The last month and a half I have been battling some kind of malware/virus that I can not remove. I have used malwarebytes, malwarebytesrootkit, TDSS, Farbar, Rkill, adwcleaner, CClean, Combofix, sophos (every tool I could find), GMER, etc. The only one to find anything was GMER and all it found was an 'unknown mbr'. Some p
PUPs were found with roguekiller but those just seem to be a side effect. I've wiped the hard drive that runs windows 7 with Dban several times, the latest being autonuke followed by opsII and this thing keeps showing up. On the windows 8 computer I have run a factory reset and with secure boot in the UEFI and after running auto repair and bootrec /fixmbr(boot)(rebuildbcd) I am still infected, also secure boot was disabled and now 2 hard drives are showing up with the same ATA address.
For the windows 8 pro it has software that I am am unable to reinstall if I wipe it (not that it'd do any good) so I am trying to find a way to remove and repair the damage that this thing has done.
I know that it creates some kind of P2P regardless of how I try to disable any remote connections. I've changed passwords from secure locations for my ISP login, I've hidden UPdP, used elaborate password and SSID's, but the settings on my router and my computers constantly change. There are files that I've never loaded present as well, mostly stuff in .dat .dll .exe, etc that I am not allowed to open.
I have also seen that the registry is changing constantly, and if I do something substantial there will be a split second of a cmd screen that pops up or some note Microsoft has programmed which will disappear immediately.
It definitely spreads via USB as every computer I attached any USB to an infected computer infected another but it almost seems like it is infecting devices through my network.
I have replaced modems and routers about 7 times now to avoid this. But if I allow a device to get far gone enough I lose access to pretty much everything as he is now the administrator. Even from a fresh reboot and reformatting and reinstall of the OS he is still there disabling my antivirus, changing registry keys, and taking over access.
I have found notepad text files in places with commands like nothing I've wrote as well. Also, NTuser.logs are prominent.
What is this and how do I get control of my devices again!?
Moved from Windows 8
Edited by NickAu, 17 May 2018 - 01:47 AM.