Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC has been hijacked


  • Please log in to reply
No replies to this topic

#1 j3trooper

j3trooper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 19 August 2017 - 05:56 PM

When I rebooted my desktop (Windows 10 home edition) last week I discovered that it had been hi-jacked. There was a new user and password and I could not now log into my desktop. I have downloaded and tried Hirens boot CD loaded onto a USB stick which I understood to be able to clear passwords but I cannot now change to boot order in order to boot from the USB or CD as the system will not let me.

Whilst I can appear to change the boot order in the Bios when I reboot and press F12 to see the revised boot order it is still booting from the Hard drive and I cannot change the order on that menu because as soon as I highlight USB or CD rom as the first boot order and then press enter it automatically reboots before I can move the selection up to boot from first.

I have also removed the motherboard battery and left it out for a few hours in the hope that the bios settings (which could be infected?) are returned to default but that had no effect.

If I attempted to repair windows after the screen displayed the new user it just returned back to the log on screen again for the new user
 

A colleague advised me to get a usb to hard drive lead and remove the C drive (250gb Samsung SSD) from my desktop and scan it for malware.

When I connected it to my laptop it was not displayed in windows explorer so I went into Administrative tools/Compiter management and it was displayed as an unallocated drive. I formatted the hard drive & created a new volume and noticed that the 250gb capacity was now only 232gb. I have a similar Samsung 250gb SSD in my laptop and that is shown as having a capacity of 237gb.

 

When I scanned the infected hard drive using Windows defender and it showed that there were two rootkit virus's (one for Windows and one for Office) plus a further two in the history that has been previously allowed. I removed all four and then re-scanned it. I also downloaded Sophos home edition as recommended by my colleague and scanned my laptop and also rescanned the infected SSD hard drive but no further threats were identified.

 

I then downloaded windows 10 home edition from MS MCT on to a formatted usb stick and re-installed the SSD drive in my desktop and tried to install windows. Although I can go through the process of installing windows as soon as the PC reboots it just goes back to the original screen to install windows again.

I took a video of the boot up screen as the display flashes by quickly and it briefly displays:-

No PXE stack commands (hangup means you have a problematic config).....

Running menu commands (hangup means you have a problematic config)..... 

 

I suspect that the Bios could be infected because I cannot change the boot order and also that the reduced capacity on my hard drive could be due to a hidden partition containing the rootkit/virus.

I have downloaded Samsung Magician to try to reformat the drive using that in the hope of getting it back to the full capacity but although it is shown as a storage device in Windows explorer it is not recognised by Samsung Magican 

Any advice on what to try next would be much appreciated.

 

Any help would be much appreciated

 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users