Cryptominer or something has taken over my windows server&more

xearthbi · 13 Feb 2019

I have found endless traces of a cryptominer or something similar...I have been in a constant battle with keeping my pc going bc someone that is extremely educated in many areas that are tech related, has been targeting me for whatever reason...

I have reset my router, phone, pc, so many times i have literally lost count, yet the problem remains. I just discovered a whole crap ton of suspicious stuff in my task scheduler and also my bitlocker encryption options are suddenly missing.....my pc was just reset again yesterday soo....everything is up to date, i have run all antivirus solutions that are common...(rkill, malwarebytes,adw,hitmanpro, etc..)

Someone please help me out here. If it werent impossible to live without, id throw away my devices bc this is ridiculous....i read something about a possible windows server infection, but i know my entire home network is taken over.

Help. Please....Thanks!

Caledon Ken · 13 Feb 2019

Hi xearthbi. Welcome to the TenForums @xearthbi

When you run malwarebytes or hitman pro are they actually finding something and what are they finding.

Not sure what router you have and what you mean by reset. There are the soft resets and the full reload of firmware.

Think you are going to need to isolate everything. Disconnect phone and computer from router and do not allow them to reconnect until they have been sterilized. (This goes for everything in house, disconnect it.)

I would get a fresh copy of windows following this tutorial from a source outside your home. You need 8GB USB Thumbdrive

Clean Install Windows 10

I would start with router, hard reset, Firmware reload, and connected to no devices in house. Immediately change user name and password on router.

Then do a clean install of windows after backing your data up to an isolated HDD. The tutorial talks to deleting all partitions on boot drive. There should only be the boot drive connected.

Once the clean install is done and before placing data back on connect to router. Perform updates and monitor for infections.

If no infections scan your data thoroughly. Do not restore.

Then one by one reload devices and connect to network. After each scan. The goal is to find where this is hiding.

It is important to get everything off network so you can determine where infection is coming from.

Would be helpful to know what you are dealing with so a name would be helpful.

If you can't get past router / pc being infection you will need to contact router vendor to see how to force reload clean firmware.

Ken

Samuria · 13 Feb 2019

Please download and save FRST 64bit or FRST 32 bit to your Desktop.

Download Farbar Recovery Scan Tool
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).