These people have been using tricks way above my paygrade to follow me through 2 laptops and one PC (current) for over a year. I believe they are living off the land and using scripts and shell. I also found some logs that reference Windows.old being loaded from into the new operating system. Something about hives I dont know. I just want this to be over and to have a secure PC. I have reinstalled windows more times than I have fingers on both hands and it always happens, bluetooth, wifi, some way of them opening a portal to a file host or a LAN that it connects me to and they preload malware and corrupted windows applications then the malware starts. I don't know what to do, it seems like as I said im apart of their LAN, because some folders have trusted installer locks on them. PLEASE ask any questions I will be more than happy to answer to find a resolution to this. Thank you and god bless
Persistent year long infection over 3 computers - Need Help so badly
- Thread starter carrotkomii
- Start date
- Status
I have a strong suspisioun they are messing with my DNS or hosts file. They use and invoke wireless lan? connections to me when my wifi is off! The thing is my credit card was recently closed for fraud after using this computer, again, and just when I thought I secured it this time there is some type of living off the land attack. my wim is probably corrupted too, there are hidden partitions that have been detected at one point or another which is why when i reinstall there are so many virtual adapaters on my device manager. It makes me think i'm running a virtual box. A lot of files that are suspect have a date modified of 12/7/2019. for example in my windows/system32/ there is a folder called printing_)admin_scripts > en-UIS. in there are VBscript files, date modified is 12/77/2019. the whole winsxs is a nightmare. its LOADED with things that just scream remote access and takeover. I cannot delete because they are locked. In the best case with some utility programs i can't do anything because its in use! This is why I believe I am actively being exploited. I do not think they are injecting me or have used malware to my knowledge, if it is its a custom load, but they have a lot of programs they uploaded and are exploiting off the land. Any ideas? I have screenshots, but i dont know the policy for that on posting
So, the thing is DISM and most CMD commands fail. Theres a point if i dont try and mitigate the amount of spyware and trojans they are dropping to disrupt my online life? it will eventually end up in a boot loop that the OS won't recover from. Its very effective. I want my life back. I have hitmanpro, registered, let me get on that i've used emisosft, and bitdefender, they actually identified vulnerabilities, thats PROGRESS. Usually they use fileless. Anyway, i Hope im just really paranoid but in any case i need help finding out a way to no be apart of their LAN, or SUPER USER group or whatever. I heard the hackers after me is actually a school of ethical hacking in south africa. Thats why they reinfect again and again. back to my issue, the GPO and the task scheduler are preloaded, to do a lot of wicked things, mostly connect and check my web capabilities. To getting the oem.
Firewall idea sounds solid, that is true, but i'd ike to trace the IP's and verify which is legit and what is... noise, or worse.
I'll have the report by this morning brb
Firewall idea sounds solid, that is true, but i'd ike to trace the IP's and verify which is legit and what is... noise, or worse.
I'll have the report by this morning brb
As per strict policy, Notice by Staff - Groups authorized to help in Malware Removal Assistance forum
For non-malware related issues, the Software or Hardware Troubleshooting forums are available, where any member can assist.
Please wait for assistance by our Malware Removal Assistance team. Thank you.
For non-malware related issues, the Software or Hardware Troubleshooting forums are available, where any member can assist.
Please wait for assistance by our Malware Removal Assistance team. Thank you.
Last edited:
- Nov 5, 2019
- 1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
No malware was found.
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
Did you set these restrictions
HKU\PE_D_KOMII\...\Policies\Explorer: [NoWinkeys] 1
HKU\PE_D_KOMII\...\Policies\Explorer: [NoRecentDocsNetHood] 1
If you wish to remove the restrictions, add the lines in bold to the Fixlist.txt file before saving it.
p.s.
At the end of the fix you may have to answer this question to continue.
If chkdsk cannot lock the drive, a message appears that asks you if you want to check the drive the next time you restart the computer.
Click Y and let it finish.
===
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
No malware was found.
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
Did you set these restrictions
HKU\PE_D_KOMII\...\Policies\Explorer: [NoWinkeys] 1
How to disable specific global hotkeys in Windows - gHacks Tech News
Find out how to disable the hotkey functionality of the Windows-key completely or only for specific hotkeys.
www.ghacks.net
HKU\PE_D_KOMII\...\Policies\Explorer: [NoRecentDocsNetHood] 1
If you wish to remove the restrictions, add the lines in bold to the Fixlist.txt file before saving it.
p.s.
At the end of the fix you may have to answer this question to continue.
If chkdsk cannot lock the drive, a message appears that asks you if you want to check the drive the next time you restart the computer.
Click Y and let it finish.
===
- Nov 5, 2019
- 1,597
- Status
Similar threads
