Jump to content

Infection has crippled my computer, phone and internet access


Recommended Posts

Everything was going fine, but then...

12700k, Asus TG H670 Pro wifi D4, Patriot Viper Steel 64GB 3600MHz 18-18-18-42, Corsair iCUE 5000x RGB Case, Corsair RM850x PSU, 3 SSDs, Noctua NH-U12A, 10 fans from Corsair, Noctua and Phanteks, XFX Speedster MERC319 Radeon RX 6800 XT GC, 2 6TB Seagate HDD

I can't download FRST and other apps, or get to here or Bleeping Computer and other sites. MB was uninstalled by the malware. Defender can't stop it. I'm using my phone's data. 

Yesterday, the replacement for my SWFT319 graphics card arrived from XFX (see above). After completing several tasks, I shut down my computer and installed it.

I updated 3DMark, Destiny 2, Vampire the Masquerade: Bloodhunt, and Diablo Immortal. I needed to run tests to make sure that the GC would work right. 3DMark Speed Way Benchmark gave a result that was lower than with the SWFT319 (which is a lesser card), which I attributed to tasks running in the background, including the downloads. I tested the GC with Vampire, one of the 2 games that had had problems. The update for Diablo was very large, so I decided to take a break from my research and work while I waited for the updates, and played Destiny for 3 hours. The Internet abruptly stopped working for all devices on ethernet and wifi, Windows, iOS and Android.  Cycling the router didn't help, so I also cycled the modem and it started to work. I tested Diablo.  I noticed that my PC was lagging badly, and sometimes the fan lights would blink (not normal). I decided to reinstall the AMD GC drivers. I booted into safe mode to run DDU. After restarting, my PC continued to lag, and I noticed that MB was missing, and things were functioning poorly and slowly. Browsing here and to BC was impossible. 

 

This morning, I reinstalled Windows in the hopes of resolving the problem, saving only my files, but after a little while it started happening again. All devices continue to be affected. Sometimes I have partial internet access, sometimes none. I tried using only wifi or ethernet, different cables, bypassing the router, resting the router and modem, turning everything off and resetting the router and modem. I have no way to download tools at this point. Help!

Edited by GlennM2
Link to post
Share on other sites

Hello :welcome: 

I will guide you along on looking for malware but that generally requires a good actual working Operating System. 

If we start your case here, please be sure you do not have a open case on any other forum-venue for this machine !
We do not want chances of any over-stepping.
I cannot help you as regard the phone device.
I can attempt to help you on the Windows system.

Let me know if you have access to a clean Windows pc. Either one of yours, or perhaps at a friend's place, or a frienly neighbor.
Keep in mind that it may be necessary to ( later ) actually do a actual clean from scratch Windows clean install ( without keeping anything of any sort).
It may even be possible to do a manufacturer's system restore ( if the manufacturer has a recovery partition). I believe you say your pc is a Asus TG H670.  Check with Asus support for that model to determine if Asus has a recovery system restore partition.

  • One more point. Do you have or can you get a USB-flash-pen-thumb device ( at least 8 GB capacity) that can be re-used, or repurposed ( or better yet a new one). With such I can guide you to making / populating a Windows Media Creation tool USB  ( which we can use in different constructive ways)

 

Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

You may try this to see if it helps in getting back the connection to the internet. This is only a try to get a normal standard internet capability.

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

 

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in code-box below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset resetlog.log
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. When prompted by Windows to allow to run or allow to make changes, be sure to ALLOW by replying/ clicking on YES.

Your computer will reboot.  After that see if internet access is available. You can even open a Command prompt and enter on there

ping microsoft.com

You have written 

Quote

This morning, I reinstalled Windows in the hopes of resolving the problem, saving only my files, but after a little while it started happening again.

QUESTION: Just how did you do that ? Was that thru using the Windows "RESET" option ??

Edited by Maurice Naggar
Link to post
Share on other sites

Hi Maurice! I haven't communicated with you in years! How are you?

I used the Windows Media Tool to make a bootable flashdisk. I kept the windows.Old folder just in case. This is the only place I've opened a case. I'll follow your instructions. I don't know where the malware came from although my kids speculate that it was in the XFX GC. I do my best to avoid any sort of risky websites. 

 

When I get home I'll run that batch file. 

Link to post
Share on other sites

I forgot to mention in my 1st message that I was able to download the installation programs for Malwarebytes, AVG and Avast, but all other sites were inaccessible. I was only able to install MB because the other 2 were blocked from accessing their servers. I could not activate my MB sub because that was blocked. I ran a scan of my entire system, except the HDDs which are disconnected,  but it didn't find anything. 

