Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Firmware Infections??? (Split From Another Topic)


  • Please log in to reply
9 replies to this topic

#1 danakabradpit

danakabradpit

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:omaha ne
  • Local time:06:59 PM

Posted 27 July 2015 - 12:23 PM

Edit: Post replies split into it's own topic. ~ Animal
Split from: http://www.bleepingcomputer.com/forums/t/583699/will-restore-fix-all-viruses-other-issues/

Uh no. I had mbr code re written, and full disc wipe, and windows reinstalled by professionals and I have done it myself numerous times also, and I am still infected right now. @ this my friends is after system image RESTORE!! trust me , that's why I posted possible firmware infection in assistance forums . Also I am concerned with it being a firmware, would installing a new SSD hard drive in Samsung PC just result in failure if so?

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:59 AM

Posted 27 July 2015 - 01:45 PM

There are no firmware infections in the wild right now... if you are still infected, chances that you got reinfected some other source (infected backups, revisiting infection source etc.)

#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:59 AM

Posted 27 July 2015 - 04:10 PM

It could also be that your router is infected.

 

Without going too far down the malware removal path, can you explain why you think you are still infected?



#4 danakabradpit

danakabradpit
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:omaha ne
  • Local time:06:59 PM

Posted 27 July 2015 - 04:45 PM

Ok try to keep it brief and simple. Third party tools do find various stuff-rogue killer svc host but inconsistent/power erasor-drivers/ tdss Bluetooth driver/ hijack this a whole list in active x@registry/and I find my control panel(I find funny)hardware admin symbol gone entirely from the screen so I couldn't disable any -k networks infamous name Also 2006 windows signed drivers . Process hacker is also a big help with live notifications.

#5 danakabradpit

danakabradpit
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:omaha ne
  • Local time:06:59 PM

Posted 27 July 2015 - 04:52 PM

In response to that , my last crash I had from this I believe firmware infection , I used command prompt chkdsk in admin. In recovery mode. Upper case NTFS files on c drive found corrupted .The command to fix wouldn't work, along with several others. I went ahead with windows 8 disc and carefully erased/formatted partition tables then booted windows 8. Immediately I downloaded webroot and shadow defender. I managed to take a pic of this when I caught it installing. Unfortunately it beat me to shadow defender getting finished up. The pic of the properties of Alaska day 2006 and driver management configuration is on my post in the malware asstance offering money.I'm not trying to hijack this thread so ill leave it at that.

#6 danakabradpit

danakabradpit
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:omaha ne
  • Local time:06:59 PM

Posted 30 July 2015 - 04:52 PM

LATEST update--> I was in recovery mode, and I used the admin command prompt to use chkdsk, disk part , and then clean all. Supposedly the clean all , not the clean command , wipes out everything on your system including partitions, you name it. It took a few hours, and it seemed like it was doing its job. I was expected a difficult time booting back up because on the chkdsk command the only sector was 0 and I used that for the command, so I assumed there was no bootable drive. The pc went into automatic repair mode, failed to do so, but somehow ended back up to recovery mode as before. I then proceeded to put the windows 8 installation disc in, and first I checked the repair on the system to see if anything was on that. I don't know where I went wrong but I loaded up a clean boot on that menu and even though it said windows could not boot on that partition , I used it anyways out of sheer luck or hope and it worked. Windows 8 re installed and as soon as I got to the desktop side, I went and opened up explorer and downloaded shadow defender, in less than a min it took. I put it into shadow mode and then proceeded to look into my drives in my control panel under device management . I found once again the drives that have been persisitantly coming back . This time I managed to use Kaspersky ems. kit while the system was getting bogged down again as it was reconfiguring everything, and it found a whole bunch of registry keys tampered with, but I could not manage to get on here to upload so maybe the pic from the phone would work idk. Either way after doing such a process , I am stuck once again wondering what this thing could be .

