I have been hacked and cant find the door

This topic contains 2 replies, has 2 voices, and was last updated by  LT72884 4 months, 3 weeks ago.

  • Author
    Posts
  • #170285
     LT72884 
    Participant

    Ok, here is the issue. 2 weeks ago i set up an ssh server on port 8022. I created a test account with strong user name and pass. I tested conectivity all was good. I switched over to keys.

    Ok, now, i wanted to test something so i created a user account with weak password for testing. Well, me being excited that things worked out the way i wanted, forgot about the stupid test account. 3 days go by and all of a sudden i have about 2500 empty folders in chinese on my desktop. I panic, cant see anything in the logs, untill i realize that the weak account was the one that was hacked. I deleted the account imeditally

    I know he has a backdoor cuz anytime i go to my microsoft onedrive folder, all of a sudden, random chinease folders start appearing.

    Ok, so last night im chillin on the couch workin on my thermodynamics and ccna, then bitvise server popsup saying “accepted ssh connection from 111.202.151.13 china” then it was disconected. I blocked the ip but that will only last so long.

    What scanner can i use for windows 10 to find the back door? I have ran avast and spybot both in safe mode and nothing.

    Thanks. Yes, i know its my fault because i was forgetful and forgot to delete test account

  • #170305
     Don Donzal 
    Keymaster

    Unfortunately, looks like a rebuild is in your future. You could always try cleaning up everything you find, but that’s no guarantee that you found it all especially with root kits. Better safe than sorry. Is this just a test machine or do you use it for all personal things? You may want to consider changing passwords to anything you might have on that machine or for any sites you visited.

    Don

  • #170329
     LT72884 
    Participant

    Ok, i wanted to update you on my findings. It may not even be hack, but rather a bug in a software slicer for my 3d printer.

    I have noticed that anytime i open ANY stl file with the associated software, the folders get created. Now, if i open ANY stl file with any other slicer, no folders…. I have uninstalled xyzprint, the bad stuff, and no folders have been made. I cleaned all registry entries of xyz and so far so good. So, this morning i did a test, installed newest version of xyzprint and it all of a suden creates the folders when i open the stl. HOWEVER, if i open program first, then import, no folders are created. I have contacted the company. i may not have to go nuclear just yet haha. During these test, i had the ssh server off.

    Ill keep you up todate as well. thank you:)

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?