Both my pc's are hacked, and being hacked due installation process, alowing completely overtake my PC's. Instaling devices such as microsoft remote desktop device and so on, services and device drivers with hex numbers at end changing at every load. I know, it is unbelievable, but there it is. Uploading autoruns (form sysinternals) save, is is just me or there are things, that should not be there. Ah, yes, only microsoft safety scaner detects load of infection, but something blocks norton kaspersky or any other scaners, and therefore it can not be solved.
An I repeat, no reinstall helps, it happening due installation process.
You are wrong, same way are hacked my fathers pc - different address, and sisters pc, different address too, we've been attacked for some unknown for us reason, local authorities call us moroons and suggest to go to psichiatrist, so I dont know, I just hoped, you can do something about it from your side, but never mind, seams theses scum will triumf and will laugh out of loud about as. By the way, how does it possible, that mighty norton security has been breached so easely?
Goodness alive!! Out of the abundance of loving to help others, when possible, and with the best advice I can offer from more than 3 decades of work in the IT field. Coupled with, the entirety of the thread ( thus far ) there hasn't been any real explanation that would suggest a Norton product is the root cause of your situation. Nevertheless, I have offered my best professional advice to help work through the issues you are seeing. Insults, would suggest that I not continue further. Allow me to leave you with the following notes:
Your statement:
Everyone just kicking me like football from one to other, microsoft security team to support, support to security, now you tell me I must pay loads of amonts to some third party just to solve my problem. I start to think, I had to pay to that hacker, when he threaten me with this, now when that happened, I am on my own, everyone turns out with clean hands?
The boldened and underlined part of that statement is extremely suggestive the hack had user interaction on your part, trickery into the belief someone knew more than was possible for them to know, and you followed their instructions. There is nothing in that statement that would would indicate a Norton product didn't protect you. I neither work for Norton nor Microsoft and want that to be very clear. I donate my free time here to assist. Going forward, I do hope you find a solution that will give you back the functionality of your devices and the security you deserve. The services Guru bjm posted are mostly FREE for you to follow up with. That is the best path forward for you.
Jesus, you think, I did not go trough it, secure erase of hdd an sdd, rewrite bios, reset routers, nothing changes and on both my pcs, - reset - is that all you can suggest? Wery professional, microsoft walks in same shoes, THAN YOU!
I hope that you have all your important files backed up. Then reset the computer. Your router is almost certainly compromised as well. Factory reset it going forward to ensure that you have a safe and secure network to the greatest extent possible.
I would also suggest against the use of torrents, downloading software from questionable sources. Opening websites, pop-up notifications that are unknown, opening email from senders not on your contact list or known by you as doing business with them. These are all avenues for compromise. Your computer(s) are not only hacked but infected. Malware is the only way Windows files would be being overwritten.
Teses are not my amchine drivers, and everything is overwriten, I can se the traces of someone using my pc, I want to install windows normaly, without interference of someone, On pc is a lot of infection, just no scaners detects them, that is why ask your help!
And question, this was under usb devices, System devices, If I try to install original drivers, will look same way, is this normal Including Microsoft remote desktop device under system devices?
Highlight the file in the top of the list, scroll to the very last file, press the shift key and click that last file. All files should then be highlighted for deletion. Press delete on the keyboard. Restart.
Thanks for the info and post back. Delete those entries in the DLL's area of Sysinternals. Also, delete ALL the temp files on the device(s). Next, open Windows Explorer, delete all files under that directory named prefetch. DO NOT delete the ReadyBoot folder which should be located at the top. Reboot. That should clear anthing there that was presented to make the changes begin taking place. Windows will automatically rebuild prefetch on the next restart.
Check for ANY outdated software running on the computer that either doesn't have a latest update for or appears to have been abandoned. Adobe Flash is one that comes to mind. Windows and most modern browsers now use the HTML 5 codecs. Remove Adobe Flash as well. It is full of vulnerabilities and has been replaced. Remove old vulnerable software that may have vulnerabilities that are not being patched by the vendor responsible. Also make sure your network router has the most current firmware available and reboot it as well.
martakakis, what is your Windows Pro version AND build? Your initial text file shows a lot of stuff that doesn't specify what you were actually looking at within Autoruns. Run autoruns and look at the "KnownDLL's tab. If you don't already have it enabled set the Virustotal column to be visible and allow it to check ONLINE. Screenshot of what reports back would help.
I don't know if this relates or not but for the last three days I have been dealing with a hacked computer. I have a Norton Core device and every single device inhouse has a static IP address. So a different connected device sticks out pretty well. Sure enough someone or something was on board. It's name was LINUX. Then settings started changing. Example: I could not access the web via Core. I would get a "no internet" message. However if I connected to my Brinks Alarm panel ssid which was connected to Core, and to the same network, I then had internet access. hmm I took a closer look at Core and instead of the typical 172.16.XX.XXX address it had 192.168.XX.XX (from logging onto panel maybe) nah, access was gone before that. The monitor/screen on laptop was disabled in device manager that made the screen super dim. Others thought it was the video driver. Nah, just re-enable monitor was all. (used Windows older device manager) Security Alarms.com (Brinks Home Security) cameras started disconnecting. Apps on phone started struggling. Computer and phone started changing networks all on their own and would use the same naming of network, could tell because IP's were different. A real pain. I personally suspect my Amazon and WYZE devices (which seem in cahoots with each other) as they too changed networks randomly and at will. So I deleted my Core app. Oops, darn, not on playstore any more. No worries, I had it on one of my former phones and used "Easy Share" app, (love that app) and got it back. I next did a "NEW" install of Core which took a few tries but finally worked. It had retained all my old connection settings which I could choose to use or not. (yay, a win!!). I am reinstalling all my connections to devices except for WYZE Robo vac (which Core id'ed as at risk as well as Tablo DVR), 4 WYZE cameras, An Amazon Echo 8, 2 echo dots and 2 echo flex. Once everything else is connected, I will not broadcast 2.4 and 5.0 and will connect the others to the guest network. They are really just toys truth be told. So far things are going well.
One more consideration, maybe with Windows 11 coming out there are a lot app issues?
As I expected, nothing found, sytem is hacked not infected, but it has defendersilencer microsoft security scaner detects and something that totally overwrites system itself on install, same way on my desktop and notebook pc's.
@martakakis In case you do not know how to perform a Windows 10 boot into safe mode, here are the instructions. Make sure you boot safe mode WITHOUT networking and have your device PHYSICALLY disconnected from your network. On a non-compromised computer download Rkill to a USB flash drive. Plug the USB flash drive into the compromised computer once safe mode has been established, copy Rkill to your desktop and execute Rkill from there. It will check for malicious processes running and terminate them when found. Rkill will also scan the registry for issues during its scan. Try running Norton to remove your infections.
When it has completed a text file of its findings will be saved to the desktop. We may need to have a look at the text file to help you further.
Everyone just kicking me like football from one to other, microsoft security team to support, support to security, now you tell me I must pay loads of amonts to some third party just to solve my problem. I start to think, I had to pay to that hacker, when he threaten me with this, now when that happened, I am on my own, everyone turns out with clean hands?