I created flush but I wasn't able to click on anything on the desktop, so I ran elevated cmd and entered the commands. It worked but, of course, I couldn't do "del %0" after the restart (fail). Pinging MS worked.

This time, desktop files were clickable, so I ran flush and it was again successful. Ping to MS was 124ms. Ping to MB was 23ms. I was again able to go to mb.com after a delay and download MB. I tried again to install Avast and AVG but they were blocked, and when I tried again to activate MB, that was blocked although this time I got both a connection failure and activation success. It wasn't activated. 

What should I do?

20230423_175516.jpg

20230423_180858.jpg

20230423_180952.jpg

Link to post
Share on other sites

I am good, thanks. Please try to not do too much, too fast. I mean we do not want to install AVG or Avast or any 3td-party antivirus. You have installed Malwarebytes, so at minimum the trial-mode is engaged and the trial will have real-time protections for 2 weeks.

The other symptoms you describe, seem to point to a IFEO pest-type infection. I would like you to do this next set of actions.

If possibly you have a browser issue, can you try using a different web browser?
But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer.
and only then, launch it from there.

Let's do one special run  with Malwarebytes Adwcleaner
 
It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button.
 
First download & save it
 
Then go to where the EXE file is saved. Start Adwcleaner.  Do not rush. There are a few first choices to set as I have listed below.
 
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.
 
When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status
Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file
 
ADW-s-1.png.c32838f45f840beb2b835ad51f0a1b7c.png
 
 
ONLY after you have set the selections above ....only after that .....
Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.
 
 
This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.
 
AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.
 
 
 
Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt
There is much more to do even after this. Again, we will be able to have you use Microsoft Defender antivirus. SO-ooo do not install AVG or Avast.
(  2  )
I take it that your pc is able to have & use internet access.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

As I said before, I forgot to mention in my FIRST post that I had downloaded MB, Avast and AVG, but had only been able to install MB. This was one of the steps I did before writing here.

Unfortunately, MB is not in trial mode - this is the free version. All protections are off.

Please remember that I am typing on my phone. In other words, I cannot access this forum on my computer. I almost always have internet access, but the malware restricts where I can go. 

Since I did a reinstall of Windows yesterday morning before I came here, I don't have other browsers. You haven't asked me to try to get any. 

AdwCleaner found only one thing: FixIt. I'm typing on my phone, remember, so here are photos of the results. 

I cannot download msert.

20230424_040312.jpg

20230424_040335.jpg

20230424_040439.jpg

20230424_040451.jpg

Link to post
Share on other sites

"Not sure how the box got attacked"

I don't know what box you mean. Did you mean to write "attached"?

"run the following and you will have access to the Internet to provide the log."

How am I supposed to run FRST from recovery if I don't have it (FRST)?

Edited by GlennM2
Clarified
Link to post
Share on other sites

@GlennM2  Alright. Let's try to get a few things sorted. The last Adwcleaner "report" ( the C00 ones) show that Adwcleaner reset the Winsock & Hosts, which are a good beginning to insuring internet "capability". That is to say, those are not the source of the "non-functioning" internet access capability.

As a aside, what Advancedsetup's posted link-image is to a topic where directions are laid out to make a USB with the Microsoft Media Creation tool ( as long as one has a re-usable USB-thum-drive plus mainly a working Windows to download & make the "special USB", & to place FRST64.exe on the USB....so that one sets the computer BIOS option to boot off USB.....and eventually run FRST64 in the command prompt of the Windows RECOVERY Environment.  That would be quite helpful.  Keep that concept in mind for later.

I suspect what is the source of friction now, is likely, that Windows settings are missing the login into your local Network settings.
There are I believe more than one way to check up on that and to make corrections.

Lets make a note that this pc runs on Windows 11 ( 22H2 ) build 22621
Just look on the Windows File Explorer and look to see if it shows the Network in Explorer's Navigation pane
https://www.elevenforum.com/t/add-or-remove-network-in-navigation-pane-of-file-explorer-in-windows-11.7272/

If possible, if you can have a corded connection ( Ethernet connection)  from your computer to the router box that would be super.
Otherwise, the main focus will be on the wireless LAN ( WIFI) network connection.
Please study article on WindowsCentral "How to check network connection details on Windows 11"
https://www.windowscentral.com/how-check-network-connection-details-windows-11

I am positing that perhaps, Windows lacks the proper settings to the wifi or perhaps is missing the password to the network

NOTE: You have run Adwcleaner , thus we know that this Windows 11 is usable. Please get a snapshot capture of the window of File Explorer where it shows the "network / wifi connection"

Also. DO see "How to connect to Wi-Fi network on Windows 11"
https://www.windowscentral.com/how-connect-wi-fi-network-windows-11

Link to post
Share on other sites

10 minutes ago, AdvancedSetup said:

Unless something has changed, in the past you've had access to other computers to download. @GlennM2

Please follow along with @Maurice Naggar

The problem is affecting all devices, as I previously stated. 

