Question Virus remain after Windows re-installation

Dec 5, 2021
16
0
10
What virus? How do you know it is infected?
Did you wipe all disks? What about any USB devices?
It's RAT virus.
Someones is just playing with my computer.
-restart my pc
-eject my dvd writer
-close processes
-installs programs without I even notice
-stops my internet
-delete the Windows system files
-hide tray icons
-pc is so slower
I own only 1 hdd and i formatted it before install the Windows.
The media was created on clean pc (its a DVD disk).
And i do not inserted any USB devices after the installation.
 

kanewolf

Titan
Moderator
It's RAT virus.
Someones is just playing with my computer.
-restart my pc
-eject my dvd writer
-close processes
-installs programs without I even notice
-stops my internet
-delete the Windows system files
-hide tray icons
-pc is so slower
I own only 1 hdd and i formatted it before install the Windows.
The media was created on clean pc (its a DVD disk).
but you don't have a specific signature. Do these things happen IMMEDIATELY after Windows install? Or is it only after you have installed all your programs? Where did those all come from?
Maybe it is time to put some $$$ and buy a brand new disk to install Windows.
 
Dec 5, 2021
16
0
10
Well,i got the sympthoms seconds after the installation is completed and i connect it to the internet.
All programs i have installed are from official sources and doesn't contain any malware IMO.
 

kanewolf

Titan
Moderator
Well,i got the sympthoms seconds after the installation is completed and i connect it to the internet.
All programs i have installed are from official sources and doesn't contain any malware IMO.
Contaminated installation media would be most likely. BUT it could be some other host on your local network. Have you factory reset your router and hardened it (disable WPS, disable UPnP, set a strong admin password, change WIFI passwords to strong unique values).
You could check the LAN possibility by doing the above router hardening, then disable WIFI and disconnect all other LAN cables before you start your Windows install.
 
  • Like
Reactions: adonix45
Dec 5, 2021
16
0
10
I don't have router.
I always disconnect the LAN cable before do OS installation.
I read in internet that exist some viruses that may infect BIOS or firmware of the pc.
But they are very rare and i'm not familiar with them.
Don't know what other can be. :D
 

kanewolf

Titan
Moderator
I don't have router.
I always disconnect the LAN cable before do OS installation.
I read in internet that exist some viruses that may infect BIOS or firmware of the pc.
But they are very rare and i'm not familiar with them.
Don't know what other can be. :D
Not having a router is an issue, IMO. You have nothing to protect your PC. You can't get windows updates installed before you are compromised.
 
You say you formatted your hdd before installing Windows; how did you do this and why did you do this? If you formatted your hdd using an virus infected source then the virus won't go away. Also, Windows does not need an hdd to be formatted before installation; it actually prefers that all of the space on the hdd be unallocated. All that's really needed is a GPT partition identifier. You can use a program like Gparted to remove all of the existing partitions on your hdd where a virus might be hiding so that the entire hdd is unallocated and then check the partition identifier to make sure its set as GPT.

https://gparted.org/download.php
 
  • Like
Reactions: adonix45
Dec 5, 2021
16
0
10
You say you formatted your hdd before installing Windows; how did you do this and why did you do this? If you formatted your hdd using an virus infected source then the virus won't go away. Also, Windows does not need an hdd to be formatted before installation; it actually prefers that all of the space on the hdd be unallocated. All that's really needed is a GPT partition identifier. You can use a program like Gparted to remove all of the existing partitions on your hdd where a virus might be hiding so that the entire hdd is unallocated and then check the partition identifier to make sure its set as GPT.

https://gparted.org/download.php
I formatted it with the Windows setup installation.
Btw there is no av software that i haven't used to scan.
Also scanned with boot av.
But none of them detected it.
is this normal :

 
Last edited:
UEFI malware is on the rise without a doubt. If your UEFI is infected there is ZIP you can do to restore it unless you get a clean image from the MB mfg. Even resetting the keys won't help.

Enable safe boot and TPM 2.0 IF you have it.

