Can someone please give me some recommendations as to what the very first steps for securing a Windows PC after wiping and reimagining? Someone has been able to connect to my not only my computer but my iPhone and galaxy tablet also. I do not know how they are doing this, it almost appears that they can connect even if my WiFi is turned off and I’m not even connected to the network. At least this is what the event manager is saying. It talks about terminal this and terminal that. I’ve never used direct connect nor have I ever even known that you can have a Bluetooth network which from what I’ve read can connect to machines and mobile devices up to almost a mile away. I always thought of Bluetooth as hooking up a speaker, or mouse or keyboard. Something very close by. As if the last time I had decided to reimage, I had come across 3 Bitcoin miners, all kinds of apps that I hadn’t installed and all sorts of Microsoft office databases using excel, word and other programs that I don’t use all that frequently. The list actually goes on and on and on. I wish I could log and I know that I can but I just do not know how to get a log to run from command line to a place like C:/users/*****/Documents which would make monitoring it much easier. Plus I am at the point that I don’t even know that I trust any program on my of because I have an intel processor yet most of the time that I check the driver it says AMD64 in its location path. I have found certificates that are not trusted and honestly I have even thought that my programs have been manipulated so badly so that for instance, Nord VPN , isn’t really doing anything or it’s not actually protecting me. I’ve been a Windows user since the late 1990’s however I have never kept up with the technology and it has become very complex. I did find a document or something written within this document which states that “They were targeting machines with the highest computing power. “ I’m running a Dell xos 13 which has some amazing specs but I worry that it’s going to be ruined as my last Alienware r13 happened to just die very suddenly without any indications.
I know that whoever it is hacked my router when I was in the UI online and noticed port forwarding was turned in and services were being forwarded. When I went to change the password for the admin login, I would go to change it and before I could do so a pop up would shoot up on my iPhone asking me to save a password full of swear words and gay slurs. Obviously not something that I had done. I tried changing this over and over and over and this person was able to do it faster than I could and I was standing right under the router in the basement. At that time, 2 years ago I decided no more router. Everything will be hard wired from that point on.
I have recently decided that I need a router. Not for computing but for a printer and an air purifier. I have purchased a mobile hotspot which I hard wire to my computer however it really doesn’t seem to do anything t I stop these things from happening. I have even tried putting this out of my mind for about a year because I just do not know what to do or who to go to and that no one believes me or can’t help me. The activity lately since adding a router along with a switch has become so blatant that it is impossible to ignore.
Are there any things that I can do right away with. Freshly installed image onto a 2 TB hard drive in attempt to lock the machine down solid? I do not use Active Directory, however I’d love to learn and I don’t have a server, (however I’d love to learn) but I’ve noticed time and time again that Active directory is being used and several servers show in command line or event manager. I have tried over and over to stop this because don’t even feel like the computer is my computer anymore. Sure it is right in front of me but its resources are being used by someone anonymously. This angers me and just recently I had swapped out hard drives yet found that the OS want running smoothly at all and in recovery mode I ran disk part and found that both 2TB SSD hard drives were practically full! I had to format both and re image once again. The image is over the internet straight from Dell, or at least I hope because it seems that everything I do is misleading.
Please help me…. I know the obvious basics like antivirus, firewall, malwarebytes etc but there has got to be policy, permissions, components and network adapters I can control and keep a detailed log. Whatever is happening, seems to be a cake walk for whoever is doing it and I do not stand a chance in stopping
