things people tell me are physically impossible are POSSIBLE, I've learned unfortunately.

After that I said it's futile and I am buying no more devices. However if you mean that this product would without a doubt solve at least some of this, I am willing to do that. Unfortunately I do need wifi, I have to use rideshare apps to get around. Well I could use data for that, but it would add up quickly. I have to stream class lectures etc.

I will need to decipher all you said with someone for whom the explanation won't need a translater, haha. Any advice on where to purchase this OS and from whom to get the help I will need? I haven't had much luck with Geeksquad I'm afraid.

This is embarrassing, but can Linux be run on...well, what kind of computer would I need? Can it be installed on a previously defiled device? I have a MAC and two PC laptops, all of which have been hacked. I have no clue how to remove the HDD, flash anything, and have no cd drive so I guess I'd need to buy one that attached via USB. I'm assuming the MAC is out, since they don't seem to be ok with any OS that is not by them.

I can do research on my own of course but since you all know what you are talking about here: do you think, in my situation, I should get a new router? I don't know if portable hotspots are less secure in general, I certainly haven't had a good experience with them...if I invest in a new router, is there one anyone would recommend to have as strict security as possible? I read somewhere that having a separate router and modem helps, is there truth to that?

Finally, I am of the opinion that my family is already compromised, since one of my phones is on their family plan. I talked to geeksquad today and he actually said "no, they couldn't use their computers if they were being hacked." My jaw about dropped. Even I know a good hacker needs access without being discovered. Said phone was verified hacked, so is it a good idea for the whole family to at least get a new router? Or should I continue to stay with hotspots?

Thank you so much for your patience and nonjudgmentalism. I didn't realize how much this invalidation has bothered me until I got kind, helpful responses.

 

[BFG-9000]

Most Linux distributions are free. You just download the .iso and burn it to disk or USB stick, then try it "live" by booting from it. If you like it, you can then install it to HDD right from the desktop of the booted CD/USB. I suggest trying the free version of Webconverger (which I provided a link to earlier) before buying anything, in the PCs or the Macbook with an ethernet dongle. After all it's an OS that does nothing but give you a browser and you may find that limiting.

Macs have been regular x86 machines for a long time now. You can use Apple's own bootloader utility called "Bootcamp" to install Windows if you like. And you can boot from USB or CD by pressing the Option/Alt key immediately after the startup chime. So yes, you can boot to the same Linux distros on a Macbook. If you want a full-featured OS like macOS or Win 10 I'd suggest Mint 18.2 with the Cinnamon desktop.

Linux is actually pretty secure on an infected machine, because many live distros don't even mount the hard disk and any malware on that will obviously not be written for Linux. One of the uses for such a disc is for a public kiosk/internet terminal, and you can carry your own secure OS around to boot from and safely do banking or shopping on even a borrowed teenager's computer.

That said, it's so easy and quick nowadays to reinstall Windows that you really should learn how to do it yourself so you can do it as often as you'd like. You just need to make the USB stick or DVD from Microsoft's Media Creation Tool and boot from it. Note if you click that link from a non-Windows device it takes you to a list of .iso for download.

There's just about no way to hack a modem without the ISP's help as it downloads a config file from them and checks the firmware on every boot. If it finds something has changed, they will send you a nasty letter accusing you of trying to steal their service. And a hotspot is 4g data, so I'm not sure why data on the phone would somehow be worse than data from the hotspot over Wifi.

The router's reset button clears the NVRAM of all persistent settings. If the firmware (equivalent to its OS) is hacked, flashing new firmware will overwrite it. If the CFE (equivalent to a BIOS) is hacked, that would generally require flashing a new one over tftp but official ones aren't usually available for download so you'd need support from the manufacturer. Just about any router should be secure enough if it allows you to disable anything you won't use like the WPS button or UPnP, but I prefer ones that accept third-party firmware as that continues to be updated for years after the manufacturer itself stops supporting it.

While someone who was truly interested in security would avoid using Wifi when at home (class lectures and such would be on the school's Wifi), for the convenience a very long SSID (up to 32 characters) and WPA2-Personal passkey (up to 63 characters) should really be good enough. At least until quantum computers arrive.