Tech Support Guy banner
Cancel

My computer is infected by a very sophisticated virus

591 Views 14 Replies 3 Participants Last post by  Aaron125
A
Hi. My issue is that I got some banking or bitcoin miner on my computer. Sadly most antiviruses can’t detect it. I first tried to completely factory reset my computer using settings. My computer seemed fresh as new although I noticed some suspicious corrupted files that were present and were supposed to be deleted so I tried a different method. I wiped my os and installed a fresh new copy of windows 11 using a bootable usb stick. It was a more thorough clean up. There didn’t seem like there were any malicious files present and antiviruses didn’t act up. The only evidence of the virus is that I noticed my cpu usage was abnormally high and whenever I checked task manager it would instantly go down. When downloading files, specifically antivirus files it seemed to be slower than usual as if a hacker is attempting to delay the installation. I noticed many of my accounts were hacked. I’m pretty sure I’m dealing with a very sophisticated virus. It even survives the formatting and reinstallation of an OS. Out of desperation I reinstalled windows 11 using a new usb stick which was the same method I did earlier. Nothing really changed and the only thing happened was that 80% of my keyboard now doesn’t work.

I believe that I got a BIOS/UEFI virus since it can survive OS formatting. If you believe I got a different type of virus you can also give solutions as well because I could be wrong. I haven’t used my computer is 2 months from now and I really need help. Thanks for reading this post.
See less See more
Save
Like
Status
Not open for further replies.
1 - 15 of 15 Posts
DR.M
If you flash the BIOS and format the computer, it is unlikely the virus to be still in the system.

And of course, change ALL your passwords from a confirmed clean computer.

If you want us, however, to check your computer, you can read here the Log Posting Instructions and attach the requested logs.
Save
Like
A
DR.M said:
If you flash the BIOS and format the computer, it is unlikely the virus to be still in the system.

And of course, change ALL your passwords from a confirmed clean computer.

If you want us, however, to check your computer, you can read here the Log Posting Instructions and attach the requested logs.
Click to expand...
DR.M said:
If you flash the BIOS and format the computer, it is unlikely the virus to be still in the system.

And of course, change ALL your passwords from a confirmed clean computer.

If you want us, however, to check your computer, you can read here the Log Posting Instructions and attach the requested logs.
Click to expand...
Apparently flashing your bios is risky. Do
You know how to do it? Some forms of flashing your bios require you to use a usb but won't that reinfect my computer? If I flash bios wouldn't the other peer virus from the general OS of my computer reinfect bios? Firmware viruses typically have peers. Sorry if my questions seem stupid.
Save
Like
DR.M
I mentioned flashing BIOS only because you are convinced about that kind of viurs. Yes, it is risky and if something goes wrong you can stay with an un-bootable computer.

Most of the times, resetting the router and re-installing the operating system resolve any issues.

See here:

What is "Flashing the BIOS"? « Super User Blog

If you search about it, you can find links that apply for certain manufacturers, e.g. DELL, HP etc.
Save
Like
A
DR.M said:
I mentioned flashing BIOS only because you are convinced about that kind of viurs. Yes, it is risky and if something goes wrong you can stay with an un-bootable computer.

Most of the times, resetting the router and re-installing the operating system resolve any issues.

See here:

What is "Flashing the BIOS"? « Super User Blog

If you search about it, you can find links that apply for certain manufacturers, e.g. DELL, HP etc.
Click to expand...
I'm not saying I'm convinced but it's a high chance because I did a reinstall on my OS and made new partitions so the reserved partition that could be infected are not used. Usually firmware viruses can survive an OS reinstall. My question is that if I flash/update bios wouldn't it get reinfected since it's peer virus on the general OS is still present?
Save
Like
DR.M
Yes, I would say that you can't get re-infected if you do that.
Save
Like
DR.M
By the way, which antivirus have you used?
Save
Like
A
DR.M said:
By the way, which antivirus have you used?
Click to expand...
Norton, kaspersky (free), Malwarebytes, Malwarebytes ant-rootkit, windows defender. I'm trying to use or obtain kaspersky anti virus for UEFI but it's only available for high profile targets and companies. Flashing/updating BIOS is not working since I need to physically disconnect SDD/HDD. Currently I'm using Microsoft defender APT or endpoint P2 which has the potential to remove UEFI viruses although I don't know how to use it. Maybe you can help me with that.
Save
Like
DR.M
Hi, Aaron.

Since BIOS is not my strength, I'll report this topic to be move at the Hardware Forum for now. There, other experts on that will guide you to do what you want.

After that, if you would like, we can move the topic here again, and make a final malware check.
Save
Like
A
DR.M said:
Hi, Aaron.

Since BIOS is not my strength, I'll report this topic to be move at the Hardware Forum for now. There, other experts on that will guide you to do what you want.

After that, if you would like, we can move the topic here again, and make a final malware check.
Click to expand...
Hi.

