Hi All,
I have recently fallen out with an extended family member who is a very skilled programmer. This individual decided to come to my house when I wasnt at home and infect my PC with an unorthadox spyware that takes full control over my Windows PC. I really want to try and solve this as this individual is stopping me from using my PC. I have spent a lot of money on my PC and I really dont want to have to buy another with money I dont have. So, here I am trying to solve it.
How I know my PC is infected;
1) Direct blackmail by Individual.
2) My mouse moves around when I do not touch it, literal intervention and especially when I try to turn the wifi off with mouse someone is moving the mouse stopping me turning the wifi off.
3) Stops me from buying tings I need on websites.
4) I ran malwarebytes anti-rootkits and found 6 malware detections, and after I had cleared those and restarted PC, I scan again on malwarebytes anti-rootkit and it says the following;
Infected File C: /Windows/System32/atl.dll could not be remediated because backup file is not available.
Infected File C: //Windows/sysWOW64/msinfo32.exe could not be remediated because backup file is not available.
Infected File C: /Program Files (86x)/Common Files/ Microsoft Shared/ MSInfo/ /msinfo32.exe could not be remediated because backup file is not available.
What I have tried;
1) The first thing I did was Completely wipe all data in BIOS and re-install windows on a memory stick. (didnt work, still complete back end access)
2) Wipe all data in BIOS again and install Qubes OS. (didnt work, still complete back end access)
3) Wipe all data in BIOS again, re-install windows and run malwarebytes anti-rootkit, TDSSKILLER and a few other anti-rootkits, and thats when I found the above detections on malwarebytes anti-rootkit as it was the first one I ran.
I understand that some rootkits are not possible to recover from, but It would not only be interesting but I would greatly appreciate it if I could get some help with this before I throw a perfectly working, expensive PC away.
Farbar Service Scanner Version: 30-04-2023
Ran by jama2 (administrator) on 30-04-2024 at 19:16:39
Running from "C:\Users\jama2\Downloads"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
Kind regards, MHJ
Sign In
Create Account
