My home network was breached. I began first noticing by strange behavior on the desktop:
=> Password of admin appeared to have been changed as I could not login with it (login only worked with PIN)
=> After login on Windows with PIN I only got the "Black Screen of Death"
=> I could not login in Safe Mode with the admin PIN
=> I could not restore, reset, install anything without the admin password, PIN was not an option
=> Essentially I was blocked out of Windows and without means to regain control
I was able to login in Safe Mode on a limited user account. I inspected more closely and found suspicious entries:
=> Windows System Event Log showed errors for DCOM
=> Windows Device Manager showed that ALL devices were configured and initiated on 15/Feb/2018 (as if a new installation)
=> Windows Device Manager showed yellow exclamation marks on Kaspersky devices
=> Windows Device Manager showed Kaspersky devices were deleted on 20/Feb/2018 (device ROOT\NET\0000 deleted)
=> Windows Device Manager showed Kaspersky devices were reinstalled after deletion
=> Google Sign in showed a Linux device had logged into the Google Account (I don't knowingly use any Linux based device)
All other wifi devices of the Home Network showed nothing in particular but a consistent dropping of the wifi connection.
Desperate, I clean installed Windows (deleting all the smaller system partitions, they remained as unallocated space, and formatting the main partition) and Factory Reset all wifi devices. I was careful to disconnect the internet and reset them one by one with all others turned off (to avoid reinfections).
I STILL HAVE SUSPICIOUS BEHAVIOR AFTER REINSTALLATION:
=> Google activity shows wifi device1 has logged access to hxxp:com.iu.ad_phase_0 multiple times on periods of no or low device activity
=> Wifi device1 opened a window with an alarming message that "this phone has a dangerous trojan!" from
- Code: Select all
hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a2ccccd443988982addb340d3f48e6d24ae61fcc2ab2ef81e1b77f207770535341a7bd9244a946337b885146795487da60f51d363ab0cc9202# hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a215879b16b6daaff4130660295a5f2803bb377894e229a6344d544ee58c1b69d14aa103633a6ca0f5b8f39df9cd0cec3377b1e89c11a6a8ab hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a27b2ed1cb0fd26de0cd9c6d00dba2c83ba50512010a41dc342a6ff126372a02b59f1535cb11ca24703168a22fa2d16033183c8cbf3b062f0d hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a27b2ed1cb0fd26de0cd9c6d00dba2c83ba50512010a41dc342a6ff126372a02b59f1535cb11ca24703168a22fa2d16033183c8cbf3b062f0d
=> The message above apeared by only clicking on the Chrome app. The phone was immediately turned off without any action on the window.
=> Wifi device2 can not open Google Play Store for reinstallation of apps. The error message is "Unfortunately, Google Play has stopped working"
=> Desktop still shows error messages for DCOM
Please advise.