Im new to your forum, Ive recently been attacked by extremely aggressive hackers and would be very grateful if anyone here could advise me on how to remove a Syswow64 rootkit that they have infected all my usb flash drives, that has been installed in all the computers that the hackers destroyed for me. The hackers used a lot of different programs like fake programs, fake update programs that forceinstalls itself all of the time, remote controls, infrared, a lot of spyware, encryption, some kind of syncronization worm that connected even offline devices to my network infected them and gave them system root access to all nearby devices, (like phones, dvd players, Television- things containing smartcards, Bluetooth and hd etc) and they even installed a system administration server and file share server on my network aswell.
I got several usbs that has been installed in the infected computers and when I run virus tests on them they all come out Clean, (with Norton, Kaspersky etc), and no rootkit shows up but when I run the scan with Microsoft scanner it also comes out as Clean but the names of the whole rootkit shows up during the scan, even if its not visible anywhere else in the usb photo files. I also did a test to remove all files from one usb so that it was empty and then when I checked it with the microsoft scanner it said that the usb was empty but still there was only 7,2 gb room for me left to use, although the usb is 8gb size so I should have 8 gb left to use not 7,2. The reason that I only got 7,2 is because they have hidden an encrypted rootkit on the usb that takes up 0,8 gb space and when I did a scan on the "empty" usb all the rootkit names showed up aswell during the scan. I have understood that they have Booth installed the rootkits separately on every single usb and also when I scan every single photo file on the other usbs that I got the same rootkits name shows up aswell on every single photo.
There are so many names that shows up during the scan that I cant write them all down right now but they include stuff like: syswow64, catroot, hkmodule installation hook, microsoft netframework installation hook, common files, svchost, synchronization.exe, mobilesynch.exe, tablet/pcsync.exe, bluettothshare, nearby devices: system root etc and what I would like to know is if anyone here got experience with this types of rootkits and knows how to remove them from my usbs, if that is even possible at all? Do you Think it would be enough if I just burn over all the photofiles on the usb on a dvd and then all the rootkits would dissapear by itself, or do I have to go to some computer service specialist to have them removed and then save them on a new Clean usb or dvd or is there nothing I can do at all?
Extremely happy for all answers I can get. Also, please dont shut down my topic because I dont respond in a couple of Days since it can take up to a week for me to answer next time.
Edited by hamluis, 27 April 2018 - 11:21 AM.
Moved from MRL to Am I Infected - Hamluis.