Sign in with
Sign up | Sign in
Your question

Trapped in a virtual network PLEEEZ HELP!!!

Last response: in Business Computing
Share
February 20, 2012 1:01:26 AM

hello all,
i could use some help badly... for approx. days someone has taken over my home network and appears to have made me a part of their virtual network or machine, ivbe switched isp's purchased new equipment built new machine off sight and introduced by itself and yet the intruder returns this is strictly lan connection. no wireless.. im at a loss and frankly its scaring the crap out of my kids. is there any way to break free from this??
thanks in advance
sincerely
Ron
February 20, 2012 2:22:07 AM

Ok. It would scare the crap out of me too, very frankly. But, could you spread some more light on this.
How do you make out "You're trapped into this virtual network"
How have you reached this conclusion.
You could basically, add a new domain name to all the computers in the network and change the IP's.... that would break away from the net within the net thing.
February 20, 2012 2:23:11 AM

You could also use a Firewall like Outpost and see what's happening and configure it to keep the intruder off. Ban him, block him, blacklist him and finally report him to the authorities.
You could create a different user group and have sharing going on only within that group. Disabling the sharing and access options to the rest of the network.
Related resources
February 20, 2012 5:11:26 PM

OK bear with me cause im learning as i go but... jan 8 2011 i was notified by att my email was being opened remotely? jan 11 2011 found someone taking away all my local authorities on my pc.. actually saw it happening. i unplugged from internet at that time i had 3 wired pc's and multiple wireless accessories (home network) over the next few days all pc's slowly started locking up and became non functional... contacted local police as well as fbi... windows 7 credential manager had been activated then encrypted. i immediately requested a new ip address stopped all wireless and put only 1 wired machine back on internet ( i replaced all memory components before reinstalling ( ssd, hd, mobo, removed vid and aud cards) within 12hrs it begins again so i switched internet providers within 24hrs again it happened i called microsoft norton and frankly everyone i could think of i was told hes gaining entry at server level i started looking at all equipment that was destroyed noticed all hard drives now have a 68kb section of data on them that i didnt install as well as extra volumes usually numbered 1-4 that im unable to delete. then i purchased business grade firewall appliance hook up and configure. within 24 hrs its happening again so i called firewall provider had them reconfigure remotely and remove all access to the management console except for a single ip address (1 of theirs ) this is where i am currently the firewall got reconfigured friday... this is like a black hole....!! there is absolutely no support for things like this either legally or corporate.. the only thing thats been stolen is personal data local cable internet provider doesnt track incoming isp's att does and has info but will not provide without subpeona.. he has trashed half dozen mobo's hd's ssd's and the like and just doing research thoughout the ordeal and reading i believe that im a part of his virtual machine or network that would explain why hes been able to attack through multiple isp's and firewall.. story actually much longer and more detailed but thats the jist.
thanks again
ron
February 20, 2012 5:31:51 PM

Wow...that is just nuts..........
February 20, 2012 5:36:41 PM

first did you check your router settings and you could see the incoming ip using incoming log also if you router is only using rthe wep protection for internet you will have to get a safer one with wpa 2 it you will give the name and model of router
a b 8 Security
February 20, 2012 6:41:45 PM

Hi :) 

This isnt that complicated to fix so stop worrying to start with...

Instructions...

1, PULL OUT network cable (so no net connection....)

2,Choose ONE MACHINE only to connect back to net and format the hard drive and reinstall windows on it

3, Install Norton Internet security 2012

4, Reconnect to net on that machine ONLY (ALL others turned OFF)

5, UPDATE Norton and keep updating it until it says no more updates.

6, UPDATE Windows and keep updating it until it says no more updates.

7, Connect each of your other machines to the net machine ONE AT A TIME and do a FULL SCAN on them with the Norton on the net machine....once finished and clean install Norton on those as well...

8, Repeat 7 until all finished....

9, You and all your machines are now safe...

All the best Brett :) 
February 21, 2012 9:01:37 AM

Try changing the domain and the computer names too. Plus giving them different IP's on the network...

For instance if you are currently on a 192.168.1.*** change to a 192.168.101.***
February 21, 2012 1:09:36 PM

I would also suggest that you change your internal IP address network, but to something completely outside the Class C address. Move to a Class B or Class A address pool like 172.16.0.0 network. Some home routers won't allow you to configure anything other than a Class C private address though such as 192.168.0.0

To get rid of any traces of hidden partitions or files that someone might have planted on your hard drives, use a low level disk erase utility. If it is an SSD, I would suggest using a computer not hooked up to the internet (or at a different location if possible) to perform a firmware update and then use Secure Erase or a similar utility as suggested by the manufacturer of your SSD. For a hard drive, there are several free programs out there such as Active Kill Disk and others that can perform a complete erase of your hard drive. Run it through this utility a couple times and you should be able to then reuse the drive to install Windows 7 or whichever operating system you are using.

I think you did a great thing by going to a hardware firewall and getting their technicians to set up the firewall properly for you.

February 22, 2012 1:50:09 AM

I would like to know what their response was "contacted local police as well as fbi"
February 22, 2012 9:08:08 AM

They must get involved. I remember a similar thing happening to me when I was only a kid. I was about 10 years old (10 years ago) and my next door neighbour done a similar thing, he could control our computer like an RDP session, but from boot. He would post naked pictures of dead children on the screen.

We contacted the police and they caught him in a couple of weeks, finding child porn and mutilated images. Now he is in prison. Authorities should help.
February 22, 2012 5:23:56 PM

lewza said:
They must get involved. I remember a similar thing happening to me when I was only a kid. I was about 10 years old (10 years ago) and my next door neighbour done a similar thing, he could control our computer like an RDP session, but from boot. He would post naked pictures of dead children on the screen.

We contacted the police and they caught him in a couple of weeks, finding child porn and mutilated images. Now he is in prison. Authorities should help.



Wow that's messed up.
February 22, 2012 5:56:00 PM

lewza said:
They must get involved. I remember a similar thing happening to me when I was only a kid. I was about 10 years old (10 years ago) and my next door neighbour done a similar thing, he could control our computer like an RDP session, but from boot. He would post naked pictures of dead children on the screen.

We contacted the police and they caught him in a couple of weeks, finding child porn and mutilated images. Now he is in prison. Authorities should help.

Scarry story Bro
February 22, 2012 6:13:07 PM

On the off chance search for teamviewer or ammy admin through programs and features in the control panel. If you see it uninstall it from the computer, he may be getting in that way. They are remote access tools.
February 22, 2012 6:33:42 PM

click start and in the run box type cmd
in command prompt type ipconfig /all
check the dns entry verify with your isp that it is correct also run
netstat -ano
and
netstat -b
please post the netstat so we can see what protocols have what ports open
February 22, 2012 7:44:55 PM

go under computer property open parameter to use a remote uncheck remote assistance then restart computer in safe mode without network on do a full virus scan and also use malwarebytes and do the same test on every computer do not connect to network until all mobo are clean from virus and spyware
February 23, 2012 3:14:07 AM

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netstat -b

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:2869 wilma-PC:49966 ESTABLISHED
Can not obtain ownership information
TCP 127.0.0.1:5357 wilma-PC:49962 TIME_WAIT
TCP 127.0.0.1:5357 wilma-PC:49965 TIME_WAIT
TCP 127.0.0.1:5357 wilma-PC:49967 TIME_WAIT
TCP 127.0.0.1:5357 wilma-PC:49968 TIME_WAIT
TCP 127.0.0.1:49966 wilma-PC:icslap ESTABLISHED
EventSystem
[svchost.exe]
TCP [::1]:2869 wilma-PC:49963 TIME_WAIT

