Hackers are on my computer. Antivirus doesn't detect it

Viruses and worms
1

Do you notice anything abnormal on this netstat -ano cmd command?

1: https://imgur.com/a/UGSbj
2: https://imgur.com/a/SfNOJ
3: https://imgur.com/a/4mMvo

I just looked into this and you can apparently tell if you’re being hacked by using the netstat -b cmd command, too:

1: https://imgur.com/a/DlmCr
2: https://imgur.com/a/7aVmI

[s]I type in Google: “what is my IP” and this IP address appears: https://imgur.com/a/2DWES

Why is it coming out like this? It doesn’t look like a normal IP address to me. [/s]

On AVAST, when I go to: Protection > Firewall > Settings > Friends,

These IP addresses appear (nobody I know of have added these): https://imgur.com/a/8y4tP <<<< is this normal or do these have to be added by a user manually?

I looked at the Firewall logs a couple of days ago, there was a lot of blocked traffic. Now it seems to have been cleared. Maybe the hackers saw it, and got rid of it?

Firewall logs (rules): https://imgur.com/a/HtEAu

Long story short:

I gave some hackers some shit earlier in the year on IRC (at the time I wasn’t aware that they were hackers). Somehow I think they’re sending malware through the servers - either the admins of the network are doing dodgy shit, or they’ve befriended an admin, and gained access to the servers. These are just assumptions, but how else could they send malware through IRC without somebody accepting a file? I think my computer was part of a Botnet, and they gained a lot of personal information on me. Well, I know my devices were part of a Botnet or something similar because they leaked personal stuff from my mobile phone. My Mum’s email address was on my email inbox, and I’m concerned they sent her malware and she clicked on it. They were also saying “do you like Sonic” and stuff, and my little brother loves Sonic. Sonic is his background picture on this laptop, too. :confused:

I did a Home Network Security scan on her computer, and this message popped up: “Your router has been hacked and its DNS settings have been modified to serve malicious contents”, as well as other network concerns.

My Mum’s router username and password were the default log-in details (my family don’t know about stuff like this, I didn’t take much concern into this either until recently). I tried to change the routers default password to something else several times, but it wouldn’t allow me to. I tried to call her ISP to fix this, but they couldn’t fix it either, so we had to get another router.

I know the hackers are on my Mum’s/Brother’s laptop still, even after several anti-virus scans.

I did several factory resets on my laptops that were infected, and somehow they were still on. I suspect the malware could be stored elsewhere other than the hard drive, such as the BIOS etc? I don’t really want to fuck my Mum’s laptop up if I do something wrong.

2

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

3

B
I tried to download FRST, and I get this (program blocked by Avast) Scroll to the right to see it on the picture. But no malware is showing on antivirus scans, I think the malware is stored somewhere else other than the hard drive.

Edit: Never mind, it’s because Avast is in Hardened Mode.

4

Either allow FRST in Avast or download and run it in safe mode.

5

What Google shows as your IP address is just a normal IPV6 IP.

6

@Ben206,

You are in the Greater London Area on a skybroadband.com IP, and I get from a netcraft report,
that the address is on a policy blocklist. Could be a akamaitechnologies.com hick-up, or has issues.

polonus

7

I’m not in the Greater London area. What does it mean to be on a policy blocklist? :S Also, how would you know that when I blocked out most of my IP? Haha.

Also, do you think hackers are on my computer from the netstat -ano and -b cmd command results? It’s a long story but I think these hackers are setting me up to be a hacker. I know who they are, but they have a lot of ammo on me. The OS looks modified. I know they’re on here. I think the malware is stored elsewhere than the hard drive.

netstat -ano cmd command:

1: https://imgur.com/a/UGSbj
2: https://imgur.com/a/SfNOJ
3: https://imgur.com/a/4mMvo

netstat -b cmd command:
1: https://imgur.com/a/DlmCr
2: https://imgur.com/a/7aVmI

On AVAST, when I go to: Protection > Firewall > Settings > Friends, these IP addresses appear (nobody we know of have added these): https://imgur.com/a/8y4tP <<<< is this normal or do these have to be added by a user manually?

8

Ben,

the only thing I see is posting things that really don’t have any clue about what they are/how they work.

9

Me? Pretty much, lol. I know there’s hackers on this computer, though. It’s driving me crazy.

On Avast, when you go to Protection > Firewall > Settings > Friends

Do you have IPs on there?

10

Oh ok, haha. I’ll remove it from the thread.

11
Also, how would you know that [b]when I blocked out most of my IP?[/b] Haha.
Explaine ???
12

I scribbled out most of it: https://imgur.com/a/2DWES

13

How do you block most of your phone number?

Scribbling on a picture does not hide your IP

14

So why did polonus say I’m from Greater London Area and that I’m on a policy blocklist? The only thing right there was that I’m on a skybroadband.com IP. I’m not even connected to a VPN.

15
So why did polonus say I'm from Greater London Area and that I'm on a policy blocklist?
That's where the skybroadband server you are connected to is located and your IP may appear on a blocklist
16

I just googled what a Blocklist is, and I see this: https://zeltser.com/malicious-ip-blocklists/

So, I think my Mum’s devices have been hacked, and now I find out her IP is on a Blocklist?

17

Start learning first.
You don’t even know what a IPV6 address is.
Here is a good start > http://computer.howstuffworks.com/