Someone or group has taken over my computer

A few years ago I accidentally downloaded malware/trojan/virus through a flash update. My internet has been sending almost as much as it's receiving slowing my computer down to ridiculousness.  A few years ago I turned on hidden files and found a whole bunch of very strange files names starting with $ and extremely long numbers. For example, $NtUninstallKB2655992$.

I've looked into some of these hidden folders to find text files with very strange, one that rectangles and something like nAuN DiRty as a name in it.

There are 39 just in my Windows folder. In addition to a folder named $hf_mig$ that has stored all my XP system and security updates, maybe since it happened. There are 38 updates since 10-10-2012 in there. Files named something close to KB2724197 are listed in there. I assume they're updates since they're nearly the same name as the updates from today that I wasn't allowed to install.

Last night I booted up in safe mode to change admin privileges on hidden folders like RECYCLER. When in safe mode I clicked on RECYCLER to change me to the admin to it. When it wouldn't let see who was the owner I started to look around. In the box there are a list of privileges to assign, read/write, etc. But "special permission was greyed out. As I went through and created a new user for my self, I found this list of users;

Authenticated Users
Dan (me)
Guest (was disabled)
Help Services Group (was disabled)
Help Assistant
Terminal Server User
User (was disabled)

I was unable to make any changes when trying to delete users from this folder. When I tried the error message showed a path of \??\C:\RECYCLER, you don't have sufficient privileges to make changes.

Eventually through poking around I was able to see the owner of it which was 5 - 1 - 5 - 21 - 1205666252 - 1506235805 - 1800150966 - 55846

Side note, I first realized something was wrong years ago when I found that Audacity was unable to use my mic or adjust the volume in my controls.

So, what's up with all of this?

Question Info

Last updated January 9, 2019 Views 941 Applies to:
At this point, you have to assume that all of your data and personal information on the computer is compromised.  You should ensure that your credit cards and other financial accounts have not been fraudulently used.  Using a known-safe computer, change your on-line passwords.  If you ever used a credit card online, call the credit card company and request a new account number (explain that your computer may have been compromised -- they should treat it just like a lost or stolen card).

Read this, especially the last paragraph -->

Call the manufacturer of your computer and ask them to provide you with a means to reinstall Windows.  If they can't help you, ask the computer lab (or a reputable local independent repair shop -- not a chain store) and ask them if they can reinstall a genuine version of Windows XP for you.  They may or may not be able to do so, depending on what media they have available and whether the Windows XP Certificate of Authenticity label on your computer is legible.

All in all, it may be less expensive to buy a new netbook.  You won't be able to get one with XP, though.  You'll probably have to get used to Windows 8 or Google Chrome.

The alternative to reinstalling Windows or buying a new computer -- and it really isn't a good alternative and is not guaranteed of success -- is asking for guided help in one of the malware removal specialty forums I listed before.

Although it's technically possible that your BIOS is infected, it's highly unlikely (unless you live in China).  A BIOS rootkit named Mebromi appeared a year or so ago, but it can only attack computers that use BIOS code produced by one specific vendor.
Volunteer Moderator
MS MVP (Windows Desktop Experience) 2006-2009
Microsoft Community Contributor (MCC) 2011-2012

1 person was helped by this reply


Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.