History - Problem Started on Windows 7 x64 HP Laptop
I think a worm got through my firewalls through a D-Link router. I looked at the router logs and saw a lot of malware ports trying to connect AND an unrecognized MAC address changing itself trying to connect to that laptop. Then I saw an unknown device on my network connections. I got a new combo modem/router from Comcast.
Frequent programs showed magnifier, adobe, PowerShell. I think that the laptop was running as a server for chat programs or it was hacking other pc’s. I saw usernames and passwords briefly. I was able to access root and found a bunch of chat program .so files. Shortly after, “IT” shut the virus scan down that I was running and locked me out. There was a “default” user listed under advanced environmental variables and I could not delete it. I lost control of the laptop and it is gone.
Current Problem - Now Windows 8 x64 HP Laptop
I was having issues, so I did a refresh, and then upgraded to 8.1. Started having more problems, so did a system reinstall down to 8. Now I am stuck.
WiFi disconnected and no Ethernet connection on my part. I noticed a large amount of incoming and outgoing connections and constant changes to my Firewall, computer and access settings, a “Default” user listed under advanced environmental variables, and a new administrator under my name. Denial of service for virus sites i.e. TrendMicro. Of the suspect running programs, I am unable to kill DCOM, RPC, Bluetooth and a few others. I have uninstalled Bluetooth, CD/DVD Cyberlink Programs and the other programs running numerous times, but they always come back. I performed a Google search for DCOM and RPC and found a 2003 Microsoft Exploit where a worm infects system and a hacker takes over.
Microsoft has identified three serious vulnerabilities in the RPC DCOM
(Distributed Component Object Model) activation functionality. These routines are designed to enable DCOM messages to traverse the network using RPC. Many Microsoft applications and services rely on communicating in a distributed fashion using DCOM and RPC.
I downloaded all of the patches for the above 2003 issue from another computer to a pin drive; however, my USB ports and CD/DVD drive do not work and I have been completely disconnected from Internet. Virus scans do not pick up anything. I followed some other directions to troubleshoot. I checked WiFi settings and the drivers, seemed ok, but I disabled them anyway. It was the WLAN settings that are connecting to “IT.” I disabled and then uninstalled the WLAN drivers, so I thought. My permissions are decreasing rapidly. My admin account is gone. I did see a VT Drive under C at one point. There are several extra partitions that I am unable to view the details of or delete. “It” is accessing a windows.old folder and creating multiple System 32 folders with different drives listed. I saw that I had 32 desktops, multiple files named restore and multiple files named backup. I think every time I do a fix, it is changed back.
Occasionally, I see a little square box on my desktop that isn't part of the desktop image. Even in Safeboot. In regedit I saw a lot of inproc32. Yesterday, it was extremely hard to start-up the laptop. I think I am close to losing it.
I cannot fix this, I cannot uninstall .Net (anything), access Internet, or install anything. Any advice…PLEASE.