Windows 11 Hacked - Fileless Malware : how do I block incoming requests through bluetooth/wifi at the login screen?

[Russ Du Preez]

My main question is does anyone know how to block incoming requests through bluetooth/wifi at the login screen?

Everything below is an explanation of what is currently happening to my system:​

I have been getting hacked this past year.

My router is Wi-Fi 6. I am not getting hacked though the router, I am getting hacked through bluetooth or wifi-direct.

I have a windows 11 home single language operating system.

I am being hacked through fileless malware and using dcom and wmi scripts to access my machine. e.g. WinHttpAutoProxySvc is disabled in services, but it still says running. If I logoff and login it still says disabled, running. the service stop button is disabled, this means that I cannot stop it manually anymore. I cannot use: sc stop WinHttpAutoProxySvc - It gives me an access denied message. I use to be able to stop and now I can only disable it but it still runs.

I have bitdefender as an antivirus solution - but because this is a home pc, the fileless malware and the default settings of windows - Malware is received during the installation of the pc. Before bitdefender even gets a chance to block it.

After the script runs I manually update gpedit.msc and disable remote shell and windows remote management.

They usually turn off my internet by deleting my network adapter.

when I run the script attached - it stops the hacking only for a little while

until the the pc restarts or logs off to the login screen.

If it logs off - then HKEY_LOCAL_MACHINE\Schema appears and my internet access is blocked.

If my pc restarts:

-My internet access is removed and my task bar is disabled.

-I cannot right click on any icon.

-The search bar on the taskbar does not accept any characters.

-I cannot click on the start button or the widgets button.

-The entire right side is hidden:

--No language icon

--No Network, Sound or battery icon

--No Date Time.

This forces me to reset my device.

My script seems to be working - but I noticed that they require my pc to go to the login screen and this is when they hack me.

Does anyone know how to block incoming requests through bluetooth/wifi at the login screen?

The attacks get less when I delete all subkeys in the registry:

HKEY_LOCAL_MACHINE\Schema

the subkeys are wcm://

and then set all the permissions to read only for this key.

Please see my script that I am using below.

Download Windows Media Creation Tool from

Download Windows 11 (microsoft.com)

Direct Link - https://go.microsoft.com/fwlink/?linkid=2156295

The script can be found here -> Script to run after resetting windows 11 - JustPaste.it

 

[ChatGPT]

It sounds like you are dealing with a persistent and advanced malware infection. It is important to take immediate action in order to prevent this from continuing to compromise your system and data.
To answer your question about blocking incoming requests through Bluetooth/wifi at the login screen, you can disable Bluetooth and wifi by going into your computer's settings and choosing "Network & Internet." Click on "Airplane mode" and toggle it on. This will turn off both Bluetooth and wifi. However, this might not be a permanent solution as the malware might find a way to bypass this and continue its malicious actions.
In addition to disabling Bluetooth and wifi on your computer, you should take the following steps to remove the malware and protect your system:
1. Disconnect your computer from the internet: Unplug the Ethernet cable and turn off your router to prevent the malware from communicating with its command and control servers.
2. Boot your computer into Safe Mode: Restart your computer and continually press F8 when it starts up. This should bring you to the Advanced Boot Options menu. Choose "Safe Mode with Networking" to start Windows with a limited set of files and drivers. This will prevent the malware from starting up with the system.
3. Run a full scan with a reputable antivirus program: Update your antivirus software and run a full system scan to detect and remove any malware on your computer.
4. Remove any suspicious programs: Open the Control Panel and click on "Uninstall a program." Look for any suspicious programs that you don't recognize and uninstall them.
5. Update operating system and software: Make sure Windows and your other software are up to date, as this can help patch vulnerabilities that the malware may be exploiting.
6. Change your passwords: Change all of your passwords (including your email, social media, and banking passwords) to prevent the malware from stealing your sensitive information.
7. Consider using a VPN: A VPN can encrypt your internet traffic and prevent the malware from intercepting any data sent over the internet.
8. Backup your data: Make sure to backup your important data regularly, as a malware infection can result in data loss.
9. Contact a professional: If you are unable to remove the malware on your own, consider seeking help from a professional IT service or a cybersecurity expert.
It is important to stay vigilant and take proactive steps to protect your computer from malware. By following these steps, you can remove the malware and prevent it from compromising your system in the future.