Jump to content

dsv695

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Good afternoon. I apologize for the pause, I had to rewire the router for a long time, it is also under the control of malware. They just interfered with regular update procedures in real time. It took the most time. The result is as follows: 1. The Keenetic 4G router (KN-2111) provides the ability to access the Internet via a cellular modem (via a Samsung Galaxy A32 smartphone). But there are still traces of reconfiguration at the Linux kernel level in the router log. Moreover, I get access to certain sites, but not to certain ones (for example, the site https://nordvpn.com/ru opens, but an attempt to log in to your account from it leads to a redirect from the address https://account.nordvpn.com/oauth2/login to the page https://portal.nordaccount.com/oauth2/login?nord_countdown=1641500540836&FirstSession=source%3Dnordvpn.com%26campaign%3D%26medium%3Dreferral%26term%3D%26content%3D%26hostname%3Dnordvpn.com%26date%3D20220106%26query%3Dnull&CurrentSession=source%3Dyandex%26campaign%3DRussia+Brand%26medium%3Dcpc%26term%3Dnordvpn%26content%3D%26hostname%3Dnordvpn.com%26date%3D20220106%26query%3Dyclid>18139766578282027701&locale=ru&nextbid=37c01990-8ad0-4a2c-b0ec-e0bcc1ded0fd&cf-product-group=nordvpn - the Opera browser with the VPN installed writes "It is not possible to get access to the site" and offers to check the network settings, etc.) 2. On the forum, following your link, I get to the Sophos Scan & Clean page (https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx) and after a few clicks I get the Access Denied page when I try to download the utility (https://download.sophos.com/tools/SophosScanAndClean_x64.exe ). So it was not possible to use this utility. But there is most likely a software error on the site itself. 3. Utility from Microsoft (MSERT.exe) downloaded without any problems. But a full scan gave her zero result (a successful scan found nothing). But here I believe the quality of the analysis suffers. Each file is checked separately, and not their combination, configuration and validity in a given context. Total: Still, you need to try to scan with a more serious utility. If this is a utility from Sophos, then I ask you to give me a link to an already downloaded and verified distribution, and it is better either in the form of an archive file with a password, or to accompany the distribution with a checksum with the possibility for me to verify it after downloading. msert.log
  2. My knowledge and opportunities for compression are limited, especially in matters of IT security, otherwise I really would not have approached you. However, after 3 years of observing the behavior of malware, I came to the following conclusions: 1. This is a completely new type of infection, which is kept secret, so my manifestation of interest in it most likely led to such a long inheritance in my address. 2. Malware is not just a single virus. and a whole software package consisting of many modules, each of which has its own purpose, place and place of execution within the framework of the overall architecture of the complex. 3. The features of this software are: - phasing of infection, when in the early stages it occurs by traditional well-known methods, the purpose of which is to redirect the traffic of the device's regular services to a fake network /cloud infrastructure for further infecting the device with more malware. - among the more malicious modules, there are input-output multicontroller programmers that flash the flash memory of the controllers and change the initial BIOS boot addresses using the so-called fuse to configure a non-standard boot sequence. Moreover, the updated controller code itself is loaded into the upper memory addresses and thus does not allow the regular update of the BIOS of the device to be installed, thus building its protection against erasure. The microcontroller code also determines the hardware vector for the operating system, which is manifested by the appearance of fake devices as part of the OS configuration, and many bridges connecting various nodes of the system. This is done so that you can control the device based on a stack of logical network protocols (ip, winsocket, ethernet, virtual adapters, wireless monitor, etc.) and standard and non-standard physical protocols (ACPI, serial access protocols over radio communications, electrical networks, etc.). - remote registration of devices in a cloud malicious network/domain and their management by regular means of administration of this cloud infrastructure. Devices are being virtualized, personal devices seamlessly migrate (turn) into a terminal server, where console login is carried out within a virtual session. - a wide range of developments in the complex, providing coverage of a large variety of devices and OS. - and a bunch of other features (I won't go too deep). Now about what I would like to do: - try to identify as many anomalies and holes as possible, the correction of which would make it possible not to throw infected equipment into the landfill. To do this, use your diagnostic utilities (toolset) to diagnose those problems that can be fixed now and/or later. - to get an official conclusion from you about the presence of such anomalies (infection) in order to have grounds to seek help from law enforcement agencies.
  3. You surprise me unpleasantly with your attitude to my problem. You didn't even try to help me diagnose the problem. You have a whole toolset for this, which I don't have free access to. And you didn't even respond to the diagnostics I sent. Is erasing everything really good advice? It feels like I'm in the wrong place. Can you introduce yourself, who are you and what position do you hold?
  4. Good afternoon. With vpn, everything is not bad as long as the password of the vpn tunnel user is unknown to the attacker, and he learns it through spyware infection. I have a question, will we somehow move on or will we continue to discuss theoretical issues? I kind of sent the text of a specific error, as well as the diagnostic log of the AVZ antivirus utility with specific warnings about the presence of rootkits.
  5. Greetings. 1. You probably misunderstood me. I wrote that I was experiencing difficulties in network access to the original software. This means that the MITM attack is ongoing. Moreover, the original site may be available, but when it comes to key functions, such as downloading the original distribution kit, online installation or product registration, then some suspicious errors arise. For example, downloaded from the personal account on the site https://my.malwarebytes.com / and the Malwarebytes Premiunm+Privacy installed on my laptop gives an error when registering: Installation_token not found (Error code MB404101). 2. The steps for resetting and reinstalling that you describe have already been performed and repeatedly. Everything repeats from time to time: the infection occurs during the installation process (I believe at the initialization stage of drivers and services) and then everything continues to degrade as reboots are performed (using group policies, etc.). So I don't see any point in repeating these steps yet. First you need to learn how to identify anomalies and try to neutralize them so that they do not interfere with a clean installation. 3. I attach the scan log of the AVZ antivirus utility (an old incomplete version, which I could get). avz_log.txt
  6. It is clearly not official state institutions that are hurting me, I have consulted about this. But clearly people with connections. I noticed 3 years ago the strange behavior of my home computers and since then I have not been left behind. And yet, I want regular antiviruses to detect this outrage and, if possible, treat it. The very first thing to do is to get out of isolation, and I think you will help me. After all, good people should help each other))
  7. Good afternoon. I ask for help in diagnosing and removing malicious software. 1. A week ago I bought a smartphone (Galaxy A32 model) with Android 11 OS in the official Samsung store. The very first activation with a cellular connection and initialization of the smartphone led to infection of the smartphone with malware, and this software: - prescribes its modules as system, non-removable and non-disconnected; - the process of resetting the smartphone to factory settings does not remove malware; - controls network access to Google Play services, sites of VPN service providers and antivirus software (substituting their fake counterparts). Thus, I am not able to install the original software to fix the situation, and the fake software does not diagnose any problems. The ability to update the firmware via Samsung proprietary software for Windows is also not available yet, because: 2. My HP Laptop 15s-eq0039ur computer with Windows 10 Home OC is also infected and has the same signs of network access control. The complexity of the situation lies in the fact that: - the computer is filled with malware during the installation/reinstallation of Windows OS; - with subsequent reboots, it turns into a hidden terminal server; - runs almost all 64-bit applications in 32-bit WOW64 mode (including installing and running proprietary drivers in an incorrect/restricted environment); - and a bunch of other things that make a computer vulnerable and dependent on fake cloud infrastructure. Like on a smartphone, I have problems with access to proprietary antivirus software. I have great hope for the possibility of using offline malware search and removal utilities on my laptop. I believe that if there is an opportunity to at least fix problems on a laptop, then this will then solve the problem with flashing my new smartphone. P.s. I do not yet have the ability to safely use high-speed communication channels (WiFi, wired Ethernet). I am currently using cellular communication and mobile Internet, a VPN client (NordVPN) to access the network. I am a senior architect for one of the major Russian IT companies, attempts to independently solve problems that suddenly arose for me did not lead to success (everything turned into a fake overnight). Taking into account all the above, I am not sure that my letter of appeal will reach the correct (genuine) addressee, but there is still hope.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.