Solved! I cannot truly clean install I'm hijacked and trapped in sync hell

Status
Not open for further replies.
Apr 12, 2022
3
0
10
I have tried everything to clean install and ferret out malware but I have ,after 3 years, find that I cannot clean install without corrupt and mal appxpackages and a whole list of registry, firewall, scheduled tasks preconfigured and it looks like whoever put me in this sync prison geared it towards remote control with valid but modified legitimate windows programs. Reverse shells, BADUSB being written to any external drives and untouchable files that brick my computer because they are the modified system files.

I have tried sfc scan ow and get "Windows resource protection could not perform the requested operation. There is an enterprise feel to this as apps and the install during the OOBE seems to be autopilot heavy as well as several vbscripts and PowerShell scripts that preconfigure my prison OS during and after my first boot.
I note whatever browser I use to download basic things to settle up there is a program called edge upgrade or chrome upgrade.
I believe I am having a custom image with a heavily hacked .wim files that make upgrading or truly clean installing without virtual network adapters being deployed.
The last thing I'd like to note is these files have " legitimate" certificates but they have inconsistent meta data.

Removed Thank you for your time.
 
Last edited by a moderator:
Solution
I did not voluntarily install the heavily modified .wim or custom image. It's been pushed through to me, I lack the precise language so bear with me. I just can't get out of this things grasp. First my desktop then my new laptop.
From some other, known uninfected device, create a new Win 10 USB to install with.
A friend, perhaps.

Then....
Apr 12, 2022
3
0
10
It is the source of my ills. I believe there is hijacking taking place even for Microsoft pages. I can only download the UK version. Odd. Also Somehow no matter what I do I cannot get a clean install it always seems to be preconfigured with services that I cannot edit that would otherwise allow a clean install or in place upgrade. Any attempt at installing with media just reinstalls and syncs the same unmodifiable services, that when compared to a default list, does not equal the same. Many are Manual(trigger). No idea how to view or modify to correct just says invalid parameters when I try to rectify them.

Some important registry files are locked out from me editing, a few being dcomserviceprocesslauncher, routingandremoteacess, homegroupprovider, WLANautoconfig, network connectivity assistant and others. I tried without being online and am only using win 10 home. I'm not a business or enterprise.
 
Apr 12, 2022
3
0
10
OK, don't do that.
This 'heavily hacked' thing may be the source of all your ills.
I did not voluntarily install the heavily modified .wim or custom image. It's been pushed through to me, I lack the precise language so bear with me. I just can't get out of this things grasp. First my desktop then my new laptop.
 

USAFRet

Illustrious
Moderator
I did not voluntarily install the heavily modified .wim or custom image. It's been pushed through to me, I lack the precise language so bear with me. I just can't get out of this things grasp. First my desktop then my new laptop.
From some other, known uninfected device, create a new Win 10 USB to install with.
A friend, perhaps.

Then....
 
Solution
Apr 14, 2022
1
0
10
This is the same thing that is happening to me-same exact thing-now for a year and a half. Trying to figure all this out for my main computer which is down at the moment.

In trying to figure out what this is -some kind of remote attack through RPD and /or RPC, disturbing SAM accounts, changing my my folders all to 'system folders', disabling RAM integrity in MS settings, more and more services set to trigger and/or options are greyed out or message saying 'the parameter is incorrect' when attempting to disable a service. Intermittent disabling of relevant applications, memory running out quickly (my main computer has 32 gbs of RAM I don't do anything that intensive-FL Studio at most)-a whole bunch more stuff.

No anti malware program can find it. Tech people can't find it. Far as I'm concerned I'm calling it the GasLight Virus because since no one can find it or see it- I start thinking I'm bonkers!

I found an interesting book about how they do what they do :

Data Hiding Techniques in Windows OS

I'm following this post so I can know how to proceed myself or maybe with the help of the tech guys here. Gotta see if I can boot up my main computer.

Seems out there someone else had this issue and he ended up flushing the bios and updating its firmware and trashing the SSD or HDD.
 
Status
Not open for further replies.