Persistent RAT that has infected entire home.

Status
Not open for further replies.

alecdeleon215

Prominent
Nov 22, 2017
1
0
510
Dude I am having the most unnerving thing happening right now and I and my dad are DESPAIRING.

1 week ago I stumbled upon some logs and I am always compelled to read them and decipher them when i come across them. SO I read it through and I basically read through a point by point description of my computer and my network being hacked.

It felt like I was literally being violated. I could see that a program got in, started downloading bits of files, only running when I myself downloaded something, the logs showed it would run concurrent downloads and it would set bandwith caps to remain undetected.

Then when it was complete it began changing regkeys and deleting the proof.

Then it installed keyloggers and screen captures etc.

And then it killed all my antivirus as well as my gpu software and replaced them with placebo programs.

And then it just ran on my system for 2 weeks before I figured it out.

Every device is compromised, xbox, tv's chromebook and phones. I took everything offline, tried to reinstall windows on a desktop with no wifi adapter, ethernet unplugged and router off.... It was immediately infected again, where registry gets changed and ownerships too. It replaces antivirus programs and "pretends" that the scans come up clean. I realized in this instance the virus was in a print queue buffer i think.
I tried a clean install from disk today on a laptop with a wifi hardware disable button, I formatted the whole drive and installed, and used cmd attrib and discovered a bunch of files on the x:sources boot drive. When i deleted those i was restricted from deleting one file, a segoue.ttf file. After my first attempt to delete it, it was moved out of x:sources and i now had like 5 new "usb" drives that dont exist.
Im assuming they have something to do with vdisk? Suffice it say, I have NO IDEA what to do now.
My xbox bandwith overview shows like 6 gb of traffic a day, well it did until i kept checking it. Now the totals havent changed in 2 days so i know its false. Oh and I also found some logs in my pc indicating that some sort of network was created between all the devices in my house, bluetooth devices and rf devices, and the virus was able to STILL communicate in and out.

i found logs indicating the virus somehow saw or heard my burner phone Ive been trying to use to communicate, and it was trying to identify the make and model based on the screen dimensions.

I am ready to full wipe everything but even windows recovery disks fail because the virus figures out evasions.
What do I do??

I am Super depressed honestly. I cant use my phone cause it records everything 24/7 and disables and augments searches when I try to google fixes. Im seriously on the verge of smashing everything in my house.

Please somebody help me out..

Chuck
 
Solution
Ask an unaffected friend to download the ISO of whichever version of Windows you're running on one device and use a utility named Rufus to combine it into a bootable thumb drive.

Use that drive to install Windows on to one of your devices, being careful to format the hard disk before the installation starts. Make sure all the Partitions are deleted before the formatting begins. Sorry about your personal files - they've gone.

Don't connect to the router in any way - wired or wireless - and leave it running for a few hours. If it behaves properly, connect it to the router and use it to change the wireless security key to a complex combination of alpha-numeric characters withthe occasional symbol.

Connect to the Net and leave...
Ask an unaffected friend to download the ISO of whichever version of Windows you're running on one device and use a utility named Rufus to combine it into a bootable thumb drive.

Use that drive to install Windows on to one of your devices, being careful to format the hard disk before the installation starts. Make sure all the Partitions are deleted before the formatting begins. Sorry about your personal files - they've gone.

Don't connect to the router in any way - wired or wireless - and leave it running for a few hours. If it behaves properly, connect it to the router and use it to change the wireless security key to a complex combination of alpha-numeric characters withthe occasional symbol.

Connect to the Net and leave it on for a few minutes, watching carefully and let us know how it went.
 
Solution

prtaylorwichita

Commendable
Mar 29, 2016
12
0
1,560
Do you have smart or web web connected devices attached to your network such as a web connected security cam? I would suspect a compromised device that you might not suspect as a resident source. But certainly getting a clean install on your PC would be a start.
 

prtaylorwichita

Commendable
Mar 29, 2016
12
0
1,560
If doing a clean install I would also check BIOS and use a new HD or SSD so as to avoid a virus that installs at a lower level and basically starts and loads pre OS. Anything that loads earlier has absolute control and therefore can inject itself anywhere. If the virus is in the BIOS it can be hard to remove if not impossible.
 

prtaylorwichita

Commendable
Mar 29, 2016
12
0
1,560
I would also be suspicious of your router. It has a processor and onboard flash memory. It too could be the source of infection. Anything with a processor these days could be a target of attack and once compromised be a source of attack from you once secured network.
 
Status
Not open for further replies.