I have been in computers since 1982 and 2 years ago I had a 6 hour spinal fusion and it was a failure so I spend most of every day in bed suffering with severe pain.
On March 13th I was hacked on my 4 home Windows XP from the Port 3389 RDP flaw that Microsoft released. The culprit ruined 20 years of data and about 20 terabytes of home data.
So I needed one computer or laptop to fix the others. For the last 2 weeks I have been purchasing and returning laptops and various routers as they were hacked at the BIOS level.
What I have found out is this. I do an ARP -a from the command prompt and it shows my router's dynamic address and then 4 other static IP's.
22.214.171.124, 192.168.2.255, 126.96.36.199 and 255.255.255.255.
I use GPEDIT.MSC and lock down all remote access and disabled netmeeting and Windows Media Center Sharing. I block most default incoming rules for my firewall and I disable the 6to4 microsoft adapter, the Teredo Tunneling Pseudo-Interface as well as ISATAP from gpedit.
I also go into the network card properties and remove the IPv6 and file and print sharing.
I then go into device manager and select "view Hidden Devices" Even though I disable the various VPN tunneling and RAS adapters they still come back.
I had my 6th returned router configured at the lab from the Vendor I purchased it from. The hacker still hacked the 16 hexidecimal admin password and set up a route to allow 188.8.131.52, 192.168.2.55, 184.108.40.206 and 255.255.255.255. I am uncertain and very stressed on how someone can easily hack my router and add a vpn tunnel into my laptop even though my router has all vpn turned off.
I noticed that they use Powershell, WBEM and Systems Management BIOS and Windows Media Center Sharing to somehow hook my laptop's NVRAM so even after you format the hard drive or hard set your router their routes come back. Their tunneling bypasses my Windows Group policies.
I am in severe pain, and I am getting married this summer and would love if someone can help me solve this before it kills me as it has been going on for the past 6 weeks. Thank you! Brent Waddell email firstname.lastname@example.org
I forgot to mention the 5 laptops I have purchased and returned for my bedroom have Windows 7 professional on it.
Any laptop or router I pick up, as soon as I plug into the net, I get hit with a VPN tunnel hacker that binds to my RAS or Teredo adapter. I think they are DNS Spoofing me and blocking me from getting any KasperSky updates. I think a lot of the sites I go to are not the real ones.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...