I don't know anything about hacking. But hackers are taking over my life. I got a brand new computer and I'm already getting weird urls, Firefox is already hijacked to us.search.yahoo.com. Google always has me as an admin, and there's "v2", "v3" in my urls with lots of "?s" and "true?" or "false"=identifier + UTF" and it goes on for days and days even if I'm just going to the freakin google homepage. I don't know if that's normal or not. I'm going to try to be as brief as possible and say the weirdest things that have happened.
It all started when I locked myself out of my iPhone. I had 2FA/activation lock. When I got back in a couple weeks later, everything recognized my device as new. Every forum, gmail messages etc., "Eve, we see you got a new device!" Since then I have literally gone through 4 smartphones that all got hacked, almost always that day. One of them was hacked before I got home from the store; I got an email saying that my password had been changed and 2-step verification was set up. This happened in a different city and state than where I usually live. I also noticed I was no longer locked into T-Mobile's network, I could choose AT&T as well even though I was supposed to be "network locked". One time I wondered if the salespeople were messing with me since they sold my phone with the wrong size SIM card, but I was just being paranoid, I'm sure. "Sim-skimming-" is a phrase that appears a lot whenever I google something that's happened. Another phone, when I took it out of the brand new box (Alcatel ideal go-phone) greyed out and stuck on the hotspot checkmark during setup and then I was locked out and needed to put in the "sim puk code". Never even used it.
I don't think the iPhone is what started it; I think it's when I became aware of it. I had an issue last year where I tried to log in to my computer with only one user account on it and it said "too many users active, please try again later". I got reinstalled with windows and "wiped," though the backup profiles were still there, and a few weeks later it just stopped typing.
I noticed a lot of terms including the word "python" yesterday during my AV scan, but my AV says I'm clean, even though all day browsers have been warning me about phony certificates. Obviously I decline when this happens. I'm often rerouted to the dnsrsearch page for time Warner.
I'm not important, I have no money, I'm not a spy - but it seems like this just won't stop. I don't make new phones with the same email or even name. There should be no link between these phones and that's what has my head completely messed up. It's not like I was standing in the same spot and so it's the wifi router. Yesterday I downloaded Shazam from the newest android, and I got an email on my old iPhone about "just one more step" to finish setting it up to an email I know had been hacked previously that's not ever been entered on my new phone. It's still there because I have a lot to download from google photos before I delete it. I always had it off when setting up anything new though. That iPhone Apple confirmed also, was jailbroken, not by me.
They haven't stolen money, but they did change my username and password for my bank. I can't even get my credit report because some information is not consistent; I can't even prove I'm me! They hacked my LastPass account and changed the password recovery hint to something tongue in cheek. Yet my bank I could tell thinks I'm crazy because she said that she can see all changes were made from the same iPhone. No, they weren't.
One more thing - I had a portable hotspot from my ISP. I was on my computer connected to it using the wifi name and password that I made up. All of a sudden, I was still "connected" to the internet, but nothing would work, because the IP address was changed to 0.0.0.0. On the hotspot, name of the network changed from what I had named my wifi to the MAC address of my computer, and the ip changed to all 0's. One other interesting thing is that originally it was connected to an IP address that begins with 192 when in the info packet for the hotspot it says it should be 172.
I don't know if I'm supposed to exclude names of companies, but one thing that disturbs me also is that both of my parents' cell phones, when I use an app like "real caller," say they are Sprint but we are all supposed to be AT&T. It is when I pulled up into the vicinity of that house when the phone got hacked and t-mobile could now use at&T, by the way.
Are there any non-evil hackers that might give me a glimpse into what could be happening to me? One thing I know because passwords have been changed this way are that there are multiple copies of at least a couple of my phone numbers that I've gotten, including non-iphones, and one day that I got one that started with let's say 555, I got missed calls from 555-every variable you can think of. Along with attempted automatic downloads from many different numbers sending multimedia messages.
My ride shares wouldn't work at one point; I'm in the states and it had me located in Mali and explained that it didn't send Uber to Mali. It's gotten ridiculous. Help!
Sorry for my reply.
I'm not friendly with such things... and I'm not the"this someone" you're looking for;
Also maybe there will be proper response from F-Secure staff or from good experienced users... under community;
But your story sounds a llittle be strange; And before some of my suggestions - I able to think about next points:
-- both things (software and hardware) can be with vulnerabilities;
you have to update software to latest good security build -> for be sure that there missing "exploiting known troublepoints";
and already after this 'setting' (or before and after) -> re-check all potential available security options, tweaks and improvements. It can be with different levels of 'protection' as result; Privacy-settings also can be with certain ticks;
-- good to have trusted (at least, for you) security software solutions under system. Mainly as double-check. Since - it not totally helpful or powerful against full meanings of threats.... I able to think about it as about double-check (where "double" is 'additional' meanings);
F-Secure's solutions have multi-layers design in their main security software; If you not a F-Secure customer - there possible to use it as 'trial'-time: https://www.f-secure.com/en/web/home_global/safe
It can be helpful with some situations as perform full scan system by this (if you are already F-Secure customer - there available many third-party on-demand scanners and potential online scanners by other security companies; Some of such tools able to detect something which is unknown for F-Secure);
-- there can be many potential tricks, rogue and scam tries. where will be unexpected results;
this is not only about devices(which can be there just as 'channel'); generally can be helpful to use many different tips about careful using;
-- so... usually there can be words and advices like:
F-Secure website wrote:
In such circumstances, the recommended course of action is to report the crime to the relevant authorities
or even more - any of local 'security' valid companies - who able to perform this kind of investigation.
But what about my suggestions for some points of your words;
Generally - there required more research-steps about each of this things; At least, by more searching it with Google (when it reasonable to do)...
I got a brand new computer and I'm already getting weird urls, Firefox is already hijacked to us.search.yahoo.com.
This is not always 'trigger' for suspicious view. Since many PC/laptops can be with pre-installed application by manufacturer-company;
Of course, if you do not mean that: "when you try to open Yahoo Search domain it redirected to any fake websites or certain harmful pages"; And if there "freshly" installed Firefox;
With other meanings - it can be pre-builded URLs, search engines under pre-installed Firefox browser; Like custom view of browser from manufacturer; OR just as local Firefox advice to use yahoo-search;
Google always has me as an admin, and there's "v2", "v3" in my urls with lots of "?s" and "true?" or "false"=identifier + UTF" and it goes on for days and days even if I'm just going to the freakin google homepage
Not clear what there means by "an admin" - but if you do not "logout" from some Google services (and if browser saving browser's cache, cookies, passwords and other browsing-data) - it quite possible that session will be still there;
What about "v2", "v3", and certain strange specific 'parameters' under URL -> it can be also potentially 'normal view' - since it based on version of their technologies 'in use' (like "protocol" of communication; or something else); Where another parameters can be based on options like "language of page", "timestamps", "tracking"-items and other. It can be as protection against "exploiting" Google services. But also it can be used by Google or their "partners" for getting "statistics", "tracking"-information and other... which can be used as "improving" their services and your experience. Or just for some strange Google's reasons. It should be explained under their terms (there maybe -> https://www.google.com/policies/ ) - I not friendly with Google services - so not sure about certain points;
When I got back in a couple weeks later, everything recognized my device as new. Every forum, gmail messages etc., "Eve, we see you got a new device!"
Later you noted that you did not make fresh phones with previous mail/name; So.. there maybe also possible another tweaks for being marked as "fresh device" (?!);
But it also possible (not sure about couple weeks) that Google will trigger such notifications after some time (of not using device for certain account);
Also generally... Google should provide link to "your security information" (where you able to re-check last logins/devices); Also - if there 'one' Google account;
Since then I have literally gone through 4 smartphones that all got hacked, almost always that day. One of them was hacked before I got home from the store; I got an email saying that my password had been changed and 2-step verification was set up.
Sounds strange - if you mean that there is "freshly" bought smartphone and it 'hacked' on-the-go;
But... except meanings - that some open WiFi networks can be dangerous...
