Virus resets hardware devices to 0x0 so it controls everything

[Abracadabra44]

Someone put a vicious virus on my network. I had proof that someone entered my house and plunged in my GB uplink while out, when I contacted Verizon they denied having access to my password and every time I call I bring that up so it’s been verified 5times. The logs were deleted and the original download was edited to make it look like I never unplugged the link. This transpired while I was in the phone with them. They send me a new router and when I inbox it the physical router cover was detached and the bag covering it was sliced open.  I tried it anyway but of course as soon as I uplink it downloads fake dns servers and default GW. I actually was using my other router thinking I beat it and then as soon as I was debating installing the new one I tried to change the dns settings and it started back taking control of my computer and my iPhone that’s not even on the WiFi network. I have a separate laptop on public WiFi for basics and every time I use my computer or phone it stops the public from working. I tried to get into GP and hack away but. It denies root access. It’s like they installed a Linux malware where even if I take ownership and delete a driver or fake device it will just reinstall itself at some point. I’ve been dealing with many problems with my apartment building and my old union where I have video evidence of all kinds of messed up stuff, and now this, but no one will listen. No authority will help. This last part is the scary part for me but I reluctant for the computer issue. I know someone has been in my apartment Because I had a wan log retrieving an up while I was out. It used it for a few hours then pulled the link out again and dropped the ip.  But the log was edited to make it look like I never took it out. I really need help.  Dns addressees 71.252.0.12    68.238.112.12 dg  71.115.11.1. 96.228.38.1

[Abracadabra44]

here they are. MB pro didnt pick anything up.

FRST.txt Addition.txt mbtsr.txt

[David H. Lipman]

You stated - "I tried it anyway but of course as soon as I uplink it downloads fake dns servers and default GW. "

 

 

NetRange:       71.96.0.0 - 71.127.255.255
CIDR:           71.96.0.0/11
NetName:        VIS-71-96
NetHandle:      NET-71-96-0-0-1
Parent:         NET71 (NET-71-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   MCI Communications Services, Inc. d/b/a Verizon Business (MCICS)
RegDate:        2005-01-18
Updated:        2016-08-18
Ref:            https://rdap.arin.net/registry/ip/71.96.0.0

 

71.115.11.1  is a WAN node on Verizon and thus become a gateway into the Internet for a Verizon subscriber

71.252.0.12 -- nsrest01.verizon.net  ( Verizon DNS )
68.238.112.12  -- nsrich03.verizon.net  (Verizon DNS )
71.115.11.1 -- lo0-100.RCMDVA-VFTTP-316.verizon-gni.net
96.228.38.1 -- lo0-100.RCMDVA-VFTTP-316.verizon-gni.net

verizon-gni.net  - Domain is registered to Verizon Trademark Services LLC

Everything looks normal for a Verizon FiOS connection ( FTTP ) for a Virginia Point of Presence ( PoP )

Edited April 22, 2019 by David H. Lipman
Edited for content, clarity, spelling and grammar

[Abracadabra44]

That’s weird. I spoke to the techs there and it’s supposed to be dhcp for dns, and default gateway should be listed as the private router address. It won’t allow me to make changes, I’m fairly certain there is a redirect somewhere in the router,  what am I supposed to do now?

[David H. Lipman]

DHCP will obtain DNS servers and the WAN address and the Gateway address.  They will be on the Verizon network.

You can override the DHCP provided DNS servers with static servers.  Such as from the following list of public DNS Servers.  Otherwise you do not need to do anything as there is no problem noted from Post #1.

• 8.8.8.8 - Google
• 8.8.4.4 - Google
• 4.2.2.1 - former GTE
• 4.2.2.3 - former GTE

 

Edited April 25, 2019 by David H. Lipman

[AdvancedSetup]

@Abracadabra44

Are you all set now, or did you need further assistance?

 

[Abracadabra44]

INot really no. In the log, there was listed that there was a man in the middle attack. I remember seeing it right after I ran the scan, but after I ran the scan it was edited. I k ow this because I sent them to another support resource and there was a bunch of stuff missing. There is definitely something amiss. I definitely have a problem, 1 there is RPC rpcss sercices running and they were set in the registry so I couldn’t edit the service. The hacker is local, I had a log that showed someone entering my home and connecting my router wan Ethernet and it logged a new ip then was active for three hours, then disconnected. When I contacted VZ they recognized there was something wrong but they didn’t know what, but the wanlog file was deleted from documents and edited in downloads to make it look like I never in plugged my wan port. Afther I ran the scan I had to shut down to protect any evidence because while they do clean up after themselves it’s not perfect hence me finding this stuff, however they hacked everything I had 5 laptops desktop 4 phones. The phones were automatically infecting via nfc. 

 

I am saying that while your saying I’m good I know I’m not. It’s was good for a few minutes then it came back. So I believe there is a local network that has mirrored my network. So while the addresses look legit thats not the issue. Someone managed to be a man in the middle. It’s not gone. My other laptop I used the same scan then decided to look in the reg. I found the entries for rpc. It was good for the night then they got back in and added 1000 replica entries so I can’t manually remove them. They block my rights so I have to edit that the edit the reg. I’m 

these are two pics I took of the reg, they may be nothing, but the other stings had  user permissions from some type of app and they kept me from stopping rpc, now they went deeper into reg and I can’t stop rpc dcom 

 

 

[AdvancedSetup]

Okay all this picture taking with a phone is of minimal help. Let's go ahead and do some scans and see if something is there or not.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes 3 installed yet please download it from here and install it.
• Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan Now.
• When finished, please click Clean & Repair.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks