Jump to content

cymatechs

Techbench
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by cymatechs

  1. @Ron Just a quick update; I forgot to mention I am running an Arch Linux w/KDE distro and will have to use the Linux equivalent software in some cases. Most secure wipe tools are Linux based at the core so this should suffice hopefully. I will be installing Win10 into the target device though, as this is the goal. The two top links provided for HDDerase.exe were moved/old and I was not able to find a mirror that was trustworthy. However, I read the documentation, and after some research decided to go with Parted Magic. Parted Magic, I believe HDDerase.exe was forked off of this. DBAN, DD, Dept. of Defense level wipe tools are all integrated. 12hours until wipe complete, last pass will verify, and I will submit logs. My built in native file manager verifies the Checksums in SHA256 and MD5. Will this be OK? I will remove wiped HDD from MOBO after wipe and keep it disconnected until advised. A live CD-ROM is being used for this...and I will check out the USB wipe/flash/secure links you provided as well. In a Windows environment, this malware attacks the USB immediately and prompts a "bad device warning, reformat Y or No". So I definitely want to secure the USB's. Currently the drive is being wiped by NWIPE , Method: DoD Short (1 pass zero write, 1blanking pass, 1 verification pass) , the Internal ATA wipe command would not commit for Western Digital ATA 1TB HDD Caviar. I will still hit it with a shot of DBAN afterwards, I also zapped the MBR etc. before doing all of this. ATTACHED: <.docx> file of Computer System Summary before Wipe. System Info before Wipe_MBytes01182018.docx
  2. Thanks, yeah this wipe will take about 16hours to complete approx... I will contact you upon completion for next steps and will keep the <wiped HDD> offline/disconnected from MOBO. Not that it matters since no warranty is effective or needed for this device, but will this also erase manufacturer embedded data such as "serial #, dev type etc.?" Just curious, as I will be reading all the link data provided as well to find out. Do you think using a live boot cd to initiate the wipe would add any benefit for security? I may be able to compile the wipe tools provided into a bootable USB, but if it's overkill I would rather save myself the time.
  3. @Ron I am PST timezone and thanks again for your help. I will start wiping the drives exactly as specified, this will take most of the day on a 1TB spinner. On the erase/wipe options should I select <rewrite zeros> to overwrite which takes hours? I will be getting the system ready for wipe, anything additional that you need me to do with the router? Should I stay off of that network? Not to fond of using well known ISP default router settings to go online.
  4. I read the links provided and want to ensure that we start as clean as possible. Please advise if I am missing any vital steps. It seems the best option for this particular router (ISP provided telephony/gateway) is to Factory Reset, clear NVRAM is with the onboard GUI, But since we need to cover all possibilities I also used the 30/30/30 method, then cold start after 8 hours no power, the other methods do not apply. I have 2 of the exact same routers just in case we brick one, and other AP's to use if needed.
  5. @Ron, factory default settings have been restored on the router using the on board GUI.
  6. Hi Mr. Lewis, I have decided to revisit this unresolved matter in light of current events. Would you mind if I provide the requested logs, videos and research for your viewing? I seem to know the gist of all of the UEFI/BIOS vulnerabilities, but I do not have a full grasp of how to detect, isolate, re-flash firmware, in a methodological way. I will gather a lab device to use, and video log it to YouTube. I will provide any logs requested within 24 hours. Would you like me to start with a "Clean install of Windows" and take it from there? Thank You for any help you can provide, cymatechs
  7. First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.