Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Sophisticated Spyware On Windows PC

Started by MHJJ , 27 minutes ago

  • Please log in to reply

#1
MHJJ
Posted 27 minutes ago

MHJJ

    New Member

  • Member
  • Pip
  • 1 posts

Hi All,

 

 

I have recently fallen out with an extended family member who is a very skilled programmer. This individual decided to come to my house when I wasnt at home and infect my PC with an unorthadox spyware that takes full control over my Windows PC. I really want to try and solve this as this individual is stopping me from using my PC. I have spent a  lot of money on my PC and I really dont want to have to buy another with money I dont have. So, here I am trying to solve it.

 

How I know my PC is infected;

 

1) Direct blackmail by Individual.

2) My mouse moves around when I do not touch it, literal intervention and especially when I try to turn the wifi off with mouse someone is moving the mouse stopping me turning the wifi off.

3) Stops me from buying tings I need on websites.

4) I ran malwarebytes anti-rootkits and found 6 malware detections, and after I had cleared those and restarted PC, I scan again on malwarebytes anti-rootkit and it says the following;

 

 

 

 Infected File C: /Windows/System32/atl.dll could not be remediated because backup file is not available.

 

Infected File C: //Windows/sysWOW64/msinfo32.exe could not be remediated because backup file is not available.

 

Infected File C: /Program Files (86x)/Common Files/ Microsoft Shared/ MSInfo/ /msinfo32.exe could not be remediated because backup file is not available.

 

 

 

 

What I have tried;

 

1) The first thing I did was Completely wipe all data in BIOS and re-install windows on a memory stick. (didnt work, still complete back end access)

 

2) Wipe all data in BIOS again and install Qubes OS. (didnt work, still complete back end access)

 

3) Wipe all data in BIOS again, re-install windows and run malwarebytes anti-rootkit, TDSSKILLER and a few other anti-rootkits, and thats when I found the above detections on malwarebytes anti-rootkit as it was the first one I ran.

 

 

 

 

I understand that some rootkits are not possible to recover from, but It would not only be interesting but I would greatly appreciate it if I could get some help with this before I throw a perfectly working, expensive PC away.

 

 

 

 

 

 

 

 

 

 

 

 

Farbar Service Scanner Version: 30-04-2023
Ran by jama2 (administrator) on 30-04-2024 at 19:16:39
Running from "C:\Users\jama2\Downloads"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 

Kind regards, MHJ


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

10 user(s) are reading this topic

0 members, 10 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP