Please forgive me if this doesn't belong here- I do run Ubuntu/Kubuntu as my primary daily OS, so I feel a bit at home here to ask this....
I'd appreciate any help in sorting all of this out... I've gotten way too far into the forest to be objective at this point. Normally I'm someone who has multiple purpose-built machines running at any given time of day. Now I've been cut off at the knees by this malware/hacking problem to the extent that for three months I've had zero functional systems. Here is the deal:
It started out with a rootkit. Noticed some strange activity during a benchmark run on a clean install with all possible windows services turned off, right down to the CD driver. Nuked the drive and still there. Reflashes BIOS and all firmware, still there. Spent three months now trying to erraticate it from the hardware, but it's there no matter what. Not sure if it's bios or firmware or ?, but it's somewhere in non-volatile memory aside from the drives in any OS environment. Strange, but okay.
Next came the Android part. My tablet started having unusual generic icons show up on the desktop, which were for programs I didn't recognize. The read-me and license files were all filled with scripts to keylog and steal photos, video and audio from the microphone. Couldn't clear it off without rooting it, so just tossed it since it was an econo tablet to start with. Then it got really good. My cellphone, my NON-smartphone cellphone got hacked. SMS texts were being intercepted and altered or blocked. Phone calls to the other party at the time would go to voicemail. This may have even carried over to the home phone which is on the same coaxial line as my interenet, but that may be an incorrect charge.
Next I replaced the cell with a Galaxy, which was promptly infected with the Android virus AND had the same treatment as the previous phone. Didn't ever connect to the home network or even use the wifi period. Exchanged this twice now. Should mention I've also exchanged my own router for two different modem/router combo units from the cable co during this time. Whatever is going on, it's getting into EVERYTHING with an RF capability in my home and it's not easy to put the f' in it's place.
Not sure it's related since it's an old house, but there is a distinct, new humming in the computing room from the walls. Could be something far out there like LAN over Powerline I'd suspect, as the outlets in the room are clearly magnetically charged too now? (wtf??)
I'm thinking there are four different scenarios that are likely here.
1) Simply still this insane rootkit at work, propagating itself up to the router where it's then trying to breach anything within range. This seems possible, since everything involved has SOME capacity for wifi networking.
2) Neighborhood had a punk kid who enjoys hacking move in with a hidden network. Assume based on some odd router activity (DNS set to 192.168.1.1) that it could be someone rerouting my traffic elsewhere from the computers. Not sure about the phone aspect; perhaps unrelated to the big picture?
3) Recent ex is having her new boyfriend hack into my stuff. Not really interested in laying out specifics, but there is some motive there and I have no idea if he'd be someone who could do something like this. Can see the scenario where he's simply cloned my SIM card and used my cell to keep screwing with my gear though. Strange activity definitely centers around any contact with her, and she is defensive when I mention the idea beyond what I'd expect.
4) I suppose it'd be naive to ignore the obvious idea that this could be official business, in which case I'm not going to object too loudly except it's been choking off basic computing tasks. Not someone who has anything criminal to observe, so would have thought this would have passed by now if it's this. Am politically active, so could have painted a target, but this feels way too malicious and not purposeful.
What I need help with is:
1) How would you go about setting up a network with a new router in this mess of a scenario? Obviously cryptographic strength access codes for the router but what else? Manual port forwarding, static addressing, or ? Would appreciate a link to a tool I could use to create valid IP's for static- the subnet thing isn't super comfortable for me.
2) Would you guess this is a Who or a What that I'm fight against? Local or remote?
3) Would you imagine there is a PC configuration, possibly using firewalls and a virtualbox I'd guess, that could survive being leaned on this badly if I cannot trace the source? Was thinking about setting up Kubuntu and Win 7 inside a Kubuntu host and seeing if that keeps a new machine clean. Second option was trying a chromebook for now since the BIOS is not standard and I could run Chr Ubuntu on it.
4) Anything I'm missing or that you think could help.
Thanks guys, I need whatever I can get.
*edit* know there are certainly some spelling and auto correct errors in there- please forgive them, don't have a actual PC to even post this from and am working with what I've got here.