WP_20150726_17_56_14_Pro.jpg
WP_20150715_01_13_09_Pro.jpg
WP_20150715_01_13_03_Pro.jpg
WP_20150715_01_13_24_Pro.jpg
WP_20150715_01_13_29_Pro.jpg


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:59 PM

Posted 30 July 2015 - 05:49 PM

If you want a comprehensive look at your system for possible malware, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If you choose to post a log...after doing that, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 danakabradpit

danakabradpit
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:omaha ne
  • Local time:06:59 PM

Posted 13 August 2015 - 11:16 PM

Malware study hall senior, as of right now my system does seem to behave fairly descent, only things noticeable are within my browser, some slowdown issues, along with the mouse- it will disappear behind certain frames within the browser. Rogue killer found again svc host infection recently (in pic), you know I know there is a infection going on, for sure, and I am not trying to bug anybody on here and be annoying. I have a strong inclination  that it is related to a virus that injects its code into signed windows processes also that there is a backdoor in the system, because of various new mysterious items in my registry before the machine would lock up on me from the boot ( I was not disabling anything ) and then only way I could recover was do a fresh re install. I have seen control panel icons to access security settings and drivers entirely disappear out of thin air , masked off somehow to make it look like it was never there, seen firewalls and antivirus apps literally disabled and left into pieces out of the blink of a eye for no reason whatsoever...while watching process hacker notifications light up like a Christmas tree for no reason in the middle of the night , followed by the typical crash and a back screen with just a mouse when you go to boot up again, and was very stubborn to get into recovery mode from there. You name it I have seen it. So its behavior in some areas are here again, but like I said right this second it is behaving which it has done in the past.

     I am thinking also that I need to change my i.p. address, get a new router, maybe contact my provider and see what further things I can do in case my address has been compromised by a hacker. I posted on here a photo of a file labeled Alaska 2006 also. This particular file is very very suspicious , as it appeared to go to work at the very beginning after a fresh reinstall of windows, and curiously its not a windows file, so after doing a command line from emergency mode chkdsk, dskpart , clear all ... and erasing all including the windows boot drive, you would think a strange file like Alaska 2006 wouldn't come up, along with the fact in my msconfig panel in the events it was showing some related errors with this one and it doing some suspicious stuff/ along with BTHUSB/ and I found corrupt upper case NTFS files in my old drive. Hopefully crucials mx200 can hold up a bit better idk.

  On a side note one item I found connected to my router network is my Samsung pad and it is infected come to find out. I downloaded the Gdata app after I ran a new app from virustotal and it found Trojan masterkey A infection on over 9 virus scanners. Gdata tried to do a update and first round it said it had received corrupted files , being downloaded. Also it found the infection called Android.Trojan.MasterKey.C(0-LB1XOS) (com.sprint.w.prefact), and it is un able to uninstall this app, it seems to be rooted in there somehow, and my device is not rooted so I cannot gain access to this. Not sure yet if this is related to anything that is going on but I also have very little knowledge in dealing with malware on android side.



#9 danakabradpit

danakabradpit
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:omaha ne
  • Local time:06:59 PM

Posted 13 August 2015 - 11:21 PM

Quietman 7 , I am fairly new at this I do apologize if I am doing something wrong here, I don't quite understand when you mention closing this one. You recommend me opening another thread somewhere else? I have a lot of info on here , some useful , some not but I have been trying to work hard to diagnose something here but I have not found a solution yet.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:59 PM

Posted 14 August 2015 - 05:58 AM

As a general rule Bleeping Computer does not close (lock) topics in this forum. An exception to that rule is malware related topics...we close topics when a member has been asked to (and does) start a new topic in the Malware Removal Logs forum and posts the required logs. Closing the topic helps to avoid the confusion that often results when a user has two open topics.

When a new topic is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the information or any log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

You can provide a link to this topic in your new topic so the MRT Helper will have access to all the information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users