That sounds like a good idea. I will be informed or supported by the experts who specialise in hardware, right?
Save
Like
DR.M
The topic will be moved, and then you will receive replies from the Hardware experts. I will be watching of course. You will have to wait a bit, however, because of the time difference case.
Save
Like
A
DR.M said:
The topic will be moved, and then you will receive replies from the Hardware experts. I will be watching of course. You will have to wait a bit, however, because of the time difference case.
Click to expand...
Okay thanks.
Save
Like
  • Like
Reactions: 1
Macboatmaster
1. As far as I can see we know absolutely nothing about the computer and the setup as a whole.

2.
Aaron125 said:
I'm trying to use or obtain kaspersky anti virus for UEFI but it's only available for high profile targets and companies
Click to expand...
I do not know where you are located but I can assure you that all Kaspersky antivirus protection marketed in the UK and many other countries is UEFI compatible.
The only real difference between an antivirus used on a traditional BIOS and one used on UEFI firmware is the ability of the AV on UEFI firmware to use ELAM - early launch anti malware AND in respect of the UEFI firmware the process from POST to windows boot manager on the EFI partition is in itself more secure.
unless YOU ARE REFERRING TO the specialized product from Kaspersky
Kaspersky Anti-Virus for UEFI | OEM Technology Solutions | OEM Partners | Kaspersky
which would usually only be used on a specialized system.
As indeed is the case with
UEFI scanner brings Microsoft Defender ATP protection to a new level - Microsoft Security Blog

If yours is such, then perhaps I am NOT the person to assist you.

3. You may I suppose have an infected firmware, but it is extremely unusual. Dr.M is thew expert on such matters, but I totally agree that if you have the answer is to flash the BIOS
That said if you REALLY did have a firmware infection then often the attempted flash would fail.

4. I do not know if this
Aaron125 said:
Norton, kaspersky (free), Malwarebytes, Malwarebytes ant-rootkit, windows defender. I'm trying to use or obtain kaspersky anti virus for UEFI but it's only available for high profile targets and companies. Flashing/updating BIOS is not working since I need to physically disconnect SDD/HDD. Currently I'm using Microsoft defender APT or endpoint P2 which has the potential to remove UEFI viruses although I don't know how to use it. Maybe you can
Click to expand...
means that you are NOW only using Microsoft Defender APT or Endpoint P2 but if you haved not FULLY uinstalled the other mentioned security apps, then your security is seriously weakened.

Additionally as Microsoft defender Antivirus is included on 11 if you have P2 then are you aware of the setup procedure
Microsoft Defender Antivirus compatibility with other security products | Microsoft Docs

5. Many people are confused between Microsoft Defender and Microsoft Defender Anti Virus
The two are NOT the same
Microsoft Defender AntiVirus is part of Windows Security centre and is built in to 10 and 11
Microsoft Defender for Individuals | Microsoft Security
Microsoft Defender is not currently built into Windows. It is a standalone app that can be downloaded from Apple, Google, and Microsoft app stores.4

What is the difference between Microsoft Defender and Windows Security?

Microsoft Defender is a new cross-device app that helps people and families stay safer online. Microsoft Defender adds new features and a simplified, user interface. Microsoft Defender also brings valuable device protection to iOS, Android, Windows, and Mac, with malware protection, web protection, real-time security notifications, and security tips.3, 4 Microsoft Defender is available in the Apple, Google, and Microsoft app stores and requires a Microsoft 365 Personal or Family subscription to use.

Windows Security, formerly known as Windows Defender Security Center, is built-in security on Windows PCs to protect your device and data. Windows Security is pre-installed and automatically enabled. Windows Security includes Microsoft Defender Antivirus software that protects your Windows device and data against viruses, ransomware, trojans, and other malware unless non-Microsoft Antivirus software is active.
Click to expand...
6. Finally for this post
If you WISH my help
download the attached please and follow the instructions.

Used with the kind permission of Brink - Admin of WindowsTenForums - where I also work

https://www.tenforums.com/members/brink.html

Save log collector V2 log collector 1.11.zip to YOUR DESKTOP
Right click on V2 log collector zip and select Extract all to the desktop. This will create a V2 log collector 1.11 folder.
Open the V2 log collector 1.11 folder and double click on the log-collector shortcut.
A Command Prompt window will open with the Ten Forums Log Collector running in it. Press the Enter key to start the collection process.

The Command Prompt window will re- open. Press enter to close it when that shows Note the Output location as that is where the zip file is located it should be the desktop
Attach that please to your reply using the attach files button.

NOTE the log is comprehensive but does not contain any personal information of a sensitive nature.
I need the log as produced, please NOT one redacted by you.

Attachments

See less See more
Save
Like
  • Like
Reactions: 1
Macboatmaster
Aaron125
Are you still requiring help or is the problem sorted
Please let us know.
Save
Like
A
Macboatmaster said:
Aaron125
Are you still requiring help or is the problem sorted
Please let us know.
Click to expand...
I'm very sorry for the late reply. I will follow your guide that you listed since I still need help. I'm starting to believe that I may of have a boot sector virus since firmware malware is rare and like you said flashing the bios would've failed.

Did I do everything correctly? Is this the log requested or is it the wrong one?

Attachments

Save
Like
1 - 15 of 15 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top