Had what i suspect to be a rootkit installed on my PC about a month ago and spread malware on my network; however i may be wrong.
No files were downloaded on my device, but i believe the IPv6/TCP windows exploit was utilized to gain root access via remote WMI commands/scripting (CVE-2024-38063) as the time frame of this starting was August 26th. I had ipv6 enabled, no vpn, AV disabled, and was playing Escape From Tarkov damn near constantly for those 13 days since that CVE publication.
I had a friend in the Cyber Security field make me a copy of windows 10 boot usb. I now run Windows 10 Pro (Privacy?) after installing this copy. Seems to be a version of windows 10 pro with anonymity maximized. the install process of this version was odd, only had the option to select the drive i wanted to target for installation. I have a paid license i havent yet linked to the this installation yet.
I used Asus Secure erase 3 times on each drive before installing. I reset CMOS however, did not flashback bios. Using same hardware, but have not used suspected infectious USB drives or peripherals yet.
I am seeing two different Local user acocunts at login but cannot find a trace of it. both named "private" which was the original local account name generted. before updating windows, i did not need a password to login. After udating windows, i was instructed my password expired and was now seeing the two accounts both named "private"
I have already ran recent scans with an updated FRST64, FSS, and Security Check by Galx24, one full custom scan (all drives all options) MWB, and 3 quick scans MWB in the past 6 hours.
Before using the VPN i received a notification from MWB. Ive used ADWcleaner on the desktop as well. No network card, no onbaord wifi/bluetooth only ethernet. Yet immediatly when connecting to internet something installs MiniPort WAN drivers.
Have a bit of different software installed, now. Attached are the scan results for FRST, FSS, Security Check, and the event log for the Exploit detection.
AdwCleaner[S00].txt
AdwCleaner_Debug.log
FRST.txt
FSS.txt
Malwarebytes Exploit Blocked Report 2024-09-22 002516.txt
SecurityCheck.txt
Shortcut.txt
Addition.txt
AdwCleaner[C00].txt