C:\Windows\system32>

ok the above is netstat -b
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 748
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 4008
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 788
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 904
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 1092
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 856
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 900
TCP 127.0.0.1:5357 127.0.0.1:49957 TIME_WAIT 0
TCP 127.0.0.1:5357 127.0.0.1:49958 TIME_WAIT 0
TCP 127.0.0.1:5357 127.0.0.1:49961 TIME_WAIT 0
TCP 127.0.0.1:49157 0.0.0.0:0 LISTENING 1720
TCP 192.168.200.230:139 0.0.0.0:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 748
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:554 [::]:0 LISTENING 4008
TCP [::]:2869 [::]:0 LISTENING 4
TCP [::]:3587 [::]:0 LISTENING 4408
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:10243 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 788
TCP [::]:49153 [::]:0 LISTENING 904
TCP [::]:49154 [::]:0 LISTENING 1092
TCP [::]:49155 [::]:0 LISTENING 856
TCP [::]:49156 [::]:0 LISTENING 900
TCP [::1]:49158 [::]:0 LISTENING 1720
UDP 0.0.0.0:500 *:* 1092
UDP 0.0.0.0:3544 *:* 1092
UDP 0.0.0.0:3702 *:* 4148
UDP 0.0.0.0:3702 *:* 4148
UDP 0.0.0.0:3702 *:* 1256
UDP 0.0.0.0:3702 *:* 1256
UDP 0.0.0.0:4500 *:* 1092
UDP 0.0.0.0:5004 *:* 4008
UDP 0.0.0.0:5005 *:* 4008
UDP 0.0.0.0:60014 *:* 4148
UDP 0.0.0.0:60016 *:* 1256
UDP 0.0.0.0:60018 *:* 1256
UDP 127.0.0.1:1900 *:* 4148
UDP 127.0.0.1:60013 *:* 4148
UDP 127.0.0.1:60194 *:* 4680
UDP 127.0.0.1:60421 *:* 4728
UDP 192.168.200.230:137 *:* 4
UDP 192.168.200.230:138 *:* 4
UDP 192.168.200.230:1900 *:* 4148
UDP 192.168.200.230:57800 *:* 1092
UDP 192.168.200.230:60012 *:* 4148
UDP [::]:500 *:* 1092
UDP [::]:3540 *:* 4408
UDP [::]:3702 *:* 1256
UDP [::]:3702 *:* 1256
UDP [::]:3702 *:* 4148
UDP [::]:3702 *:* 4148
UDP [::]:4500 *:* 1092
UDP [::]:5004 *:* 4008
UDP [::]:5005 *:* 4008
UDP [::]:60015 *:* 4148
UDP [::]:60017 *:* 1256
UDP [::]:60019 *:* 1256
UDP [::1]:1900 *:* 4148
UDP [::1]:60011 *:* 4148
UDP [fe80::249b:bcea:53f3:3241%11]:1900 *:*
4148
UDP [fe80::249b:bcea:53f3:3241%11]:60010 *:*
4148

this is -ano........
here is my follow up i think the person has penetrated the firewall just based on my experience thus far. although sonicwall asssures me im incorrect. there have been over 800 intrusion attempts by what they term as "strange ports" since monday .. all have been dropped by the firewall. the same ip address attacks every time (bejing china) it also continuosly attempts logging into my management interface. i believe they call it a "dictionary attack" mind you (by design i no longer have access) as far as authorities response... local PD wrote report no follow up... fbi dpt is called "ic3" i upload anything i consider to be evidence daily. get automated response nothing past that yet. i am pretty confident i know someone involved in the attack but at this point nothing has been done yet. i used linux "silent runners" and found registry changes that are hidden that cause specific output that has been manipulated by whomever is doing this. kind of difficult to explain .my learning curve has been this . at first i thought it was a trojan or rootkit that opened a port to allow the remote user to inject code.. then i eliminated that. thought maybe it was someone using tactics used by netbots im pretty confident that ive eliminated that as well. just based on reading, the virtual network or machine theroy is the strongest based on comparative analysis of data that ive managed to scrub from hidden files on drives ive removed its very hard for me to explain because im not an expert and dont know all terms. here is a registry entry i found mind you i have no idea what this means other than it appears to have been modified as well as hidden by someone or something..

c:\windows\system32\tasks\microsoft\windows\customer experience improvement program "consolidator" -> launches: "%systemroot%\system32\wsqmcons.exe" [ms] "kernelCeiptask" ->(HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}" -> {HKLM...CLSID} = "UsbCeip" \inProcServer32\ (default) = "C:\windows\system32\usbceip.dll"

using this as logic: when i run "silent runners" on a fresh install of win7 there are no entries that have "(HIDDEN!) anywhere on it.. also i have no idea what any of the above means leads me to conclusion someone else put it there.. lastly i have 8 pages of hidden "startup" programs in registry..

hopefully someone does... thanks :) 
February 23, 2012 3:28:26 AM

a couple of other things: all normal stuff team view remote dektop virus scans ive done adnasium. ive replaced or eliminated everything that has memory or is flashable and changed isp's all at same time and within 24hrs stuff started disappearing or changing. also in device manager tree "my pc is not the highest in the tree" it is a briefcase symbol with name of my pc.. then comes "computer" just a couple examples of many many.. not to mention things like the picture on my account changing or the instant i plug in a thumb drive it gets erased and reformatted.. stuff like that
February 23, 2012 4:06:40 AM

Have you tried buying a new router/ADSL by yourself and configuring it?
And not getting one from any of the ISPs.
February 23, 2012 4:30:30 AM

What happens when you just run Linux? No Windows. How about running Linux no-install, from disk?

