This all started about 4-6 weeks ago and I have since battled this thing into my own demise of replacing HDD and purchasing a new SSD, attempting a Toshiba disc recovery install (failed), and finally a complete wipe and re-install of temporary Windows 7 with an old install disc. Timing-wise it aligns pretty successfully with all the WannaCry (now SambaCry) outbreaks so I am wondering if I fall into that boat (thinking: doubtful), problem being I have yet to successfully find a solution....
Long story long, I use a Raspberry Pi to run a Kodi Media Center (yay, subtitles!) and I updated for the early Krypton and then downloaded what I am pretty positive at this point is something terrible. Immediately I saw issues with my router, which also connected the Raspi via ethernet, where my ip address and DNS listings seemed to be off and I wasn't able to connect remotely. I also tried to wipe the SD card for the pi in my PC, which then started the fun on my computer. (The Raspi was also set with my VPN which I am now worried about, since it now won't log back into the new Raspi.) Trying to get antivirus for the computer, I used a USB to grab programs back and forth off of my gf's new Macbook which she then had to wipe a few weeks later. I have had issues with iCloud, etc, but I believe all that has been resolved.
At this point I have reset my router three times, thought things with the Raspi were fixed (replaced the whole thing), and assumed a new hard drive would resolve the PC problems, but then I decided to SSH into the new Pi to find possible problems and landed my PC back into the current issues:
- Boot up with "Esc" asks "Which OS I want to login to?" while only listing Windows...(possible Linux booter??) -- Initial Windows Repair look showed a separate "X:Boot" drive?
- Logged in with the new SSD and Windows re-installation and the computer/my account is trapped under "Public" and listed under Network Sharing (with infrastructure items listed -- Network Map included Router & switch, but router is RT-N66U) & I am asked what I want to include on my Homegroup; my ability to see myself as listed under the network later disappeared when I got online -- showed back up after I ran Rogue Killer (see below)
- I am listed as on a WORKGROUP and Network ID states "This computer is part of a business network" -- Cannot change to "This is a home computer" via saving, saving/rebooting, etc
- Was being forced onto a "Public" network (with no way to change to "Home") every time I logged onto my Home wifi network and the "svchost.exe" file would multiply go insane
Attached are the FRST logs -- I reinstalled Windows 3 times, completed a RKill run (log attached), launched/scanned with Malwarebytes (found nothing), bought/running Emsisoft (found nothing -- but has been warning constantly about redirection to phishing websites), and chugged through Rogue Killer (also found nothing). Completion of Rogue Killer did log me off my Wifi and brought back the ability to see myself on the Network, until the Wifi auto reconnected when it disappeared -- since then I am noted as back on the Home network and was able to turn off "Network discovery" and "Printer & File Sharing" discovery for both Home and Public profiles, so I am hoping we are near the end.
I haven't restarted for fear that this will all just be sitting there to come back -- Currently when I (still) try to even download Combofix it is immediately deleted and I have a few " .exe *32" apps running, though those may be nothing.
Thoughts?? Am I nuts? lol
Thank you in advance -- You guys know everything.
Edited by Snazzleq, 11 June 2017 - 05:11 PM.