Abuse email from ISP
- Thread starter Wheemer1
- Start date
Yeah. Fixing this is probably going to be more involved then doing this remotely, unfortunate if you can’t get in. You might get lucky anti-virus cleaning it, but would personally fully reinstall.
The windows license key should be tied to the hardware / email account the pcs use. I assume the computers are accessible physically. If the files are accessible backup what you can, and do a full recovery either downloaded via the uefi troubleshooter from the cloud or with a usb disk that contains the windows installation.
I am a days drive including a seven hours ferry ride away, so I can't be on site. If I was there I would be wringing necks. All hell would be breaking loose. Their computers would likely have been alit with accelerant by now.
EDIT: They would have certainly been formatted, that's for sure.
EDIT: They would have certainly been formatted, that's for sure.
Last edited:
Ah understandable. So reinstalling is pretty much out of the question without at least someone there to guide. Doing that remotely would be tough off hand. I’d just focus on monitoring the logs over the next few days.
But i don’t know how this 911 socks proxy works and its ability to be detected, so let’s consider that it might work like a VPN that’s encrypted. A providers tunnel will send to a trusted server then forward that data to its destination. If that first link in the chain is “good” the community blocklists will ignore that outgoing connection leaving you with no bad logs. This is possibly the reason AIprotection can’t see it, but the ISP can using deep packet inspection on systems much more advanced. If what the hacker is doing is only on the system you’ll see nothing if he’s using your internet you might get some hits outgoing if it acts as an exit node.
So it’s a difficult position.
Last edited:
NXIL
Regular Contributor
No. Need to get rid of malware on the teenager's computers.
MALWARE FAMILY: 911-socks5-proxy:
No SOCKS, No Shoes, No Malware Proxy Services! – Krebs on Security
krebsonsecurity.com
Socks5Systemz proxy service delivered via PrivateLoader and Amadey
Threat actors infected +10K devices worldwide with 'PrivateLoader' and 'Amadey' loaders to recruit them into the proxy botnet 'Socks5Systemz.'
From this link, it hints that 911-socks can be associated with installing TOR?
should i use 911.re with socks5 ?
by in tails
I think that is a really bad thing. No teen should have TOR installed. Sorry.
Possibly but: You need a good antivirus/security software program running on EACH machine, and I would install that AFTER a clean install of Windows on each of those machines.
Bitdefender or Kaspersky: Kaspersky has that Russian association which is a negative for many, so Bitdefender. A five pack is often on sale on Amazon or Newegg.
You said this is the fourth warning?
"I am running a debian server at her location also for home assistant."
Who is the admin for this debian server? How often is it updated and maintained?
"But before it has to get that involved I I should perhaps format some pcs. There's only really 5 pcs running windows"
In my opinion they all need a bare metal clean install.
"I am at least going to have to gain remote access to them to run some tests and uninstall any sketchy software..."
Malware writers are very good. Doubt you are going to find the sketchy software.
"We bought the router to solve the problem so I hope we can find some solution. The ISP has already warned us 4 times."
Router wasn't the weak link. Teenagers: weak link, and their computers.
If the teens give permission for things to install, they can install, router can't prevent that.
I agree with Tech9:
"You have days long project reformatting and reinstalling 5x Windows PCs alone. It is a client, it is most likely a PC, try to catch which one is contacting this IP and how often. The more changes and blockers you introduce in the mix the more you mask the problem and make it harder for you to diagnose."
Get some frosty beverages, a phone or iPad to browse while things process.
Oh; important files are already backed up, in more than one place? Hashtag teens: I doubt it!
""Well so far it's just adguard and skynet. The AiProtect stuff is all turned on as well."
That's not going to solve this problem.
"What software should I run on the pcs, I am gaining remote access soon one pc at a time, they are giving me whatever time I need to clean the pc."
Up to date patched Windows, fully activated.
Bitdefender or Kaspersky.
"So far skynet has 0 outbound blocks. Looks like I may not get remote access. They are refusing and it's causing a huge mess. Damn little hackers."
Who is refusing? Teens or malware writers?
"I am a days drive including a seven hours fairy ride away, so I can't be on site."
A fairy ride: jeez, that is complicated! I hope they will stock plenty of fairy dust!
A ferry ride? Time for dramamine! Or even better: scopolomine patches
If you can't get there: zoom call to teens and have them do the reinstall of windows?
Reinstall Windows with the installation media - Microsoft Support
Learn how to use the installation media to reinstall Windows on your PC.
support.microsoft.com
Good time for them to learn about drivers and the whole windows system.
Driver install order I prefer:
- Windows, reboot
- Chipset driver, reboot (Intel or AMD)
- Graphics driver, reboot (Nivida or AMD or Intel)
- Then ethernet, wireless ethernet, sound, mouse, KB, etc.
- Then antivirus/security software, bitdefender is what I would recommend
- Then problems like word/games/etc
- Then restore the BACKED UP DATA files that ideally are backed up on a regular basis in more than one place.
If they have TOR on system, or Torrent programs (you probably know this but these are very different, and I do not think TOR for a teen is a good idea at all.)
Please let us know how it goes!!!
Last edited:
Going to second that if TOR is installed by them or someone else it doesn’t belong on their computer. Now before anyone gets paranoid TOR has legitimate uses, however it also has negative connotations with being a part of the scary “Dark Web” It’s just another tool like any VPN. What it’s used for and who’s using makes all the difference. Would I recommend them not use TOR or a VPN no, unless they fully understand the risks involved using the general internet.
Last edited:
dosborne
Very Senior Member
If the fairies are too slow for transport, you may want to take a ferry instead
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| M | ASUS Router Issue or ISP? | ASUS Wi-Fi | 4 | |
| K | Can an aimesh node be main switch connected to the isp router (not the aimesh main AP/node)? | ASUS Wi-Fi | 4 |
Similar threads
-
-
Can an aimesh node be main switch connected to the isp router (not the aimesh main AP/node)?
- Started by kakashisensei
- Replies: 4