Question Hacker took control of everything

[hatemicrosoft11]

I noticed activity on my pc, tweaked with tasks and etc, got someone to try to save all of my data, got him writing some microsoft learn feedbacks and being in teams on the same PC I was yet all of his actions were hidden from me. He eventually kills my drive booting from which leaves me with no operating system message. I see like parental activity on my IPhone as well, he was controlling the phone not to mention the Icloud as well. I then look and notice that his spyware was on my second PC in the network as well. I tried to seize everything by creating a Microsoft account to control his user on my pc and all of the data. I do that and manage to act from his firefox profile where I see all of the microsoft learn aka azure sh1t with like privacy agreements, his feedbacks and descriptions of data taken control of. It was all under Onedrive where I later got his "file safe" directory in the folders, along with 4 other folders that had something to do with my pc's contents.
He then got control back and logged me off my admin password and windows hello stuff. The microsoft account i 2fa protected got pass changed and my phone never receives the codes for unlocking yet is still connected to the account. I then attempted to remove him from my Iphone by lockdown and several resets. I reset my second pc he got hold of today, and while i was setting up the languages and regions I get user login with all of the same stuff. Like he created a new user with passwords keeping me away.
I get on my tails and am able to see the partition with all of the files that my bios says is dead and has no os. What can I do to remove him completely now, and what files do i look for saving

 

[USAFRet]

Save nothing.

Full wipe and reinstall, not a simple "reset".

All of your username/passwords...rest those from a known uninfected system.

 

[USAFRet]

I get on my tails

Please describe exactly what this means.

 

[punkncat]

Yeah, this sounds a whole lot like the script of several movies....

Did this individual have physical contact with you, your location, your PC and phone, or was this all through the internet?

A virus? Perhaps so, and more likely that you introduced it to your devices yourself unless the above is true.

 

[hatemicrosoft11]

Save nothing.

Full wipe and reinstall, not a simple "reset".

All of your username/passwords...rest those from a known uninfected system.

well i did that but got him create a user before i could. it was a full erase. i want to take control of some data he left associated with him and his onedrive

 

[USAFRet]

well i did that but got him create a user before i could. it was a full erase. i want to take control of some data he left associated with him and his onedrive

Redo it.

This time, with the ethernet cable physically disconnected, or WiFi turned OFF. (turned off at the router, if necessary)

 

[hatemicrosoft11]

Yeah, this sounds a whole lot like the script of several movies....

Did this individual have physical contact with you, your location, your PC and phone, or was this all through the internet?

A virus? Perhaps so, and more likely that you introduced it to your devices yourself unless the above is true.

well here i have my disk where everything shouldve been like it was left. navigate me to anything that would prove this, any file or directory

 

[hatemicrosoft11]

Redo it.

This time, with the ethernet cable physically disconnected, or WiFi turned OFF. (turned off at the router, if necessary)

why does it say no os tho? all files are still present on the drive

 

[USAFRet]

why does it say no os tho? all files are still present on the drive

Whatever is currently on the drive is completely irrelevant.

You are booting from a properly constructed USB,m and doing a full wipe and reinstall.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

If you are going down some other path, please inform us.

 

[hatemicrosoft11]

Whatever is currently on the drive is completely irrelevant.

You are booting from a properly constructed USB,m and doing a full wipe and reinstall.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

If you are going down some other path, please inform us.

i am actually more interested in advice on getting the files that allow me to see how it was all possible and by what was the os controlled

 

[USAFRet]

i am actually more interested in advice on getting the files that allow me to see how it was all possible and by what was the os controlled

That is a topic far too complex for a simple back and forth Forum discussion.

I sincerely hope you're still not using this system, and whatever password protected accounts were on it.

 

[hatemicrosoft11]

That is a topic far too complex for a simple back and forth Forum discussion.

I sincerely hope you're still not using this system, and whatever password protected accounts were on it.

i access the system file directory from tails on my usb

 

[USAFRet]

i access the system file directory from tails on my usb

"tails"...as in the Linux variant?

 

[hatemicrosoft11]

"tails"...as in the Linux variant?

correct

 

[USAFRet]

If you wish to start down this road.....

We'd need a list of every piece of software you've ever installed on this system, along with where you got it.
And for anything other than actual freeware, how it was licensed.
Including your OS.

 

[punkncat]

What is this hacker asking from you?
Are you in an industry or government position that someone would want to ruin your computer and get into your phone like that for no reason other than to vex you?

If you truly suspect that "some individual" somewhere is controlling your computer and doing things to your equipment there would have to be some manner of reason for doing so (in most cases) and there are systems in place for reporting said with your employer, law enforcement, and so forth.

If you cannot understand the options that have been made available to you, take these devices to a professional.

 

[craigss]

Firstly disconnect the router from the internet ie pull the plug login and disable wifi and restart the router.
Then change the username and password of the router AND the admin password you can boot off a linux usb live if required but unplug any and all drives associated with your other system such as NVME or usb drives, if you have a NAS also unplug it, so you have just the basic motherboard and CPU, I always disable all other router users other than admin and am confident my passwords are secure, make sure you have all open ports closed ie no forwarding.
Use file explorer in the live usb and recover whatever personal files you need from the drives and then secure wipe them be careful with PDFs and exe files, and then reinstall do all this without logging on to the internet.
Hopefully you didnt have any Warez or cracked games etc installed if you did its now time to lose them, when you reinstall before you connect online ensure remote connection is disabled on your Windows install and your firewall on both the router and the PC are on.
I cannot stress enough that NAS are often compromised make sure you also change the login details for that before you go online and revoke all permissions again you may need to wipe it once you have recovered personal files such as pics etc.
Preferably download the live USB files on to a new USB or securely wiped one from anywhere but your home network, go into an apple store and ask them to change your login details on your apple accounts. again dont use wifi on your phone until the router is secure and the apple account has changed delete old accounts you no longer use.
If all that fails leave the country and next time be careful that you set up proper sucurity on your PC and network.
How did they do what they have done? Because you didnt have proper security in place simple or you downloaded cracked software/porn chats/flash games etc.

 

[sitehostplus]

i am actually more interested in advice on getting the files that allow me to see how it was all possible and by what was the os controlled

If you really, really want to do this, then simply remove the old drives and just store them somewhere to do a dissection later on when you have the time. Then put new drives into the machine and reinstall all OS and other stuff there.

Here's the problem: almost any machine you put those old drives on runs a very, very high risk of becoming infected. So you will need to put those drives on a machine you don't care if it gets infected. And you don't want to hook these bad boys or any machine you are looking at them on onto your current network.

So you will need to go to someplace like Best Buy, or Amazon or whatever computer store floats your boat, and buy a laptop of some kind that you won't care if it gets infected, and use that to examine those old drives. You will also need to take a trip to somewhere with free wifi to do your examination.

If that sounds like fun to you, go for it! I wish you great luck in your holy grail quest, but be careful!