Thanks in advance for your help...
Windows 10 1709 - patched and up to date. All AV sigs up to date. 20 years in the security industry and have delt with trojans and viruses before - but that is all for nought at this point.
One week ago an email notification came in (I had my email hooked up to Windows Mail unfortunately) then disappeared from the inbox. Immediately Norton threw up and detected malware via heuristics...then barfed. Malwarebytes went silent. System hung. Rebooted and after a long reboot, all seemed normal. I checked the logs but there was no mention of an infection. Scanned with zero results in Safe / normal mode.
The next day I came down in the morning and noticed my system was on even after turning it off the night before. Then the system started bogging down after a few hours and I knew I was infected. The malware appeared to be tunneling through DLL's. Norton and Occulus processes were contacting Microsoft IP's but I killed the processes and the communication moved to other .dll's. Blocking hosts with MVP worked for a while but comms always came back. (TCPlogView, Wireshark).
Regular AV was reinstalled but I soon figured out they were trojaned (redirected). Norton account saw my last connection the day the trojan hit. Ran Roguekiller / RKill / ADWCleaner / etc. which are my goto. No joy. I have run and used Combofix in the past with a lot of success - but it won't work on this build of Windows.
Booting to rescue CD's hung the system even though I knew they worked. Keyboard and mouse (USB) were experiencing lockout with some disks although I changed the bios options (legacy). Decided to reinstall a backup (EaseUS unfortunately) and deleted the drive volume. On restoring backup, drive was "too small" even though it was a sector by sector backup.
On investigating the drive with GParted, the drive could be partitioned and formatted in any FS type (but I don't think it didn't really do it) but once formatted ntfs showed a 99mb (reserve) partition with 79.35mb used. Nothing was copied to the drive. The partition won't delete and keeps coming back. Used Killdisk (free), DBan wouldn't load, EScan boot disk using GParted - same issue. It is impossible to remove.
Flashed the ASUS Bios a number of times (up and down graded). Asus Bios Update utility see's 1MB partition on DVD (fs0:\) when selecting the update source - which I think is where the Trojan is hiding. But I could be wrong. The fact that GParted and other formatting tools can't clean the hidden partition makes me think that the bios is infected.
It is also infecting USB's.
I have reinstalled Windows on the infected drive to see if I can delete the Trojan using any tools you can suggest - in order to restore the backup onto the drive. I have lost 7 days work due to this infection but now I need some professional help. Any help you can offer will be much appreciated.
At this point, I just want to recover the hardware and do a restore. Other drives were connected but all are off the system now. Unsure of reconnecting them and in reinfecting.