My system's infected. Require Assistance.

[periandros]

Greetings,



Please read and understand as to why I cannot follow FAQs.

I am going to need a format first. Windows are inaccessible from system drive.

My former employer send me an mail containing .htm archives which were in bytes. Curiosity and Trust towards that person got the best of me and opened one of

them in my browser. Things appeared in Russian. Malware bytes warned me of the instance then tried to fix it according to instructions.

Then things were occurring such as FTP and Telnet being open in my network connection. Tried to fix it with Avast numerous times as Malware bytes was not reporting such a problem.

When the attack was prompted it changed my system files to unusual settings reported by Avast,probably switching on Remote Desktop Connections and reconfiguring files in such a manner as to extract data.

I am aware of that as C:// starting shrinking more than 20GB the third time I had rebooted the system. I am also sure that it expanded to my other HDD.
Data/Documents containing my personal information (CV) were not extracted but I noticed files missing because they were being deleted and were inaccessible from my end.

Also I was not and still not able to Update Windows, use Settings and Control Panel. When windows open,memory was is not functioning properly and will only work when reconnecting the Ethernet cable which then makes things worse. Can only see mouse cursor over a black screen.

Windows Host System wouldn't work without internet connection and was creating Virtual Ethernet Connections in my system. Each time I disabled them and restarted the system after malware bytes was downloaded and finishing its disinfection I rebooted the system only to find out that there were more created. Moreover settings were not saved.

This moment only C:// is connected to the computer. The system is powered off. I am certain it is infected as files were first start missing from there.

 I am also aware of the fact that if I try and connect my other hard drive it could be infected as well. Cannot save windows settings and behavior looks like a Deep Freeze is installed on my system.

Require Assistance for:

1.

Secure Format via USB  (it is secure) and possible disinfection of UEFI BIOS( I am not sure/know if it is or it can be infected).

After I disconnected the HDD,my SSD and another drive were appearing in boot order settings. The other being on first boot priority, with no ability to run SSD:XXXXXXXXX.

I only had SSD:xxxxxxxxx and Apple HDD: xxxxxxxxxxx, then I noticed a P3: XXXXXXXXX (which was not in my official system configuration.), When I run P3 it prompts me to windows recovery system. Tried to sfc /scannow .

(Operation could not be completed at 100% check). Also not sure if that P3 is my windows recovery system.

Can not see its size.

QUESTION 1:

Could it be that I can remove it via UEFI settings?

2.

Remote assistance for the disinfection of my HDD (as of now it is disconnected but there is a high possibility being infected) as the browser was installed there.

 

I will post logs according to forum FAQs after I format my system and be guided on safe way to reconnect my HDD to PC.

 

3. Resolve any future related problems regarding FTP and TELNET settings.

 

Thank you in Advance.





 

 

[AdvancedSetup]

Hello @periandros and

Removing the hard drive and attaching it to another computer to scan should be reasonably safe as hard drives don't typically launch AutoPlay. The registry, files, etc that were live on the computer don't work or run properly as a remote slave as long as you're not double-clicking on any bad files.

You can start into Recovery Mode and use DISKPART to remove all partitions of the drive if you're certain that's what you want to do as that would delete all data and make it very difficult to get back.

There is only one known UEFI infection that I'm aware of in the public sector and it was on a very old computer running a chipset from 2008. I am not aware of any successful UEFI infection on modern hardware.

If there is data you want to keep then it might be best to physically take the computer into a repair shop that specializes in malware removal so they can try to recover your data and clean it at the same time.

Please let me know what you'd like to do or how I can help assist you further.

Thanks

Ron

 

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks