Notice of using someone else's connection does not go away...

cottonball

Retired ol' hound...
Guru
Gold Member
VIP
Local time
12:25 PM
Messages
2,468
Location
Illinois, USA
Hi, folks!

Would appreciate your thoughts on the following...

Have a friend (senior citizen) who has Charter as his ISP, and on Monday he was on the web looking for some info. A notice appeared on the screen (he thought it was from Charter) that the computer was heavily infected, and he needed to get the infection removed. Of course, remote access to the computer was necessary, and he agreed. He was shown a group of locations where the malware was, and then was asked for $149 to do the removal. This is when he realied he had been taken. He shut down the computer, and did not return to the machine for a few hours.

However, later on, whenever he attempted to get on the Internet, a notice came up saying that he is using someone else's connection. He has not been able to use the computer without this notice coming up, and he has no clue as to how to get rid of it. Normally, when this notice comes up, you are connecting to the service of someone who is within range.

Any suggestions as to how to get rid of this notice?

Thanks in advance for your help. :)
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
I would start with shutting down the computer, modem and router.

Then I would boot the modem, then the router and boot the computer.

Then I would look in msconfig Startup and Services and see if their is anything strange.
You might have something that is starting with every boot.

Is it possible when this little pop up happens to right tick and select properties and see if any information can be found. Possible just hover the cursor over the popup and get some information.

What anti virus program is being used on this computer?

Their is a very good chance the phone call crook got remote access and installed something and the that something is calling home.

You could use this tutorial by Brink and check and see if all remote access in
Services are set to default.

http://www.sevenforums.com/tutorials/236709-services-restore-default-services-windows-7-a.html

If nothing else a Clean Install would solve the problem if the problem is in the computer and not in the router or modem.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Thanks for the info, LB!

There was no phone call, everything happened online, and, remote access was obtained. Also, the crook apparently knows the IP address.

The question is, could something wrong with the router or modem bring about the notice of using someone else's connection? If so, what could be wrong with either of these two devices?
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
I'm not expert on routers but I have PM some one I think can help.
Better safe than sorry. I really don't know all the things that can be done by a crook with remote access.

I highly recommend changing all password to everything. If the computer has any financial information I would call all credit card companies and banks and inform them the computer has been hacked.

I don't use wifi in any way. Not even across the room to a printer. So I bow to those who do and let them give guidance.


Note:
I don't believe a modem or router problem would display a pop up on your desktop.
The anti virus program might be displaying the pop up.
The anti virus program logs may give some clue.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Hi cottonball,

Ladyback bear has some good suggestions, but personally I'd do a clean install if his computer has been hacked. As soon as his computer is all up and running, have him install a great Security program and he needs to be educated on internet cyber attacks and security precautions/preventions.

Hope this helps.

Ray
 

My Computer My Computer

At a glance

Win7 & Win8 64bitIntel i5
Computer Manufacturer/Model Number
Lenovo Desktop/Samsung Laptop
OS
Win7 & Win8 64bit
CPU
Intel i5
Internet Speed
Charter-20 Mbps
Antivirus
Avast
Browser
FF, IE9 and Chrome
Cottenball,

One thing that could perhaps find the actual issues that is causing the pop-up(s) [ I am almost certain that this will be something on the actual system not a router hack], is to treat it as any other malware infection, as these scams are aimed at less experienced users it's often the case that the actual hijack is not that sophisticated - I would leave the choice of the monitor/ log application to you if you decide to go this way :)

One tool I use extensively is actually from Microsoft - Autoruns - You can consider this as a sort of MSConfig on steroids ;) It has full documentation on the linked page and will allow you to disable or remove anything that starts with windows - this includes addons for browsers which are often the cause of this sort of hijack It is not designed as a malware removal tool but due to the team that built it's vast knowledge of how windows operates it can be usefull.
 

My Computers My Computers

  • At a glance

    Windows 11 Pro x64 [Latest Release and Releas...Ryzen 9 5950X, 3.8 - 5.2 MHz64GB [2 x 32GB] DDR4 3200MHz4GB NVIDIA GEFORCE GTX 1650 Ti
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ChillBlast - Custom to my design
    OS
    Windows 11 Pro x64 [Latest Release and Release Preview]
    CPU
    Ryzen 9 5950X, 3.8 - 5.2 MHz
    Motherboard
    Asus Prime X570-Pro
    Memory
    64GB [2 x 32GB] DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti
    Sound Card
    On-board SPDIF to 5.1 System + HDMI [5.1 system]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160 @60Hz
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Workstation Case [Matt Black]
    Cooling
    NZXT Kraken X63 280mm CPU Cooler +2x Quiet Case fans
    Keyboard
    Logitech Wireless MX Keys & K400 + others
    Mouse
    Logitech Wireless MX Master 3S
    Internet Speed
    920 MB Down 50 MB Up
    Antivirus
    BitDefender Total Security Pro
    Browser
    Chrome (always run latest Non-Beta)
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    Samsung 10.2" tablet
    Blackview TAB 8 4G Android Tablet c/w Keyboard
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control
  • At a glance

    Windows 11 Pro x64 Latest RPIntel I7 10750H 5.0GHz32GB [2x16GB] DDR4 2933 MHznVidia GTX1650Ti 4 GB GDDR6
    Computer type
    Laptop
    System Manufacturer/Model Number
    Dell XPS 17 10750H
    OS
    Windows 11 Pro x64 Latest RP
    CPU
    Intel I7 10750H 5.0GHz
    Motherboard
    Dell XPS
    Memory
    32GB [2x16GB] DDR4 2933 MHz
    Graphics Card(s)
    nVidia GTX1650Ti 4 GB GDDR6
    Sound Card
    Stock [Realtek] 4 Speaker
    Monitor(s) Displays
    17" IPS UHD+ Infinity Edge Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    2TB M2 NVMe, 4TB External + various 500GB & 1TB External NVMe (also have access to spinner HDD from
    PSU
    Stock
    Case
    Stock XPS Aluminium & Carbon Fibre
    Cooling
    Stock - Active Fan Control
    Keyboard
    Backlit + Various Logitech
    Mouse
    Stock Track Pad + Logitech MX Trackball
    Internet Speed
    72 MB Down 18MB Up
    Browser
    Chrome
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    10.2" tablet
    Sony Z3 Android Smartphone
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
    10TB NAS
Just a thought but probably not likely.

Is it possible for a hacker with remote access to change the router password and settings?
I also believe this is a low level attack and it's on the system somewhere.

The safest way and the quickest would be a Clean Install.

My reasoning for the Clean Install is because if a infection has got on a system and found you have a good idea what is was designed to do. When remote access has happened you don't know what that person has done, therefore less than a Clean Install always leaves a little doubt if everything has been found.
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Back
Top