I have downloaded FRST on my phone and will try to get it onto my PC after i get home. If there are others I can get on my phone first, please advise. 

Link to post
Share on other sites

  • Root Admin

Again, please follow the advice from @Maurice Naggar

Bottom line is there is only so much we can do to assist you. Without access to certain tools or methods you'll need to take the computer to a friend or a physical computer repair shop where they have the tools to assist.

Follow the directions from Maurice @GlennM2 and he can hopefully assist you

Thanks

 

Link to post
Share on other sites

My plan succeeded; downloading FRST onto my phone was not something the malware writer anticipated, so there was no protection against running it. FRST completed the scan.

Yes, the network is shown.

Both the wifi and ethernet work... selectively.  If it were a problem solely on my computer, the other computers and phone would not have been affected, MB wouldn't have been uninstalled, and antimalware sites and software wouldn't have been blocked. I'm sorry if my description was not adequately clear. I'm dealing with malware, not settings problems. 

FRST.txt Addition.txt

Link to post
Share on other sites

Kudos on having run FRST reports. Allow me time to review and then get back to you.

I do have to say, any smartphone issue, you may go to the Android sub-forum for help. Or if yours is a Apple IOS there is a separate other forum.

I will review and help on Windows. On the hardware router, I can offer some tips on power cycling the device.

This here is for Windows PCs. I cannot help you on smartphones.

  • Like 1
Link to post
Share on other sites

What about the router and modem? Like I said, I cycled them separately and together. It only seemed to help for a few minutes. Same for resetting. But if you have any other ideas, let's try.

Many years ago, I was managing a school network which got infected. The malware used the network to move around. I had to isolate it by only having one computer on at a time and cleaning it. I suspect that will help in this case. What do you think?

BTW, my son found a PC Magazine from 2015 or 2016 in which a guy was testing and managed to be able to infect a graphics card...

Link to post
Share on other sites

Please let's put that last suspicion about "graphic card" or hardware messup / infection on hardware out of mind. ( it would be perhaps a factor IF say the graphic card had a glitched-up RAM chip, if the hardware was very old. But that is more like a hardware deficiency / a hardware failure.)

Here are actual problem areas that do affect the WIFI / and thus this computer not being able to get on internet. This per FRST and the Window System Event logs. 

Error: (04/23/2023 07:22:28 PM) (Source: Netwtw12) (EventID: 5005) (User: )
Description: Intel(R) Wi-Fi 6 AX201 160MHz : Has encountered an internal error and has failed.
5005 - Driver internal error

Error: (04/23/2023 07:22:28 PM) (Source: Netwtw12) (EventID: 5002) (User: )
Description: Intel(R) Wi-Fi 6 AX201 160MHz : Has determined that the network adapter is not functioning properly.
5002 - uCode SW error (SysAssert, NMI)

ALSO a number of devices that are having faults. I cannot tell which ones are the network card.

==================== Faulty Device Manager Devices ============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

I would urge you to look into the Windows 11 Device Manager. Look at all the ones that say 

The drivers for this device are not installed. (Code 28)

 

Re-reminder pls get a Ethernet cable and get this machine direct connected to the internet router-box

That should be the best way to get a good internet access for at least the time being.

I am not seeing "malware" factor upon reviewing the Farbar FRST report. But I do have one suggestion to do right away.

( Action item )

Current DNS Servers: 192.168.1.1

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPV4 & a 2nd pass for IPv6

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

per Microsoft Support tips on network issues

Make sure Wi-Fi is on. 
Select Start > Settings > Network & internet, then turn on Wi-Fi. 
Next, select More options (>) next to Wi-Fi, then select Show available networks. If a network you expect to see appears in the list ( meaning your Network) , select it, then select Connect. Open Wi-Fi settings

Links to troubleshooting links. Recommend you using them

https://www.windowscentral.com/how-use-troubleshoot-feature-fix-problems-windows-11

Link to a Youtube troubleshoot video

https://www.bing.com/videos/search?q=troubleshoot+hardware+and+devices+windows+11&docid=603535676410191047&mid=3CE8CF3459AD857727DE3CE8CF3459AD857727DE&view=detail&FORM=VIRE

Link to post
Share on other sites

Maurice, I'm not sure how to put this across. MB didn't get uninstalled by accident. I didn't uninstall it. 

