Approximately two weeks ago all of the media on my pc disappeared, within hours all the files were gone and drivers removed. So I immediately used gpart to secure erase the drive I reflashed bios and did clean install of win7. The pc is on lan behind Sonicwall tz210. Within a day it began again, while I still had access I ran every major rootkit detector out there they all came back clean. The pattern just repeats. Now it also has control of both me and my son's phone's (android) it installed vpn's on both. It is just malicious.
What I've learned: it operates while in safe mode, every time I log in event viewer sees from 2 to 6 additional logins immediately after. It attaches my pc to a network.
Pc/Pc as an example. Net commands always lead back to 127.0.0.0
It changes tactics and seems almost vindictive. I am at whits end.
Today while trying to replace drivers using a live cd I mounted the drive while working I also had a usb installed somehow I intercepted 100's of html documents I have no idea what they are. It has virtually crippled the house.
Any ideas would be greatly appreciated.