I Was häçked

[X L R M]

Nakupo, hindi ko pa naman pinapatay yung computer ko sa office. Although nilolocked ko naman, but I don’t think safe parin kung naka locked kung may ganitong cases.

Question lang papsy, anong mga remote apps yung mganaka install sa computer mo? Naka enabled din ba yung remote desktop?

 

[Cee Jay]

IDM ko din ngayon ginamitan ko ng CMD para mafreeze trial master, so far wala pa naman suspicious activity

Ganito din gamit ko.

I suggest mag add ka ng antivirus/antimalware.. hindi sapat windows defender lang, mabagal kasi yan makadetect kasi ang alam ko sinisend pa nya sa system nila bago ma-scan unlike sa mga anti virus app na direct scan

 

[X L R M]

totoo ba talaga yang mga app na may palaman??? nakakatakot na talaga pag ganyan lalo na kung mga app na MOD

Yes sissy, yung mga may patched or something na may ino-override. Kaya lumipat na ko sa mga may license code haha

 

[Cee Jay]

Nakupo, hindi ko pa naman pinapatay yung computer ko sa office. Although nilolocked ko naman, but I don’t think safe parin kung naka locked kung may ganitong cases.

Question lang papsy, anong mga remote apps yung mganaka install sa computer mo? Naka enabled din ba yung remote desktop?

Naka-enable naman ang remote desktop, pero yung remote access sa laptop ay naka-off. No other remote apps other than PuTTY, Windows Sandbox, and Hyper-V

 

[Coconut Sheep]

ang creepy neto realtalk

 

[dhanzkie18]

thanks sa tips. simula nung gulos sa russia at ukrian d muna ako bumili license ng kaspersky. ng norton muna ako for 3yrs. oks naman norton may password manager, vpn at total av. sulit kasi naka 50% nung time na yun. Peros sa kaso mo ts sure sa network o remote ginawa ang pang häçk sayo. tapos minodify yung browser settings mo para ma access na hindi naka https. Tips din sa lahat always update your browser.

 

[Cee Jay]

ang creepy neto realtalk

Legit... kanina ko pa iniisip kung paano nangyari.

thanks sa tips. simula nung gulos sa russia at ukrian d muna ako bumili license ng kaspersky. ng norton muna ako for 3yrs. oks naman norton may password manager, vpn at total av. sulit kasi naka 50% nung time na yun. Peros sa kaso mo ts sure sa network o remote ginawa ang pang häçk sayo. tapos minodify yung browser settings mo para ma access na hindi naka https. Tips din sa lahat always update your browser.

I don't think may kinalaman sa Kaspersky.. matagal ko nang gamit ang kaspersky.

 

[Rick C-137]

best possible solution ts, you need to start fresh sa laptop mo, i mean you need to reset it.

 

[iSpark]

Possible.. pero hindi naman naka-on ang remote access sa laptop ko.

pwed pa ata maaccess yan lods kahit naka disable ang remote access mo.lalo na if connected ka pa sa internet or nakaon yung pc mo.i dont know and sure if what program.Check mo yung wifi mo lods if may ibang nakaconnect na hindi mo kilala.

 

[X L R M]

Naka-enable naman ang remote desktop, pero yung remote access sa laptop ay naka-off. No other remote apps other than PuTTY, Windows Sandbox, and Hyper-V

Check mo papsy kung may mga ganitong event id sa event viewer.

Event Viewer> Windows Logs> Security.

1. Event ID 4624 and 4625 in the Security log for successful and failed logon attempts, including remote logons.
2. Event ID 1149 in the TerminalServices-RemoteConnectionManager/Operational log for successful Remote Desktop Protocol (RDP) logons.
3. Event ID 261 in the Remote Connection Manager log when a network connection is made to the Remote Desktop service, typically on port 3389.
4. Event IDs 21, 22, and 25 in the TerminalServices-LocalSessionManager/Operational log for successful RDP session logons, shell start notifications, and reconnections.
5. Event IDs 24, 39, and 40 in the TerminalServices-LocalSessionManager/Operational log for RDP session disconnections, either by the user or another session.

Makikita mo jan yung source ip address and destination ip address ng remote session.