That said, I will echo was was said above: Put a router between your cable modem and PC in question. If it is a ISP company supplied modem, chances are it has a router built in. If you are on a college ethernet port, a router is still advisable.

The router will close most common attack ports as a basic security measure. (Until you get good AV installed like BitDefender + malware bytes)
 
  • Like
Reactions: adonix45
Dec 5, 2021
16
0
10
UEFI malware is on the rise without a doubt. If your UEFI is infected there is ZIP you can do to restore it unless you get a clean image from the MB mfg. Even resetting the keys won't help.

Enable safe boot and TPM 2.0 IF you have it.

That said, I will echo was was said above: Put a router between your cable modem and PC in question. If it is a ISP company supplied modem, chances are it has a router built in. If you are on a college ethernet port, a router is still advisable.

The router will close most common attack ports as a basic security measure. (Until you get good AV installed like BitDefender + malware bytes)
Mhm,i also think that.Btw i don't have secure boot or TPM options available.
Atm i use BitDefender + HitmanPro + SpyHunter5,who found nothing.Plus that the virus is active before the system load.Please,could you be more specific on that how to remove the nasty virus(If you know offcource).If you need some info about system just feel free to ask. :)
THANKS.
 
Last edited:
Mhm,i also think that.Btw i don't have secure boot or TPM options available.
Atm i use BitDefender + HitmanPro + SpyHunter5,who found nothing.Plus that the virus is active before the system load.Please,could you be more specific on that how to remove the nasty virus(If you know offcource).If you need some info about system just feel free to ask. :)
THANKS.

Motherboard model and CPU please.

If it's an AM4 socket, you do indeed have TPM as fTPM which is part of the chipset features starting with the x370 chipsets and above. Secure boot (Boot section protection) should also be on. I would also try to install windows 11 if your system is compliant.
 
  • Like
Reactions: adonix45
Dec 5, 2021
16
0
10
Discord,steam,Brave etc etc.Everything is downloaded from official sites.
Edit : I use Windows 10.
Some icon in the tray just dissapear,sometimes appear.
Example : Bitdefender,The volume,Windows security.
 
Last edited:
Dec 5, 2021
16
0
10
Do NOT install anything. Let it sit a couple days and see if anything changes.
I think that the virus can be in BIOS.
I read in internet that is needed to flash it to remove the infection.
Now i got the flash file download to my flash drive.
Is there something specific,except to run flash utility from BIOS ?
What you can say about this?
If it isn't in BIOS,the only thing that left IMO is the HDD firmware.(I don't believe that the rootkit is that sophisticated).And can be removed only with SPI programmer.
 
Last edited:
I think that the virus can be in BIOS.
I read in internet that is needed to flash it to remove the infection.
Now i got the flash file download to my flash drive.
Is there something specific,except to run flash utility from BIOS ?
What you can say about this?

Good luck. Follow the directions extra carefully. It is possible to brick your system if you do it wrong. Make sure the BIOS you downloaded supports your CPU in question. It will be in release notes.
 
  • Like
Reactions: adonix45
Dec 5, 2021
16
0
10
Good luck. Follow the directions extra carefully. It is possible to brick your system if you do it wrong. Make sure the BIOS you downloaded supports your CPU in question. It will be in release notes.
Last question.
Some ppl said that is needed to remove the HDD and CMOS.
It is needed to do a low level format before remove the hard disk and battery ?
Is that necessary and do it have more steps to do ?
 
Last edited:
Last question.
Some ppl said that is needed to remove the HDD and CMOS.
It is needed to do a low level format before remove the hard disk and battery ?
Is that necessary and do it have more steps to do ?

If you change the boot order in the UEFI to boot from the DVD/USB stick first it shouldn't be an issue. Once the disk is wiped by the windows installer, it's wiped.
 
  • Like
Reactions: adonix45
During the WIn10 reinstallation, are you actually deleting all partitions (of all drives connected) in the installer menu, which forces creating a new partition/quick format, or, selecting some sort of 'keep my programs/data' options? (Rewriting Windows on top of itself but leaving all your data/apps intact accomplishes quite little, if applicable)
 
  • Like
Reactions: MikeGose1