My computer is being controlled by remote host using powershell wmi

[Tyfahra]

I can't remove the management snap ins or disconnect from the remote host.
This is my personal home computer.
I just want to connect to the internet. The route shows I am connected to a spoofed network
then the internet. In otherwords all my communications email voip go to this host network.
Not only do they control my pc and home phone. They are able to influence my life in many ways. for example I am only allowed to email certain people . and only certain people are allowed to email me. if I try to meet someone online im only allowed to meet whoever the remote host wants me to meet. I know what services are supposed to run and what services are not needed. because I like to play games on my pc.
I don't need windows biometric service running and there are at least 50 services I don't need and can't disable.
I don't want my pc to allow remote connections at all. Please help.
I'm scared. I try to fix but always get messeges like access is denied.

 

[paul1149]

I would hit f8 after the bios splash screen and try a system Restore Point. If that doesn't work, you could try to bring up MSCONFIG at Start/Run and look at what's autorunning at startup. Go to the Services tab, check "hide MS services" and see what's autorunning there.

If none of that works I would burn a Kaspersky boot disk and do an offline malware scan.

 

[RolandJS]

Paul, I can't remember where, but, there is a place where OP can turn off all remote access ability, do you remember where?

 

[paul1149]

At CP / System / Advanced System Settings / Remote there's a check box. But I'm not sure if it only controls Windows' built in remote control or third party progs as well.

 

[Ztruker]

How about this: http://www.sevenforums.com/system-s...cess-apps-services-post312121.html#post312121

 

[paul1149]

The more I look into this, the more my suspicions are confirmed that the Remote setting pertains only to "Remote Desktop Assistance", Windows' own built-in help desk prog. And this post would seem to confirm that: http://www.sevenforums.com/2580551-post2.html

So don't count on this setting to prevent most malware from doing its thing.

 

[HammerHead]

Disable ISP

Would it help while looking for the problem to disable your modem/router? So You have no connection to the outside.

 

[Maltesespace]

In this situation I would recommend a full diskpart clean (this has to be done when booted from a Win7 disk, then reinstall. This will ensure every bit of crap is gone and you start fresh. If you need Windows 7 install media, download using this, on a clean PC. (Get your product key from the sticker on the back/bottom of your PC)

Backup sensitive info but do NOT restore to the clean install before you scan it for malware with Malwarebytes or Superantispyware.

Cheers

 

[Tyfahra]

I tried to reinstall windows but the hackers used a special program called sonic burn or something like that. Anyway my retail win 7 home premium 64 bit disk has been changed and when I do a clean install it loads a revised windows 7 with all hacks installed. I'm going to have to contact Microsoft to ask for some new disks. I've lost all my files and pictures I've had for over a decade. It's been a aweful experience and I don't even like using my pc anymore.

 

[groze]

I tried to reinstall windows but the hackers used a special program called sonic burn or something like that. Anyway my retail win 7 home premium 64 bit disk has been changed and when I do a clean install it loads a revised windows 7 with all hacks installed. I'm going to have to contact Microsoft to ask for some new disks. I've lost all my files and pictures I've had for over a decade. It's been a aweful experience and I don't even like using my pc anymore.

@Tyfahra

You shouldn't have to get a new dvd for windows 7 retail. That should be unwritable.

I hope you can understand me. I am going to give it a shot.

If you want try to save your pictures. Use another computer, download a Xubuntu live cd/dvd. It might take some time to download do to a new release is coming out on April 23, 2015 write that iso to a dvd/cd. After that is done put the CD/DVD in the other computer. Choose try Xubuntu. Open terminal (Looks like a command prompt).

sudo apt-get install clamav
sudo freshclam (this will take some time to update)
type sudo fdisk -l to see what the windows partitions are
Mount windows 7 partitions they all should be on the Xubuntu desktop, right click mount. It may already be mounted. Do the same for all drives on the desktop that are not mounted.

Type mount and hit enter.
Look for something similar for each windows drive
dev/sda1 /media/liveuser/win71

clamscan -ri --remove /media/liveuser/win71
clamscan -ri --remove /media/liveuser/win72
clamscan -ri --remove /media/liveuser/win73
clamscan -ri --remove /media/liveuser/win74



If that works and cleans the files.

Only if clamav cleaned theses files

Now, look in again in the windows 7 drives on the desktop and see if you can find your photo and files.

Plug-in a usb flash drive

Copy your files & photos to the usb drive

eject the usb flash drive by right clicking the drive icon on the desktop.

Eject the dvd-remove disk and close drive.

Push and hold power button. Till it shuts off.

==============================================

Now if you think you have lost all your data anyways. Disregard what I said above. On the computer that is having the issue. Insert the windows installation disk. Turn off computer-Push and hold power button. Till it shuts off. Now, boot up to the windows 7 installation disk. This could take up to 48 hours or more. When you see the installation screen hit shift f10. In the command prompt type diskpart and hit enter. Now type clean all and hit enter. (This will erase all data and zero out the drive). Check every few hours to see if it is done. When it is done. Turn off computer by holding the power button. Now, turn the computer it should start the windows 7 installation disk, then install windows from there.

 

[Tyfahra]

Thanks but as soon as I plug in the network cable the same thing will happen again, correct?

 

[groze]

Thanks but as soon as I plug in the network cable the same thing will happen again, correct?

Not sure but it shouldn't. I am asking for more help on this.

I am also trying to find out if you need to use the clean all or just the clean per each drive. Clean is faster than clean all.

Here is how to do the clean command use the installation disk, as I described in my previous post.

Diskpart hit enter
list disk hit enter
Select Disk 0 hit enter
Clean hit enter
exit hit enter
Hard reset, then install windows 7


If you have more that one hard drive installed repeat the step above for each drive and replace the 0 for each of your drives. If you have a external USB hard drive, do not connect it, while doing this.

 

[gregrocker]

Do you have all of your data backed up? If not copy it now to flash stick or external drive quarantine, to be fully scanned with Malwarebytes and SuperAntiSpyware before reimporting into new install. Report back to our Security forum the exact infections including logs which these scans find so they can recommend deeper scans before you reimport the data. Or do not reimport the data at all.

Then boot the Win7 disk into System Recovery Options to run Diskpart Clean All Command.

If in doubt about or in need of installation media, refer to Step 1 of Clean Reinstall Windows 7. On an uninfected PC that checks out clean with both of the above scans, confirm the ISO HASH or download a fresh ISO to burn to disk or flash stick using the tools provided. I have never seen the installation media be infected but you can be certain of this if the HASH matches on the ISO and you burn a fresh disk or stick on the uninfected PC.

This wipes the disk so thoroughly nothing can survive. There is nothing now that can invade your new install unless reimported with data that has not been thoroughly scanned from its quarantine location.

Now do a Clean Reinstall Windows 7 following those steps, using only the tools and methods suggested which assure you will get and keep a perfect install just like 1.4+ million others have without a single complaint. None of them have ever returned here who used those steps to say they were reinfected or had any other single problem.

Again, do not reimport your data until all scans come up clean. To be sure of this report anything found in scans to our Security forum.

 

[Jacee]

Have you turned off "autorun/autplay"?

In all versions of Windows from XP to Windows 7, Autorun is executed before Autoplay, unless Autorun is disabled. If it’s not disabled, Autorun will execute and it will search for the Autorun.inf file.

http://www.sevenforums.com/tutorials/174838-autoplay-turn-off.html

If you've downloaded a game (or anything else) from someone's infected flash drive, this would cause the 'bot' to run automatically.

Disconnect from the net, unplug the modem. Follow Brink's tutorial above.

Next.... make sure Proxy settings are disabled.
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
Reboot

Now, Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Reboot once again

Run your Anti-virus program.

Before connecting your computer back to the Internet, find a known "clean" computer and change ALL your passwords... do not do that using the infected computer!

After doing all above reboot. Make sure "Proxy server" is still disabled under your LAN Settings.
Test whether internet connectivity is restored.

 

[Jacee]

Please let us know what you're experiencing now.

 

[Tyfahra]

I did create a back up and it worked once. The option to restore from back up disk is not there anymore. They removed it. They even took out the windows experience benchmark. The one that rates your computer and tells you what components to upgrade. They changed the Microsoft agreement so that it's legal for them to do this, and microspft is not responsible. I tried to contact my friend who is a lawyer the email got sent back to me. I have voip or voice over internet home phone so they pretty much took control of all my communications. I got rid of my cell phone. I don't do anything to deserve this type of shit.

 

[Tyfahra]

Oh thanks jacee I will try that. Ill let you know im gonna try that right now

 

[Tyfahra]

Also wanted to say I have some weird programs on my computer.
Like a anything goes version of microsft word.

 

[Tyfahra]

Looks like it removed the teredo and isatap tunnels in ip config. That's a good thing. I may be connected to remote host who is doing this. so all my internet traffic and phone goes through this remote host. they are the ones using the snap ins to manage my pc. Ill let you know how it goes.

 

[Tyfahra]

Check out this fake microsoft privacy policy.
Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the software; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.
Information collected by or sent to Microsoft by Windows 7 may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.
CHOICE AND CONTROL

I hope im the only one that has this policy on my computer.
I know Microsoft didn;'t write this policy.