Totally wipe laptop, ongoing severe hacking, security support

[JeffLM]

Hi All, I've been getting hacked for 3 years. I'm looking to totally wipe a laptop clean and do a fresh Cinnamon Mint install. And use as much security as is easily possible. For more info, the hacking is with both phones and laptops. I've bought new laptops and phones. I've had techs clean them and do fresh installs. I've spoke with all the tech people I can find. The hacking continues.

I've had numerous techs suggest it seems personal, and ask if someone or some organization has a reason to hack me, including the latest tech, a mid-level, decades of experience, IT person at a university, which included a conversation with his supervisor. Techs say they haven't seen this level of hacking before. I have nothing I can think of why someone would do this.

For my latest attempt I bought a new phone, a new sim card (yes a virus shouldn't be on a sim but after years I bought everything new), and a new laptop, and I wasn't going to use public internet. I had a hotspot hooked up to my laptop. I was on an important zoom call, lost phone connection, connected the laptop to public university wifi, a message on my laptop said something like, "Your device is being scanned", which continued (And I had a dual boot then and was in MS at the time), the zoom call was very important and I didn't close out the laptop, and the hacking cycle began anew, culminating in them again them being able to move my cursor and have control of the machine (see below).

If an experienced Linux person with security understanding could give me some pointers, I'd really appreciate it. I've read the OS needs to be overwritten, on all partitions, that it can't be a simple reinstall. I've recently had techs that wiped my laptop with DBAN. But have since read DBAN is to clear data to give away or recycle machines and doesn't stop viruses, that it doesn't get the root kits or boot installers (I'm not very clear what those are). I have very basic computer skills. I haven't used the laptop after DBAN, I'd prefer to get it as clean as possible and resolve this.

Please let me know how to totally wipe the laptop clean (including free of root kits and boot installers). It seems the techs I've brought it to to clean it are doing a surface job. I have basic skill level tech friends I trust and if I can give them details from this forum I believe they can carry it out.

I have a Dell Latitude E6530 500gb Hdd, i5-3210m 2.50ghz 4gb Ram. My guess is LM 21.1 for the new install (Not the latest to avoid bugs). I use the laptop for basic Office Libre and internet for research. I stay on very main stream sites. Again the laptop has been cleaned with DBAN with nothing on the partitions. My terminology may not be right as again, I'm a basic user.

For more info, the hacking doesn't happen if I'm on big city library computer that wipes itself clean after every use. At this point I'm open to the laptop wiping clean after each use and working from a USB. I have simply used a USB with Linux and worked from that. The hacking is impacting my environmental research and I'd like to be able to work more easily. My work is important to me.

Is there a way to set up a user where nothing can be changed, that cleans itself every time? And also have a user account with all privileges to add software? Or maybe I need to have it totally wiped clean and simply use a USB with LM on it.

And for more information, the hackers got $30 from an account when it first started, but I changed all my accounts. No techs understand why a hacker would spend 3 years continually hacking for $30. It started with an email that appeared to be from a trusted advisor who mentioned some personal information about me, and I clicked on the link, which went to a "Shark Tank" link, a tv show (and the email address was not the advisor). Shark Tank was a show where one of the people had just been hacked for a large amount of money. My laptop started to increasingly show hacking signs such as running very slow, heating, fast battery drain, ghost windows popping up, keyboard not functioning, needing an external keyboard, typing was very, very slow like a key logger. (And hackers don't usually want people to know they've been hacked. They want to get what they can.)

It culminated with me looking to do a system restore with time shift, as I was doing this, my cursor moved by itself and wouldn't let me continue. I was shocked and it took a while to figure out to walk away from the wifi. I then shut my laptop down. My laptop then wouldn't work for a while. When my laptop finally started the earlier time shift restore point was erased and a new restore point for that day was in it's place. Again, I am a very basic user. Years ago my tech friends suggested I run Linux and I did. MS has the firewall up. I didn't even know I needed to put the firewall up on LM. So the hackers seem to have gotten full control of my laptop.

I'd like to have the laptop be as secure as possible, and would appreciate possible hacking vectors (And I know this is Mint forum, it could be a simple list.) A university professor who works in tech said my gmail account shouldn't be able to have a virus, but anything is possible. People say a phone and laptop can't communicate, but the university tech said they could as their both Linux based. I found when I buy a new phone, after adding the gmail account the phone virus comes back. I no longer add a past account to the phone, and it still comes back. I have a new email account.

I would appreciate some help on how to clean the laptop and avoid future hacking. It would mean a great deal to me. Thank you.

[argentwolf]

Q: What does this "hacking" look like?

[JeffLM]

My laptop started to increasingly show hacking signs such as running very slow, heating, fast battery drain, ghost windows popping up, keyboard not functioning, needing an external keyboard, typing was very, very slow like a key logger.

