Persistent year long infection over 3 computers - Need Help so badly

Status
Not open for further replies.

carrotkomii

New Member
Apr 18, 2021
4
These people have been using tricks way above my paygrade to follow me through 2 laptops and one PC (current) for over a year. I believe they are living off the land and using scripts and shell. I also found some logs that reference Windows.old being loaded from into the new operating system. Something about hives I dont know. I just want this to be over and to have a secure PC. I have reinstalled windows more times than I have fingers on both hands and it always happens, bluetooth, wifi, some way of them opening a portal to a file host or a LAN that it connects me to and they preload malware and corrupted windows applications then the malware starts. I don't know what to do, it seems like as I said im apart of their LAN, because some folders have trusted installer locks on them. PLEASE ask any questions I will be more than happy to answer to find a resolution to this. Thank you and god bless
 

Attachments

  • Addition.txt
    34.1 KB · Views: 17
  • FRST.txt
    45.1 KB · Views: 16
  • Like
Reactions: Cortex and Nevi

carrotkomii

New Member
Apr 18, 2021
4
I have a strong suspisioun they are messing with my DNS or hosts file. They use and invoke wireless lan? connections to me when my wifi is off! The thing is my credit card was recently closed for fraud after using this computer, again, and just when I thought I secured it this time there is some type of living off the land attack. my wim is probably corrupted too, there are hidden partitions that have been detected at one point or another which is why when i reinstall there are so many virtual adapaters on my device manager. It makes me think i'm running a virtual box. A lot of files that are suspect have a date modified of 12/7/2019. for example in my windows/system32/ there is a folder called printing_)admin_scripts > en-UIS. in there are VBscript files, date modified is 12/77/2019. the whole winsxs is a nightmare. its LOADED with things that just scream remote access and takeover. I cannot delete because they are locked. In the best case with some utility programs i can't do anything because its in use! This is why I believe I am actively being exploited. I do not think they are injecting me or have used malware to my knowledge, if it is its a custom load, but they have a lot of programs they uploaded and are exploiting off the land. Any ideas? I have screenshots, but i dont know the policy for that on posting
 
  • Like
Reactions: Cortex

carrotkomii

New Member
Apr 18, 2021
4
So, the thing is DISM and most CMD commands fail. Theres a point if i dont try and mitigate the amount of spyware and trojans they are dropping to disrupt my online life? it will eventually end up in a boot loop that the OS won't recover from. Its very effective. I want my life back. I have hitmanpro, registered, let me get on that i've used emisosft, and bitdefender, they actually identified vulnerabilities, thats PROGRESS. Usually they use fileless. Anyway, i Hope im just really paranoid but in any case i need help finding out a way to no be apart of their LAN, or SUPER USER group or whatever. I heard the hackers after me is actually a school of ethical hacking in south africa. Thats why they reinfect again and again. back to my issue, the GPO and the task scheduler are preloaded, to do a lot of wicked things, mostly connect and check my web capabilities. To getting the oem.

Firewall idea sounds solid, that is true, but i'd ike to trace the IP's and verify which is legit and what is... noise, or worse.
I'll have the report by this morning brb
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
576
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Did you set these restrictions

HKU\PE_D_KOMII\...\Policies\Explorer: [NoWinkeys] 1

HKU\PE_D_KOMII\...\Policies\Explorer: [NoRecentDocsNetHood] 1


If you wish to remove the restrictions, add the lines in bold to the Fixlist.txt file before saving it.

p.s.

At the end of the fix you may have to answer this question to continue.

If chkdsk cannot lock the drive, a message appears that asks you if you want to check the drive the next time you restart the computer.
Click Y and let it finish.
===
 

Attachments

  • fixlist.txt
    354 bytes · Views: 11
Status
Not open for further replies.
Top