Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/virus taking over!


  • Please log in to reply
1 reply to this topic

#1 tempusrevolutio

tempusrevolutio

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 17 May 2018 - 01:19 AM

The last month and a half I have been battling some kind of malware/virus that I can not remove. I have used malwarebytes, malwarebytesrootkit, TDSS, Farbar, Rkill, adwcleaner, CClean, Combofix, sophos (every tool I could find), GMER, etc. The only one to find anything was GMER and all it found was an 'unknown mbr'. Some p
PUPs were found with roguekiller but those just seem to be a side effect. I've wiped the hard drive that runs windows 7 with Dban several times, the latest being autonuke followed by opsII and this thing keeps showing up. On the windows 8 computer I have run a factory reset and with secure boot in the UEFI and after running auto repair and bootrec /fixmbr(boot)(rebuildbcd) I am still infected, also secure boot was disabled and now 2 hard drives are showing up with the same ATA address.

For the windows 8 pro it has software that I am am unable to reinstall if I wipe it (not that it'd do any good) so I am trying to find a way to remove and repair the damage that this thing has done.

I know that it creates some kind of P2P regardless of how I try to disable any remote connections. I've changed passwords from secure locations for my ISP login, I've hidden UPdP, used elaborate password and SSID's, but the settings on my router and my computers constantly change. There are files that I've never loaded present as well, mostly stuff in .dat .dll .exe, etc that I am not allowed to open.

I have also seen that the registry is changing constantly, and if I do something substantial there will be a split second of a cmd screen that pops up or some note Microsoft has programmed which will disappear immediately.

It definitely spreads via USB as every computer I attached any USB to an infected computer infected another but it almost seems like it is infecting devices through my network.

I have replaced modems and routers about 7 times now to avoid this. But if I allow a device to get far gone enough I lose access to pretty much everything as he is now the administrator. Even from a fresh reboot and reformatting and reinstall of the OS he is still there disabling my antivirus, changing registry keys, and taking over access.

I have found notepad text files in places with commands like nothing I've wrote as well. Also, NTuser.logs are prominent.

What is this and how do I get control of my devices again!?

 

 

Moved from Windows 8

NickAu


Edited by NickAu, 17 May 2018 - 01:47 AM.
Mod edit


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 PM

Posted 18 May 2018 - 03:27 PM

Hello and welcome, lets get a deeper look at what's happening.
Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users