When I rebooted my desktop (Windows 10 home edition) last week I discovered that it had been hi-jacked. There was a new user and password and I could not now log into my desktop. I have downloaded and tried Hirens boot CD loaded onto a USB stick which I understood to be able to clear passwords but I cannot now change to boot order in order to boot from the USB or CD as the system will not let me.
Whilst I can appear to change the boot order in the Bios when I reboot and press F12 to see the revised boot order it is still booting from the Hard drive and I cannot change the order on that menu because as soon as I highlight USB or CD rom as the first boot order and then press enter it automatically reboots before I can move the selection up to boot from first.
I have also removed the motherboard battery and left it out for a few hours in the hope that the bios settings (which could be infected?) are returned to default but that had no effect.
If I attempted to repair windows after the screen displayed the new user it just returned back to the log on screen again for the new user
A colleague advised me to get a usb to hard drive lead and remove the C drive (250gb Samsung SSD) from my desktop and scan it for malware.
When I connected it to my laptop it was not displayed in windows explorer so I went into Administrative tools/Compiter management and it was displayed as an unallocated drive. I formatted the hard drive & created a new volume and noticed that the 250gb capacity was now only 232gb. I have a similar Samsung 250gb SSD in my laptop and that is shown as having a capacity of 237gb.
When I scanned the infected hard drive using Windows defender and it showed that there were two rootkit virus's (one for Windows and one for Office) plus a further two in the history that has been previously allowed. I removed all four and then re-scanned it. I also downloaded Sophos home edition as recommended by my colleague and scanned my laptop and also rescanned the infected SSD hard drive but no further threats were identified.
I then downloaded windows 10 home edition from MS MCT on to a formatted usb stick and re-installed the SSD drive in my desktop and tried to install windows. Although I can go through the process of installing windows as soon as the PC reboots it just goes back to the original screen to install windows again.
I took a video of the boot up screen as the display flashes by quickly and it briefly displays:-
No PXE stack commands (hangup means you have a problematic config).....
Running menu commands (hangup means you have a problematic config).....
I suspect that the Bios could be infected because I cannot change the boot order and also that the reduced capacity on my hard drive could be due to a hidden partition containing the rootkit/virus.
I have downloaded Samsung Magician to try to reformat the drive using that in the hope of getting it back to the full capacity but although it is shown as a storage device in Windows explorer it is not recognised by Samsung Magican
Any advice on what to try next would be much appreciated.
Any help would be much appreciated