bookofjob

The picture of the boot, was an attempt to install Windows 7, from CD.... That message came up, and no matter what happened after, the screen froze. I did this just to test if I could go back to another OS, and if I selected the option through a Windows 10 USB, it gives me an error. QQQbefore.zip QQQold.zip

Okay, so here is an update, sorry but its been a bit difficult. Once I received your instructions, I was already on a new format, but I was already infected. I followed your instructions, the scans below are of a fresh install, nothing downloaded except from Windows update, no settings altered, nothing else touched. All run correctly, like you asked, but I have to show what has happened. I am going to post the same scans, from my last flash of the computer with issues and I included some pictures. One picture was from a fake Microsoft support agent, who I tried to contact and eventually emailed me as Microsoft support, as you can see in the pic that was the e-mail address. I posted a pic of the USB driver installed on my flash, I was attempting to wipe it clean but think files stayed on it no matter what I did. I included a picture of my task manager running, while I was being trolled in World of Warships, and when I say trolled I don't mean they are just verbally causing problems. They are joining the game with ships, and throwing the matches... almost like once I search, we all join together. This game I think is developed by a Russian company, I don't know how anyone could do something like this, but in game I mute them. Right before the first match ended, I told them I had muted them, and in the next round, even with the mute on they were able to speak and break the mute, I have a screen shot to prove it. After this occurred, I was e-mailed by my ISP about security issues on my account... and before formatting and posting this, as I shut down windows I was told other users would lose data in one screen shot. The picture and scans before a clean boot, I will post below.. I am doing this because the hard drive they are on is more than likely infected and so I waited to post this first. I really need some help here, or advice as I don't know why I would be targeted like this. Steam has also informed me that my account is compromised, and the log-ins are still occurring no matter what I do. Scans.zip

The other pic was right before I uninstalled, I was looking at the app by default and I noticed strange apps and some errors trying to find a different default. I don't know if its possible to copy a Microsoft Digital Signature, but I took a photo and noticed some of the programs seemed off and Kaspersky showed me some were not used by many users, always from 50% other countries compared to the normal files. FRST.txt Addition.txt

Thanks again for the response, I took some time to try to gather what info I could. Here is some data, I don't know if any of it will help... but I am giving it a try since I have nothing to lose. Last night, I was playing World of Warships and the trolling was present, even some of the names were similar to my title of this post, (EX: sos_44, helpplz). That's the style of the trolling usually, like the signature or whatever... Anyway... here is whatever I could put together, maybe you can understand it better than I can and at least give me advice on how to prevent an intrusion or remote access, if you don't see any infection. Those are my logs right before I reinstalled right now per your instructions. I have included my Kaspersky event log, the python is a log from World of Warships, as I can assure you I am being trolled, no matter which match I join, I am not sure how its possible. I don't understand the technical stuff but maybe someone else does, or maybe it will show nothing. The connection log is in relation to steam, I only have been playing Players Unknown battleground, but the trolling is harder due to the design of the game. I do try to read the logs and its harder for it to happen, but I have noticed similarities especially if I squad vs solo. Last night I checked my steam event logs, which I didn't know I could access, and I posted a photo, you can see access from somewhere else happens. The OS is listed as "-400" and sometimes will log from LA, or San Diego, and then log out or stay logged in. I have changed my pass and stuff and contacted Steam but I doubt this will matter. I added that anyway to see if it means anything, even though it may not. I will attach the new Addition and FRST to the bottom post. Thanks for your time. Addition.txt FRST.txt KasperskyLog.txt python.log connection_log.txt

So today I had some more issues, eventually forcing me to reformat, I was able to take pictures and run those logs before I did. My avast would not load, Malwarebytes would not update and was not doing anything, I could not access my router even. Most the processes were disabled with, similar ones running, I had ports which were unknown open at once. Nothing worked and I was able to bring the log to another computer, which could be infected, since it was a fresh format and as soon as I plugged the usb in, the event viewer went off. I see that, it is using the ability to update from the AV's, to download whatever and disable things... and I see the system admin account, starts modifying stuff. I don't know what to do, I had to reset my router, could this be the cause? How can I at least stop the intrusions or have some kind of defense? I am using a router+modem combo, given to me by my ISP, if this has something to do with it... should I purchase a different one? Any advice on anything I can do would really be helpful. Is it possible the usb can still be infected after a diskpart clean all? Here are the logs before the format, and some pictures: Addition.txt FRST.txt

