Hacked: Rootkit, need Secure Security Layer Advice

Status
Not open for further replies.
Joined
Jun 24, 2004
Messages
2,937
Location
St. Louis
It all started when family member could not find email folders in the AOL email folder browser. I recommended calling AOL since they pay monthly fee. I was asked to help as Tech Support was scanning computer. Several windows were open checking the computer (looked like terminal in Linux. I am not that computer literate so do not know proper name).

I could see in the window my IP address and how it was being blocked. I was told there was a foreign IP. That there was a rootkit. I was told the ESET installed was a good program and would not fix the problem. They were going to refer me to Tech Share Point to resolve issue for the cost of $329.99 for 1 year. Said I needed SSL (Security Socket Layer) among other things. This is all new to me. I am at a loss as to in knowing the best way to proceed. This almost seems bogus, like those Tech calls you get to fix your computer. Thanks!




Tech Share Point
 
The thing is I just called the AOL customer support number that was called. It was legit as far as I could tell. So you are saying the scam is coming from AOL?
 
Originally Posted By: bubbatime
You screwed up. Its a scam. And you called some scammer, and allowed them into your computer, where they likely will never fix it for you until you pay their ransom. AOL doesn't operate in that fashion.

https://en.wikipedia.org/wiki/Ransomware


I called the AOL number and you first get a message that they are working on email issue. Checked email and the folders are back which was the original issue. Computer is working fine. There is no ransom. As far as AOL not operating in this fashion...? If you use their browser for email you now have a fee and as soon as they came up with a new user agreement prior to becoming part of Oath my AOL email has been buggy and I don't even use their browser.

Yahoo and Aol are part of 'Oath'
 
Originally Posted By: bubbatime
You screwed up. Its a scam. And you called some scammer, and allowed them into your computer, where they likely will never fix it for you until you pay their ransom. AOL doesn't operate in that fashion.

https://en.wikipedia.org/wiki/Ransomware

Well now that's a little condescending.....

OP, format, reload your software, get a decent anti-virus/malware suite and move on, if indeed it is not an AOL issue.
 
Last edited:
Good thing an Indian scammer didn't syskey you. Then you're screwed.

In this case, easy way out is to reformat, install Microsoft Security Essentials for Windows 7 - I think malware protection is worthless but it's better than nothing on Windows(MSE doesn't hog up CPU cycles like Symantec or McAfee does). Ask your family member what they need to have and then lock things down. If the computer is made in the last 5 years, Windows 10 is a huge improvement over Windows 7 when it comes to security, even though Microsoft ended the free upgrade to 10 sometime last year there is a loophole to use a legit Windows 7 key to activate it.

You can also try running this for now to see if anything can be removed: https://www.bleepingcomputer.com/download/combofix/
 
A little more info. She did call AOL number and did not want to wait 25 minutes to wait. They said she could go to AOL web page and chat for support. After chatting that is where Martin Johns installed a program to remote her computer. I have an image of Windows 7 on another hard drive. She is also talking buying a Mac in future instead going Windows 10 route. I advised her to change all her passwords to accounts. The thing is computers are overwhelming to her so once I get the green light I can proceed.
 
I would consider AOL to be about in the same boat as Indian hackers. Wouldn't trust my data with either. I didn't know people actually still pay for AOL? What are you paying for?
 
Originally Posted By: tmorris1
I would consider AOL to be about in the same boat as Indian hackers. Wouldn't trust my data with either. I didn't know people actually still pay for AOL? What are you paying for?


I think it is $4.95 per month to use Their browser for email which was kinda ransomeware. One day they said pay the money or no AOL browser emails for you.

I ran ESET it found nothing. Malware Bytes and McAfee online rootkit scanner: nothing. Ran ComboFix and now have 21 pages of print but no understanding what it means.
 
I would cancel that right now. Plenty of free email that is much better and more secure.
 
Originally Posted By: tmorris1
I would cancel that right now. Plenty of free email that is much better and more secure.


Not my decision. This person started with AOL in 1995 and they plan on using it to the grave. I am sure AOL will learn a lot about security since they are combining resources with Yahoo.
whistle.gif
 
You have been hacked by the people that you call for help.

It has happened to my friend when her computer was infected.
Call McAfee, they asked to pey them money to try to erradicate the virus.
Needless to say, I helped her for free as a friend.
I just ran the bootable version of Kaspersky and Malwarebytes.

Find somebody locally, who can have access to the computer to help you even if you have to pay.
This remote help, may be a hack job.

JMHO.
 
Last edited:
Originally Posted By: MONKEYMAN
Originally Posted By: tmorris1
I would cancel that right now. Plenty of free email that is much better and more secure.


Not my decision. This person started with AOL in 1995 and they plan on using it to the grave. I am sure AOL will learn a lot about security since they are combining resources with Yahoo.
whistle.gif


My point exactly. All AOL was good for was supplying me free floppy disks in the mail in the 90's.
 
Get on your own computer. Click bottom left on the round earth globe looking thing with 4 color Microsoft symbol. Type CMD in the search box at the bottom. Type "email hacked !!" on the command line that opens up. You'll get the same exact response as shown in your picture above.

The "tech" just typed in some scary words on the command line and hit return.

Type in Buick hacked !!

You'll see "buick" is not recognized as an internal or external command, operable program or batch file.
 
So it looks like she allowed him to have access. He remotely controlled computer using GoToAssit. He did have a nice disposition and Indian accent. It was freaky when he was remotely going into Netgear router and showing me my wireless password. That is the main reason to replace router. It is pretty old and slow anyway.

Since I am flying blind so to speak, I just bought a new router from Microcenter. I will install that and reformat her computer. Done it many, many times. Using AOL browser has always been a pain support wise for. I always tell her it is recommended to stop using that browser but the response is always no. When a lady say No, she means No.
grin.gif
 
Originally Posted By: MONKEYMAN
A little more info. She did call AOL number and did not want to wait 25 minutes to wait. They said she could go to AOL web page and chat for support. After chatting that is where Martin Johns installed a program to remote her computer.

This sounds to me a possible place where the "disconnect" might have occurred. And Leo99 makes a very, very valid point about social engineering.

If someone is using their computer for general email, browsing, and online purchases/banking, there is absolutely no reason to be using Windows. The risk of malware and social engineering goes down significantly with a Linux package, and Firefox on Mint is essentially identical to Firefox on Windows, for example.

For their little itemised list of chores costs, you can accomplish all that with a Mint or Ubuntu DVD in under half an hour for zero dollars, well, the cost of the blank DVD. However, if someone has chosen to marry themselves to AOL permanently, well, they signed up for a lot of aggravation for nothing.

Note that just about any tech worth his salt here or elsewhere will be rolling his eyes at the mention of AOL and the first recommendation will be, invariably, to ditch AOL. If I were being asked to help and they refused to ditch AOL, I'd wash my hands of it on the spot.
 
Originally Posted By: MONKEYMAN
A little more info. She did call AOL number and did not want to wait 25 minutes to wait. They said she could go to AOL web page and chat for support. After chatting that is where Martin Johns installed a program to remote her computer.


If her DNS settings were corrupted "AOL.com" might not have been "AOL."

You are right to wipe, reformat, and change passwords.
 
You are preaching to to chore regarding ditching AOL. No luck or cooperation. Trying for years. She is thinking of get a MAC so that would take care of the bad browser.

Working on wipe, reformat, and changing passwords now.

It took 30 minutes for her to change one AOL password. During that time I was asked for help twice and got a "your making me nervous looking over my shoulder". Later she called me back when she got stuck. It is going to be a loooooong night.
 
Status
Not open for further replies.
Back
Top