First of all I am no expert specially when it comes to windows and I don’t run a server. I do work in the cyber security industry but as a social engineer. What I’m trying to say is that I do have basic knowledge how to operate a shell even though I prefer bash but I hope you will forgive me. What I would like to know is how I can permanently remove the PS controlled virtual machine and get out of the situation where my laptops are servers and being abused for spamming. I am not looking for help in bringing this person to justice since the case is already with the national cyber crime unit of the NCA in the UK since about 10 days ago I managed to delete the bcd with easybcd. My luck lasted only for 20 minutes since I followed the links in the event log to the mdsn developer blog but time was too short to exactly find out what dsc exactly is running. Blog is readable for anyone just search for how about christoph.gasparin +xing. Before that I have already changed provider also moved houses and bought different laptops. What I would really like to know is how the identification works is it through guid or was my mistake already downloading firefox including noscript to check my emails on a new laptop that had never been in touch or near the old flat/router/wifi etc… and I also don’t use a microsoft account to log me in. How can I get rid of it my setup is 2 ssds plus a third one in 2.5 inch easily removable which I did. I tried the hardware based raid 0 and broke it I use active@killdisk trying to wipe/kill the disks but my commands just waste time without anything happening. Even booting with a killdisk doesn’t make a difference. And bios was flashed me updated obviously downloaded by a friend. Using win 8.1 pro since I have original pressed cd in this case. As long as I stay in oobe/ audit mode I can see the ps scripts all for vesrion 3 but I am stuck with ps2 in oobe and ps 1 once I generalise. And as soon as I enter a command into the shell I get that this was against group policy and that I don’t have the right to do so. Also when I try to delete certain dll file specially those for tunneling as admin I do not have the permission. How can I regain control over my laptop’s there must be a way, I have already removed all wifi and BT cards to also close this posibility down. I know you experts need more detailed information please ask me what can help identify the configuration and how I can get rid of it and more importantly prevent this from happening again. And I hope this isn’t inappropriate since I read the rules but I don’t expect anyone to do taut for free. Rgs, chg
You’ve essentially posted a lengthy rant, so I’m not as to tell if you’re serious or if there’s an actual question. I’m closing this topic; if you have a question and can post it in a clear and concise (short) manner, then you are welcome to open a new topic. Please limit yourself ONLY to the relevant technical details and ask a clear question.
It is exceedingly unlikely that DSC is involved. I don’t even know what a “PowerShell controlled virtual machine” might be. If this is a real security problem, I would strongly urge you to contact Microsoft support or a qualified consultant. What you seem to be going on about isn’t something that should be resolved in an essentially anonymous Internet forum.