Jump to content

Virus/Rootkit/Worm/Trojan I'm in trouble


Recommended Posts

To start My computer may be infected as deeply as the bios and possibly my whole home network I'm not worried about losing any information on the PC its already wiped clean with a fresh Install of the most recent version of windows 10 with all updates and I'm prepared to do whatever is neccessary  to have a clean system. Okay so the main issue is that my computer has been linked to a c&c over rpc and it will force my PC to join a workgroup and it has access to all system certificates. It persists through  clean installs I have tried multiple  iso files from Microsoft  directly via media creation tool and I've even tried downloading iso files from other places the issue persists  it is totally undetected by all antivirus. I have tried malwarebytes bitdefender Kaspersky they all detect nothing but upon disabling  all the rpc services I could find Kaspersky  detects  all of the fake certificates but was not able to remove them. This is (speculation)>disconnecting all rpc functions  after the virus has fully assigned the PC to the network renders the user without  system level admin privileges because  it cannot  verify the PC identity  through the server <(end speculation).  I make that speculation based on the fact that after all rpc functions  are disabled I cannot perform some admin tasks on the PC and will get a message  that it is not authorized or it is blocked. I know when my PC is fully assigned  to the c&c because  it changes my pc name upon completion. I also have many mysterious devices that are hidden in device manager for example I have a ryzen 3700x and it will install an Intel xeon processor driver that I assume the c&c is using it will also install an Intel chipset driver. Some of the mysterious devices  originated from Uefi sources and have a unknown install location fml I need a master hacker to unhack me. I know my way around  the PC very well so worry to give me some advanced  Elon musk sized resolutions  I will literally  do whatever  is neccessary. (Speculation  on how it gains control I believe the c&c spoofs itself as an official Microsoft server at least for me and anyone  else connected to the server and then from there they already  have access to all certificates then uses windows defender to spy and perform  whatever actions  it needs I can confirm  it has total control of windows defender  as it will disable firewall momentarily every now and then all of this together  makes for a totally  undetectable spyware because windows itself is now doing everything with all your certificates. Plz save me

Link to post
Share on other sites

  • Root Admin

Hello @Osamabinbotnetted

Okay, let's take a different tactic here then.

STEP 1

Please follow the directions here to reset your router

 

Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.


https://wiki.dd-wrt.com/wiki/index.php/Reset_And_Reboot

https://wiki.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30


Another Resource on Router information if needed

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

 

STEP 2

Once that has completed then boot from a USB installation drive from the Microsoft Media Creation tool.

During the install, choose Custom and delete ALL partitions

If you're unable to delete all the partitions let me know.

Then proceed with the basic installation of Windows but keep your router unplugged so that it cannot find Internet access during the setup. That will allow or force you to create a local account

Once all of that is done then restart the computer one more time, with the Internet disconnected or the router powered off.

Then once logged in again turn on the Router and enable the Internet and get me new logs right away before you install anything.

Also, please list the Manufacturer name and Model number of your computer for me.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.