1) The problems started before I reinstalled Windows. Within hours of the graphics card being installed. Does that necessarily mean that malware was on the GC? No. It is just one possibility. 

2) When the problems started, I was using ethernet. I'm still using ethernet. I also have wifi turned on. I guess that doesn't show up in frst. If you want, I can turn off wifi and only use ethernet. 

3) When the problem started,  ALL PCs and phones were affected at the same time, which is to say that the internet stopped working for all devices at the same time, no matter which OS and type of device. 

4) After I power-cycled the network, MY PC was very slow and the Internet worked for us all again.

5) I decided to use DDU to remove the AMD drivers,  which strongly recommended safe mode. After doing that, Malwarebytes was missing!!! SpywareBlaster was NOT uninstalled,  but all traces of MB had vanished. Did DDU do that? I had used it a few times before without a problem, and this was the same one, not a new download, but perhaps it was co-opted.

6) In addition, all devices started having trouble accessing various resources, including here, Bleeping Computer and some other sites, while others continue to work, such as Youtube. Many popular anti-malware vendors became inaccessible. I tried a few things but nothing helped.

7) In the morning, I reinstalled Windows, hoping to purge the problem, but it didn't help. I didn't try updating drivers because I was concerned that the malware, which continued to block many sites, would infect drivers. THAT is why you see missing drivers. It is NOT the source of my troubles. I had everything up to date before reinstalling.

 

I cannot take afford to take 3 PCs, and 3 phones to be cleaned of malware. If you think this is drivers and/or the router/modem, you are ignoring the chronology as well as the selectivity of what is blocked. The malware is still present, so please help. 

 

One further note. As of this morning, the system clock on my PC shows the wrong time but correct date. It is now 4:15 AM but it says 1:15 AM. Since the date is unchanged, that suggests that the battery is not the issue. 

Edited by GlennM2
System time
Link to post
Share on other sites

Message # 1 for Tuesday 25 April.
I have read your note. Believe me sincerely I read your notes. I am indeed here to help you. I understand and acknoledge your views, feelings, and all.
I am not here to oppose you nor to butt heads over this & that & the other. I want us to keep central focus. I am hoping and advising that you do follow my tips and suggestions.

On your smartphones, you should be able to drill into each one individually. To check to see if the settings Internet, Bluetooth are set for your home network, etc.
If you have Android smartphone & you suspect it is infected, keep in mind that Malwarebytes has a app for Adroid which you can download, setup, and use for a free trial. There is also a separate help forum for Android
https://www.malwarebytes.com/android

https://forums.malwarebytes.com/topic/134941-malwarebytes-for-android-support/

Similarly there is a separate Malwarebytes for iOs ( if your device runs iOs & if you have a iPhone)
https://forums.malwarebytes.com/topic/233652-malwarebytes-for-ios-faqs/

  • The Malwarebytes for iOs is only obtainable via IOS App Store. Keep in mind that is not a antivirus.
  • Q: Can Malwarebytes for iOS scan my iPhone for malware?
  • A: No. Scanning for malware is not possible on iOS, due to security restrictions imposed by Apple. Antivirus software is neither possible nor allowed in the iOS App Store. 

I am still very much wanting you to do these bits of research and troubleshooting.

( Action item )

Current DNS Servers: 192.168.1.1

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPV4 & a 2nd pass for IPv6

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

per Microsoft Support tips on network issues

Make sure Wi-Fi is on. 
Select Start > Settings > Network & internet, then turn on Wi-Fi. 
Next, select More options (>) next to Wi-Fi, then select Show available networks. If a network you expect to see appears in the list ( meaning your Network) , select it, then select Connect. Open Wi-Fi settings

Links to troubleshooting links. Recommend you using them

https://www.windowscentral.com/how-use-troubleshoot-feature-fix-problems-windows-11

Link to a Youtube troubleshoot video

https://www.bing.com/videos/search?q=troubleshoot+hardware+and+devices+windows+11&docid=603535676410191047&mid=3CE8CF3459AD857727DE3CE8CF3459AD857727DE&view=detail&FORM=VIRE

  • How to Change the Date and Time on Windows 11

https://www.howtogeek.com/743708/how-to-change-the-date-and-time-on-windows-11/

Please disregard advertisements on that website.

  • There is more work, more research to be done. This is not the end-all-be-all. We will do more later. However, I need for you to not disregard all this here. I need to be sure you have looked at, studied, and applied the Windows help articles listed here.
Edited by Maurice Naggar
Link to post
Share on other sites

Please be advised:

The router is still set to the Cloudflare DNS. However, the malware is blocking my access to the router and the modem. 

