Help me beat these scumbags

[M1904trading]

so, I truly am grasping for straws here as i’ve reached the desperation phase of this ordeal. For the issue of time and not having enough of it I'm going to paste the body of an email i’m sending to researchers and professors in the space as i’ve exhausted all other options (Fed, state, local authorities, Apple, Netgear, Xfinity, and private specialized companies). I need to beat these xxxxxxxx as they’re affecting every aspect of my life in a negative fashion. When i’m out of the office i can post more detail or if anyone has any specific questions.

 

[Corrine]

@M1904trading, your post has been edited to remove the attachment as it is unnecessary. To obtain assistance to remove malware from your computer, please follow the instructions at Malware Removal Posting Instructions and a Security Analyst will assist you.

 

[M1904trading]

Got it. And unfortunately it transcends just malware removal. As it’s multi layered and dimensional. I’m working on the networking side currently to try and starve them access - but, if you think that is the best place for this i’ll repost. But you have to take into account i can’t even regain control of a bootable system currently.

 

[DR M]

But you have to take into account i can’t even regain control of a bootable system currently.

Hi, and welcome to Sysnative Forums.

By the above you mean that the computer is unbootable?

 

[M1904trading]

All four of my desktops are unbootable. They get past UEFI and into the BIOs but they hang initializing the OS’s. It doesn’t matter which either. Including Windows 10, or 11, Ubuntu, and even Kali Linux. The laptops are faring better but whatever this thing is throttles the CPU and generates so much volume in such a short amount of time they tend to lock up after about 10 mins of use due to too many processes/threads and thermals.

 

[DR M]

Well, as you understand, we can't provide help for 4 computers at the same time.

So... choose one you want us to check first.

After that:

1. Find some necessary stuff

1. An empty USB flash drive
2. A healthy computer (either yours or a friend's)

2. Protect the healthy computer and download FRST on the USB drive

Using the healthy computer:

2.1. As a layer of protection, to ensure autorun is blocked on the flash drive, install on the healthy computer dr_Bora's program, MCShield::Anti-Malware Tool::. This tool is a resident drive detector and scanner, meant not just to block the autorun.inf, but also to clean the malicious files from the drive.

• Download it from here: MCShield
• Save it on your Desktop.
• Double click the MCShield-Setup.exe on your desktop, and follow the instructions until it gets installed (Yes, Next, I agree, Next, Install).
• Click on Run to let it run.
• Go to the General tab in the menu at the left and tick the option Always show the log file in case of infection.
• OK and close the window.

2.2. Download the right version of FRST for your system, and save it on your USB drive.

• FRST 32-bit
• FRST 64-bit

Note: If you don't know which one to download, download and save both on your USB drive. Only the right version will run on your system, the other will throw an error message. The one that works is the one you should be using from now on.


When you do the above, let me know to continue with the next set of instructions.

 

[M1904trading]

You’re a saint. Thank you.

As per the finding a healthy computer that’s going to be an issue. I have an airgapped thin client that got infected by what i thought was a clean USB. I just did a clean install overnight, but the thing lives deep in the uefi. Is that one scratched or can we use it? The malware hasn’t called home yet so isn’t initialized yet. But it has completely deployed. Taking up residence in the PCI.

 

[DR M]

We definitely don't want to transfer malware from one computer to another, so I recommend you to find a healthy computer. Let me know if you want some time to get ready. I will be here.

 

[DR M]

Before we start, I also recommend the following, just in case:

1. Reset your router
2. Change wi-fi password and passwords for all your accounts from a clean machine.

 

[DR M]

@Corrine just noticed something you said:

I’m working on the networking side currently to try and starve them access

Are we talking about a home PC or a business PC? If the latter is the case, unfortunately we can't help, as this is the business' ITs task.

So, I won't proceed further, until I have a reply from you about that.

 

[M1904trading]

It’s my home network but i’ve had to fortify it like a business.

Last night i installed two new routers. One being a TP Link router/vpn switch. And the second the original one I replaced about a month ago.

The VPN’s are proving to be the ticket. With whatever it was flailing last night once i got everything set. I took the time to upload their configuration file the FBI’s IC3 page and dump as much as his tool kit to Kaspersky and virus total as i could.

