AtabeyLuna Posted May 5 ID:1634430 Share Posted May 5 When I tell you, I have done everything to remove whatever it is attacking my system...I have even become physically ill, knowing how much control whoever it is doing this, really as. I've even gone to law enforcement because the attacks are being done through nearby services & bluetooth settings, that go on by themselves even when disabled. I have a suspicion on who it is because of some weird wifi addresses appearing in our available network listing and two particular addresses have multiple points under the guise of being Spectrum routers. Like one of the individuals has 10 different addresses with the addresses switched up slightly. From what I am comprehending, whoever has control, is not only remote accessing my system, but has also embedded an OS program that even with numerous reinstalls, repairs, you name it, is under their complete control and not a "real" OS program down to all the applications and processes. I even have a fake cmd program and corrupted registry editor with none of the normal Hkey files. The files start from a svchost.exe file, but I've messed with those and the whole system will shut down if I clickthe wrong one. It won't even allow me to stop remote access, even I the control panel, as the options are whited out or unavailable. This got worse right after Christmas, they managed to also embed themselves in all our devices and phones. Even when replaced, router and all, they still gained access. Even with the internet not being connected. I am at wits end...I don't know what else to do and it's more about my kids, because they still have to use this stuff regardless because of school. Everytime I try something new, a new backdoor file pops up to counteract what I just did.... So yeah...that's small gist of it and I am just a Mom trying to keep her family safe, but this has gotten out of control and I just can't do it anymore. No one helps and I don't have the money to keep replacing things. But it's really malicious and even more scary if it's someone nearby and I don't know the end game. Because it's a lot of effort toward a family for what..... I appreciate the help, but I am truly physically and mentally broken down by this... Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634431 Share Posted May 5 Please let me know if you need me to screen shot or attempt to get a log of something. I apologize in advance for anything not sent in original post. Did not want to overwhelm with multiple uploads. Link to post Share on other sites More sharing options...
Porthos Posted May 5 ID:1634432 Share Posted May 5 @AtabeyLuna Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following. Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware. Please respond to all future instructions from your helper in a timely manner. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: Please pay close attention the the instructions in all of the following links. If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Please pay close attention the the instructions in all of the following links. Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Then be patient for the next expert to take your case. Thank you 1 Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634476 Share Posted May 5 Thank you so much, please stand by. My apologies for the delay. I attempted something earlier and had to reinstall Windows. Can you please provide guidance on how to compile log file for your review. I apologize in advance, only a bit tech saavy, but I am a fast learner and understand instruction provided. I truly appreciate your time and help. Stand by....online going forward On a tablet at the moment.... Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634477 Share Posted May 5 I think I got it, doing my due diligence...you all do a great service. I see that there are options per process or app. My apologies if I am missing anything. Almost done with reinstall. Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634481 Share Posted May 5 7 hours ago, Porthos said: @AtabeyLuna Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following. Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware. Please respond to all future instructions from your helper in a timely manner. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: Please pay close attention the the instructions in all of the following links. If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Please pay close attention the the instructions in all of the following links. Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Then be patient for the next expert to take your case. Thank you @Porthos Appreciate the help from the legendary Baron du Vallon aka Porthos... Attached please find all logs as requested. Please note that these shadow actors have managed to bypass every single antivirus, security app I could get my hands on including this platform. Per usual the scan yielded no threats or malicious files. But The FRST seemed to have picked out some things. I have also attached some of the current Windows logs for an idea of some of the background processes going on. Again, I appreciate you all.. Addition _552024AL.txt AdwCleaner[C00] - First Scan No Detections.txt AdwCleaner[S00].txt AdwCleaner_Debug.log FRST_552024AL.txt Malwarebytes Scan Report 2024-05-05 170703.txt Windows App Log.txt Windows Admin Device Log.txt Windows AppX_Deployment Server Log.txt Windows AppX_Package Log.txt Windows Audio Log.txt Windows BITS Log.txt Windows Corrupt Group Policy Log.txt Windows Crypto DPAPI Log.txt Windows Crypto NCrypt Log.txt Windows DHCPv6 Log.txt Windows HKLM Registry -Corrupt Term Service Log.txt Windows Security Log.txt Windows System Log.txt Windows Enterprise Manager Admin Device Log.txt Windows Enterprise Manager Operational Device Log.txt Windows Manager Device Log.txt Windows Operational Device Log.txt Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634482 Share Posted May 5 @Porthos An FYI, they know I am seeking help because they are sending bypass jump pages via Google (Using Opera now, until they figure it out) when I type in certain terms. I get a screen that say No IP address, DNS Error but when I go into Developer Tools, you can view the obvious manipulation and trigger terms in the script, I am clearly online, just block from Google by a fake error page. That's the level of BS I am dealing with.. Thanks again.. Link to post Share on other sites More sharing options...
Porthos Posted May 5 ID:1634498 Share Posted May 5 (edited) @AtabeyLuna Please do not create additional user accounts here on the forum. The post from "WarChild94" has been removed. Edited May 5 by Porthos Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634503 Share Posted May 5 14 minutes ago, Porthos said: @AtabeyLuna Please do not create additional user accounts here on the forum. The post from "WarChild94" has been removed. Unfortunately @Porthos that wasn't us...we changed our password. My son got a notification via email and he wasn't even home. This is not the first time this has happened. Why I suspect they are nearby. Link to post Share on other sites More sharing options...
Porthos Posted May 5 ID:1634504 Share Posted May 5 1 minute ago, AtabeyLuna said: Unfortunately @Porthos that wasn't us...we changed our password. My son got a notification via email and he wasn't even home. This is not the first time this has happened. Why I suspect they are nearby. It was done from YOUR location and Spectrum IP address. Someone is using your wireless network it seems. Contact Spectrum for a new IP address. Sounds like it might be time for law enforcement. Link to post Share on other sites More sharing options...
AtabeyLuna Posted May 5 Author ID:1634505 Share Posted May 5 1 minute ago, Porthos said: It was done from YOUR location and Spectrum IP address. Someone is using your wireless network it seems. Contact Spectrum for a new IP address. Sounds like it might be time for law enforcement. They have done that multiple times. Which is why I also suspect it's an infrastructure issue. I have called Spectrum, gone in person...nothing...I have even had my landline intercepted when I call any agency for help, like T-Mobile, Spectrum, eyc...We have changed our router, emails, log ins. We have contacted NYPD, FBI and all have daid if the threat is not physical or against assets, nothing they can do, which is madness. There have also been security warning for log ins from China. I'm done @Porthos, just want a clean system....worried about the kids....don't know the endgame for this. Just reset router password.😞 Link to post Share on other sites More sharing options...
Porthos Posted May 6 ID:1634544 Share Posted May 6 To the other helpers, I am working privately for the moment toward a resolution. 1 Link to post Share on other sites More sharing options...
Recommended Posts