Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


VMM/Hypervisor Malware All Around - undetectable / unremovable so far.

  • Please log in to reply
1 reply to this topic

#1 firmlyhypervisor


  • Members
  • 2 posts
  • Local time:04:27 PM

Posted 03 August 2015 - 11:41 PM

Have you guys noticed a ton of "unsolved" cases popping up with users.

Here is a good example.



I have the same problem. The reason no tools, scans, rescue disks, rewriting the MBR, flashing the BIOS, flashing firmware, etc. will never detect or fix the problem. Even a wipe of something like Jetico BC Total Wipeout/hdparm, clearing all or almost all places where flash memory can hide will get rid of it. Even a new hard drive won't get rid of it. Anyone have some SPID tools and know assembly language, lol ?


The reason it never goes away because they are on a virtual machine.


If you look at a lot of these farbar reports etc. I just glanced over a few here...there is a lot of files that don't belong. Many of the files are old experimental files from MS or Intel/AMD.

As the posterabove mentions...it absolutely brute forces in via bluetooth and infects everything around it. It even got my camera.

I can tell pretty quickly when someone has it.


Does anyone have any experience with succesfully getting rid of a hypervisor/firmware/bootkit/BIOS type of exploit?
There is some research papers on the subject...but no one really lays out how to actually get rid of it. Especially if the VM the user is on restricts things like "blue chicken" or other VM detection tools from being run.


This is a new account. I have had paid help, people on this board, etc. no one knows how to get rid of it. Not sur if it is gov't based or what...


Any details or input is welcome.




BC AdBot (Login to Remove)


#2 firmlyhypervisor

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:27 PM

Posted 17 August 2015 - 03:41 AM

Yes, I was just joking :bananas:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users