VT still didn’t catch anything. But Kaspersky did. With it hitting on:

• Trojan
  • Win32
    • Jobutyve
      • Aie
      • ibyj
    • Fsysna.ibrm
      • Icuc
    • Cobalt
      • hzr
  • Win64
    • Agentb.byo
      • .byn
      • Byp
    • Cobalt
      • Lk
      • Lj
      • Gis
      • Hab
      • Gwx
      • Ggy
    • Agent
      • Qwhzba
    • Agentb
      • Byo
      • Byn
      • Byp

That’s all i got before my screen went black. Switched to 32 bit, and it attempted to fry the USB (i’m now locked out of that os with that usb as the key, not today stupid). Some have been around since early this year, others first logged late last month. And:

THERE WERE MULTIPLE FILES THAT STILL CAME UP CLEAN on Kaspersky. Telling me that they are either 0 days or something equally as high speed.

This evening i just knocked him over again. Stealing as much as i could from “his side” of my computer. Including. Well, as much as i could. And items that would be mandqtory minimums, i’m pretty sure including cellular intercept and code specifically written for comcast Xfinity.

Here’s my plan: i’m resetting that machine right now. Downloading the tools you noted, and we’ll go from there. I’m still going to limit my time on the x (online) as he still jumped through everything last night to punk me. Once you reply back i’ll reset and flush cache network wide and he’ll have to burn time having to A. Find it again and B. Reconfig. This will all be with multiple other devices on the network as decoys. Let me know when and we’ll drop the hammer.

Edit: remember the root kit is still there and this thing moves FAST

 

[M1904trading]

He had the site cached for me already. It was like this even as an HTTPS.

Also, has completely destroyed me up on any machine i’ve gone to get on. Gone through three tonight. Killed the x299 last night, a gpu tonight and possibly a laptop. The other two desktops have a non msi ukey bios lock. One has had it since a week or two ago and the other just happened tonight.

 

[DR M]

Hello.

If you are so convinced that someone is on your computer/computers, then resetting the router, changing the wi-fi password as well as all your passwords from a healthy device and re-installing the operating system, is an one way path. That, will most likely re-solve your issues.

If, however, you want us to check your computer, then consider the following:

1. Choose one computer and talk only about that one.

2. Let me know if it is bootable or not.

3. Wait for instructions.


Let me know about your thoughts.

P.S. I see that you already asked for help and got advice about one of your computers here: Extremely sticky and persistent assumed root kit - Virus, Trojan, Spyware, and Malware Removal Help

 

[M1904trading]

Yup, i dir. where he told me it was primarily a hardware issue therefor case closed. No one wants to touch this one man.

And i’ve picked one computer, first hurdle is the non MSI ukey bios lock.

 

[DR M]

Yup, i dir. where he told me it was primarily a hardware issue therefor case closed. No one wants to touch this one man.

And i’ve picked one computer, first hurdle is the non MSI ukey bios lock.

In these forums we are all volunteers, taking from our free time to help people like you. If we didn't want to touch an issue, then we wouldn't be here, and if you believe so, then probably this is not the right place for you.

I understand your frustration, but when you get an advice from an expert, then either you have to trust him or just go to a shop and ask for help.

So...

If you want me to check your computer, let me know what happens when you press the power button. It reaches until which screen?

 

[M1904trading]

Right up until after the boot initialize screen (MSI Logo flashes as if it’s on fastboot. using ukey, but it looks like he wrote it as the language is different. POST led is hanging on A2.

“Warning!!! Please insert USB key press any key to check.”

 

[DR M]

Can you please take a photo of what you see and attach it for me?

 

[M1904trading]

Can you please take a photo of what you see and attach it for me?

Sure thing; the mobo is inverted so kind of a funky shot of the POST LED.

 

[DR M]

Now I can assure you. This is not someone in your computer. It seems like a BIOS error.

I found the following link, where the Original Poster has exactly the same issue with you:

please insert usb key press any key to check - Processors, Moederborden & Geheugen - GoT

The solution for him was to switch to multi-BIOS.

Does it work for you?

You will have to translate the page from Dutch if needed.

 

[M1904trading]

No, neither does flashing. Plus, when i try and flash the system runs the fans all up to 100% as if saying “you better not”. Remember, the UEFI and BIOs is their hive or lair so to speak and it represents as such when you look.