Question What are all the way to know that our O.S. is a vm?
- Thread starter WBlueHat
- Start date
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
- Nov 26, 2023
- 22
- 0
- 10
Nope but I suspect to have a VM bootkit/rootkit that infect HyperV
I have tried to disable HyperV rules or HyperV itself but without success
- Mar 16, 2013
- 176,862
- 20,520
- 184,590
I know with Win 10 Pro, running in an Oracle VirtualBox instance, there are multiple references to "VirtualBox" or "VBox" in the Registry.
This is without the VirtualBox software installed in this guest OS.
For instance, in HKEY_LOCAL_MACHINE:
'VirtualBiosVersion'
Oracle VM VirtualBox Version 6.1.30 VGA BIOS
Oracle VM VirtualBox Version 6.1.30 VGA BIOS
Oracle VM VirtualBox Version 6.1.30
Oracle VM VirtualBox Version 6.1.30
This is without the VirtualBox software installed in this guest OS.
For instance, in HKEY_LOCAL_MACHINE:
'VirtualBiosVersion'
Oracle VM VirtualBox Version 6.1.30 VGA BIOS
Oracle VM VirtualBox Version 6.1.30 VGA BIOS
Oracle VM VirtualBox Version 6.1.30
Oracle VM VirtualBox Version 6.1.30
- Nov 26, 2023
- 22
- 0
- 10
Do you mean device guard?
It was off but HyperV still active in the O.S.
I have a Legion 5 laptop
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
- Nov 26, 2023
- 22
- 0
- 10
As you can see there are active rules set by an HyperV
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
I am no VM expert, but those look like default settings and are looping back to the host system.
The magic of Google (disable hyper v windows 11) will give several options for disabling this.
You still haven't answered the question of what makes you think you have an infection/problem? What tools/apps have you scanned your system for malware with?
Have you perused any of this sort of info?
techcommunity.microsoft.com
The magic of Google (disable hyper v windows 11) will give several options for disabling this.
You still haven't answered the question of what makes you think you have an infection/problem? What tools/apps have you scanned your system for malware with?
Have you perused any of this sort of info?
Step-By-Step: Enabling Hyper-V for Use on Windows 11
Want to use Hyper-V on Windows 11? Hyper-V is a virtualization technology that is valuable not only for developers and IT Professionals, but also for college...
techcommunity.microsoft.com
- Nov 26, 2023
- 22
- 0
- 10
The file Host is infected.I am no VM expert, but those look like default settings and are looping back to the host system.
The magic of Google (disable hyper v windows 11) will give several options for disabling this.
You still haven't answered the question of what makes you think you have an infection/problem? What tools/apps have you scanned your system for malware with?
Have you perused any of this sort of info?
Step-By-Step: Enabling Hyper-V for Use on Windows 11
Want to use Hyper-V on Windows 11? Hyper-V is a virtualization technology that is valuable not only for developers and IT Professionals, but also for college...
If you try to add a Firewall rules the system will create automatically an opened rules in Allow App trough Windowd defender firewall,so all rules setted there are useless.
Every AV/firewall software you try to install on the system will be no able to upload itself to latest protections.
Their protections are bypassed,anything is found almost always,except firewall attacks that seems blocked for a while and abuse of svchost.exe and other files that try to change Windows settings etc
Same Health/Defense Windows App are off by default and you cannot change this.neither trough windows registry
Internet connection is closed often,because TCP/IP network drivers began invalid without a reason.
- Nov 26, 2023
- 22
- 0
- 10
Doesn't work.
Tried many times low.level format and flash of the bios.
Last time a professional specialist Web Agency worker tried in his office,with protected router,by 3 clean low level format and in w11 flash of the bios
Anything changed the malware still there
I suspect it's a vm rootkit/bootkit similar to Vitriol or BlackLotus
Tried many times low.level format and flash of the bios.
Last time a professional specialist Web Agency worker tried in his office,with protected router,by 3 clean low level format and in w11 flash of the bios
Anything changed the malware still there
I suspect it's a vm rootkit/bootkit similar to Vitriol or BlackLotus
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
That sounds odd. If you had the Windows installation media, directly from Microsoft, and legitimate sources for all of your applications, that would not happen.
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
- Nov 26, 2023
- 22
- 0
- 10
Yes original system.
It was original when buyed as new product at Megastore(Mediaworld).
And also who installed last o.s. w11 told me he used original w11 installation.
I don't see anything on the screen saying me that it's a trial copy.
I have a question.
Since it almost impossibile to remove the malware from the Pc,can a reset system to factory USB from Lenovo maybe fix the problem?
Idk if this kind of reset Usb are immune to rootkit/bootkit.
But if it can do the job I would try.
Founded today on the link u gived to me,I can choose 2 solution downloading it or to buy from them Usb to reset to factory the laptop
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
Just do this: https://www.tomshardware.com/how-to/clean-install-windows-11
Use the Media Creation tool. When you get to part to select where to install Windows, delete ALL partitions and then let Windows automatically configure the drive.
- Mar 16, 2013
- 176,862
- 20,520
- 184,590
I'm sorry...confused here.
"who" did this Win 11 install?
What are the specs of this system?
Make/model of everything.
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
- Nov 26, 2023
- 22
- 0
- 10
Web Agency that I paid to remouve the malware,that have done 3 low level format and new installation of windows11
But the malware is still there.
I have never connected it to the internet from home yet
- Nov 26, 2023
- 22
- 0
- 10
- Nov 26, 2023
- 22
- 0
- 10
Had similar problem on my previous Pc
I know what are rootkits,I have readed about them a bit
- Apr 6, 2009
- 57,464
- 4,458
- 179,340
If they performed proper clean installations of legitimate Windows media, this would be nearly impossible. If you re-installed illegitimate applications afterward, then that likely reintroduced the problem.
Only legit sources should be used.
In addition, you need almost none of the Lenovo bloatware that ships with their products. A clean installation will remove all of that stuff. Then, you can decide what you need and put back.
- Nov 26, 2023
- 22
- 0
- 10
I am not sure what kind of legit source he used.
When I have tried with an original trial copy of w10 downloaded from Microsoft site,the starting kernel was infected already,so i think it must be a bootkit that infect UEFi/bios
U can flash the bios only from Windows on this laptop so it's almost impossible to remouve the malware
TRENDING THREADS
-
Review Nvidia GeForce RTX 5090 Founders Edition review: Blackwell commences its reign with a few stumbles- Started by Admin
- Replies: 197
-
-
-
News After 18 years, Blu-ray media production draws to a close — Sony shuts its last factory in Feb
- Started by Admin
- Replies: 27
-
Discussion PSU recommendations and power supply discussion thread - Tom's hardware- Started by Darkbreeze
- Replies: 2K
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 4K
-
Question 12VHPWR 600W from 1000W PSU can hold the RTX 5090?- Started by vladakv
- Replies: 1
Facebook
Twitter
Instagram