It comes to this

SilentSeeker

New Member
I was recently contacted by Outlook and told to reset my mail account because of possible security breaches and that it would be shut down for 30 days. I had tried telling them that many times before but no one listens. I was going to send them what follows but since I cant log in and corporate seeming refuses to lower themselves to speak to a regular consumer here it is.

To whom it may concern:
I have had issues with my system for several months now and during this time I have contacted support around 2 dozen times and corporate office. Only 2 of my contacts with support ever made any progress and I was hacked immediately after my last calls to support and corporate so I stopped trying until I moved and changed everything connected with my system. In those several months of trying to fix my system no one could tell me why this was occuring. My system was erratic and even locked me out and claimed to be wiped at one point in May which meant I had to buy a replacement. I was wanting to upgrade to Pro but bought another Home Edition just in case my troubles were not over. Office depot did not have physical copies which meant I got the crappy digital license of course. 6 hours after getting home it updated and restored the original faulty set up I had been dealing with since the latter part of 2020. This was not what my computer came with though. I bought it new at Wal Mart in May of 2020. Somewhere around November of 2020 I began noticing small things that seemed different but I was busy and could not devote a lot of time to it. By the time I did start looking into it things were to far gone. The changes had left gaping holes which allowed others to observe my family and manipulate the computer in front of me while I talked to them asking what the point of this was.

I got everything going 2 weeks ago and copied a friends version so I would not have to pay anymore than I already had to get it going. I then joined Insiders to get a peek at 11 and hoping that it would help keep unethical individuals away. My system kept changing anyway. After 26 years of Windows I finally embraced Ubuntu and even though it forces me to learn new skills to use it these are less work than I was dealing with. Hell I learned more about the internals of Windows from April until June than I ever wanted to.

Everything comes down to this point: I finally can confirm what damaged my system. It was a boot code update Microsoft did late last year. It states plainly what occured and the attempts to mitigate it. This mitigation involves making my system appear unable to run Windows 10 without assistance. This is total BS. I am not interested in causing trouble.I am not seeking monetary compensation for time and materials. All I want is to be able to run Windows 10 0r 11 (preferably Professional Edition) without some peice of code claiming my computer is tied to some unknown corporate server and overriding my Administrative Privileges.

I tend to think I have gotten the runaround because of proprietary software (supposedly) in the machine. This mostly centers around something to do with Realtek wifi and ethernet components. It is the first time I have seen a bluetooth ethernet not to mention one with excessive broadcast capability. I have watched this this machine literally absorb and take command of routers without anyone touching it. Now there may have been somwone remote but I am not sure.

If anyone wants (or is allowed) to assist me in contacting who I need to in order to fix this I would appreciate it. If not then I guess I will be an open source user for the remainder of my time.
Thank You
Charles Jones
 

Neemobeer

Cyber Security Engineer
Staff member
You're barking up the wrong tree. We have no affiliation with Microsoft. Also the email you received is likely a phish and if you followed any links you should go to the legitimate site and change your password.
 

SilentSeeker

New Member
You're barking up the wrong tree. We have no affiliation with Microsoft. Also the email you received is likely a phish and if you followed any links you should go to the legitimate site and change your password.
I hope you did not misunderstand. I am not claiming this forum is affiliated. I gladly would alter my accountif I could access it at all but I am unable. I would probably just erase it though. I eventually will get through to someone to determine what transpired if my assessment is wrong. It just makes more sense than anything else. The other options sound ludicrous . I would be flattered if someone were actually devoting this much time and effort. I had seen fragments of "proof" something was not kosher but it was not until yesterday that I was able to access the bulk of the entirety in an unencrypted format. I am not sure if installing a Linux based OS did it or if it was me trying to flush the cpu and memory but most of it suddenly appeared. Now I admit that Microsoft may have had nothing to do with it but if they did not then someone sure has timed everything very well to make me wonder.

I could post the docs if that helps. All of them clearly show that an effort has been made to downgrade my system. If my system is what they claim then why not just contact me or inform me during one of my 2 dozen support requests "Hey , you bought a faulty system instead of playing cat and mouse. The thing is I can hold the changes at bay and everything works fine until I update . Every diagnostic program I have ran says its perfectly healthy in regards to hardware. I just cant get anyone that has any authority to lift a finger. I guess the only really good point is I can always get back to this point so my playtime is nearly over. The system will be entirely under my control again with 3 days so if if was not some error by Microsoft or another corporation then its over because if it was malicious behavior I will have won and even had I not I have become bored. A bunch of petty children just dont flip my nickel and obviously they are no true threat. They would have to have courage to be anything more than a pest. I just wanted to see if anyone had the integrity to do the right thing.
 

bochane

Excellent Member
It is a long mailing more expressing your feelings than giving technical details which are of interest and may be of help for the readers of this independent forum.
This is what I think I (mis)understood:
- have you changed you password as, and in the way Neemobeer suggested?
- what showed up unencripted when installing Linux?
- why could not you perform a clean install from a boot medium, newly and savely downloaded on another computer from a save place, with your existing Windows license?
- was something hiding in BIOS or the microcode?
 

