Lokibot infection - can’t remove

Hi guys.
Im wondering if you can help me, or point me in the right direction.
Since Christmas I have had multiple boxes wrecked and I cant seem to get rid of it.
I cant work out the infection vector.
It might be one drive or my modem?

Greetings and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

• First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
• It is important to not run any tools or take any steps other than those I will provide for you.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please copy and paste all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• FRST.txt
• Addition.txt

Hi Oh My! Gary

 

Thanks for getting back to me.

I am attempting to do the logs for you tonight

Hey Gary sorry for the delay. It wont boot up so I have attached the FRST log I got a week before it encrypted itself

Here is the last FRST log

Hey Gary

Here is the other one - my brand spanking new Lenovo I got for Christmas.
😩🥺

I use no ms office products, I do not use torrents, I dont get pirated stuff or cracks or any of that carry on.
I pay for dozens of subs and always will.
I dont play games, dont watch movies on these devices.

There is nothing in this PC except the OS, anti virus products I have since downloaded from here or majorgeeks.
So anything else is malicious.
Hey Gary

Here is the other one - my brand spanking new Lenovo I got for Christmas.
😩🥺

I use no ms office products, I do not use torrents, I dont get pirated stuff or cracks or any of that carry on.
I pay for dozens of subs and always will.
I dont play games, dont watch movies on these devices.

There is nothing in this PC except the OS, anti virus products I have since downloaded from here or majorgeeks.
So anything else is malicious.

Here is a weird log file and some other language things I keep seeing

Hey Gary

I have the addition file for that first FRST log for the Dell -
This is an older pc that has had a fresh install last year and only had a couple of music instrument software added by my husband and Dropbox.

He loaned it to me when all my computers died - but it also died within a week.

Both the brand new Lenovo and the dell are filled with logs and software/system files - like its huge, maybe 50Gb to 200Gb? and growing.

I have submitted random files from all over - picked at random - and submitted to Any.Run, Hybrid-analysis, virustotal.

Almost all of the files do the same thing in a sandbox and have PE headers and obfuscation and drop palisades and talk all over the world.
We are in a large botnet Id say.
Its quite an impressive graph VT shows of it.

Its almost harder to find a legit file than a Trojan, keylogger, backdoor, exploit etc.🤦🏻‍♀🤷🏻‍♀

Im at my wits end.

Greetings.

We can only work with one computer per topic.
 

Hey Gary sorry for the delay. It wont boot up

Can you describe exactly what happens. Let me know everything you see before it fails.