Jump to content

Hidden Virus in Event Viewer, possible botnet


Recommended Posts

ive been having the same problem, and most ppl around me dont know squat so im basically being treatted as crazy person, i still dont have a answer, but i might have some extra info. Ive formatted my destop several times, it kept acting strange, after the third formart the first thing that i did was open the task manager and a inoticed that a cloud app was running, like trying to buckup something, i thought it was form the network, and formated angain offline and it happened again, not sure how. but recently i noticed a lot of drivers hidden, and also some hot spot spot drivers, and some bluethooth. ive always suspected that the this malware could move horizontally into other devices conected on the network, and im pretty sure using bluetooth too. my problem its not resumed to computers, my cellpjone was hacked too, but my problem mighty not be exatcly like yours, your accounts with your pc i mostly observed on mine, ive found out that some folders as excluded from search in the windows configurations, found some info there, windows task scheduller keeps running some app updates with weird triggers like, start at 6 and every hour after that, and a lot of other *****, but lets get to the point. ive reflashed my bios and did nothing, i was guessing it was a bootkit, used some boot tools from a lot of different companies and nothing, and at the beging at this whole ordeal i made a deal with a cyber security company focused on business security, wich by the way, never do that, they focus on preventing atacks, the job they did sucked, but served a purposed, i could prove that everything on my house was infected. Im not very savy in computer sciences, but ive a lot on malware behavior, and advanced it is. this malware can deliver payloads, and inject malicious stuff, it can definitely elevate credentials, and ive seen been remotely used, if its sleep i could be waked. Reseting router might not help, it should be done, its even better to upgrade the frimware, specilly if its one those with exploits that apperead recentled, but if the malware still resides on the devices, it will at least get acess to the password, dont forgent to change the ssid, and the router login and password, they have a list of stantard ***** and also break tru brute force. First of all, my easy fix, is a new cell using only 5g with wifi and blue tooth off, because im more than a year in this *****, but the first thing that i think that will be easy and cost beneficial would ny a falsh drive with write lock, the usb port might not be safe, get the installation elsewhere, might as well get some apps, best way would be to start with a virtual sandbox, wich by the way, i still dont know to do it. format everything offline, if have some security apps at hand u can safely protect it without conecting, and even if its a bootkit, and that bootkit could infect the pendrive, the lock would protect it. Put some ***** ive shout, seems a list of shorcuts for comands, perhaps its nothing, or maybe its known to be ralated a specific malware, the other one is more complex 

 

 

 

 

 

image.thumb.png.8ef2d14f0209a8533810d211dd9c837c.png

settingssynonyms.txt SettingsCache.txt

Link to post
Share on other sites

  • Root Admin

Hello @lifeMalwered

Please follow the  directions exactly from this post (except DO NOT use an Online account, use a Local account)

Verify the hash of the ISO image you download

Buy a NEW USB thumb drive of at least 8 to 16 GB

 

If you own your own router and are not renting it from your Internet Service Provider

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Depending on one's preferences and the Router's capabilities please consider the following.

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.
    Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
  • Document passwords created and store them in a safe but accessible location.

 

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

 

 

If that does not work, then take the computer to a local computer repair facility that specializes in security

 

 

Link to post
Share on other sites

ok, since ive already failed befored, ill follow youre advice to the letter, i live in brasil and its lacking in specialized workforce in cyber security, even more for normal people, since the few we have work for companies to get the big bucks, i guess its my last chance, i was about to give up, the lack of knowledge about this subject in here made everyone treat me like a mad man. My routers are rented, and since one of then is mesh, and ive suspected it could be the culprit with some foul play from the company ppl who installed i already got another, i think reseting it wont be a problem, and im aware of the safety protocols, ill study a bit on how to update the firmware. I think i can get my hands on in a windows copy from a cyber security company that protects a busineses, he tried to help me, hes good preventing infection, his adivice was to burn everything eahuehuaehueahu i wanst aware how to do the hashing but it seens simple. i might not be able to get windows 11, is 10 ok? it will pro. Ill read everything slowly, trying to absorb, but if i have any doubt its possible to ask some more questions? thanks... by the way, did the other guy succeeded?

Link to post
Share on other sites

  • Root Admin

I don't know hat happened to the other person. They stopped responding

Get Windows installed but  do not install any 3rd party software until you post back new logs of the installation of Windows

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.