Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help - aggressive virus or hack - Infected in April, been driving me crazy!


  • This topic is locked This topic is locked
5 replies to this topic

#1 pleasehelp2341

pleasehelp2341

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 23 July 2018 - 12:56 PM

Please read this.  

 

I already know - this sounds absolutely insane - I would like to stress that I am in sound psychological mind, have no mental illness in my family, and am being genuine and honest, I just need help.  I'm 80% sure that I won't be able to post this message, but giving it a shot.  I've tried posting to the forum for months and haven't gotten anything to stick.  I will be as detailed as possible as I'm not sure I will be able to run a FRST or any other scan, nor am I sure it would be effective.

 

I have been living with an awful virus for going on 4 months.   I consider myself fairly technical, but I was totally wrong - this is way above my pay grade.  It started (or I noticed the virus) around the time I upgraded to 1GB internet.  I also upgraded to a new fancy GB router and Modem as well as around the same time built a new Ryzen desktop.  I haven't been able to take advantage of the internet speed because I don't have full bandwidth capable to me and my hardware is all restricted by whatever the virus is.

 

Symptoms:

 

Massive redirect:

It doesn't matter what site I go to, what browser I use, I can't get accurate web access.  All of the sites I go to appear to have a tracking element in the URL or html of the site.  I haven't been able to shake this, but what it does is makes any site I go to not official. Any program I download is compromised - nothing passesmd5 or sha checks.

 

Retains programs: 

If I do try to install something (say MalwareBytes) - the program doesn't work properly and uses massive resources.    When I determine that once again the program is corrupted and uninstall, I will see the same program in taskmanager a month later using a big chunk of resources.  It seems to retain installers and executables.

 

Encryption Keys:

This virus/hack/rootkit - whatever it is would really like me to send encryption keys into the computer.  I can only assume that it will steal them and completely lock me out of the system.  It has tried to get me to install PK/PGP keys multiple times and continually pushes information pertaining to them.

 

Certificates:

Certificates for most major companies are fraudulent.  I can't explain how, but it appears the whateveryoucallit bug can recreate certificates almost at will and put them onto the computer. I haven't figured it out yet, but strongly suspect that they do this with tracing of your web traffic.  Once again - have no clue how - but believe this is the case.

 

Persistence:

I cannot eliminate the virus.  I have formatted my PC at least 20 times, tried manually deleting the boot sector with low level utilities, tried putting in a new HDD, replaced Ram and used a different video card.  I am not sure where this is hiding, or if I am just missing something obvious, but it can't have many places to hide that I haven't tried cleaning.

 

Drivers/Firmware:

It appears that drivers and firmware may be a source of infection.  In Windows and Linux, drivers are not what they should be.  Upon installation of a new piece of hardware, the drivers are downgraded to junk.  Monitors will be reduced to generic, same with HDD's, USB Drives, DVD drives, USB Hubs, etc.  Another thing - I'm not sure if this means anything to anyone, but I keep seeing "extensible" drivers all over the place, and they are installed onto my PC.  One coming to mind is Intel USB Extensible Driver 1.0, but my motherboard does not use Intel anywhere except the modem.  I can't get rid of them.

 

Virtualization:

In Linux, the error logs claim that my machine is running as a virtual machine.  Additionally, there appears to be a ranking system in place, almost like a videogame.  I know it sounds crazy, but it seems like people get a certain amount of points depending if I click on something and what I do next.  

 

Devices and OS:

This is extremely persistent - It will operate on Linux and Windows, but appears to have been written on Linux.  The second I introduce a new computer to my network, it becomes infected.  I've gone through 4 laptops, 1 PC, 2 Android Cell phones, and my TV has become rooted in the process and most likely compromised.  I know it sounds crazy - I get it - you don't have to believe me - but if anyone does - please reach out!

 

Anyway - does anyone have any clue what this is?  I have more examples of things that have occurred but don't think this will ever make it to anyone so will wrap it up here.  Please don't just reply to do a FRST - I will try again, but like I said I don't think I will be able to.  Willing to wipe the system and start from scratch or whatever else you can think of to fix the above - any help is appreciated!

 

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:07 AM

Posted 23 July 2018 - 01:43 PM

Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html

 

Louis



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 24 July 2018 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Boot to Safe Mode and run the Farbar program.

Is successful post the FRST.TXT and the Addition.txt logs for my review.

#4 pleasehelp2341

pleasehelp2341
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 24 July 2018 - 11:39 AM

I will attempt to run FRST in a hour or so.  Hang tight and wish me luck.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 30 July 2018 - 07:57 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:07 AM

Posted 04 August 2018 - 07:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users