I have mostly resigned to my harsh reality of living with my malware infection. It has been 12 weeks. I believe that I've had something similar/the same as this fella:
Only when I do a recovery boot CD of Hiren's Boot CD or a Linux Live CD can I scan the hard drives where I found evidence of TR/Crypt.XPACK.Gen2 - Gen 3. It seems like there would be ransomware, but the request for ransom never appears. The first machine that was infected had the mobo MSI X99A Gaming 7....this mobo has 8 RAM slots and is likely seen as a small webserver from a hacker-targeting point of view....or it could be the source of the issue with the new Windows Creator's update. When the infection seems to "kick on" it adds 11-12 new users to the security accounts (mostly remote users) and downgrades my user and Windows Image from Admin on a Home Win 10 PC to that of a Windows Terminal Server Client with Terminal User privileges (REMOTE users have effectively more privileges than I do). Since then, the issue has infected 3 computers at my home, 1 laptop, 7 computers at my office, and strangely enough, I think my Android Mobile Phone for awhile (it didn't seem like the same infection, just the timing was too close to be coincidental). Infected devices that I've owned "reach out" to find other devices by means of Bluetooth, NFC, WiFi Direct, even Miracast...I presume that it is trying to infect new devices, but have no proof---only that I explicitly turn off those radios on my desktop computers and mobile phones only to find them automatically switched back on as soon as they are idle. I have been searching for MONTHS for someone to address this problem, but all of the threads I find that may be similar infections remain unanswered or are abandoned.
I would love to have some insight on this new strain of wee-beast so that I can once again have a normal computing life. Thank you all for your marvelous public service.
Edited by hamluis, 19 August 2017 - 09:15 AM.
Moved from MRL to Am I Infected - Hamluis.