im constantly being attacked by russian hackers

[AidenAK1247]

hi, i'm kinda in a dire situation here i recently made the rookie mistake of downloading random crap on the internet and accidentally installed a virus. i managed to reset my laptop as i had no precious data on my laptop just games but in the process of installing the virus it opened, i'm willingly and confidently saying 70-100 chrome tabs all leading to random sketchy ass Russian websites. for the first week i hadn't noticed anything. However when i went to sign in for steam i was locked out of my account and this was due to having my password changed by someone in Russia, not only that but they also changed my only 2fa which was my phone number. which meant i was fully locked out of my steam account. i was fortunate enough to show valid proof that i owned that steam account and i got it back within a day. but it seems almost every 2 weeks i'm getting attacked with random sign- in attempt from Russia. yes, i have changed my password, almost every week yet somehow it's always a random sign in attempt. i even thought of adding my secondary email/ recovery email would solve the issue, but so far the situation has gotten worse. these Russian "hackers" managed to attempt to sign in to my other account. so far my steam account being hacked was the worst it got. and  no further damage has been dealt however it is a rather tedious process of changing my password every week and scouting out for any suspicious sign in attempts especially when hackers can still access my account even with phone and second account. its not like i have bank details or serious information but it would be a real nuisance to have to start a new account. i get i got what i deserved from installing random crap and i wont ever make the same mistake ever again. but plz i really need help. i really need these accounts.

[keskparane]

Well they've got you pegged so they gonna try. You have to remember that a Suspicious sign-in attempt is just that.. an attempt. Just like me trying to log in to any random email address I could find. Attempts aren't really a big problem so long as brute force attacks are disabled.

 

I would expect if you changed both the user name and the email address they wouldn't have any idea and you would stop the attempt emails.

[ThisIsCheez]

Quote

i managed to reset my laptop as i had no precious data on my laptop just games

When you say reset do you mean using the built in Windows reset feature? If so, that doesn't cut it IMO. Here's what I'd suggest.

 

1. Completely reinstall Windows. Don't use the reset or recover feature, wipe the drive and reinstall. Use another computer to create the install media and follow this YouTube video if you're unfamiliar with Windows reinstall. This will wipe EVERYTHING on the drive, backup what you want to keep.
2. Download your browser of choice (I suggest Firefox, but chrome is fine), install uBlock Origin, and NoScript. uBlock Origin blocks ads, you wouldn't believe how many people get viruses from clicking on an ad that looks like a download link/button. NoScript blocks all scripts from running on a webpage until you allow them. Allows you to make the mistake of visiting a sketchy site without having to worry about anything nasty running.
3. Get a password manager. I use RoboForm but LastPass and Keeper are good choices too. Change your password on EVERYTHING you use, make the passwords long as hell and all different, and enable 2FA on everything you use that offers it.
4. Triple check your accounts to make sure they didn't add a 2nd phone number/email that allows them to recover your account.
5. Update the firmware and change the default admin password on your router.
6. Use common sense and be careful in the future.
7. Not required, but get a Raspberry Pi for $5 and setup PiHole. It's a DNS service that blocks ads and malicious addresses. If anything get it for the convenience of never having ads again.

If you have any other questions let me know.

 

EDIT: Just noticed you might just be getting attempts and not successful sign ins. Honestly, that's just life on the web and you'll have to deal with it. if you have a Hotmail/Live/Microsoft account and view your sign in activity under the privacy settings you'll be amazed how many people try to sign into your account each day. If they aren't successfully signing in, don't worry. If they are, follow my steps.

[WereCatf]

7 minutes ago, keskparane said:

Well they've got you pegged so they gonna try. You have to remember that a Suspicious sign-in attempt is just that.. an attempt.

Exactly this. @AidenAK1247 there is no reason to get all worked up over someone attempting to break in as long as you're certain your PC doesn't have any viruses or malware now and you've changed your passwords to strong ones after you cleaned up your PC. They'll just simply eventually give up and move on to another target.

[Jarsky]

Sign-in attempts are quite common from bots phishing for accounts to compromise. 

Make sure that you change to strong passwords on any of your accounts, recommend using LastPass and using generated passwords. 

Also make sure you have 2FA turned on with everything possible as well, especially on a cloud password vault service you might use like LastPass

It'll ease off over time. I see attempts in my logs every single day from China,Russia,Iran, etc....but they never get anywhere. 

 

[AidenAK1247]

36 minutes ago, ThisIsCheez said:

When you say reset do you mean using the built in Windows reset feature? If so, that doesn't cut it IMO. Here's what I'd suggest.

 

1. Completely reinstall Windows. Don't use the reset or recover feature, wipe the drive and reinstall. Use another computer to create the install media and follow this YouTube video if you're unfamiliar with Windows reinstall. This will wipe EVERYTHING on the drive, backup what you want to keep.
2. Download your browser of choice (I suggest Firefox, but chrome is fine), install uBlock Origin, and NoScript. uBlock Origin blocks ads, you wouldn't believe how many people get viruses from clicking on an ad that looks like a download link/button. NoScript blocks all scripts from running on a webpage until you allow them. Allows you to make the mistake of visiting a sketchy site without having to worry about anything nasty running.
3. Get a password manager. I use RoboForm but LastPass and Keeper are good choices too. Change your password on EVERYTHING you use, make the passwords long as hell and all different, and enable 2FA on everything you use that offers it.
4. Triple check your accounts to make sure they didn't add a 2nd phone number/email that allows them to recover your account.
5. Update the firmware and change the default admin password on your router.
6. Use common sense and be careful in the future.
7. Not required, but get a Raspberry Pi for $5 and setup PiHole. It's a DNS service that blocks ads and malicious addresses. If anything get it for the convenience of never having ads again.

If you have any other questions let me know.

 

EDIT: Just noticed you might just be getting attempts and not successful sign ins. Honestly, that's just life on the web and you'll have to deal with it. if you have a Hotmail/Live/Microsoft account and view your sign in activity under the privacy settings you'll be amazed how many people try to sign into your account each day. If they aren't successfully signing in, don't worry. If they are, follow my steps.

when i reset my laptop i made sure that i clicked on the clean drive option which usually take longer. wouldn't this be enough to erase any previous data or malicious viruses altogether

 

[ThisIsCheez]

6 minutes ago, AidenAK1247 said:

when i reset my laptop i made sure that i clicked on the clean drive option which usually take longer. wouldn't this be enough to erase any previous data or malicious viruses altogether

 

I never trust the built in reset function when a PC has been compromised. Windows installs take 10 minutes nowadays so it makes since to do it that way.

[Kisai]

1 hour ago, Jarsky said:

Sign-in attempts are quite common from bots phishing for accounts to compromise. 

 

Nope. Absolutely nope.

 

You have to be doing something very very wrong to be hit by more than one bad sign-in attempt. Which means:

1) You did something very stupid, like downloading pirated content.

and

2) You ticked the "stay signed in" box on the website.

 

Never, EVER, stay signed in on any site, and never EVER save your payment methods to any site that maintains persistent state. That includes Apple, Steam, Paypal, Amazon, and EBay. After you are done with these sites, log out and clear the session cookies for it. If you must use gmail/youtube , don't save a payment option past the point of payment.

 

The payment details often contain your shipping information and contact information. This is enough information to go on a raid to your financial accounts.

 

When you get a sign-in notification, and you didn't, like in the last 5 minutes signinto that site, immediately reset the password. The only time I've ever personally seen this kind of thing is when mint.com started triggering the "a new signin from (browser) has been detected, if this wasn't you reset your password now" from a bank, and I saw the notice from the bank before I saw the notice from mint.com. After I reset it, and then updated mint.com, I saw the same login from mint.com with the same browser id. So I knew that was it and could ignore it.

 

Phishing emails, or at least the ones that manage to get through, only come about because you used your email address on some site that had it's data leaked, and that often includes the name you signed up with. For example, the yahoo data breech of 2012-2016 (check your spam mail for settlement notices.) If your email is the same one you've been using since 1999, it's very likely that you're still using it, and have suffered at least a minor damage from your personal information being leaked. 

 

Which is why when you sign up to a site, unless you have a financial interest in the site (eg you will be paying them, or you will be paid by them) you should never sign up under your real name. "Real Name" policies only ensure that phishing is 100% successful. As far as you and that site is concerned, whatever name you give it is your real name.

 

Anyway, the "100's of tabs" was probably the virus abusing the saved logins of those sites using your real ip address and then reporting back to it's bot overlord which ones succeeded.

 

Resetting Windows is not enough. This is one of those cases where I'd suggest pulling the hard drive out and putting in a new one. Scavenge any data from the old drive later. Install the OS new to a new drive.

[AidenAK1247]

On 9/29/2019 at 8:00 PM, Kisai said:

Nope. Absolutely nope.

 

You have to be doing something very very wrong to be hit by more than one bad sign-in attempt. Which means:

1) You did something very stupid, like downloading pirated content.

and

2) You ticked the "stay signed in" box on the website.

 

Never, EVER, stay signed in on any site, and never EVER save your payment methods to any site that maintains persistent state. That includes Apple, Steam, Paypal, Amazon, and EBay. After you are done with these sites, log out and clear the session cookies for it. If you must use gmail/youtube , don't save a payment option past the point of payment.

 

The payment details often contain your shipping information and contact information. This is enough information to go on a raid to your financial accounts.

 

When you get a sign-in notification, and you didn't, like in the last 5 minutes signinto that site, immediately reset the password. The only time I've ever personally seen this kind of thing is when mint.com started triggering the "a new signin from (browser) has been detected, if this wasn't you reset your password now" from a bank, and I saw the notice from the bank before I saw the notice from mint.com. After I reset it, and then updated mint.com, I saw the same login from mint.com with the same browser id. So I knew that was it and could ignore it.

 

Phishing emails, or at least the ones that manage to get through, only come about because you used your email address on some site that had it's data leaked, and that often includes the name you signed up with. For example, the yahoo data breech of 2012-2016 (check your spam mail for settlement notices.) If your email is the same one you've been using since 1999, it's very likely that you're still using it, and have suffered at least a minor damage from your personal information being leaked. 

 

Which is why when you sign up to a site, unless you have a financial interest in the site (eg you will be paying them, or you will be paid by them) you should never sign up under your real name. "Real Name" policies only ensure that phishing is 100% successful. As far as you and that site is concerned, whatever name you give it is your real name.

 

Anyway, the "100's of tabs" was probably the virus abusing the saved logins of those sites using your real ip address and then reporting back to it's bot overlord which ones succeeded.

 

Resetting Windows is not enough. This is one of those cases where I'd suggest pulling the hard drive out and putting in a new one. Scavenge any data from the old drive later. Install the OS new to a new drive.

ok will do

[AidenAK1247]

Just now, AidenAK1247 said:

ok will do

the biggest problem is that i use a laptop so...... i dont feel like voidin my waranty