Hi. I've been experiencing weird issues on my pc for about 14 years now. The problem is that I have no malware any kind of security software can find, but my pc behaves as if being controlled by someone else. I start programming, and where I have placed a zero, tomorrow I find number 1. Or, something that I remember saving as important, is tomorrow nowhere on the drive. Or I play need for speed, turn left, but car keeps going straight or even turns right on occassion. I thought it was some issue with the OS, so I did a number of clean installs, and even changed entire computers, the case and even the periferal equipment. I have tried scanning my pc with ALL known security Products, and came up empty. PC clean as a whistle. I monitored this forum and other peoples topics, but none of the tools you guys use managed to help me with my issue. Then I turned to less known Products, and something caught my attention the other day. Aswmbr tool caused a bsod on my pc when it was scanning xinputhid.sys file. After googling, it turned out it was a legitimate Windows service which Controls input Devices, like mouse and keyboard, and then I tried tracing io calls to it in an effort to find out what is using it, and got another BSOD. I concluded that whatever it is, it has some sort of defence mechanism which causes bsod when revealed. Then I accidentaly found out that Star Trek Online game overwrites some xinput*.dll files when it starts itself, I'm guessing to stop hacking of the game. Then I found out that security softwares do not monitor dll files at all and that those can be executed just like a script and even make connections to Internet. I just set software security policy to block execution of rundll32.exe, since it is what starts dll on my system, and I'm not sure if that stopped it all or not, but the malware is still somewhere on my pc, and I fail to find out how I get infected even after changing entire pcs and clean installs. I'm fairly convinced this is some kind of a personal vendetta, and that this malware is written specifically for me.
Edit: Just remembered. I have a few Devices after clean install of Windows 10 which are without drivers, one of them is called memory controller. Windows installs drivers for those after I connect to Internet. Another thing I noticed is that sometimes Internet apps like lyrics reader from rainmeter fetch data from internet even when my lan cable is disconnected and I am offline. Also, sanitycheck app is reporting that memory compression process is reporting a fake name. And also, my problems persists even on Linux Mint and Debian.
Edit2: I also have two phone lines. one of them is blinking non stop on my router, and the other only when I use my phone, not sure if that is important.
edit3: I use secpol.msc to configure my firewall to harden my security. I disallow local rules in group policy firewall, enable it on all connections, block all incoming connections except svchost.exe on port 68 from 67 (dhcp, even tried configuring router to static ip and use my own dhcp server), and outgoing are allowed tcp on port 80 and 443 for web browsing, svchost.exe on port 53 for dns (even tried installing acrylic dns to avoid redirections), tixati outgoing and incoming for torrents, rainmeter outgoing, kodi outgoing and winamp outgoing. I'm not sure if it can get tighter then this.
edit4: I also downloaded ad trackers hosts file from somewhere, and I don't use any browser extensions.
edit5: I also configured everyone permissions to apply to anonymous users, and then used applocker to forbid everyone from using scripts, and also forbid everyone from network Access to my pc...
.P.S I had a good 14 years of developing a decent paranoia
P.P.S. To conclude, I think I have something active in memory, possibly a device, and all it does is use legit OS files...no malware...
Edited by Gorstak, 06 February 2018 - 09:01 AM.