The fact that changing you IP address (through ISP) then doing a complete secure reformat and reinstall is pretty suspicious (like the info might be obtained at the ISP). Make sure to flash your bios with no HDDs attached prior to formatting the HDDs. Have you tried hooking the computer up at someone else's house to see what happens? Or is it just ALL Internet at your house that has the problem?
February 23, 2012 4:41:35 AM

What is the medium of installation for the OS on your rigs?
Since you changed everything physically, and even switched ISPs. There are just 2 ways left in which your rig could be targeted, or three actually.
To be able to sniff your rig out in the hundreds of millions out there you need to be pretty unique. Say like your rigs names is Wilma-PC... need to change it to something more random like a mixed string.
Secondly, if you use the same router/adsl which was on the earlier network, that router might be compromised by modifying the flash on it, so even if you changed the ISP the router will still manage to create a link between your rig whatever the uniqueness and the outside world.
Thirdly, if the OS medium is compromised by installing it from a Flash stick or a copied disc, either way, the basic functions could be breached to add certain hidden codes and files while booting the rig itself from those mediums.

Any other device on the network could be already breached and securities left wide open since the "Thing" that is doing this is already inside the house network.

A total flush is what would be required. Even if you have a telly connected via a LAN cable, you need to get ready to realize that it may be infected too.

Phone, HDD, USB HDD, Flash Stick, Telly, USB Printer basically anything that has a read/write data chip on it is susceptible to this sort of infection.
I can't suggest that you buy an entire new set of everything. But getting rid of this is going to be a pain as you already seem to have realized.
Your best option would be to let logic rule, like cornering a rat. Start from one end of the network and then work your way to the main gateway into the house. Do not make the mistake of connecting or linking things that are cured or disinfected or unaffected to the network once you are certain that each piece of equipment is safe and clean.
Once you are certain that nothing is in the equipment, you could go on to linking them one by one and observing at every stage. Carefully and properly.

February 23, 2012 4:52:57 AM

Don't use a router if your modem has an ethernet cable. Just plug the ethernet straight into your computer if you're not doing that already.

Have you done a clean install of Windows (from a fresh download of Windows burned to DVD) after a secure erase, installed all updates and security software elsewhere, then tried to connect to your modem at home? I'm sorry if this sounds obvious, but you haven't explained your testing regiment yet.

I got the Sasser worm back in '04 and re-installed Windows 4 times, merely because I never got around to finding a solution before reconnecting to the network. I guess I was just playing video games and didn't mind the re-installs or something?
February 23, 2012 4:55:45 AM

Well, when I first read the title I was ready to write a joke about being stuck in the PC like Tron, but...
Wow. It looks like your skills are higher than mine, and that hacker really wants YOU for some reason.
My advice: since you've bought some new hardware, I assume you got some spare money. Why don't you ask professional to come over and help? Although, by the looks of it the regular part-time students won't do. You need someone with experience in eterprise security. And that won't be cheap. And hard to find.

P.S. This is the most bizzar attack I heard off. Something really more serious then regular trojan, botnet or an attempt to steal personal info. Good luck buddy.
P.P.S. What's your router model?
February 23, 2012 5:06:15 AM

KonstantinDK said:
Well, when I first read the title I was ready to write a joke about being stuck in the PC like Tron, but...
I really thought it was a Tron-like joke too.
February 23, 2012 5:22:24 AM

the network currently consists of 1 pc 1 firewall appliance 1 gateway thats all..
you can buy a cd for less than 10.00 that will do most of the attack and entry level script for less than $10.00US on many many "hacking" sites that much ive learned. if u use a linux live cd u never enter the OS so u are safe this is why many financial and brokerage houses use for sensitive data transfer there are no resources out there that i can find that help with stuff like this... i agree given the forensic data i have a skilled network person or ethical hacker could probably solve quickly. as of yet ive been unable to find one hence our conversation and my quick education :) ... it appears its going to be a long fight luckily i have lots of stamina
February 23, 2012 5:25:27 AM

i do have some advice if anyone wants... too late for me though #1 disable credential manager IMMEDIATELY !!!!! #2 encrypt drive with 3rd party software... i am pretty confident that these 2 simple things eliminate the possibility of this happening
February 23, 2012 5:25:50 AM