It culminated with me looking to do a system restore with time shift, as I was doing this, my cursor moved by itself and wouldn't let me continue. I was shocked and it took a while to figure out to walk away from the wifi. I then shut my laptop down. My laptop then wouldn't work for a while. When my laptop finally started the earlier time shift restore point was erased and a new restore point for that day was in it's place.

[argentwolf]

My laptop started to increasingly show hacking signs such as running very slow, heating, fast battery drain, ghost windows popping up, keyboard not functioning, needing an external keyboard, typing was very, very slow like a key logger.
It culminated with me looking to do a system restore with time shift, as I was doing this, my cursor moved by itself and wouldn't let me continue. I was shocked and it took a while to figure out to walk away from the wifi. I then shut my laptop down. My laptop then wouldn't work for a while. When my laptop finally started the earlier time shift restore point was erased and a new restore point for that day was in it's place.

And this scenario has happened several times of the last 3 years?

[argentwolf]

My laptop started to increasingly show hacking signs such as running very slow, heating, fast battery drain, ghost windows popping up, keyboard not functioning, needing an external keyboard, typing was very, very slow like a key logger.
It culminated with me looking to do a system restore with time shift, as I was doing this, my cursor moved by itself and wouldn't let me continue. I was shocked and it took a while to figure out to walk away from the wifi. I then shut my laptop down. My laptop then wouldn't work for a while. When my laptop finally started the earlier time shift restore point was erased and a new restore point for that day was in it's place.

And what does the phone "hacking" look like?

[argentwolf]

Considering the "3 year" ordeal you've described, with multiple PC's "cleaned and re-cleaned", your need to access multiple untrustworthy public networks, and your resolve to put this threat/risk/compromise to bed, I'd simply deploy the portable operating system Tails and be done with this hell.
I would go ahead and nuke and pave the machine with the latest version of Linux Mint as is your want, but when you leave your protected domain (i.e., home network), strictly use the Tails OS. BAM!

Q: These "technical people" that were helping you, did they ever complete an offline scan of your system (e.g., Bitdefender Rescue Environment), and what were those results if any?

Q: What kind of perimeter defense (e.g., firewalls, Edge Threat Management, etc.) do you have protecting your home domain?

Q: do you control all the devices within your protected domain?

"Tails"
https://tails.net/

"Bitdefender Rescue Environment"
https://bitdefenderkey.me/EN/bitdefende ... ure-guide/

[argentwolf]

Huh, it would seem I entered the gate before others arrived, don't make a move until you've had others (in this forum) chime into your scenario...please don't accept my questions or solution as an appropriate path forward, I'm just a simple nobody with a loud sometime irritating incessant opine.

[coffee412]

If your using a wireless store bought router on your home network I would check its settings and perhaps reset it. That is one avenue of penetration if they hacked it.

Do you have a firewall setup on your laptop? Perhaps should look into that after a fresh install - Boot from a live cd ad nuke your partitions. Then boot up again and install. Do not trust any backups. You could be restoring hacked services or files.

[MikeNovember]

Hi,

You can read this guide (for the computer, at least), viewtopic.php?t=397740.

Regards,

MN

[JeffLM]

Thank you for the ideas!

***How do I totally nuke the laptop and partitions? And make sure it is free of root kit and boot loaders? *** I have run DBAN from a fresh install of DBAN. But LM forums say DBAN is not good for hacking and viruses.

I never go to old backups, everything is new. I have stored things on gdrive, and I download them from a public library and run them through virustotal, then send them to a new email address. Then I use a computer that's been logged out of at the library, another computer that also has no user files and is cleaned every use, download the file to a brand new USB, and use that.

Is there a way to have a user with privileges and a user that will just get wiped clean after every use? Someone mentioned "Stripmyrights" for something like that on a LM security forum.

Someone mentioned "tails", is that a good idea? What's the difference between tails and simply booting from a live USB each time (I'll do whatever it takes at this point.)

I appreciate the extended security tutorial. A challenge is that the techs I hire wish to spend as little time possible on this, and have not been honest about what they're doing ("Sure, I'll wipe it clean with an over write and check for root kits, etc., then do a simple fresh install). I don't have the knowledge to do that extended of a set up at the moment on the tutorial. And I'm out of the U.S. and it's more challenging to find knowledgeable techs (and challenging in the U.S., again, the one's I've hired have done what's quickest).

To answer questions:

I am doing activist work. I would like to think someone wouldn't hack me for that but techs keep telling me it seems more personal and is at a level they haven't seen.

I did put up the LM firewall years ago.

I do reset the router, continually. Or I turn it off and let it sit and then turn it back on, is that what you mean? And I travel continually so am usually at new places every couple of months. I only use the friend's wifi if it's a cleaned machine (I try not to use it with the hacked machine as I don't want to spread it. This has me going to the library when I need wifi.)

I don't use many vulnerable internet connections. I used a public wifi connection at the University after buying a new phone and laptop and the hacking started again.

Thank you again for the ideas! It seems what's most important is to nuke this free of boot loaders and rootkits, and find a way to have it wiped clean every time.

