- Jul 5, 2018
- 52
So this virus has taken over 4 computers at my house so far. Formatting didn't remove it but I also recognized that my router had something installed on it called chrootkit so I've been trying to repair these PCs offline or using a mobile hotspot. Problem is that even using this method the infection persists through formats. I also figured out the virus uses sideloaded elevation techniques to gain access. I was able to find a ntuser.dat it loaded and it seems to use windows cloud host, biometric loader and an x.509 certificate to gain a strong foothold on the computers. It also uses whatever wmic and wfpud. (Whatever that is) The problem is I only have control of the PC for about 15-30 minutes each time before losing administrator access. There has been no ransom or encrypted files so far that I've been able to tell. As for malwarebytes the scan picks up nothing across the board everytime but I will continue to run it and try to produce something for you. Anything more I'm able to find out or remember I will report