The question still stays, what is you OS medium of installation?
How are you connected to the internet? meaning what is the termination connection of the ISP in your house? UTP? RJ45? BNC? etc etc
February 23, 2012 5:28:54 AM

The actual question is not what the hacker can do with your data, actually, what 'xx' used to do was to use a residential rig or a server to pull off other jobs.... leaving them in a long list of footprints that would not be traced back.
SO the people who usually got screwed were the ones who owned the rigs. The scarey part is that.
February 23, 2012 5:45:47 AM

I was going to suggest Linux live CD too, but it has default root password, and it doesn't contain the very latest updates. So you have to be aware (knowledge! learning curve!) of some basic concepts about Linux, to achieve its full potential as a secure environment. However, if anything that you tried so far (hadware firewall monitored by a security company, fresh Windows install on new hardware) haven't prevented the attacker to take over control, then offline installing and hardening a Linux environment before go online could be a good first line of defence.

February 23, 2012 5:47:37 AM

this is obviously a personal attack. i am a "low value target" and this fool been parked for 45 days thereby increasing his potential for capture these are crimes of the federal level..
the isp terminates with ethernet... no wireless.. the medium is more than 1 physical cd for operating system never downloaded copied or burned by me..
February 23, 2012 5:51:51 AM

he or she also visits this website by the way... that im sure of...
February 23, 2012 5:55:42 AM

:) 
Yes, he does, that's for sure. So you're on an Ethernet end.
First step. Permanent IP?
Make and model of the Router it is plugged into?
February 23, 2012 10:00:15 AM

I would suggest you keep a notes on how much $$$ this attack has cost you and present these in court for recovery when the authorities catch this guy.

You think he/she has posted in this thread?

February 23, 2012 10:04:04 AM

No, I don't think he'd post in this thread, but , yes, I do agree that he would have visited Toms.
February 23, 2012 10:27:27 PM

he/she has read this thread because a copy of it was sent to my phone recently :) 
February 23, 2012 11:00:13 PM

lilronj said:
he/she has read this thread because a copy of it was sent to my phone recently :) 


WHAT THE HELL?! This is so weird..

Purchase a 3G USB modem. Try connecting through that.

Flash all modems/routers with the latest firmware.

Scan for Rootkits mainly, and other malicious software.

Keep an eye on your bank account too. But do so through other means such as through a mobile phone or other device.
February 24, 2012 12:01:47 AM

AidanJC said:
Flash all modems/routers with the latest firmware.

Keep an eye on your bank account too. But do so through other means such as through a mobile phone or other device.
Have you flashed all hardware while disconnected? Don't use anything other than your motherboard to connect straight to that ethernet connection since your hardware firewall isn't helping anyways.

Get your service provider to change your phone number and buy a $15 disposable Walmart phone to drop a new SIM card in.

Physically go by your bank and alert them of the situation and have them increase security measures and change the security checks since this person obviously has your SS# & DOB.
February 24, 2012 2:03:04 AM

lilronj said:
he/she has read this thread because a copy of it was sent to my phone recently :) 


OK. This is cool, now if you still have that message on you, take it to the cops & get to the FBI's notice. That ought to get them closer to the guy.
Cell phones work in a different way than computers so, it's easier to get to the point of origin for a cell than that of a computer.
February 24, 2012 2:05:33 AM

Oh! and if you know he's visited this particular thread, then it's pretty much a waste of time discussing how to secure your rig in front of him.
February 24, 2012 2:13:17 AM

do you stil use net bios on your system list of computer ports http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_n... wouls suggest you to get a new router with wpa 2 and firewall protection and use al least a capital letter and a number in your password setting also change all the name of your home computer with new ones

the next thing try one of your computer on wireless so you could find if there is someone around you try to connect to your system

make shure all machine are clean before you connect back to the net dont forget to check all your cell if you use them for internet connection

i still around if you need more help

February 24, 2012 4:15:03 AM

i am pretty confident somehow ive been made a part of someone's virtual or real network what i want to do is figure out how to break off it. this person has had access to me for over a month at least.. has created and stolen the credentials manager from my machine.. there isnt much they dont know at this point.. believe me when i tell i fully understand the pain in the A** this is..
February 24, 2012 4:31:37 AM

What steps (detailed) have you taken to clean your system and change your network identity?

