Why do I keep getting hacked?

ejaggers · 16 Feb 2024

I’ve been hacked several times and need to find the best defense.

The last two times, the hacker got in and did the following:
• Changed Amazon’s login credentials (email address/cell phone) which is used for two tier security.
• Changed wife’s email password (so she wouldn’t see the Amazon alert).
• I think he turned off window auto update but I’m not sure.
• I think he may have done something to the OS to keep security U/D KB5034441 from installing. Each time I try I get error:
0x80070643. I had Geek squad try to install it, but they weren’t any help.
• Time before last, he renamed MS Edge exe to msedge1.exe, and this time to msedge.....exe, but the browser still works
somehow.

He hacked Amazon and tried to buy something but failed.
Amz restored my account and the next day he hacked it again even though we changed the PW.

So, what I intend to do is:
• Change my router DNS name (is this necessary?)
• Change my router DNS PW.

Neither Win Defender nor Geek squad found a virus, so I’m confused on how they keep getting in.
I also have Malwarebytes (free) and SUPERAntiSpyware (free).

Questions:
• So what else can I do?
• Will a VPN help?
• Is WIN corrupt preventing the U/D?
• Is it possible to have a Trojan that is undetectable?

Thanks,
057912

Samuria · 16 Feb 2024

Download Farbar Recovery Scan Tool down load the right one 64 bit run it it produces two files post both on here

Ghot · 16 Feb 2024

Probably has nothing to do with your problem, but I just saw this today...

DOJ quietly removed Russian malware from routers in US homes and businesses | Ars Technica

ejaggers · 16 Feb 2024

Samuria said:

Download Farbar Recovery Scan Tool down load the right one 64 bit run it it produces two files post both on here

What does this tool do?
Win Defender won't allow me to run this:

Samuria · 16 Feb 2024

just let it run it finds all malware virus etc and gives a report used by beeping computers the top site for removing malware etc

hroldan · 16 Feb 2024

ejaggers said:

Questions:
1. So what else can I do?
2. Will a VPN help?
3. Is WIN corrupt preventing the U/D?
4. Is it possible to have a Trojan that is undetectable?

1. It is very difficult to give you medicine without knowing what's failing; the usual is going to the basics and then up from there, like... reinstalling everything from scratch, and changing all your passwords. Parts of this procedure should be performed offline as much as possible. During this stage you may also need to use an alternate internet connection, like using just your cell phone hotspot, or a careful configured repeater where you can see ALL the incoming and outgoing requests to check if there is something weird.

But then again, it's difficult without knowing what software you have installed, or what's on your personal files because if the problem is there, once you copy/install those again, the vulnerability comes back.

2. Yes, but not always, it depends on the kind of problem you have.

3. It is possible, or most likely. I would follow #1 above. And try to avoid wireless, use wired as much as possible, always with a personalized router configuration (don't keep whatever the company puts there).

4. Yes it is. You may need to check the names AND LOCATIONS of all your running processes. There are times when (example) a particular non critical process consumes more energy, memory or CPU, and turns out the original file was replaced with a custom app, this may be very difficult to diagnose.

Added: a virus, or a trojan, etc, it's just a program, and there is no universal way to identify it. Diagnosis can take place due to specific characteristics or behavior, that's what makes it difficult.

dalchina · 17 Feb 2024

• I think he may have done something to the OS to keep security U/D KB5034441 from installing. Each time I try I get error:
0x80070643. I had Geek squad try to install it, but they weren’t any help.

That's a very widely known problem - just search this site or the internet in general for the KB number and error number. It's related to your Recovery partition. MS is said to be working on a fix.

• I think he turned off window auto update but I’m not sure.

a. If it's working you should get an update notification each day as you say KB5034441 is failing.

b. Go to Settings. Do a manual check and see if that works.

c. Go to the Store, Click Library, Click Get Updates. See if that works.

• Is it possible to have a Trojan that is undetectable?

Yes.

Note:
If you used 3rd party disk imaging (to offline storage) regularly and you became aware of some sort of actor affecting your PC, you could restore your PC to as it was before this started if you have an image which you created before that.

The routine use of 3rd party disk imaging is endlessly recommended.

=======
Has anyone else had access to your PC?
Have you given anyone remote access to your PC?
Have you been visiting dubious sites?
Have you opened suspicious emails?

Note: a VPN will not protect you again the last or anything you download.

Samuria · 17 Feb 2024

We are waiting for the scan logs which will tell us any problems to stop guessing and get facts

ejaggers · 18 Feb 2024

hroldan:
Thanks for addressing my questions.

dalchina:
Has anyone else had access to your PC?..................just me and my wife
Have you given anyone remote access to your PC?.........................geeksquad after the breach though
Have you been visiting dubious sites?............................no
Have you opened suspicious emails?..............................no

Samuria:
I just got back in town and will continue to address tomorrow.
My OS won't let me install it. (see post 4)

Daymin · 19 Feb 2024

System Restore ( if you made a backup already y )
Maleware Bytes Premium Mode.
if you have Pro post 21H1 then there should be Advanced mode in Edge, if not then checkout updating edge.

Otherwise get Vbox or VmWare make a virtual machine ( you could also activate Window features sandbox ).
Use whatever OS or sandbox to run your Browser in via online. In fact I am considering going full Ubuntu ( Linux ),
altering the Ubuntu desktop to my pleasure, and then running Windows 10 inside a VMware machine. Because
Linux is built on the idea of Internet Security, and while you need to memorize passwords and what nots like if it
was 1991, it is a lot better then using Windows and hitting a landmine