Just want to start off by saying that I work in the IT industry and have done for the last 8 years, and even I cannot shake this nasty Rootkit which so far has infected, to my knowledge, 1 x Win10 Dell Work Desktop PC, 1 x Win7 Laptop , 2 x Windows 10 Laptops, 1 x Android Phone (Moto G), 1 x MacBook Pro, 1 x old Lenovo which I use for Kali Linux (just for messing around, learning IT Sec, the irony!), 1 x Synology 412+ NAS Drive, and even my Nokia N95 (believe it or not).
I've used Wireshark to monitor traffic coming in and out of my property, to which Wireshark is telling me that it's completely abnormal. This is using home broadband and also a Mobile 4G Router, same results.
On my main Laptop, a Clevo P375SM-A Gaming Laptop, I was battling with someone who had gained access and was controlling my mouse, locking me out of my machine, firing up random services, and then eventually I found traces that he had been broadcasting me from webcam across Flikr.com and Vox.com, which is really quite unnerving and shocked me (I've put some Bluetack across the lens now)
If I disable the WiFi in the BIOS of my Clevo, the computer fails the boot. This is the same with Bluetooth. On one machine (Win 7 Laptop) I was able to pull the WiFi adapter out so there was no way they could bypass the WiFi being turned off. I managed to pull off some logs which prove that they were tampering with my N95 and pushing Python script to it.
I've removed Network access to the N95 (now turned off) and saved the files (which are all encrypted) and suspect that they are photos of me or where I've been. I only say this as the N95 is an old phone now and you can actually hear the lens clicking every 5 seconds or so when turned on. Also, these files would disappear when I connected back to the network, suspect they all get uploaded to some remote location, so hopefully I can decrypt these files and get some idea on who is messing with me.
I've been dealing with this for the past month and am afraid to even turn my machines on. Currently using the Mac to start this topic as it seems the least affected. My gaming Laptop, from research, appears to have been used to mine bitcoins for someone, which would explain the performance decrease before I discovered that this is a much, much more sinister issue.
I have spent countless hours with the Clevo (being a £2k+ Laptop) reinstalling the BIOS, doing SSD secure erase, reinstalling Windows, to no avail - keeps on coming back.
MalwareBytes picks up "Backdoor.Trojan Bot" plus multiple related Trojans after every reinstallation of Windows, but again, they just keep on coming back.
I've used TDSSKiller, MBAM, MBAM Anti-Rootkit, MBAM Chameleon... pretty much all Anti-Rootkit software to try and remove this depressing annoyance.
My GMail of 10+ years has been hacked, which mean 50'000 emails and other account compromised, and Google are telling me that they're not satisfied that I am the rightful owner (unbelievably infuriating as they can surely tell that my recovery details have been changed) so I've had to create a new account and reset countless passwords, which have no doubt been key-logged.
Whoever is doing this to me is making my life a complete misery and I've come here to seek advice. They're not just messing with my devices, they're messing with my sanity & life.
I warned work about this issue I'm having and noticed signs there that someone was querying our main server and bad packets of data were flying round the network.
The only software which has been successful so far in picking up any oddities is GMER.exe, which goes off the scale with red text saying "RootKit/Malware". This is on my Clevo which is my priority. Work was priority, but after the written warning... go figure.
Thanks in advance,
Cannot wait for this nightmare to end. I am tech savvy so any logs or further information you guys require, I will be gladly obliged
Edited by kizza91, 28 August 2017 - 03:39 PM.