SilentSeeker

New Member
I did change the password and was informed I would be locked out before I did so. It would be easier to show everyone but I think most sites are afraid of getting malware that way so I will state the important points I can recall at the moment. First off is bootmgr with what appears to be an update attempt from Nov 2020 which after a few lines of code suddenly states multiple faults and mentions debug traps. It goes on to say that no physical memory exists at the location, Windows boot mgr is corrupt, checksums do not match, and the program will not run in DOS. Certificates are mentioned including a third party signer and that bootmgr failed due to an invalid entry in bcd, ramdisk failure from low memory and the CPU not being capable of running a 64 bit system and not supporting PAE feature. Also secure boot failed.

It later goes into attemting a network boot but could not get a specific fix on my router because it was running without a provider and was showing as built in. Because of all these reasons my tpm was tripped, my bitlocker trashed and I was locked out of my bios. I guess to try and fix it they set up a hypervisor and were somehow able to assign me a static IP. Now my HP 15-dy1031wm is made to appear as a machine incapable of handling a 64 bit OS.

Also in all of this my graphics are now sub-par. I considered that maybe bitminers took advantage of the situation but I doubt 4 GB is worth their time. Thats a quick run down

I have done over 10 clean installs including purchasing a new digital copy as well as having a Microsoft support person actually force a reinstall. He did that because he claimed that this computer and another one somewhere else were fighting the install. It still reverted back within hours. I do not know where it was or is hiding. I just know that I have to starve it of files to work with then overload it with input to even have a chance.
 

Neemobeer

Cyber Security Engineer
Staff member
Regardless of anything else, your first statement about being told your account would be disabled is, without seeing the message, very very likely phishing and if you followed instructions or links your account is probably compromised.
 

SilentSeeker

New Member
It already was before that. I have set up encrypted accounts and contacted everyone close to me. I have not used them for anything critical. I agree with your point though. Sometimes I even pondered whether I was really talking with Microsoft support online or on the phone.
 

ussnorway

Windows Forum Team
Staff member
Premium Supporter
  1. Microsoft does flag email accounts to change passwords
  2. When they do this it is at the time you actually sign in through a web browser and this flag is automatic with no humans involved... if you click the support tags at that step then it is [eventually] possible to talk to a human that does have the power to override the auto blocks
  3. I agree with with Neemobeer this sounds more like a scam

I always set up everything before going to the internet as well but its pointless trying to block Microsoft from spying... and a lot more fun to simply feed them bullshit info instead
 

SilentSeeker

New Member
The very first time I had any success involved the following:
1.Disabling Anti-malware and firewall 2. Disable system restore, DEP, and all other protections 3. Reducing virtual memory to zero
4. Clearing all caches and removing updates 5. deleting every log &telemetry file & Using Diskpart and override command to delete and reformat all partitions. 6. Using robocopy to transfer X drive mini-nt to USB drive.

It still comes back.A couple of things I feel are relevant are these:
1. Within a few days the firewall service becomes network controlled with me unable to stop or disable it in services.
2. Connected devices platform does the same thing.
I am told I do not have permission and to contact the Admin.
This happens even if I take over built-in Admin as my first action.
Twice it has updated when I have no network connection.
 
Last edited:

SilentSeeker

New Member
  1. Microsoft does flag email accounts to change passwords
  2. When they do this it is at the time you actually sign in through a web browser and this flag is automatic with no humans involved... if you click the support tags at that step then it is [eventually] possible to talk to a human that does have the power to override the auto blocks
  3. I agree with with Neemobeer this sounds more like a scam

I always set up everything before going to the internet as well but its pointless trying to block Microsoft from spying... and a lot more fun to simply feed them bullshit info instead
It may have been but if it was it still leaves me unable to contact MS because they want me to sign in. I could make another account but could I really trust it either. I tried calling corporate again 3 days ago and kept getting "support has moved online". I refused its options while insulting it until it finally said "Goodbye". I did get through to Global Security though. He seemed shocked and possibly insulted that I called him but he did give me a number. I then asked him how he liked working for them and was redirected to end the call. The number gave me the robot again.
 

bochane

Excellent Member
Being logged in on a different, clean and trusted, computer, with a different and clean account, than from there signing in to your Microsoft account, using a webbrower, what happens?

(b.t.w, if it helps keep insulting, otherways stop it right now)
 

SilentSeeker

New Member
Lets find out. A friend is coming by in a bit. I will ask him if he feels comfortable with me doing that on his computer. If so I will do it and let you know. My primary concern is my computer. The account means little to me at this point beyond getting someone to pay attention. I cannot possibly be the only person going through this and even if I am they should investigate to help prevent it happening to others.