Advanced Setup said that it was OK to put the DNS setting in the router, I believe. Do you also want me to change Windows DNS?

After I got home, I put the GC back in (I forgot to mention that I removed it on the night the problems started). Then I turned on my PC.

Previously, Windows Security Center didn't report any issues. Then, it showed this:20230425_161410.thumb.jpg.9f8c4c3f5c506b4d27821b0ba7d19f79.jpg

I turned them on and restarted the computer, and then it went to this:20230425_161644.thumb.jpg.e5c9e1bae8fb5e18e51b29d9ef81c60f.jpg

I skipped it all. WSC no longer reports those problems. This happened before when AS was helping me. I had to edit the registry to get it to turn back on, because that was the only solution AS found that worked. After a few weeks, though, memory integrity was turned off again.

Perhaps you're wondering if I engage in risky browsing, but I don't. Unfortunately, I have 2 teens, so they probably do, especially my son. :(

Ok, I'm going to go through the action items. I will update later.

Link to post
Share on other sites

Quick update. Good news! Once I changed the DNS settings in my PC, that seems to have somewhat diminished the power of the malware, as I'm now typing this on my computer. I can access the forum! I think the big difference is before I used 1.1.1.1 and 1.0.0.1 on my router, but those are the default ones. 1.1.1.2 and 1.0.0.2 (and the ones for TCP/IPv6) blocks known malware sites and 1.1.1.3 and 1.0.0.3 (and v6) block both malware sites and adult sites. You should probably add that in to the list so that parents can better protect their families. I also changed the DNS on my kids' computers. I noticed that my son's computer has the same problem I had with Local Security Authority being turned off, but showing on, and it can't be corrected, like when AS helped me.

This doesn't help with the phones, of course, until I can figure out those settings. Also, I still cannot access the modem and router. I'll carry on working on this.

Link to post
Share on other sites

1. I want to be sure you have applied all my last tips as per https://forums.malwarebytes.com/topic/297200-infection-has-crippled-my-computer-phone-and-internet-access/?do=findComment&comment=1564555

You asked ""Do you also want me to change Windows DNS?""
Answer YES

Here are some sample images about my own windows-network-status displays that I had hoped you would provide me similar for the Windows 11 ASUS.
ALSO see
How to use the Windows 'View Your Network Properties' feature to obtain detailed information

https://www.techrepublic.com/article/investigating-network-details-in-windows-10-with-the-view-your-network-properties-feature/

You are able to transfer files between your phone & the Windows-pc & the reverse direction.
If you do get screen grabs that show personal information, or your IP address, or your network address, then send me those by sending me a personal-message. Do not attach that kind on this forum-topic  ( which can be viewed by public.

Below are a couple of samples off my Windows 10 machine showing network status. Hoping to get ones for your Asus.
Also I want to wait till you get all caught up with my advice-to-date before we take next actions.NETW-Sharing.png.cb86067dfb7ad98612d5d1482a43d0fb.pngNetwork-status-win.png.4594a2deb9785b988bd11abbbb3aeed9.png

REPOSTING following tibits about "smartphones".  I had posted those earlier.

On your smartphones, you should be able to drill into each one individually. To check to see if the settings Internet, Bluetooth are set for your home network, etc.
If you have Android smartphone & you suspect it is infected, keep in mind that Malwarebytes has a app for Adroid which you can download, setup, and use for a free trial. There is also a separate help forum for Android
https://www.malwarebytes.com/android

https://forums.malwarebytes.com/topic/134941-malwarebytes-for-android-support/

Similarly there is a separate Malwarebytes for iOs ( if your device runs iOs & if you have a iPhone)
https://forums.malwarebytes.com/topic/233652-malwarebytes-for-ios-faqs/

  • The Malwarebytes for iOs is only obtainable via IOS App Store. Keep in mind that is not a antivirus.
  • Q: Can Malwarebytes for iOS scan my iPhone for malware?
  • A: No. Scanning for malware is not possible on iOS, due to security restrictions imposed by Apple. Antivirus software is neither possible nor allowed in the iOS App Store. 
Edited by Maurice Naggar
Link to post
Share on other sites

I'm almost done, Maurice. I have another note for you.

When I went to change my time, I noticed that the timezone had been changed to the Pacific Timezone (e.g. California), which is where the graphics card came from. This is just another tidbit that seems to point at a relationship betwen the malware and the GC, although it could be coincidental.

Then again, XFX is a Chinese company, and the Chinese government can demand customer data from all Chinese companies.

image.thumb.png.42e26052527841408b29197084a828ac.png

Edited by GlennM2
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.