Jump to content

Recommended Posts

Help

Hi. I’ve been on here trying to resolve my hack attack A few times to no avail. The attack commences as soon as I’ve been told that my machine is clean. I have a malware bytes subscription. 
the attacker made a mistake and didn’t manage to cover there tracks before I switched off my Bluetooth. So now I know how I’ve been compromised. It’s someone close by. 
I now know what type of attack and I had a run command in my run box I stumbled across. Pic below. This type of attack. Not specifically the one in pic but others associated to it completely disables malware bytes and other Anti malware 

how can I sort this problem out please. So far I’m using wusus offline and I’m about to buy a good vpn to try and hide my computer before it goes online. 
any advice would be monumental. Thank you

A06BFCAD-DB92-40F3-9BA1-36F9F2F7830F.jpeg

21F6641A-37B2-4B4E-85BD-E130ECEFD3CF.png

0FD7B868-68F8-4868-B59F-5FEB4B40A9A2.png

8EBF7D57-5912-4960-AC54-A5D37620DD37.png

F40F3335-E3DA-41B6-B665-7FFDAA0591F8.png

A7BE7BC6-4735-4ED5-B642-FC2157782863.png

4DB089E2-7E61-475F-B299-17D611BCA3C0.png

Link to post
Share on other sites

Hello Chris.

These "ms-app"  "ms-cxh:"  lines are used by Microsoft Windows' Windows Updates, for example when doing Windows build updates.  I would not be jumping to making an assertion that there is some nefarious "stuff" going on.

Let's have you do a visual check of the Windows version and Build on this machine.

Press Windows-icon key & hold it   ( on the keyboard)  & then tap R key

and then type in

winver

Report back to me what the display shows  /   all of it.

.

Next type this into the Command-prompt window  in order to run the Windows'  System File Checker tool

sfc /scannow

 

Let us know the result of the SFC run.

 

Some very important notes:  Please do not jump to conclusions.  The way we determine if something malicious is about, is by running scans and checks with known security tools.

I recall you had had a recent case here,  and it was successfully concluded.

Link to post
Share on other sites

Hi Maurice

I’ve read a lot on your abilities and I’m fully respectful of your knowledge  this is a very difficult situation. It’s probable it’s no easy fix and it doesn’t help having to deal with (an idiot) me on a daily basis haha

  Thanks for replying. I’m totally aware I’m showing you pictures of completely normal windows programs but it must be concealed 

I’ll do the scan shortly but I’m sure what I’ve got destroys malware bytes processes and a few others  I agree this is disproportionate as I’ve not got anything anyone could want  it’s malicious but educational. 

tokens are being stolen, elevation through process  (Due to idiot using admin account and not listening)  opening folders thinking I was clever  unaware I was initiating a replication virus, I never get to a full install as that many folders and applications become inaccessible due to me letting tokens get stolen  

my admin bios password is locked and I can’t get to the dell site with full install yet

I’m nearly on the perfect off line install. Hashtool etc 

I’ve got wusus offline  windows 2000odd all of  my laptop updates on usb 

the infection is rampant  to all three computers right from fresh install,  none are connected , different email and name each time.
I see Bluetooth address format on event viewer 8,4,4,4,12 but that could be a trick, or mine worst case scenario, but had Bluetooth completely off for over a week  

I know things are not right because I shouldn’t be shut out of more and more folders And well I’m learning the hard way  it’s definitely triggering with something, like restarting for updates  and it’s definitely linked to my computer core

. And I understand it might be terminal  

I’ll get last updates done off usb and get online for scan   Cheers. 
(I’ve got complete hard drive clones, I recorded before I lost two pc.s. HaHa. Built another and had to give up because the token thing. Duh 😒 

ok I was going to send the scan but I’ve been locked out of everything and the scan would only scan areas it has permission for

this is exactly the same problem I’ve had since March Maurice. Problem is it is getting worse, I spent till 6am going through all the firewall permissions internet options  making sure I didn’t have any ports tcp shares that could be used by attacker

I just looked how to get back into and uncheck restricted folder access and seen god mode. And the code is the same format as Bluetooth. Interesting, I’ll have to compare. 
far from jumping to conclusions Maurice I’m merely searching for anything that is similar so as I can explain and understand what is happening and it’s enormously time consuming and things keep evolving.
Photos. showing no access 
I’ve got the highest privilege I can attain being the administrator  who owns computers and my laptop which is going to have to be erased again for the umpteenth time. I’m relaxed and incredibly patient. 

0A52C5AF-17A6-44E4-B563-981EAB65B170.jpeg

EB7C131A-F90D-402C-AE65-F6FFE9308FB3.jpeg

ED2EA725-3F70-4F79-A753-827AA9E7D7F8.jpeg

876260EB-FB99-4C8D-94B8-47CBE0DF5C90.jpeg

C4A7BA78-9BCF-494A-AFA7-F45482E4B96A.jpeg

C36E0BB9-4B4D-4824-9861-1F589B1A687A.jpeg

6A316B28-13A7-4275-AB6C-7EC9994DA91D.jpeg

BEDB0DA9-5DE8-43BA-896A-DA69C482A445.jpeg

7200B803-FA26-472B-A307-ABACA1F9A75E.jpeg

Link to post
Share on other sites

I’ve just got to get in touch with dell as I’m unable to get on there website to unlock my bios with there PowerShell scripts or I’ll have to go to my brothers and download on a new usb as I’m unaware if usb infection is possible but I can’t rule it out as is the same with DVD burner until I know what I’m looking for. I’ll be back as soon as possible Maurice. Thanks for your time 

Link to post
Share on other sites

Sorry, truly sorry.   But I am going to recuse myself from all of this.

It is likely that there is a few pinches of self-inflicted paranoia.   But if true that the hardarw BIOS is compromised   ( and that is truly extremely rare)  I just cannot help you.

Because if that is true,  you need expert help thru the computer hardware maker.

I do wish you well.

Edited by Maurice Naggar
Link to post
Share on other sites

No one believed me so I had to put it down to my paranoia which it turns out is the worst thing I could have done

i knew something was happening that was hidden and it’s just my luck to be extremely unlucky. I had absolutely no idea how to prove it. 
so this means everything I own that has been on  or connected to my laptop could be injected with a link back to the perpetrator. I’m not sure how I would even start to try and sort this out. I’ll have to research it before I stick my neck out
I guess this is going to cost me dearly. 
bu@@er it 

thank you for your help and also I appreciate it’s almost impossible to detect unless aware of PSDrive infection CAC25459-ECBB-4967-B01F-359BBC17A1F9.thumb.jpeg.4789f4fbf192ca4e5fc33bc8cf1c6d6d.jpeg

Link to post
Share on other sites

  • Root Admin

Hello @Chris1969

I'm sorry but you appear to be self inflicting issues that are highly unlikely. If you wish to relax, calm down and follow directions I'll be happy to assist you. If you wish to believe you have some type of UEFI attack that has spread to all your computers then I'm sorry, no one will be able to assist you.

If you do decide you'd like help then please start by following the directions below. Please do not post screenshots from a camera or links to other material at this time unless requested.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.