**Maybe there's a way to distill the thoroughness of Mike's tutorial into something I could get the young university computer lab techs to accomplish in 20 minutes?**

[argentwolf]

Where did you hear and why do you believe the issues you experienced using Windows will follow with your use of Linux?

[JeffLM]

I was using dual boot with Linux, running from Linux, when the hacking began. I no longer dual boot and only have Linux and the hacking continues.

[JeffLM]

**If someone could please answer the core of the question I would very much appreciate it (and I realize I wrote a lot):

***How do I totally nuke the laptop and partitions? And make sure it is free of root kit and boot loaders? *** I have run DBAN from a fresh install of DBAN. But LM forums say DBAN is not good for hacking and viruses and doesn't get rootkit and boot loaders.

Is there something like DBAN I could put on a new USB that would nuke the laptop, overwrite the data once, fully wipe the partitions, and remove rootkit and boot loaders?

[JeffLM]

***How do I totally nuke a laptop and partitions? And make sure it's free of root kit, boot loaders, and trojans? To make sure it's free of any viruses and inroads from hackers? *** The LM forums say DBAN is not good for hacking and viruses and doesn't get rootkit and boot loaders. I'm bringing the laptop to a tech friend tomorrow so am hoping to find out how to do that today.

Ideally I'd have something on a new USB like DBAN, that also gets rootkits and bootloaders.

Thank you.

[argentwolf]

"Blancco Drive Eraser"
https://www.blancco.com/products/drive-eraser/

Let us know the results.

Edit: You might want to call their technical support and discuss your wants.

[argentwolf]

Has anyone suggested putting a new drive in the machine? It might be the cheapest route...

[coffee412]

There is nothing special you have to do to get rid of unwanted software (rootkits,virus,adware ect...). A simple deletion of the partitions on the drive will do just nicely. After all, All these infections are just unwanted software mixed into your wanted software.

The next time you get infected I recommend that you actually do not do anything to the drive. Just remove and replace the drive as @argentwolf suggested however keep the other drive for investigation.

Just to be really thorough, Check if there is a bios update for your computer. Go and update the bios. Its going to dump the old and put in the new. I have heard of some really high level bio infections. It would not hurt and should be painless to do.

I would think that either someone has access to your local network which could provide access to your computer. My other thought is that someone might have physical access to your computer at some time.

[gomerpile]

Please Check Disk and try again
Please Check Disk and try again Enter
Please check disk and try again Enter
How many times do I press enter

[SMG]

***How do I totally nuke a laptop and partitions? And make sure it's free of root kit, boot loaders, and trojans? To make sure it's free of any viruses and inroads from hackers? *** The LM forums say DBAN is not good for hacking and viruses and doesn't get rootkit and boot loaders. I'm bringing the laptop to a tech friend tomorrow so am hoping to find out how to do that today.

Ideally I'd have something on a new USB like DBAN, that also gets rootkits and bootloaders.

Thank you.

Please do not create multiple topics on the same issue. This post (which you had as a new topic) has been merged into your existing topic on the same issue.

[JeffLM]

There is nothing special you have to do to get rid of unwanted software (rootkits,virus,adware ect...). A simple deletion of the partitions on the drive will do just nicely. After all, All these infections are just unwanted software mixed into your wanted software.

The next time you get infected I recommend that you actually do not do anything to the drive. Just remove and replace the drive as @argentwolf suggested however keep the other drive for investigation.

Just to be really thorough, Check if there is a bios update for your computer. Go and update the bios. Its going to dump the old and put in the new. I have heard of some really high level bio infections. It would not hurt and should be painless to do.

I would think that either someone has access to your local network which could provide access to your computer. My other thought is that someone might have physical access to your computer at some time.

Thank you.

So DBAN, and updating the bios should work?

1. I have a Toshiba where the harddrive failed. I've been using a live LM USB. Is it possible for a virus to be on a machine with a failed harddrive? (I'll look into updating the bios on it.)

2. Can the DBAN USB get the virus after installing into the infected machine?

3. Is there a way to set up a user without privileges for normal use, and a user with privileges if I need to update something or add software?

3a. Is there a way to set up the laptop so nothing can be added during use? I heard a computer lab say the PC was in "freeze" so nothing could be added.

4. "If it's a rootkit/boot loader that modifies the mbr, u might wanna rebuild the mbr as well..." This from the internet. Does DBAN clean the mbr?

5. Does erasing the harddrive offer anything over DBAN?

I travel continually and the hacking continues. It's followed me through different locations and countries, different computers. I don't think it could be the local network as it changes, and the hacking continues in different communities. It couldn't be physical access.

I read on Mike's tutorial people say not to download things from gdrive. Is gmail not safe? (I changed from gmail as my phone would get a virus immediately after I added my gmail account.

Can a virus travel from my phone to my PC with Linux?

I appreciate the suggestions.