[SOLVED] What can be used to see where the deeply hidden malware is hiding?

Mar 26, 2020
1
0
10
I have completely wiped my drive with four different wiping software, Canadian Mounties,US Armed Forces, DBan, and Boot and Nuke, one after the other, then reinstalled Win10Pro with BRAND NEW MS Win10 Flash Drive and still files have changed, dates, and an 'UnknownAccount' within 10 minutes. What can I use to find where this backdoor or files calling to a C&C are on the computer? I have tried every antivirus and other software, but it says I am clean. I even have over 40 different Services I can't change along with 10's of changed files in WinSxS folder. I get one sale within minutes each time I wipe and reinstall, then nothing until I do it again. Once in a while I notice Chinese lettering, and most all bad files say 'translation' at the bottom of each file. Thanks for any help, I would truly appreciate it!
 
Solution
it could be in the BIOS or even in the ram. you can flash the BIOS and remove the ram for a few minutes to wipe it out as well.

otherwise it is likely elsewhere, like in your router or other pc on your network letting the traffic in.

obviously its not on your hdd since you've wiped it out a few times. any external drive/usb with data might be hiding it. but clearly you got something that keeps re-infecting the system.

Math Geek

Titan
Ambassador
it could be in the BIOS or even in the ram. you can flash the BIOS and remove the ram for a few minutes to wipe it out as well.

otherwise it is likely elsewhere, like in your router or other pc on your network letting the traffic in.

obviously its not on your hdd since you've wiped it out a few times. any external drive/usb with data might be hiding it. but clearly you got something that keeps re-infecting the system.
 
Solution
Default/hard reset your router....

Perhaps your brand new MS Win10 install USB might be compromised as well...

get a known good USB flash drive and make an installation flash drive from an uninfected system, downloaded straight from Microsoft via their Media Creation Tool app....

Just in case suffering from some new strange rootkit, disconnect your current hard drive or SSD, and use a different one...