Jump to content

Virus survives OS reinstall! Please help


Recommended Posts

I have a Lenovo Ideapad 3 with AMD Ryzen 5, it's only one year and 3 weeks old. In April, Lenovo released a security advisory stating that their devices had 3 bios/UEFI related vulnerabilities which allowed a virus to rewrite the SPI and deactivate the UEFI (among other things.) I assume that's what caused the issue but I don't know for certain. Lenovo claimed a bios update would fix the vulnerability but did nothing about those of us already infected. I have done everything imaginable to fix this but nothing works.It has survived every reset, every restore, every clean OS install. Each time I reinstall Windows, I completely format and delete every partition, I tried putting Windows 10 Home, 10 N, 10 Pro, 10 Pro N, something called Windows 10 Single Language, Windows 11 Home, Linux, Debian, Ubuntu, and multiple live Linux versions via Yumi. I also tried the Lenovo Recovery Media, nothing works! 

I have tried MANY different antivirus programs including Sophos, Malwarebytes, ADWcleaner, Microsoft Malicious Software Removal Tool, Windows Defender, Microsoft Security Essentials, Restoro, McAfee, etc. They all claim there's no virus. They do their scan with no problems found! They're wrong.

After resetting the PC (done this about 60 times) I go straight to the Event Viewer, it's the only obvious sign of the infection. The very moment the OS starts up, the virus has already made MULTIPLE privileged users with a long list of "special privileges" added to those users. I removed the wifi card in case that might help, it made no difference.

I have run the SFC scannow command dozens of times, sometimes it says it fixed corrupt files, sometimes it says it found nothing, sometimes it says "access denied." I have also tried Dism and bootrec commands they all say successful, except /fixboot which says "access is denied." I'm out of ideas! 

The 4 other laptops in my house and 2 desktops all have the same symptoms now. It must have gotten into the router. I know I probably gave the virus to one of the desktops via a USB that was used to get the OS downloads from a clean computer (the desktop) to my laptop but I never used that USB on any of the other machines.

I am open to any possible help... other than replacing the motherboard... but I think that's the only way to fix this

Thanks!!

Link to post
Share on other sites

Hello @Migreen06 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following:

I'm infected - What do I do now?

Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.