pgpav2003

and y the way I am now using the fourth disk in the instillation as was normal.. I will know fully in in another 27 hrs whether I am completely successful........it will take that long to write the disk with zeros and 1s.. But so far I am back in control of both bios and hard drive. :D I know this because I don't get the second bios screen any more

yes tried it a number of times a number of ways .............Its taken me some time but I have now found a solution that worked for both the bios as well as the hard drive block. I wont post the solution here I guess because the same people that did this to my computers are also reading these posts. In fact I wont post anything until I can prove what I am doing works for all of my computers. I can tell you turning off internal networking in your bios makes a huge difference.

and the manufacturer dosent support flashing in any other ways bar through windows.

hahahh this thing has been flashed with something abnormal so I guess I am looking for something abnormal to get a proper flash to happen. Its been blocked and locked so that it cant be flashed by normal means .

Do you have any bios coders at your disposal that would take a look at this .. I am sure that once I can get things sorted on one the other 3 machines will also come good.. ?????

hahah great time trying to flash the bios.............................I am afraid the infection has modded the one in my system I am getting errors saying my battery is full and the power is plugged in and the bios is higher than the one I am trying to use. Talk about a self protecting infection or hack. And Toshiba do not support doss flash. It has to be done from within windows .............a very foolish thing for the manufacture's to do considering it gives their customers no ability to fix things if windows fails. I will see what I can find to remedy the situation.. But the Toshiba forums are pretty sparse with good info

I have taken Xara off the computers for the time being because I think it is suspect in this and I will probably have to take any of the other programs I have off that contain servers or downloaders. ie Magix music maker because it always has a server running in your background programs. I guess turning off anything that runs on autopilot as far as updating goes needs to be shut down because even if you are not on the net the program is still running and probably allows the virus to run from one cleaned area back through again . The old never ending circle trick

One other thing I did find is that this virus does seem to affect the Xara program for web design ......and I have a sneaky suspicion that the virus may be used to access your server area so be very careful not to touch your sites with the infected computer

Hi Baffle D I have no objection at all to sharing information in regards to this but I guess we should wait and see what our mentor has to say on the subject.. I am currently gathering info on the roms in my Toshiba and hope to take it off net and flash each and every one of the roms with new compatible firm ware. As well as do the same for the the network routers and cards. A very time consuming job.. I still think that the bios is the key to all of this because if it is compromised so will everything else be. Some of the things that I did try before coming here that seemed to work for a short period of time was to strip the internal networking capabilities from the sytem files as well as the shadow copy and also delete internet explorer while off net then encrypt the drive . That seemed to hold it for awhile but I must have left some doorway open somewhere and they got back in after attacking my router for about a half hr straight ... I presume that attack was to brake the egis encryption code as the following day I was again a work station.. The inventor of this hack is very very good normally I do all my own virus removal but this one seems to be a little more than the average type hack.. It displays all of the characteristics of a tdds hack but also has the characteristics of the Roushan bios virus that the Dark Night kindly posted in a previous post.. Not sure which way to run on this one but I distinctly remember how my installs used to be and they are markedly different now. Anyway will leave it till the Dark Night adds his reply cheers and I hope a combined solution will come from what we do

But getting back to my initial posts and sticking with what I can physically see happening as well as maintaining direction in this . There is a block in the bios stopping full ownership... I suffered from a phone attack as well when all of this started but I don't have it connected to the net.. Both of the above tell me that It is a personal attack to gain credentials and control of the pc.. There is piracy involved here I buy the software and they send me a cloned copy via my own download as it passes through their server first , which I presume is why I can never activate under normal net connections I also set my network stuff as stand alone computer but that never sticks and I always end up becoming a work station which also fits with the above. I will still keep persisting as well as baring the article you supplied in mind . Thanks again for your help.

well it certainly seems to be very rare but somewhere between that and TDSS is what I do seem to have.

the 4th disc actually contains the 32 bit instillation files... I checked.. So I guess that its probable that the hackers are already using that set of instructions so the instillation dosent ask for it.....and that's how they control everything simply by owning the boot. As I said even on a clean install it was installed twice the initial instillation gets to a certain point and then starts again and then finishes. I have done enough factory resets on the machine to know what is happening is just wrong

I guess because the logs don't show any thing that you think I am wrong but I know that I am not......If the machine is wiped clean and dosent ask for the fourth instillation disk then I am sure that it isn't clean. Initially when we started I said it was a bios and binary hack and I am still of that complete belief. Just like there are lieing numbers in maths there are lieing numbers on the hard drive and I am sure that these hackers are making good use of them to move things just enough to trick everyone and everything. Today I did a netstat on my asus win 8 machine after a clean reinstall. I renamed the pc and when I looked at the netstat I could see that I was connected to the old instillation and on checking the router log could see that the old instillation was connecting to the internet even though I had no browsers open and windows update was shut off.. If you want to give up its ok.. I have been at this a long time now and I guess you must be sick of it.. All I can say is I have been working with computers since windows 95 and this is the first time I have ever been truly baffled by what has been happening . But I do stress I know my computers like the back of my hand and I do know when I am being fooled with.. I don't intend to give up because the people that did this don't deserve to get away with it. Walk in take and trash..........and hide like little children ..

straight after the scan I was blue screened and crash dunped .. Also during the factory reset although I set the time date and geo location as one normally does and it was accepted and saved on the next boot my clock was 10 hrs different .... and all things to do with time etc needed to be reset

I ran this straight after and the acer is still there RogueKiller V8.4.3 _x64_ [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Peter [Admin rights] Mode : Scan -- Date : 01/31/2013 09:31:22 | ARK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] aswMBR (1).exe -- C:\Users\Peter\Desktop\aswMBR (1).exe -> KILLED [TermProc] [RESIDUE] aswMBR (1).exe -- C:\Users\Peter\Desktop\aswMBR (1).exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6465GSX ATA Device +++++ --- User --- [MBR] 06b406295e220c5574631cbea909e762 [bSP] 5a7dd3144b9ace3ab1bcbef773604b7f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596964 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1225656320 | Size: 12015 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01312013_02d0931.txt >> RKreport[1]_S_01312013_02d0931.txt