I don't know what allowed me to slow down this week and realize, "Oh sht", some d
mn m-f*ker got on my box. I am in nursing school full time and working almost full time so I am always rushing around and don't always take the time to see that one little thing that makes you aware that something is "off". I did some observation and I KNOW my whole network is screwed. I need your help, please!!
Background: I have a degree in MIS and worked in IT for about 15 years. I say this because I want to know if you are willing to help me, I will be able to follow along just fine. One area I never liked, and it is applicable here, is networking. Tried that for about 6 months.
It is just my husband an myself in this house, and originally it was only us on this router, until this mess started.
I have 2 windows laptops (1 for school running 8.1, one with the crux of my files on it, running 7) and 1 tower (was getting ready to change from Win 8.1 to OpenNAS).
My husband has 1 laptop, and 1 tower. The laptop is running 8.0 and he is on Steam most of the time while on it. His tower box is a dedicated box for iRacing and it is Win 8.0.
I noticed a few weeks ago how we went from 3 wireless networks in our neighborhood of only a handful, to about 9-10 AP's. Again, being busy, I didn't think too much about it, nor did I think that maybe is was my virtual wireless networks that some pinhead set up.
I like to observe and take notice of the deviations from baseline. The deviations are pretty much the same across all the computers and I have listed them:
Things I DID NOT
have before and have now - Most of these I had disabled when I moved into this house.
--- My downloads are SUPER-DUPER fast. I mean, I tested a 100BG download, and it was done in a flash. This is one reason I think I may be part of Distributed Computing or Grid Computing.
--- Sharing of folders --- Computers are now acting as servers --- Virtual Wireless Lan --- SQL Server Installed --- MSDTC (to complement the SQL Server?) --- MSDTC Bridge --- Bits or Something? --- Microsoft Essentials is now present --- NERO Software for sharing or updating --- Remote IPC --- Remote Administration --- Remote Access was always disabled --- VPN's --- Windows Workflow Foundation --- Telnet --- Lavasoft TCP Services --- Pushbullet and Drop box were on my cell phone, and now are installed on all computers --- Cyberlink PhotoDirector3 --- HeciServer? --- McAfee folders and files are everywhere! I have never used McAfee Products. --- I now have a Virtual MS Fax Inbox setup --- I have 35 "built-in" and added to users on a standard Windows 8.1 build. --- Windows Media Center --- Nero is now installed and sharing files. --- I have about 8 different printers listed as shares, but I only have one Epson. --- Extra, unnecessary webcam and audio drivers --- Some Bluetooth Space is activated --- I think every driver all have the same MS credentials: DriverVer=06/21/2006,6.3.9600.16384 --- My Device Manger is a hot mess, with so many changed drivers, hidden drivers for things foreign to me. --- There are now PUBLIC: Account Pictures, Documents, Downloads, Music, Pictures, Videos, etc. --- Last week when I put in around 50 different USB drives or SD/micro cards, the computers would not recognize them unless I went to devmgmt.msc and tried to updated the drivers --- Many of the files properties state, "This file came from another computer and might be blocked to help protect this computer. --- MS Wireless Hosted Network --- Most of the installs/changes/additions have been flagged as silent install and hidden. :-(
So, I could go on and on. Obviously my whole network is jacked. I don't know how, when, etc. I will say this, I don't believe whatever "this" is, that it has bad intentions. I use my debits cards online all the time
, as does my husband. We have some very sensitive information stored on the computer. To date nothing has been compromised; I don't think is like being part of a Botnet. I think it is almost being used like a Distributed Environment.
I have done what I can with the tools and knowledge I have. I need some help if this rings a bell for anyone. I have some questions.
- Once a situation like this has been established on one of the computers, I know it can infiltrate other computers on the network. Can it do this also with cell phones? I am having problems with my cell phone and after looking at system files again, they, too, have been altered, changed.
- How can I safely backup my data: files, pics, etc? If this were a virus, which I don't think it is, couldn't it attach to one of my files?
- If I get all my files backed up, and I go and wipe the drive with many passes, will there be any leftover traces? I recall about 10 years ago some issues we had at work with virus infecting BIOS/CMOS memory.
I will add that screw Kaspersky Total Security. They found 0 problems on 4 boxes, while BitDefender on another box detected 88 problems, but could not fix 20. I was unable to view any reports.
When I do this clean, I plan on being more careful. I told my husband he needs to be careful at where he is downloading porn from!! I want to get a router that includes real-time protection to place in front of my ISP's router. Any I will use a VPN to log in to school.
If anyone is interested in figuring out the who, what and when, I am open-minded. Or if you have some suggestions to cleaning this up, I would be most humbly and graciously appreciative.
TLDR - My home network, 5 computers and 2 cell phones, "infected" with something/they have been turned into a server. Have a few questions about cleaning it up.