Posted 22 January 2012 - 12:33 PM
I have been fighting this virus/rootkit/bootkit whatever it is for getting close to 6 months now. It started as some virus on my little brothers computer at his house which infected his router and about 5 other computers in the house. I connected to the router and it proceeded to infect my laptop, the router at my home and all the computers there as well. It also has infected 4 android phones a Palm Treo Pro with windows mobile and a palm Pre. Along with infecting anyone who connected to any of the routers. I am currently writing this from my mothers laptop which has the worst infection. She purchased a new one to replace the old one which seemed to be impossible to to fix at a cost of around $2,000. 1 Day later her new laptop was infected although it wasn't apparent to to her. I am currently go to school for my Bachelors in Computer science, my Cisco CCNA and Network security certifications. Have been building computers since I was 10 (am 28 now) and I have never come across anything like this in my life. She has been content with just letting it be because the computer works to a point. I on the other hand will not have someone or something controlling my computer. The os on this computer is Windows 7 Home Premium x64 HP laptop with a 2nd gen core i-7 that runs like its a 486 and its so infected its unreal. Also the infection causes the computers to load in Windows PE mode in a virtualized environment so nothing picks it up. I have 2 desktops and a several laptops and 1 laptop is a brick now. Purchased a completely new system several months ago I5-2500k, Asus P8z68-v pro motheboard with UEFI, various other things and it was infected by what I believe was my cell phone which hacked my router. Overall we have literally replaced 10 or more bricked routers, she is currently using an Asus RT-n16 which is hacked at the firmware level. On the regular login screen everything appears to be fine, but ssh tunnel into the router and I find all kinds of backdoors and remote control mechanisms which are very hard to remove. I have a buffalo wzr-hpg300nh and I have succesfully cleaned it countless times and it just keeps coming back. It involves sshing into the router manually erasing all the mtd partitions and jtaging the firmware back onto the router or it wont go away. My new asus computer is seemingly unfixable although I think I may have found a way to fix it. I have secured erased ssds and hard drives, reflashed bios's probably 100 times now. The infection appears to have spread to just about every piece of flashable firmware on the motherboard on each computer. I am in the process of engineering a bios update with all the firmware packed in and forcibly flashing the network adapters, pci bridge, usb controllers, sata controllers, the UEFI bios which hasn't helped at all, everything that can be flashed. I have secured erased my hdds from the dos prompt with MHDD cold plugging them so the bios doesn't interfere, and the majority of the drives all of HPA areas that have to be removed each time. On a fresh windows install with a freshly flashed bios and video card and secure erased HD the virus will be in the x:\sources directory before windows has even started the installation. And this is using GPT partitioning and EFI. Pretty sure windows setup is starting in a virtualized environment each time. There are multiple calls from the acpi tables that I can see in linux along with conflicting memory addresses and various other signs. I can pretty much cut it off in Linux on a live cd but as soon as its installed it all goes to hell. About to go mad trying to fix this problem and extremely angry that It has pretty much destroyed all my computers. Had to drop last semeseter due to taking online classes and the state of my computers, this all started back in August. It has infected my late EVO4g 2 nexus s 4gs, and a galaxy s 2. Anyways I will stop ranting attaching the requested dds log also the log from Unhackme which has some very interesting information. Thanks any help will be greatly appreciated.