This started to happen to me months ago, I just ignored it, but it has gotten to the point where I cant anymore since my system goes haywire. I have also upgraded my computer to see if that would make a difference but it did not. When y a game like Players Unknown battleground, which is very system heavy... I started to really notice it. The processes start to run, I see my FPS drop and stuttering, I will check task manager and see that its going haywire with tasks that were not there before... makes the game unplayable and then yeah I cant use the web and I cant even restore windows, if I create a backup, either its an error or if I use a flash drive it will sometimes transfer the new format. One attack yesterday was called "OS attack: GNU Bash CVE-2014-6271" and it destroyed my system and norton in like a few seconds. I ran this program again in case been using the local account, I noticed that slows down the rate of it happening... since I have been on admin for a while i will upload this again. Thanks. FRST.txt Addition.txt

I ecently decided to try Malwarebytes with windows defender and after maybe one day, and I would keep it up to date and scan a lot, then the task manager would start acting up...I could see process's that were off with the names, I manual updated MB and all of a sudden its said "10 updates" came through MB, the processes were different and Malwarebytes was open but it would scan very fast and say nothing detected and freeze when clicking it. I tried norton with MB's, after about one day, Norton was working okay and showing me login attempts over the router, and then the same thing.... all of a sudden files sent through update, like 20.... and norton stopped working completely and again OS was ruined. I saw the file in nortons folder, it looked similar to the normal update folder but it was not. I formatted and reinstalled, same thing Norton and MB, and again the update happened again, same exact method. So I installed Avast when it happened, and I saw through Wifi inspector, there was a computer connected to my router, even though I am hardlined and WIFI was disabled, his IP was like mine with the numbers different at the end, and it said he was running something called "Unix" as his OS. I ran a scan with avast and before the OS loaded it scanned and said it found something called a decompression bomb with norton, I took a picture and also Norton said something about GNU BASH as well, and something about blocking attempts to retrieve passwords. I am forced to reset my router each day, as well as clean format my computer, this will happen between 2-8 hours once the computer is online, and the attacks have gotten worse since I have tried to stop them. Here are the logs, I can upload the pictures if you want as well: notify.zip TDSSKiller.3.1.0.17_29.06.2018_00.51.15_log.txt

Thank you for the quick reply, I didn't log in as an admin at first, because that usually means a much quicker end for my system files, as well as passwords, here are the logs: MBscan.txt FRST.txt Addition.txt

Here is my sad story, I am infected as we speak so I am sure whoever is doing this already knows I am posting here. This is about 4 months this has been happening, I will list my attempts to stop it and what I have learned, although whatever/whoever this is... is very skilled. The normal symptoms are, clean wipe, try to secure windows (adjust any options, install AV, close holes) all disconnected from internet with clean USB. Then I will update, I try to do all drivers before getting on the internet so as to not download anything once connected. I will adjust router settings, firewall before this, then I will usually install my software, which is basically just PC games (only two at this point since I am unable to use others), and that's when it starts. Eventually, stuttering then I hear the hard drive overworking, even if I am idle in Windows, task manager blows up, processes switch. I dont know if its possible, but once this happens, my gaming experience changes. Seems like each game, I am being trolled, or followed on purpose... same group trolls, basically making it unplayable. After that, my system goes haywire, nothing works as it does in the first hour of a fresh install, it becomes unusable. Anyway, I am sure I am being targeted specifically at this point (due to the way I am trolled in the game and verybal attacks), so I am here. The last two days, I tried Norton, both times I was sent something called a decompression bomb through the norton update, which basically destroyed my system. I saw a computer around that time on Avast, connected to my router, with no Wifi, running something called Unix, and undetected. I was also sent a similar bomb using Malwarebytes, through the update, I could see as well the files were changed in the logs, to mimic MB and norton. Here are my logs, for today, I am infected at the moment I cant log in to my router, so I I thought I would send this before the 200th format of this year... Whoever is doing this is really good, or maybe I am just really noob, I really need advice... thanks. scan.txt FRST.txt Addition.txt