Words about "password has been changed... and other" can be as "letters" from or for your 'backup' email-address (which usually can be asked with some services);
I'm sure. "Sim-skimming-" is a phrase that appears a lot whenever I google something that's happened.
If I normal understand it -> with such situation - your own sim-card should not be 'valid' (and work) anymore;
Even such rogue-scam probably quite common - most likely it should be sorted by proper investigation and by related people; Since there can be different meanings and variants; Or, at least, contacting your operator-company; Or as with another phone -> their support or customer service-center;
last year where I tried to log in to my computer with only one user account on it and it said "too many users active, please try again later". I got reinstalled with windows and "wiped," though the backup profiles were still there, and a few weeks later it just stopped typing.
I noticed a lot of terms including the word "python" yesterday;
Even though all day browsers have been warning me about phony certificates. Obviously I decline when this happens. I'm often rerouted to the dnsrsearch page for time Warner.
Sounds suspicious and there can be many potential suggestions about first part.
And for second part - also there can be useful to know where "python"-word located. Such as - folder.. since it can be part of software, game or something else; But - I not sure if this certain "word" should be visible too much often;
Third part can be based on multiple different meanings. Because - you able to re-check (or even contact) your ISP, router, browser's extensions/addons; There can be some malicious or adware files under system - which able to perform suspicious activities. It will be not always like that - since some of browser able to inform about troubles with certificate based on another points (or even - if there tricks by ISP or direct troubles with Router-settings); Some of Wi-Fi routers should not be with default passwords or 'stock'-firmware; It can be remotely exploited;
That iPhone Apple confirmed also, was jailbroken, not by me.
I not really know something about iPhone or iOS - but probably it not quite common 'jailbroke' by malware. More likely - if it performed by someone - who able to have access to device (even - not you);
They hacked my LastPass account and changed the password recovery hint
There probably was recent large impact/leak for LastPass:
I did not re-check about full meanings there (how critical it can be) - but since LastPass can be with many of your passwords and services (or even device Accounts) - if passwords did not changed by you (if your data leaked by LastPass trouble).... it can be an explanation for other suspicious things; Since credentials can be used by someone else;
I was still "connected" to the internet, but nothing would work, because the IP address was changed to 0.0.0.0. On the hotspot, name of the network changed from what I had named my wifi to the MAC address of my computer, and the ip changed to all 0's. One other interesting thing is that originally it was connected to an IP address that begins with 192 when in the info packet for the hotspot it says it should be 172.
Since you 'detect' such certain points - maybe there reasonable to investigate it more about certain 'configuration'. Strange (also) that your ISP support did not provide help there (?!);
that might give me a glimpse into what could be happening to me?
Except point (which I noted at first of reply) - there can be reasonable to contact Customer Support of your security software company. Since there expected that there "in use" any AV-software under devices (and if not 'in use' - maybe good to try some of them and perform scanning... as first try after re-checking all possible settings/meanings under device own options); And there expected they should provide protection against such threats (or at least.. some of them - which you noted); Since it not happened - there can be reasonable ask them;
F-Secure Support Channels available by this link: https://www.f-secure.com/en_US/web/home_us/contact-support
Also about strange location -> maybe you able to re-check some online tools (for IP/geo/DNS-settings) - where will be visible what it says. F-Secure have kind of re-check for "Router" as if there 'trusted known" DNS servers 'in use':
Sorry for my reply.
Maybe you have to re-check points about LastPass-leak and re-change passwords under services;
Re-check security options which platform/OS/device able to provide.
And perform some scanning by security software; As 'start'-point;
Hi, thanks for your reply, a bit of a language barrier there but I will go over it more thoroughly.
Updates: the word "python" was found with a text document for my Dropbox (that I just made). They have actually disabled my anti-virus-i uninstalled it, but apparently there's another version "snoozing" and I can't use even windows defender because it says I have another AV program. It's bad. The police think I'm crazy, it's not possible, and don't take me seriously. I got wireshark and the results were REALLY weird. Connected to many ports like in the 50,000's.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions