[SOLVED] Serious Advice Needed.

[steviep1992]

Let me start by saying that this is, in no way a joke, exaggerated or made up in any way.
We (myself, partner and children) are in no way experts on this but do have some knowledge as we are getting extremely desperate now and have nowhere else to turn....
"IT" started roughly around the april/may time of this year. by "IT" (for lack of knowing who or what or how) i mean the entity/group/persons/programs that have been pillaging our data, private & sensitive information, removing every permission known to any OS, taking over the Hosts files of every paid security software on the market. We have tried installing clean, legit OS elsewhere away from the house, also with brand new Ram, HDD's and even totally new devices alltogether, yet their hidden folders, scripts, commands and programs remain.
From what we have been able to gather (before we become stuck on the desktop with only the recycle bin and no permission to enter it) "they" seem to use a unix based system to remotly access us. like i said we are no experts and dont claim to be, but we no longer have wifi or any sort of internet access, we have new devices, new sim cards etc. all kept in flight mode. them bam. we lose control and they are no longer our devices. they take all the legit OS programs and replace them with shortcuts only which are not accessible due to the permissions i think. The main alias' seems to be "TrustedInstaller" "nobody" "Administrators" "S23887267877856883" "remote" and so sooo many more accounts. "they" have never made contact or asked for ransome in anyway shape or form, we have literally no idea where it came from of what it is or even if its removable. i wouldnt be suprised if they edit this text by the time im done typing it seeing as they have taken root on my smartphone.
im not here to moan if thats what it seems like, we have just really, really, REALLY had enough of this and just want it to stop and would take any advice or help anybody is willing to give. please. we have nowhere else to turn. even the police cant do anything without IP adresses, even with multiple sucsessful attemps on both our bank accounts, the kids tablets programmed to take photos, "google"isnt google, almost seems like a cover put over the real google to re-direct us. i dont know .
its just the fact that its making us lose our minds a little now i think. we go to show people, family&friends etc and the dodgy folders files, system aps and login attemps have literally vanished. its like they are listening to us and getting one step ahead all the time.
Every person we have spoken to like pc shops/specialists etc just kind of shrugs us out the door.
please, any insight into what this is or how to stop it would mean so much!
ThankYou.

 

[rgd1101]

unplug from the internet. backup your data. do a fresh os install

 

[steviep1992]

Thanks for reply, but we have done this over and over. New HDDs new ram and new devices alltogether

unplug from the internet. backup your data. do a fresh os install

 

[rgd1101]

sound like is something you installed.
Where the os installation from?
what else did you install?

 

[steviep1992]

Windows OS 7,8 and 10, all direct from Microsoft. OSX high Sierra, direct from apple. I even have a legit win 7 install disk that has has the files edited somehow! I saw on my phone earlier the path /vendor/overlay/storage/emulated/0/gallery this is the path to all my stuff. It's so weird it's like a veil has been put over everything to make it look legit. Either that or I'm literally going insane

 

[steviep1992]

sound like is something you installed.
Where the os installation from?
what else did you install?

+ We don't get enough time to install much else before we have 0 permissions to do anything. Even before it all started we only used legit programs etc. Never messed with the dark web and always had security

 

[Ralston18]

What security and antivirus software have you been using?

Wondering:

" yet their hidden folders, scripts, commands and programs remain. "

" the kids tablets programmed to take photos"

"have been pillaging our data, private & sensitive information"

How do you know that? What specific facts are there? Not asking for the data etc. per se. Just exactly what happens...?

Likewise, what leads you to believe that a unix based system is being used?

And just seeing a path on your phone does not mean that people have access to the data at the end of the path. Most devices use common paths as a means to structure and locate data.

Overall, what you are describing and experiencing would take a great deal of time and effort to impose. Only you know if there would be any reason for someone to target you and your family with such attacks.

No contact or demands for ransom implies that the intent would be simple harassment.

