Forum Discussion
Hacked and unable to clean pcs
Good Morning
Approx 8 PC's have been hacked as I have tried to restore them but the worm or whatever is installed/affecting them is still on the pc . Large amounts of data are shown downloaded via the router ( PC to bad guy internet address )
Started infecting pc's at one site and over a vpn connection and then downloaded itself to another site affecting all of these pc's
I have been working with Norton to eradicate this but they cannot find any sort of a virus as they recommended coming here !
User admin credentials changed , large downloads , Remote access shut off but they still connect , nefarious bad guy IP's are set to connect ( netstat -abn shows them connecting are various times and places data lost ) . I know they have gotten in and somehow rewriting possibly by powershell changes that affect the users and other areas ! I put the most of tghe collected troubleshooting data/info I could up on Norton forums (https://community.norton.com/en/comment/8538567#comment-8538567)
I have been working on this for a few months now and after several restores whatever is on the pc does not get removed ! Built firewalls and they work around it , blocked remote services ( tons of tasks etc. shut off) and they work around it . My wife's laptop set up an admin and user account after a restore and they removed the admin account and now we cannot log in - only on the standard account . It seems to have something to do with office , click to run , edge , outlook as I see activity here but am unable to pinpoint . HS TXCR ? but unable to id this file nor anti virus never picked it up , Security logs in event viewer show changes I think by powershell . No idea how they get in . I am going crazy trying to id this but more importantly after a restore/ remove all files whatever is on the pc does not get removed and they never go away still donw3loading and rewriting pc data
What I found was that the restore/remove does NOT rebuild the code just removes possibly user data and a few other areas ( not a major rebuild ) . Without a disk I am stuck as I cannot reset to factory as I am learning as I go !
5 HP latops and desktop 1 Lenovo gaming pc and one other type of pc ( 2 gaming PC'S that support video and security cameras )
Ran ALL sorts of anti virus /scans etc. from Norton and a couple of recommended Microsoft scans form the tools page and found nothing
HUGE amount of time working on this to resolve but reaching out for help !
Reaching out as I am unable to move forward - desperate !
Any help would be seriously appreciated !
Thx
Regards
Rich
2 Replies
you gonna have to format and reinstall from a clean download of windows. make sure the source pc is clean, that means clean usb stick. then your gonna have to lock down and harden the pc. windows pro has group policy. home doesnt. good luck i have delt with viruses alot and know that once its in it is very difficult to remove from windows and spreads around like wild fire. malware included.
- Good Morning mkataro
Thx for the reply !
Yea been seriously difficult as the PC is locked down and hardened and I have been watching it carefully . I already rebuilt it 3 times to no avail isolating it as well . On another note : Just discovered one of my TV's acting strange as the logs on the router showed it talking to this pc IP address . A false positive like many others , or maybe on to something . Either way It has been a real struggle ! Appreciate the help ! My biggest issue now ? Using the browser I see a lot of ip addresses to hacked sites . Seems they connect to port 443 . Never a dull moment !
