Hello,

i found this post searching for what’s currently been afflicting me over the past 4-5 months. 

• infects all devices
• persistent
• now active and destructive

it used to be passive. Only knocking us off the network once in a while. And now it has turned into something that is literally trying to remove me from my own network through hostility. 

from what i’ve gathered this is how it’s working (and have log, dmp, and screenshots to support) 

it’s embedded most likely either the TPM or the bios and is using the TPM to shimmy its way into the processor where it’ll put out a sustained ARP broadcast from the processor broadcasting as Intelcor_xx:xx:xx until the redirects catch it and boom. I no longer own my network or pc.

This is all done using the cover of a virtual machine. 

it’s using a Mount Point Cluster which is effectively  it building it’s own partition and volume on another partition or volume. Almost like a tumor. 

i believe it burrows into the firmware of whatever device including phones, tv’s , and most importantly routers and modems. That’s it’s life stream. 

it’s especially prolific in windows 10 as it has now almost completely locked me out of my own operating system. 

it has attacked my monitor drivers. My gpu drivers. And when i tried to run hitman pro against it it WMD’d my computer somehow. Wiping two 1tb NVMe drives, and write locking a third, the one with my OS. The error is threw was ‘IRQL not less or equal’ or some iteration of that and it seemed as if it was intentionally done. 

the trojan or worm that dropped this parasite came from port 443, and is command and controlled from 853, from a mac os. It is completely invisible to windows defender. Most likely because of the VM. 

i think it’s at least fundamentally a ransomware, but “optimized” to a swiss army knife type application as it has literally done everything from extricate data to write protected drives, to hijacking my entire network. 

i’m still looking for help trying to figure this out and the most i’ve gotten is from a large corp in the AV space who asked me who i pissed off, and told me that it sounded like a “contract” or a professional scumbag who had been hired by someone to tie me up like this. 

so you’re not alone. My “symptoms” started a few weeks before yours and are getting more and more extreme to this day. Reach out if you have any notes or collateral as i’d like to compare. 

thank you

edit: i’m using windows 11 latest distro with all updates

msi unify board

12900k 

32gb ddr5