I am not sure how much insulting helps but it is amusing when I have to hear it say choose option blah blah or blah and I say "I refuse, please contact a human being, I cannot understand you".
 

bochane

Excellent Member
I wonder, can Spectre be propagated from your MS account, without accessing your your mail?
You may be able to reset your password and removing your mail.
 

SilentSeeker

New Member
Thats a good question.I never heard of it before today but from what Ilittle I have found it could definitely be an accomplice in what has been going on. Btw I could not access my outlook account it from my friends system. I have to find out more about spectre and see if a reliable way to detect it exists to identify and destroy it once its embedded. I contacted Intel but who knows if I will hear back or not. If it is on here then I have a very good idea about when and where I picked it up.
 

bochane

Excellent Member
What is left over, besides asking MS to removing that account and forgetting it for ever?

I understood that Spectre uses some exploit in processor microcode, only in the older generartion or new processors also?
Are there patches and or removing tools?
Does the virus reside in the microcode, hence will it survive a new install?
Who knows, Nemobeer perhaps?
 
Last edited:

SilentSeeker

New Member
What is left over, besides asking MS to removing that account and forgetting it for ever?

I understood that Spectre uses some exploit in processor microcode, only in the older generartion or new processors also?
Are there patches and or removing tools?
Does the virus reside in the microcode, hence will it survive a new install?
Who knows, Nemobeer perhaps?
Correct on the account. The only reason I wanted it was to have a record of how many times I contacted them.
From what I have read Spectre affects newer ones as well. It does reside in the microcode and appears to be harder to eliminate than first believed. I also have an Nvme SSD and I suspect it has places to hide there as well.
A hardware scan shows that I have several "unclaimed" pieces of hardware
Ice Lake-LP DRAM Controller [8086:34EF] ,Ice Lake-LP SPI Controller [8086:34A4] ,Windows FAT volume .
My CPU may have been tampered with but I barely qualify as a novice so if anyone sees anything funky let me know.
capabilities:
64bits extensions (x86-64),
mathematical co-processor,
FPU exceptions reporting,
wp,
virtual mode extensions,
debugging extensions,
page size extensions,
time stamp counter,
model-specific registers,
4GB+ memory addressing (Physical Address Extension),
machine check exceptions,
compare and exchange 8-byte,
on-chip advanced programmable interrupt controller (APIC),
fast system calls,
memory type range registers,
page global enable,
machine check architecture,
conditional move instruction,
page attribute table,
36-bit page size extensions,
clflush,
debug trace and EMON store MSRs,
thermal control (ACPI),
multimedia extensions (MMX),
fast floating point save/restore,
streaming SIMD extensions (SSE),
streaming SIMD extensions (SSE2),
self-snoop,
HyperThreading,
thermal interrupt and status,
pending break event,
fast system calls,
no-execute bit (NX),
pdpe1gb,
rdtscp,
64bits extensions (x86-64),
constant_tsc,
art,
arch_perfmon,
pebs,
bts,
rep_good,
nopl,
xtopology,
nonstop_tsc,
cpuid,
aperfmperf,
tsc_known_freq,
pni,
pclmulqdq,
dtes64,
monitor,
ds_cpl,
vmx,
est,
tm2,
ssse3,
sdbg,
fma,
cx16,
xtpr,
pdcm,
pcid,
sse4_1,
sse4_2,
x2apic,
movbe,
popcnt,
tsc_deadline_timer,
aes,
xsave,
avx,
f16c,
rdrand,
lahf_lm,
abm,
3dnowprefetch,
cpuid_fault,
epb,
invpcid_single,
ssbd,
ibrs,
ibpb,
stibp,
ibrs_enhanced,
tpr_shadow,
vnmi,
flexpriority,
ept,
vpid,
ept_ad,
fsgsbase,
tsc_adjust,
bmi1,
avx2,
smep,
bmi2,
erms,
invpcid,
avx512f,
avx512dq,
rdseed,
adx,
smap,
avx512ifma,
clflushopt,
intel_pt,
avx512cd,
sha_ni,
avx512bw,
avx512vl,
xsaveopt,
xsavec,
xgetbv1,
xsaves,
split_lock_detect,
dtherm,
ida,
arat,
pln,
pts,
hwp,
hwp_notify,
hwp_act_window,
hwp_epp,
hwp_pkg_req,
avx512vbmi,
umip,
pku,
ospke,
avx512_vbmi2,
gfni,
vaes,
vpclmulqdq,
avx512_vnni,
avx512_bitalg,
avx512_vpopcntdq,
rdpid,
fsrm,
md_clear,
flush_l1d,
arch_capabilities,
CPU Frequency scaling
configuration:
cores: 2
enabledcores: 2
threads: 4

I am going to spend the day verifying whether or not I need to buy some new parts to go along with the hardware firewall and bios reprogramming I have invested in. I would like to post some boot logs online and have considered just setting up a throwaway email and allowing everyone access but I am sure there are many ways that could go wrong. I am open to suggestions. Thanks to everyone here for their attention and God bless all of you.
 
Top