My computer was infected by a device driver I will call HarlanHugo Hack since nobody has ever heard of it. On 2011-10-25, approx 05:49 Central America Time, a malicious device driver installed on my computer (newly purchased) when I plugged my LAN cable into my router (NETGEAR Wireless-G WGR614) to set up it's configuration. At the time, the router was physically disconnected from the DSL modem (TENDA D840R)., which was powered down.
The computer is in Spanish and the hacked files are in English.
The WindowsUpdate.log in the Windows folder captures the sequence of events:
1. Identifies whether Windows Update access is disabled and enables it, then it installs it's own Windows Update package.
2. Identifies the operating system, computer brand/model, and BIOS.
3. Enables remote services, auto play, and firewall rules.
4. Reboots with replaced Windows system files.
5. Sends it's report home (after I connected to the internet the next day.)
6. Continues downloading it's "Windows Updates" until the entire operating system and Acer OEM programs are replaced.
7. Downloads and installs replacement BIOS.
8. Changes IP freely, secretly enables WiFi so it looks like it's off.
9. Installs malicious driver code to every device connected by USB and network.
10. Remote Desktop stays enabled and once all the Windows files are replaced, they are in complete control.
I Used every brand of AV software, scans reveal nothing wrong because everything passes as authentic Microsoft.
During the time I was troubleshooting, the hackers made it apparent that they were paying attention and changed locations of their files.
They watch and listen through the camera and microphone even when no user is logged in. Their BIOS installs a permanent X Boot
drive, which won't even be DBAN'd away.
I sent a sample of their explorer.exe file to Microsoft months ago. (It downloads updates from it's own server.)
That's not all, since I have been trying to upload their files for analysis, the hackers track my moves and corrupt my friend's computers immediately
without any downloading by us at all. Apparently they have the ability to hack any computer they want, hack any phone, tap my calls and drop and reroute them, etc.
Please, somebody track these hackers because they seriously interfere with my life. I am on my 3rd replacement computer, and have lost other devices
by WiFi corruption (Vivitar camera), OTA downloads to my HP Veer, which unfortunately, I could not pull the battery from. All law enforcement agencies
say they won't help because I'm not being threatened, and nothing was stolen from me.
Please somebody out there, help me.
P.S. Find the note "Microsoft Security Hole" on Facebook
Edited by Andrew, 05 December 2011 - 07:34 PM.
Mod Edit: Moved From Breaking Security News To AII - AA