Pc Taken Over Remotely For 3 Weeks Now!

Hello,
I've been battling this for weeks and have disabled all remote services (and more), blocked ports and protocols, did system restore before the hack, purchased new hardware (router/modem), and in event viewer used to show the pc is accessed remotely however I need to check it again tomorrow (not my pc). They block the internet so it's ruined the owners IP home Phone service which sucks because they are elderly. Wifi is disabled and for about 10 minutes after all the changes and new setup it worked great until the offender got back in again. This person did have access to the pc and local network for a couple months, then moved and took control. The pc has no internet because they block it but I need to know how to disable the MMC because it is running in task manager and I believe that's how they are controlling it now. It's a Windows 7 home pc. Wifi is disabled but I think this pc is now on the offenders network by a different wifi. He is an IT specialist that specializes in security so this is beyond my scope. Most of their activity is hidden until I run across it as I'm searching, so little by little I was knocking them out but they always found a way back in and I believe it is because this pc is on their network or a hidden wifi. Also, when I opened IE a message popped up and said it could not access the internet because Remote Access Connection Manager is disabled (and I wasn't going to re-enable it). When I'm working on it to disable services etc, black window (DOS/Command prompt window) flashes frequently like scripts are running or taking snapshots of what I'm doing. Because of no IP phone service, I'm assuming he's blocking at the gateway?

I need help with:
1- gaining control back, keeping them out
2- need commands or scanners to somehow show their location for proof.
3- anything else that would help as the owners are in their 80's and have no phone service!
4- can/should law enforcement get involved?

Thank you so much for any help!!!

 

If you feel this is a problem caused by any form of malicious software, then you need to complete the steps in the Read & Run Me First Malware Removal Guide, then after start a new thread in the Specialist Malware Forum (not this one) and attach the required logs.

Until you do the above you should check your Firewall and Anti-Virus programs on that system are fully up to date. If that system has been hacked into externally, then keeping it UNCONNECTED to the internet seems your only safe option. You can download the malware tools shown in the guide on a safe system, copy them to a USB pen drive and then use them.

 

Thank you, I followed the instructions, I did most of the scans and everything is clean. I already know who the perpetrator is. I should have asked for help sooner because this is beyond a malware issue. I had no where else to post this thread. And yes, windows, fire wall and anti virus were up to date. Yes, it is always unplugged from power AND internet. If someone can please tell me how to disable the MMC that's running I might have a shot at it. I live too far and don't have lots of spare time but want to help them. What is a good network scanning tool that would show hidden networks or identify where the pc is being controlled from (as in a network name or IP)?

 

It's not here in this forum you reply. It is in the Specialist forum I referred you to where a TRAINED malware expert will advise you.
Only by starting a new thread there with the scan logs posted will you get the advice you need. Unless you yourself are trained in analysing those logs, you need their help.

If you know the identity of an individual you believe has hacked that system, then in most countries that is an offence and you should report it to the Police. They have specialist units with people trained in IT security. If that is the case is is not a matter for a voluntary support forum.

 

My apologies, I missed the Specialist forum part!

And Thank you!!!

 

You're very welcome and I wish you the best with it!

 

Coming to this late, but if this is repeated attacks, I would cut bait and format the entire disk, after saving documents, etc, and then reinstall Windows. Given how much time you've been dealing with this, and have put into it, you would have already been much better off.