Share via

System hacked with shadow drives and network restore points.

Anonymous
2023-08-16T09:55:36+00:00

Hi, I am looking for some help to figure out how to completely remove everything from my system after I was hacked.

I'm pretty sure the hacker has moved on but has left really annoying scripts and software like I cannot upgrade my graphics card or other things because when I try the program MMC shows up in task manager and takes control of them.

I have tried to do a full clean install but found shadow drives installed then I found a network restore point that I cannot remove on my system, so everytime I do reinstall it gets restored back to when he took control.

He has also taken control with the builtin local and administrator workgroup so my administrator does nothing to stop or delete anything they don't want me to.

I'm running Windows 10.

<Changed to a question>

Windows for home | Windows 10 | Windows update

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-17T05:54:39+00:00

    Hello, Mark L05

    Welcome to Microsoft Community.

    I'm sorry to hear that you've been experiencing these issues. Dealing with a compromised system can be challenging, but there are steps you can take to mitigate the situation. Keep in mind that I can provide general guidance, but it's always a good idea to consult with a cybersecurity professional for tailored advice in your specific situation.

    Here's a step-by-step approach to addressing your situation:

    1. **Disconnect from the Internet:** First and foremost, disconnect your computer from the internet to prevent any further communication with the hacker or any potential malware.
    2. **Backup Your Important Data:** Before taking any further steps, make sure to back up your important files to an external drive. Be cautious not to include any executable files, as they might be compromised.
    3. **Wipe the Hard Drive:** Since your attempts to reinstall the operating system have been unsuccessful due to the presence of shadow drives and network restore points, you may need to take more drastic measures. a. **Boot from External Media:** Create a bootable USB or DVD with a fresh copy of Windows 10. You can download the official Windows 10 ISO from Microsoft's website. b. **Wipe the Drive:** During the installation process, when you're asked where to install Windows, select your system drive and click "Format". This will erase all existing data on the drive, including the shadow drives and network restore points. You can also choose not to keep anything instead.
    4. **Update BIOS/UEFI:** Ensure your system's BIOS or UEFI firmware is up-to-date. This helps mitigate any firmware-level compromises. Back up all your personal files first to ensure you do not lose data. 
    5. **Change All Passwords:** After reinstalling the operating system, change all your passwords, including those for your email accounts, online services, and any local accounts on the computer.
    6. **Enable BitLocker (Optional):** If your system supports it, consider using BitLocker to encrypt your system drive. This adds an extra layer of security to your data. Learn how to do so here: Device encryption in Windows - Microsoft Support.
    7. **Install Security Software:** Install reputable antivirus and antimalware software. Run a full system scan to identify and remove any potential threats.

    Remember that preventing future compromises involves staying vigilant, using strong security practices, and keeping your system up-to-date. Learn more security tips here: Keep your computer secure at home - Microsoft Support

    Let me know if you have any other concerns.

    Best regards

    Yuhao Li

    Microsoft Community Technical Support

    2 people found this answer helpful.
    0 comments