 

[Cee Jay]

Check mo papsy kung may mga ganitong event id sa event viewer.

Event Viewer> Windows Logs> Security.

1. Event ID 4624 and 4625 in the Security log for successful and failed logon attempts, including remote logons.
2. Event ID 1149 in the TerminalServices-RemoteConnectionManager/Operational log for successful Remote Desktop Protocol (RDP) logons.
3. Event ID 261 in the Remote Connection Manager log when a network connection is made to the Remote Desktop service, typically on port 3389.
4. Event IDs 21, 22, and 25 in the TerminalServices-LocalSessionManager/Operational log for successful RDP session logons, shell start notifications, and reconnections.
5. Event IDs 24, 39, and 40 in the TerminalServices-LocalSessionManager/Operational log for RDP session disconnections, either by the user or another session.

Makikita mo jan yung source ip address and destination ip address ng remote session.

Check ko...

Check mo papsy kung may mga ganitong event id sa event viewer.

Event Viewer> Windows Logs> Security.

1. Event ID 4624 and 4625 in the Security log for successful and failed logon attempts, including remote logons.
2. Event ID 1149 in the TerminalServices-RemoteConnectionManager/Operational log for successful Remote Desktop Protocol (RDP) logons.
3. Event ID 261 in the Remote Connection Manager log when a network connection is made to the Remote Desktop service, typically on port 3389.
4. Event IDs 21, 22, and 25 in the TerminalServices-LocalSessionManager/Operational log for successful RDP session logons, shell start notifications, and reconnections.
5. Event IDs 24, 39, and 40 in the TerminalServices-LocalSessionManager/Operational log for RDP session disconnections, either by the user or another session.

Makikita mo jan yung source ip address and destination ip address ng remote session.

May mga event ID na 4624 pero walang UP address na nakalagay

 

[Mogzdgreat]

ako din po paps na häçk pc ko last month dito lang ako sa phcorner at steam nag dadawnload...na open na chrome at remote access 2 hrs ko lang iniwan pati pics at accouts ko nawala..parang sa mods talga to ba..

 

[PHC - MaruJo]

ako din po paps na häçk pc ko last month dito lang ako sa phcorner at steam nag dadawnload...na open na chrome at remote access 2 hrs ko lang iniwan pati pics at accouts ko nawala..parang sa mods talga to ba..

ganyan nayari sa pc ko buti di ako nag sasave accoubt sa pc ko ng mga bank account kasi dahil sa mod na idm dito phcorner nadali pc ko kaya napilitan ako mag format overall wag mag tiwala sa mga crak na app

kaya ginaya ko yung sa power shell at kay master Cee Jay nang hingi ng anti virus much better may back file sa labas ng pc nio incase lang naman

 

[jehe]

hirap nyan if nadale bank account credentials or seedphrase (crypto)

 

[xwx]

Nangyari rin sa akin 'to,2019 before pandemic. I use organizational license key from GitHub (*****ed, using command prompt) May na-inject yata na backdoor code base sa spike ng activity. Kaya lumipat na ako sa Linux after noon.

 

[PHC - MaruJo]

hirap nyan if nadale bank account credentials or seedphrase (crypto)

mahirap talaga dapat may backup storage like ssd

 

[Mogzdgreat]

nag install pa cya ng anydesk application at neremote pc ko....huhuhuh wala pa kasi akong untivirus nun.

kaya ngayun mga account ko may 2nd verifacation through phone ko para ma open

 

[neko021403]

kaya ako may doubt talaga ako minsan sa mga antivirus eh....yung sabi nila na ang gumagawa daw ng antivirus na yan eh sila din daw gumagawa ng virus...kaya may trust issues na talaga ako neto..kasalanan to ng mga lalaki hahahaha jowk lang po.. Good morning po

 

[PHC VirgoChic]

women ️️️️️️️️

 

[Kang Hyewon]

Si MARSSH yan balak ata kunin cc mo tapos bibilhan ng aircon kaya pla sa TG lagi niya sinasabe "ANG INIT GUSTO KO BUMILI NG AIRCON"

Spoiler: Screenshot

Spoiler contents are visible only to Established Members.