I had been using my computer for a while casually wondering why I could hear the occasional 'hardware' found or removed noise (you know that noise). Because I use memory sticks etc, I just thought maybe it was a delayed response. But it happened so often I just couldn't figure it. Eventually I started to wonder if this noise had anything to do with weird firewall activity (not coming on at start up, having to manually switch it on etc). Then I got ongoing problems with my wireless connection and had to spend ages figuring out why my machine just wasn't acting like it was on broadband anymore.... yeah.
Anyway. This is going to sound freaky but I got up in a slight sweat one night at like 3am for no reason other than an impulse to pull the socket on my computer ( I was a 24/7 stand by user). I did just that that night and the next morning spent the whole day making a presumption that I'd been hacked because of the horrible feeling I'd had the previous night.
Here are the horrors I found: My operating system is Windows XP. My computer is a Dell Inspiron 1300 and since purchase has never been touched other than by me and I'd never even entered administrator account let alone set passwords etc. (I know...). Well the hacker had partitioned my hardrive and the secondary drive was an NT system. (Only found this out when trying to reinstall). When I eventually logged in in safe mode and as administrator, I unchecked folder visibility and found that he had deposited a rich and cuddly (and extensive!!) array of folders all over my computer. Many of which were NTuser files and so on. There were new folders and installations everywhere. My computer/my docs/installations.. God. I also discovered a box of tricks of his including copies of my work folder and copies of all and every spreadsheet I'd made.
There's worse. When I got up Search Companion I found a C drive clone symbol. I made a presumption he had or was in the process of copying my whole drive...
By now, I'd lost a stone in water weight by sweating and swearing. I ran my virus checker in safe mode - it took 8 hours and what's worse!!!!! is the hacker stopped it on my first attempt. I woke up at 4am to run it the second time. It found 47 issues (in normal mode found none!). I went about attempting to delete them all.
I discovered that he was using Remote Access to get daily control and that was runnnig at start up and he had managed to script or run group policies etc. on various systems and services meaning I had no way of just unchecking stuff.
Okay. Moving on. After dozens of books out of the library, loads of research, I thought it was all too far gone and I had to reinstall. Saved my docs (and that's another story - since opening that up again on another computer, that's also been riddled with rubbish...). And proceeded to reinstall. But here's my problem and the reason for this long (sorry... but it's a relief to get it off my chest...) story.
Every time I try a reinstall (and this is my third attempt), the hacker's configurations are still coming through on each clean install. He has used Files and Settings Transfer Wizard to carry through all stuff like his files and installations plus his policies covering my services etc. When I go into for example Secondary Logon and Terminal, Remote Desktop, Remote Access etc. his passwords and name are littered through them all (before reinstall I couldn't see these but now even though I can see them and uncheck them, they come back). He had installed Hyper Terminal but I can't see that now. It's my belief two things have happened, firstly he's used FSTWizard secondly I think there must be some script running that activates if and when I make certain actions. I can now uncheck the firewall exception to remote access but that doesn't help me if there is some recurring virus that can reopen some backdoor for the monster criminal on my computer. I read that remote access cannot work without msn or outlook so I've tried to uninstall them both and have had fun and games in my registry...yeah...
So here I am. Fourth reinstall attempt. Computer shattered and jumpy and jittery after my manic expeditions into both bios and registry. I have at least deleted his blasted operating system and have reinstalled xp on one hard drive. Can you help???? How do I reverse the initialization point when reinstalling XP which is I presume the point at which the file and transfer setting configurations take place.? Secondly, can I disable or manually remove the network card to give me space to sort this out? I'm (was?) clearly on his network and am his zombie.
Thanks so much in advance and apologies again for this mega mail.