I just signed up today after reading many posts from this forum and trying to clean a virus from my home computers that has been giving me fits. I have been trying to clean this from two Win 8.1 machines but I belive that every other computer on my home network also has the same virus and it has even infected the two android tablets that we have.
My background is I am a Senior IT engineer and have been working in IT for over 25 years. I have done everything from programming, middleware configuration, Windows and Unix administration, telecom, security and internet setup for small businesses to major corporations. My first PC was a Commodore 64 with two floppy disks (which really dates me) and currently I have two Win81 and two Win7 machines along with two android tablets on my home network that I believe all have been infected with this virus.
I consider myself very competent in all things IT and after over a month of trying to clean my machines of this virus have learned quite a bit about how it works. Whoever wrote this is a genius and it has its own form of artificial intelligence aided by the remote access that whoever is behind this has set up to the various devices on my home network. I have gotten to the point that I have watched how the virus is loaded and what changes it makes to get control and bypass being discovered by all the normal virus software. I am equally impressed and annoyed at the amount logic put into this virus and need the help of the experts on this site to get rid of it for good.
I have already loaded most of the big Security/Virus software packages and have tried many of the standalone tools recommended on this site and no matter what I load it rarely can even detect and cannot clean this virus. I know that part of it is a rootkit and have wiped both Win81 computers more than once. From a freshly wiped (with Disk Kill) and formatted disk with Win8.1 installed from clean DVDs and all the SMB/file sharing and security holes of Win8.1 disabled and all other machines turned off, within 10 minutes of being on the network it will get re-infected. I also found out that one of my android tablets was never actually turning off (even though is showed powered off but still had a charged battery) and it was connecting over bluetooth to transfer the initial files to the clean machine to kick off the virus. After that initial bluetooth connection it opens a port to the internet and modifies many of the protocols to allow it to connect and change hundreds of files. Those modified and resigned Microsoft files show up as clean on VirusTotal or by all the checkers that supposedly will prevent this from happening.
I have found a few posts on this site that match the symptoms of what has infected my machines and I will post the normal required log files and see where this goes. I have tried almost everything to block and clean this and one way or another it always comes back so any help on how to clear it and prevent any future attacks will be welcomed.