Multiple successful attacks on bank accounts: what was actually done and have you talked with the banks?

Reading your posts leads me to believe that you may have a very mixed network environment of devices and connections.

And likely some general configuration (or mis-configuration) that is not really providing the necessary safeguards that your devices and network should have. Especially if kids are involved and using any and all devices to play games either on or off-line.

I second @rgd1101's post regarding a fresh install. Start with one clean system.

Do not immediately connect to the home network or internet. Configure one admin account, one standard user account. Stay with Windows 10's firewall and AV (Defender). Let the clean install system sit - nothing will change.

Changes will start happening once connected to the home network and even more so to the internet (updates most likely). Expect and understand those changes. Windows 10 updates, Windows Defender updates, etc..

Other suggestions: Simplify your devices and network. Move away from older versions of Windows. Review parental controls on all devices. Do not give kids the passwords - ensure that they do not get the passwords by watching you enter the passwords. No downloads allowed without your explicit approvals and supervision.

Familiarize yourself with default settings and configurations. Updates and reinstalls often restore/reset things back to the default values. Keep careful track of User accounts and rights: know who is who and what they are allowed/permitted to do.

And be sure to keep reading and learning about "IT". And not from random online websites. Learn about hardware, software, peripherals, and networking. Just some basic understandings will help figure out what is truly going on.

 

[failboat]

If you add new devices and they are getting infected it's something you're doing on them. Nearly everything blocks inbounds by default so I would seriously doubt anything is breaking in. Some software or site you're going to could be doing it. Another infected device on your network could have packets redirected to it. esp your router. Try and DNS leak test. Your DNS should be your isp or if you setup google or cloudflare one of those. This could allow your webpages be redirected to somewhere that tricks you into executing something or steals your passwords.

 

[kanewolf]

Start with basic network security. New admin password for the router. Disable UPNP and WPS on the router. New password for the WIFI. Ensure you passwords for everything are 12 or more characters. Upper/lower/number are recommended but not required. Password length is more important. Ensure that the admin and WIFI passwords are unique. Here are some basic rules for passwords -- https://its.lafayette.edu/policies/strongpasswords/

 

[steviep1992]

Guys thank you for the replies. Very much appreciated. Although I completely agree with what your saying, I'm am 100% retain this is not normal OS behaviour I have a screen recording from my phone that would maybe explain things better than I can if I can upload here? Like I said we are in no way experts but we do know enough to correctly secure a home network/devices etc. For the past month or so now, we have no network, no WiFi, no internet connections. At all. brand new, out of the box devices and OS (windows 10 pro to be precise) And it still carries on. I've now paid for McAfee,. Bitdefender, East and Norton. All of which have been corrupted after clean offline installs so I gave up with security. Part of me still wants to believe I'm imagining this. I've lost control/access from an iCloud, 2 Gmail accounts, cloud drives with endless amounts of priceless photos of the kids as babies etc. The banks, my partner has had email confirmation of eBay purchases delivered to Poland, Germany and China I think, I've had now I believe about 20-30 google play purchases taken from my bank for "subscription services" which I literally do not have. I fully understand how over the top and paranoid it all sounds but being a person who likes to spend as much time as possible at a desktop, I just know this isn't right at all.

 

[Ralston18]

Report the google play purchases as "unauthorized" to your bank. You may be refunded.

Report potential fraud to your credit card companies, banks, and other financial institutions. Lock down accounts and credit cards that are rarely used.

That should bring about some additional scrutiny regarding any transactions made via your accounts and subsequently make further efforts more difficult for the perpetrators.

Set up transaction flags on your accounts so you will know when transactions of certain monetary amounts or types (withdrawals) are executed.

Home network:

Reestablish your network as bare bones as possible using the additional security measures suggested by @kanewolf.

Try Glasswire on your desktop. Use Glasswire to monitor the network - you may discover something that will add insight to the situation. E.g., one particular device doing lots of "talking".

https://www.glasswire.com/