That's what's gonna "break off" of that person's virtual network.
February 24, 2012 4:51:46 AM

dalauder said:
What steps (detailed) have you taken to clean your system and change your network identity?

That's what's gonna "break off" of that person's virtual network.



1. stripped the network down
2.built new pc complete
3.replaced modem
4.installed firewall appliance
5. changed isp's
6.no wireless or usb connectivity not even keyboard no storage card in phone
7. configured firewall using conventional methods. i.e. i got online and configured.
(all this done same day) after many many previous failed attempts to exterminate this pest
8. transfer to new cell phone carrier

network breached within 12hrs.

1.turn over management console and configuration of firewall to remote secure pc. (cant be keylogged on my terminal)
2. monitoring center indicates continuous attacks from a lone i/p out of bejing both on firewall and management console login (state the firewall is turning all attacks away)
3. file movement and obvious manipulation of my rig slows down
4. in device management tree the highest element is not "computer" it is a briefcase with the name of my pc on it
5. strange .ini .dat .txt documents pop up now and then
6 unable to access some aspects of event viewer

strange *** like that


February 24, 2012 5:38:04 AM

Strange--I would have expected your initial steps to work considering none of the hardware or network information is the same. Really, that's almost inexplicable.

I mean there is no reason to target you a second time since neither the computer or network info are identified the same. The only explanation I can think of is: proximity.

You must have a very fast LAN-like network with the PC in question. Do you live in an apartment building?

Have you considered the "rats abandon a sinking ship idea"? Set up some software that sends constant pings or something else that completely bogs the network down. If your computer is useless or can't reliably be accessed, it won't be targeted--unless annoying you is the purpose of this whole thing. You wouldn't happen to have a roommate who's a CS major who you pulled the "buttered floor" trick on, would you?

Sorry to be joking, I get that this is a serious matter for you. But it almost seems like a personal vendetta since the only thing linking your old system with your new one was YOU--unless you accidentally plugged in a flash stick or something that hadn't been secure erased.

How does your system work if you plug it up to ethernet somewhere else? Does the same thing happen to laptops on your network? Because you can try comparing your laptop at home versus your laptop at Starbucks.

I still think you should try re-flashing, secure-erasing, and re-installing from the start without any of the extra stuff like the hardware firewall, routers, or modems hooked up. Then after everything is updating, plugging the ethernet cable straight into your motherboard. But you've probably tried 20 permutations of that including Linux.
February 24, 2012 6:04:23 AM

If he's bold enough to use the cellphone for direct contact, maybe we'll be fortunate enough to having him here.

Hey, man. Why don't you tell us, what's your beef with lilronj? Did he piss you off in the supermarket? Is he your noisy neighbour who can't let you sleep? Did he tell you off while in the middle of a road quarrel?

Oh, and since you're here anyways, let me ask this: why are you still working the firewall (with a brute force attack, no less), when you have personal control over the computer inside the firewall?
February 24, 2012 9:26:21 AM

BTW, can we get a pic of your hardware info with the briefcase you told us about? (just remove your computer name).
Also, I think you got kidz in the house, since u got 3 PCs. During this time they don't touch it?
I guess it's rather personal, how else could he get your cell. Or smth. in local network is still compromised and screws up your PC. But if it's personal, why he just didn't erase everything on your PC? I understand you can still use your PC to work, not just locked out on the logon screen. And still, the cell.. Did he just send you SMS with a weblink to this tread?
P.S. We also didn't hear the make of your router and if you have wifi on it.
February 24, 2012 9:36:16 AM

"take´╗┐ a stress pill and think things over" -HAL 9000
February 24, 2012 11:29:32 PM

confish21 said:
"take´╗┐ a stress pill and think things over" -HAL 9000

^+1
It's quite likely that you overlooked something.
!