|FakeCD99 Operating system is a spyware and malware combination of a Windows Vista or Windows 7 on steroids. FakeCD99 Operating system is a Trojan horse of an IBM host connected to a Unix server with remote settings. The Trojan horse is connected to the computer through an unauthorized backdoor in the BIOS. The mac address of the embedded network card on the motherboard is cloned to the attackers Virtual Private network or Zombie Network bot; unauthorized connections boots the victims computer from the attackers compromised Unix Remote Server also found in the BIOS of a Compaq Desktop this setting is hidden in laptops. The default settings of the Unix/Linux server boots "everyone" globally by "Remote" control settings from an unknown location. The default global settings in Windows Vista and Windows 7 is "workgroups". The local systems MBR (Master Boot Record) swaps to the external Linux/Unix MBR partition in order to boot the malware from the Trojan horse connected to the victims computer system without permission, consent or authorization. The PCIx Ram is a persistent connection handler that never disconnects the victim from the Trojan horse or from the attackers; PCI ram uses a protocol file called ramdisk, it holds the Trojan horse settings as memory. The attackers network or bot routes the victims system to and from the Trojanized server by remote setting and hidden remote devices such as a hidden "Boot" from an unknown location found in the device manager, under show hidden devices. The servers then serves the victims system with malware, viruses, parasites and a host of other Trojan horses and other infections pre-installed on the computer system; malware operating systems are designed to obey the attacker not the victim. Also found was unauthorized hidden shares, and unauthorized backdoor NT Administrators with passwords in order to gain access to the victims computer system. The computer is controlled from a remote location by the Hidden NT admin. |
Remove from the registry: start, type Regedit, in the find type and remove worms devices
Domain Zones (remove the host under that registry key) from the registry.
Command Prompt: start, cmd, run as Administrator
Take ownship of the system at the command prompt, type takeown /F *
remove the backdoor default administrator, in the command prompt:
type net user administrator /active:no.
Hide your server, net config server /Hidden:yes
The IP address 220.127.116.11 is the multi-cast address the attackers are at 18.104.22.168 and 22.214.171.124, this is the Department of Education. To see if you are connected to the Department of Educations Black Hat Hackers;
go to start
right click, cmd, run as the administrator,
at the cmd prompt type:
route print press enter:
If the above address appears with a gateway or without the gateway address 255.255.255.255; your computer is connected to the Department of Education black hat hackers.
If their is a 10.*.*.* ip address in the route, this is the attackers Virtual Private Network or Virtual Local Area Network; this address is usually found with the broadband internet connection.
** Make sure you have a factory restore disk, or a recovery disk. Removing the infection without experience will crash the computer system.