Out of some of the research I've done one of the possible candidates of infection is TLD4. I see many of the same symptoms however I also see symptoms that aren't characteristic of it but I do know that it is infecting something pre-boot.
Also let me add that I do not wish to repair this to use Windows. I wish to completely wipe windows and everything involved I've already backed up everything important and probably won't use it anyway in case it's infected. But I'm just trying to wipe everything I'm going to use Linux for now on. Windows is absolutely horrific everything I found out the past days. I just want to make sure I can wipe everything 100%.
I've been dealing with this for the past week I believe I have something that has infected nearly every device on my network. I've only found one other person with similar symptoms in that was a post on the malwarebytes forum.
I came to bleeping computer because most of the research I did online always involved a post here so it seems like this is the most active virus discussion forum and I would appreciate any advice greatly.
The virus seems to infect every USB that is plugged into the computer and also has rooted itself in my previous phone. I'm on a new phone right now and I'm still paranoid.
Also was able to infect live boot Linux sessions on the computer in question.
I either think that it has infected my Motherboard BIOS and created its own partition and possibly infected my CPU drivers so that it can evade windows resets. It seems to dig deeper after the first reboot after reinstalling Windows. It appears to create its own fake Windows copy to boot from and run its services in the background with its own administrative account trustedinstaller.
It added some registry entries and virtual host system in SQL libraries. Honestly I have found so many strange things that I cannot even list them on the past 4 days I have just found more and more things that raise suspicions. I am a developer myself and have never had to reach out for help for anything in this is something I've never seen before.
Of course all virus scans come up negative including tdss in Malwarebytes are the only ones I could actually get to run most are unble to even run. On the Malwarebytes form I heard reports of it emulating the Malwarebytes program with a fake splash screen. Safe mode does nothing because it owns the system and is running its own version.
I have connected the internet to the system maybe once for a split-second since I've known it existed. And this was only two upload screenshots of everything I found. I cannot use USB devices as it instantly adds its own boot sector to it.
I am not too familiar with the inner workings of Windows however I know what something suspicious looks like because of what it is trying to run. I have some very detailed screenshots that I could provide to anyone with know-how. I have blanked out what I think may be sensitive information like Windows keys and can provide those. No diagnostic tools can be trusted as it is most likely altering the output. I even found a log file where it uninstalled Malwarebytes and then ran its own separate installation of a phantom version.
From Reading Forum posts here hundreds upon hundreds of them the past few days I realize a post of this nature would most likely result in being told that I am too paranoid and that Hardware viruses are very rare and most likely need to be tailored to the individual system. However I who believe I am one of the exceptions to this.
Like I said I have screenshots of things I have found to be suspicious and I am 99% sure that I have removed all my sensitive information from it should it be there but if a moderator would be willing to take a quick glance to see if it is okay to post here I would really appreciate it I have uploaded it to an Imgur album I could link you if you would like to take a look. There are some very very interesting items in there including what I believe to be the method it uses to write itself to my CPU cache.
I also have some registry exports showing what I believe to be the Phantom partition in question.
Apologies if some wording here doesn't make sense I'm using speech to text on this phone because I never use mobile except in a situation like this and it would take me hours to tap this all by hand.
I appreciate any and all input and I'm very grateful for the option to post here regarding my nightmare situation. I know this looks like a beast of a problem and I would be more than happy and and absolutely insistent on tipping whoever decides to take this on and provide any assistance.
Edited by jjssmith6656, 18 January 2018 - 01:28 AM.