internet hijacked via bluetooth... help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Andrejuno, Apr 10, 2009.

  1. Andrejuno

    Andrejuno Private E-2

    I have a new pc with bluetooth connectivity. Recently, I was having some problem as an external force was turning on my bluetooth, without my having done anything. This evening I found that my internet connection was connected with limited connectivity and being diverted through an unidentified network, the internet is working because other computers in the house can access the internet. I dont know whether this is the right forum, but I am wondering, how can I block the other computer/network from diverting my internet connection and protect my bluetooth port from intruders?
     
    Andrejuno, Apr 10, 2009
    #1
  2. Corporal Punishment

    Corporal Punishment Head of Software Shenanigans Staff Member

    Please begin by clicking Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
    • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    • Then search forTDSSserv.sys
    • Let me know if you find this or not.
    • If you do find it, right click on it, and select Disable. Do not try to uninstall it.
    • Also if TDSSserv.sys is found and you disable it, then reboot.
    • After reboot continue on with the below cleaning instructions.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:
    1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    Corporal Punishment, Apr 11, 2009
    #2
  3. Andrejuno

    Andrejuno Private E-2

    Hi, I couldn't find TDSSserv.sys on my computer. Does this change anything? Im just worried because it seems someone in a nearby network is adding my computer to their network, so blocking my computer from getting an internet connection to our wireless box. I seem to be able to combat this by deleting the ethernet connection they keep installing on my computer. How do i stop them entering my computer and installing this device connection? Are there ways of protecting bluetooth ports? without having to uninstall the bluetooth (because even when i do this, when they sommehow enable it remotely, it re-installs itself) Mcafee doesnt seem to work and it seems that they install it without my knowing, so when i reboot my computer, i find that its already installed.

    Thanks
     
    Andrejuno, Apr 12, 2009
    #3
  4. Andrejuno

    Andrejuno Private E-2

    like i just uninstalled Toredo tunneling pseudo-interface and an ethernet and my bluetooth came on i instantly swtiched my computer off and when i restarted my comp, these had been reinstalled. Without my permission... i really need help!!!!!
     
    Andrejuno, Apr 12, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to complete the rest of the instructions.
     
    chaslang, Apr 14, 2009
    #5
  6. Andrejuno

    Andrejuno Private E-2

    ok, so i did all of the malware tests and scanning and ill include all the logs with this.

    First and foremost, for maybe a couple of hours after doing the cleaning, everything seemed fine, but then a little later on... my bluetooth persisted to enable itself automatically... its rather irritating and worrying, i dont know if its a local or internet attack... i cant quite work it out. I went to a computer shop last week and the man tried to convince me that bluetooth can't enable itself, but lets me fool you all... mine does and when it does it instantly tries to disable my keyboard and attack anything i type in information fields it seems whatever it is is activated by me typing... whenever i try to type it makes a really high pitched buzzing noise (even when the sounds off)... my antivirus software doesnt seem to recognise anythings happening... much to my annoyance. At one point the bluetooth enabled and i immediatly shut down my computer... upon rebooting, whatever it was had got a hold of my system and i couldnt type in my password in the windows login... so i couldnt even access my comp! its even doing it now! Please help!!!!!!!!!!!!!!!
     

    Attached Files:

    Andrejuno, Apr 15, 2009
    #6
  7. Andrejuno

    Andrejuno Private E-2

    im also writing this info that i discovered today. I have as it seems uncovered a file on my computer, which, to my knowledge is being run by what seems to be an external administrator. I can't access the file. I tried restoring my computer to a few weeks ago and by chance I gained access to the file and attempted to change the security settings under the right click properties... much to my dissapointment, after doing this, it suddenly seemed to revert itself back to its previous state and not allowing me to access that specific file... i can see under the admin box that its being admin controlled but at that moment, the admin logo had a red circle with an 'x' which i presumed meant the administrator was off-line... but im online... arnt i the administrator??? so i checked back when the whole bluetooth started enabling itself and would you know it, the administrator icon didnt have the red circle, so... someone was at work. I guess this is nothing to do with Malware, but essentially its rather worrying for me and for others with bluetooth on their computer, its could be potentially dangerous. Now even when i restore, i can't acess the file... seems they realised what i was doing and stopped that. i cant delete that folder and whatever is in there is allowing this hacker to enable my bluetooth. I mean, its quite frustrating, this is my computer and there are files that i can neither access or delete.... even though i know its not an integral part of my system. How can this be?!!!
     
    Andrejuno, Apr 16, 2009
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs do not show any malware problems that we can help you with. If you really believe you have someone hacking you bluetooth device than perhaps you should just physically disable it by uninstalling it or disabling the drivers for it. Yes Blue Tooth devices are being attack but it is not a common problem nor is it really one that a malware forum like this can do anything about. It is potential issue/security holes in the Blue Tooth hardware and software that are the problem.

    No you are not the administrator unless you are booting into safe mode and logging on using the user account that is named administrator. If you were using your user account you are just a member of the administrator user group which is not really the same thing.

    And how did you check back?

    What file?

    What folder?
     
    chaslang, Apr 20, 2009
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds