Every antimalware, antivirus, anti...whatever logs comes clean on every scan. It takes complete control from a remote registry on hid server bypassing the router. Microsoft support couldnt figure it out.
Take 'God' control over system, trusted installer, audio, taskscheduler, wmi, windows host media, ctfmon,group policy.
Each day I have hacked copies of various microsoft windows OS and office programs. All my software is licensed. I'm finding Win7 64bit on 33 bit system running 2015 office 365, next day it will be Win10 etc.
I have narrowed it down to hard drive and wiped the hard disk clean, formatted with OEM recovery disk, formatted with licensed copy Win7 ultima, deleting all partitions including 100mb boot, redirected boot to c drive, zeroed out the entire drive with DVD 7 passes.
I have used rescue disks from each of the vendors to no avail. Nothing wrong. It's probably scanning a clean mounted win.iso image.
I've used disk part to list disk, partition, volume etc nothing unusual
I've use partition wizard etc
Auto runs shows that jump to entry states,registry is not located on this computer.
So I figured I ran into the Intel emergency management exploit, ems loader exploit, MS SAC NDAS Connection exploit, as you can install OS on computers not connected to the Internet nor plugged in using rom memory which needs no eletricity. I am ether net wired no wireless or Bluetooth disabled
All version of Avira rescue shows 57 variants TR/Crypt.XPack.Gen3
AutoKMs.TR/Dropper, win32/UBBE sessions\i\ApiPort, goopdater_Zh-TW.dlk.vir, blog.crysys.hu,x-tunnel, uxtheme.dll, Vir.IT.eXplorer, Inject she'll code into privileged process
I have most of there code. I believe it at bios level. I cannot flash bios as they password the bios so everytime I boot up up ,auto hide process started on any device. They have erased several USB disks with data on it.
So I can attach other log files to show the infection. COMBO FIX Found some infections but they erase and denied access to all scans.
The key is to relax the bios but if they control everything, don't know if that will work. I was running emet,ensisoft, malwarebytes anti ransom, anti exploit, windows defender, but now they are using js script files,
The programs they are using are older windows files 2009 that had known vulnerabilities as Win OS which should be 2011 to bypass the issue of verified code signatures and operate below level of most scans
Nest step. Can u help?
I will post the autorun files. I have others if they have not deleted them. I'm on smartphone with limited capabilities.
Edited by Melanie1, 28 March 2018 - 01:27 AM.