Chris1969 Posted July 4, 2020 ID:1392166 Share Posted July 4, 2020 Help Hi. I’ve been on here trying to resolve my hack attack A few times to no avail. The attack commences as soon as I’ve been told that my machine is clean. I have a malware bytes subscription. the attacker made a mistake and didn’t manage to cover there tracks before I switched off my Bluetooth. So now I know how I’ve been compromised. It’s someone close by. I now know what type of attack and I had a run command in my run box I stumbled across. Pic below. This type of attack. Not specifically the one in pic but others associated to it completely disables malware bytes and other Anti malware how can I sort this problem out please. So far I’m using wusus offline and I’m about to buy a good vpn to try and hide my computer before it goes online. any advice would be monumental. Thank you Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 5, 2020 ID:1392255 Share Posted July 5, 2020 Hello Chris. These "ms-app" "ms-cxh:" lines are used by Microsoft Windows' Windows Updates, for example when doing Windows build updates. I would not be jumping to making an assertion that there is some nefarious "stuff" going on. Let's have you do a visual check of the Windows version and Build on this machine. Press Windows-icon key & hold it ( on the keyboard) & then tap R key and then type in winver Report back to me what the display shows / all of it. . Next type this into the Command-prompt window in order to run the Windows' System File Checker tool sfc /scannow Let us know the result of the SFC run. Some very important notes: Please do not jump to conclusions. The way we determine if something malicious is about, is by running scans and checks with known security tools. I recall you had had a recent case here, and it was successfully concluded. Link to post Share on other sites More sharing options...
Chris1969 Posted July 6, 2020 Author ID:1392424 Share Posted July 6, 2020 Hi Maurice I’ve read a lot on your abilities and I’m fully respectful of your knowledge this is a very difficult situation. It’s probable it’s no easy fix and it doesn’t help having to deal with (an idiot) me on a daily basis haha Thanks for replying. I’m totally aware I’m showing you pictures of completely normal windows programs but it must be concealed I’ll do the scan shortly but I’m sure what I’ve got destroys malware bytes processes and a few others I agree this is disproportionate as I’ve not got anything anyone could want it’s malicious but educational. tokens are being stolen, elevation through process (Due to idiot using admin account and not listening) opening folders thinking I was clever unaware I was initiating a replication virus, I never get to a full install as that many folders and applications become inaccessible due to me letting tokens get stolen my admin bios password is locked and I can’t get to the dell site with full install yet I’m nearly on the perfect off line install. Hashtool etc I’ve got wusus offline windows 2000odd all of my laptop updates on usb the infection is rampant to all three computers right from fresh install, none are connected , different email and name each time. I see Bluetooth address format on event viewer 8,4,4,4,12 but that could be a trick, or mine worst case scenario, but had Bluetooth completely off for over a week I know things are not right because I shouldn’t be shut out of more and more folders And well I’m learning the hard way it’s definitely triggering with something, like restarting for updates and it’s definitely linked to my computer core . And I understand it might be terminal I’ll get last updates done off usb and get online for scan Cheers. (I’ve got complete hard drive clones, I recorded before I lost two pc.s. HaHa. Built another and had to give up because the token thing. Duh 😒 ok I was going to send the scan but I’ve been locked out of everything and the scan would only scan areas it has permission for this is exactly the same problem I’ve had since March Maurice. Problem is it is getting worse, I spent till 6am going through all the firewall permissions internet options making sure I didn’t have any ports tcp shares that could be used by attacker I just looked how to get back into and uncheck restricted folder access and seen god mode. And the code is the same format as Bluetooth. Interesting, I’ll have to compare. far from jumping to conclusions Maurice I’m merely searching for anything that is similar so as I can explain and understand what is happening and it’s enormously time consuming and things keep evolving. Photos. showing no access I’ve got the highest privilege I can attain being the administrator who owns computers and my laptop which is going to have to be erased again for the umpteenth time. I’m relaxed and incredibly patient. Link to post Share on other sites More sharing options...
Chris1969 Posted July 6, 2020 Author ID:1392426 Share Posted July 6, 2020 I’ve just got to get in touch with dell as I’m unable to get on there website to unlock my bios with there PowerShell scripts or I’ll have to go to my brothers and download on a new usb as I’m unaware if usb infection is possible but I can’t rule it out as is the same with DVD burner until I know what I’m looking for. I’ll be back as soon as possible Maurice. Thanks for your time Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 6, 2020 ID:1392430 Share Posted July 6, 2020 (edited) Sorry, truly sorry. But I am going to recuse myself from all of this. It is likely that there is a few pinches of self-inflicted paranoia. But if true that the hardarw BIOS is compromised ( and that is truly extremely rare) I just cannot help you. Because if that is true, you need expert help thru the computer hardware maker. I do wish you well. Edited July 6, 2020 by Maurice Naggar Link to post Share on other sites More sharing options...
Chris1969 Posted July 13, 2020 Author ID:1394099 Share Posted July 13, 2020 No one believed me so I had to put it down to my paranoia which it turns out is the worst thing I could have done i knew something was happening that was hidden and it’s just my luck to be extremely unlucky. I had absolutely no idea how to prove it. so this means everything I own that has been on or connected to my laptop could be injected with a link back to the perpetrator. I’m not sure how I would even start to try and sort this out. I’ll have to research it before I stick my neck out I guess this is going to cost me dearly. bu@@er it thank you for your help and also I appreciate it’s almost impossible to detect unless aware of PSDrive infection Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2020 Root Admin ID:1394151 Share Posted July 13, 2020 Hello @Chris1969 I'm sorry but you appear to be self inflicting issues that are highly unlikely. If you wish to relax, calm down and follow directions I'll be happy to assist you. If you wish to believe you have some type of UEFI attack that has spread to all your computers then I'm sorry, no one will be able to assist you. If you do decide you'd like help then please start by following the directions below. Please do not post screenshots from a camera or links to other material at this time unless requested. Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Chris1969 Posted July 14, 2020 Author ID:1394368 Share Posted July 14, 2020 Ok. Thanks. I’ll post back within 2 days. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2020 Root Admin ID:1394509 Share Posted July 14, 2020 Okay, we'll be here. Cheers Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 23, 2020 Root Admin ID:1396397 Share Posted July 23, 2020 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts