Hello, new guy here.

Tooleman75

Tooleman75

New member
Joined
Dec 29, 2019
Posts
3
Location
Cape Girardeau, MO
Hi everyone, Merry Christmas and Happy New Year to everyone and hoping to have a better year than this last one. Lol

I wish I could say I am on here just to chat; but unfortunately like many others I find myself needing some assistance and guidance for a problem I can’t solve myself.

I guess I’ll just get to the point. I’m pretty good at paying attention to detail and noticing things that change or are not where I left them. My situation is that I apparently can’t keep UPnP disabled from my router and network. Second, I keep finding a bunch of browser history sites that I have no idea why I’m seeing them in my history.
They’re not anything I’d normally be associated with (WordPress, GitHub, StackExchange, etc...). Third, I recently found out that all my email accounts for some reason are now cloud or developer accounts for example my gmail account has access to Firebase and Google Cloud. My Amazon Prime now has an AWS account attached. My hotmail account has an Azure account access.
I’m just trying to get some advice on how this is happening and why my devices on my network keep changing their settings to allow remote access and such. I’ve even gotten Geek Squad involved with setting up my network, but they have not been able to figure out why my settings keep changing.
No security software has been able to find anything wrong whenever it’s working and most times I have noticed that when it does complete a scan; there’s a laundry list of files that it says are excluded for some reason. I wish i was making this up but I’m not. Can anyone help or advise me on what to do? I’ll do whatever it takes to get this nightmare to end.
 
Hi Tooleman75, welcome to Sysnative!

It does sound like someone else is accessing your accounts, but may be hard to identify the exact cause.

As a starting point, please could you follow our malware posting instructions and create a new topic with the logs.
Malware Removal Posting Instructions

This type of issue may not be malware, but this is a good starting point to check what's on your system and rule out common malware.
 
Hi Tooleman75 and welcome to sysnative.

In addition to the suggestions above, I sure would immediately change your passwords to your computer and, for starters, your important accounts. And the admin password to your router and the wifi passphrase. They should all be unique.

And don't write them down. I highly recommend the use of a good software based password safe or manager. With a password safe you only have to remember one (ideally, very strong) password, the one into your safe. I’ve been using SplashID since my Palm Pilot days - sadly the newer versions are no longer free. Other recommended safes include, Password Safe, KeePass Password Safe, Enpass and RoboForm is a favorite of many.
 
Thanks for the advice everyone. I have even tried separating myself from my accounts and creating new one’s and deactivating the others. But I have recently found out that my old accounts weren’t ever closed. Which seems impossible because I remember receiving the notification email that they were and had to reverify I wanted to close them. I would swear that it seems like I am dealing with someone toying with me rather than a virus because it’s not consistent. Also last thing; I wanted to mention is that I have recently found secure shell modules in my HTTP Catcher application.
My reason for having this app is that while scanning my home network and devices I kept getting a warning about my HTTP flag settings were putting my devices and network at risk for several things such as not allowing my cache or cookies to be cleared and several others. A friend suggested this app and it has recorded several questionable modules being added or activating because of one of my actions had prompted it. I’d love to know more about what is going on but after I do a search for what they are after a day or so; apparently nothing is returned on my searches. Could this be a possible explanation of what is allowing this to happen? They all seem to be referencing virtual machine something or I’ve also been finding MDM references in the modules.
Basically makes me feel like I’ve got someone just playing with me because overall I can’t find anything monetarily that has been effected by this other than the money I’ve spent in purchasing security that either hasn’t worked to prevent this or the cost I’ve had in replacing devices that I can’t get to completely factory reset to before this all started. Sorry about writing a book about this; just trying to not leave anything out that could possibly be an answer. Thanks again for your time.
 
Hey Tooleman75,

Thanks for the additional info - would you mind posting a new thread in the security section?
Malware Removal Posting Instructions

We don't provide support in this specific section, as it's for introductions, but if you create a new thread in the security section we'll be happy to assist. Due to the nature of the queries it's likely you'll need to share some more details privately for us to help, and it's best to do that with a specific helper.
 
Hello and welcome. :-)

Keep persevering and post in the relevant sections to follow up on your security issues.
 
Sorry I haven’t been able to get that info yet. Apparently I can only login to this page on my iPhone. Every time I attempt it on my desktop I get a notification that my password or login is incorrect. I’ve double checked my login and password for the site and it IS correct. I double checked and I don’t have caps lock or anything up such as a blocker. It’s the damnedest thing. I’m going to try and work on it this weekend and give ya an update. Thanks again for the help,
James T.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top