ROOTKIT NIGHTMARE - 3 Devices on same network

Page 2 of 2 FirstFirst 12

  1. Posts : 16,325
    W10Prox64
       #11

    condens8 said:
    Thanks for everything, unfortunately every computer is compromised. I am pretty sure its originating from the router but for now I have the FRST64 File attached. Thank you for the clean bootdisk links, I really needed those because I keep wiping and restoring to factory settings but that doesn't do the trick. I just wiped them all again and as soon as the computers turn on they are FLOODED with malware coming in from a secure connection that works even when I disconnect the internet.
    Hi.
    I would do as Borg suggests and reset the router. Once reset, change the default logon credentials, (usually at 192.168.1.1 and "admin/admin"), then setup your wifi with a unique name, and secure password using WPA2-AES encryption. Make sure SPI and NAT are turned on. Then turn off WPS if that feature is available in your router (it's insecure). Also turn off any guest networks. Then check online for any firmware updates, because they may have fixes for security holes. If you have any "smart home devices", they could be infected - botnets have infected even smart refrigerators in the past, so take care to get all these items out of the loop so you can concentrate on your computers.

    There is a firewall monitoring program called Glasswire which can help you to block certain connections:
    Download Firewall Software by GlassWire

    condens8 said:
    When I go to device manager, theres a computer that is controlling all of mine called ACPI X64 or something , but yea they are all zombie computers so I just don't know what to do I have literally spent 10 days on this. Isnt there something I can do on command prompt to get out of the network? after that then I can address the malware...
    The ACPI x64-based PC you're seeing in Device Manager is your computer.
      My Computer


  2. Posts : 39,789
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       #12
      My Computer


  3. Posts : 5
    Windows 8 & 10 (multiple devices)
    Thread Starter
       #13

    Okay, so the situation is very dire right now. I have taken almost every piece of advice, but the infection as progressed.

    Yes, many many many things have shown up as a rootkit infection. Ghost partitions, and even things downloading right in front of my eyes. I upgraded all three computer to windows 10, and they both got obliterated. I have one computer with an almost completely useless registry that will boot in safe mode, the other two wont at all anymore.

    I have been unable to get a clean boot disk. I think my router is compromised, and my android has all the signs of a rootkit infection too. It appears that all of them have been used to siphon bandwidth from my network. As soon as a computer goes online the rootkit kicks into action and turns my computer into a zombie. I had previously reclaimed two of them with command prompt but they have been taken over yet again.

    I need some help on next steps here. Two computers wont boot. The one is pretty much useless. I'm downloading this one boot disk and i need it to work otherwise im F**ked. I really dont trust buying software because they always bring their own problems with it and rarely have I found one that actualy solves the problem I have, it usually takes a bunch of them. . I have only used tools from sysinternals and other reputable sources.

    I have used: FSRT, GMER, Sysinternal suite tools, tdskiller and much more . A LOT of malicious stuff has popped up but I have been unable to stop it. I have lots and lots of log files and reports to prove this claim, but alas, they are all on the messed up computers . I am writing this post from a convenience store because I have no friends that are close enough or nice enough to help me with this situation

    I just want my computers back I dont care about data at this point over a week ago I conceded to this fact butI have been unable to do a clean install, and now all of the computers are beyond the point of functionality. I do have two external hard drives that i WOULD LIKE to recover if possible, however I REALLY REALLY need help on how to execute this. So far my plan is as follows

    1. Call the internet provider and get them to change my physical IP address, turn off networking for my android and turn it off physically (pretty sure it has rootkit infection too)
    2. Install windows clean (leaving no files) with my usb bootdisk on the computer that does work
    3. At windows 10 install do a custom download and say NO to pretty much every option except for smartscreen downloading.
    4. Block all incoming with firewall and Disconnect computer from ANY sort of networking (they were getting in through tunnels and pipes and stuff - still need to learn more about this but even not connected to anything stuff was still getting in)
    5. Create a backup partition and hide it with command prompt, duplicate the boot disk like 4 other ways - if the boot disk actually gave me a clean install.
    6. attempt to recover the two computers with said bootdisks
    7. Create secure network tunnels using command prompt, between the devices in case this happens again and I want to retrieve files and whatnot to restore/recover the computer
    8. Deal with the android issue (dont know what to do with this yet, more focused on the computers)
    9. Hook up to the internet with extremely strict rules and constantly monitor what is going on
    10. Download all the software tools that have been recommended and run checks often
    11. try and recover the data from the harddrives by changing settings so that there are no thumbnails and that autoplay is not on - from my understanding those are the two ways malware can get in . The only stuff I want to save are .mp3 .wav .png .mp4 .jpg files --- those are fairly safe, correct?


    12. everything will be sunshine and rainbows, right?

    If you have ANY tips on a better way to do this or something I should add to my strategy PLEASE respond , Im
      My Computer


  4. Posts : 5
    Windows 8 & 10 (multiple devices)
    Thread Starter
       #14

    simrick said:
    Hi.
    I would do as Borg suggests and reset the router. Once reset, change the default logon credentials, (usually at 192.168.1.1 and "admin/admin"), then setup your wifi with a unique name, and secure password using WPA2-AES encryption. Make sure SPI and NAT are turned on. Then turn off WPS if that feature is available in your router (it's insecure). Also turn off any guest networks. Then check online for any firmware updates, because they may have fixes for security holes. If you have any "smart home devices", they could be infected - botnets have infected even smart refrigerators in the past, so take care to get all these items out of the loop so you can concentrate on your computers.

    There is a firewall monitoring program called Glasswire which can help you to block certain connections:
    Download Firewall Software by GlassWire


    The ACPI x64-based PC you're seeing in Device Manager is your computer.
    So when there are like 20 ACPI x64 devices they are ALL my computer? I have been seeing some weird shit. It is beyond crazy what has happened. Shows what being complacent when it comes to security does. I never really cared about these things before and yes its embarrassing but these computers are now complete zombies. I have tried restarting the network but unfortunately havent been able to log in to change any settings because I just got a new provider and I dont have that info available. I will be calling them tomorrow and following these directions when I finally get a clean bootdisk that works. Thank you everyone who has continued to provide support.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:47.
Find Us




Windows 10 Forums