• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

GTX 1070 Firmware Overwritten by Malware - Unable to Reset

Status
Not open for further replies.
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Joined
Jul 29, 2014
Messages
484 (0.14/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
I kind of gleaned why someone would want to target him in discussions, I won't say more than that. I will say it's a legit job he works, and not something sketchy or weird, but lucrative to infect.

I am very much intrigued with this Post, at this point OP need to be very watchful of all of his affairs in life especially his finances.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
I am very much intrigued with this Post, at this point OP need to be very watchful of all of his affairs in life especially his finances.

I agree. As his modem was the entry point by all appearances (an old outdated comcast modem with firmware loopholes started this I think) he should be extra vigilant there IMO, but also I'd just be careful in general everything. This is unnerving, frankly.
 
Joined
Feb 2, 2015
Messages
2,707 (0.81/day)
Location
On The Highway To Hell \m/
MadBrit said:
20 years in the security industry and have dealt<sic> with trojans and viruses before...
Yet he opens a fishy email...totally fucking his computer. Maybe dude's not "crazy"(opinions vary). But there's definitely something wrong with his head. Learned absolutely nothing with 20 years experience?

BTW...this is why we use secure boot people. Well...in theory. :laugh:
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Yet he opens a fishy email...totally fucking his computer. Maybe dude's not crazy. But there's definitely something wrong with his head. Learned absolutely nothing with 20 years experience?

It's more like 20 years of experience 20 years ago... and I don't think he'll mind me saying that. :laugh:

and actually, EASEUS is a legit company, I've even bought stuff from them. I think it was a dns poisioning situation from his modem.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
It's more like 20 years of experience 20 years ago... and I don't think he'll mind me saying that. :laugh:

and actually, EASEUS is a legit company, I've even bought stuff from them. I think it was a dns poisioning situation from his modem.

If the modems firmware isn't infected, i'd see about updating it. Was it Docsis 2 compatible?
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
If the modems firmware isn't infected, i'd see about updating it. Was it Docsis 2 compatible?

It was old is all I can be sure of. He's ready to replace it with a new fresh one. l. I'm sure it'll be fine provided he installs the new one after we finish scrubbing this thing.

I managed to flash the stock firmware gentlemen, now we see if it sticks...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
It was old is all I can be sure of. He's ready to replace it with a new fresh one. l. I'm sure it'll be fine provided he installs the new one after we finish scrubbing this thing.

I managed to flash the stock firmware gentlemen, now we see if it sticks...

Heck If he isnt using a dynamic IP, I'D change it too.

Firmware updates to modem, router and even a hardware firewall with proxy scrambling might help him.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Heck If he isnt using a dynamic IP, I'D change it too.

Firmware updates to modem, router and even a hardware firewall with proxy scrambling might help him.

I'll have him come back here when we got it all clean, I'm sure he could use some good average level tech security tips. Best practices and all.
 
Joined
Sep 10, 2016
Messages
805 (0.29/day)
Location
Riverwood, Skyrim
System Name Storm Wrought | Blackwood (HTPC)
Processor AMD Ryzen 9 5900x @stock | i7 2600k
Motherboard Gigabyte X570 Aorus Pro WIFI m-ITX | Some POS gigabyte board
Cooling Deepcool AK620, BQ shadow wings 3 High Spd, stock 180mm |BQ Shadow rock LP + 4x120mm Noctua redux
Memory G.Skill Ripjaws V 2x32GB 4000MHz | 2x4GB 2000MHz @1866
Video Card(s) Powercolor RX 6800XT Red Dragon | PNY a2000 6GB
Storage SX8200 Pro 1TB, 1TB KC3000, 850EVO 500GB, 2+8TB Seagate, LG Blu-ray | 120GB Sandisk SSD, 4TB WD red
Display(s) Samsung UJ590UDE 32" UHD monitor | LG CS 55" OLED
Case Silverstone TJ08B-E | Custom built wooden case (Aus native timbers)
Audio Device(s) Onboard, Sennheiser HD 599 cans / Logitech z163's | Edifier S2000 MKIII via toslink
Power Supply Corsair HX 750 | Corsair SF 450
Mouse Microsoft Pro Intellimouse| Some logitech one
Keyboard GMMK w/ Zelio V2 62g (78g for spacebar) tactile switches & Glorious black keycaps| Some logitech one
VR HMD HTC Vive
Software Win 10 Edu | Ubuntu 22.04
Benchmark Scores Look in the various benchmark threads
This thread became far more interesting that I was expecting after the first page. You've done a hell of a job @R-T-B
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
This thread became far more interesting that I was expecting after the first page. You've done a hell of a job @R-T-B

I'm actually not too good at malware cleaning anywhere but bios land. I'm a bios modder and I understand it as weird as it seems to most. When they try to move the infection there, I'm well equipped to hit back with everything i've got.

I still hope this does not become a trend though. Very disturbing.

His kid has a doctors appointment so we are on standby. I am presently cooking him up a clean windows with the image tool and temphosting the image since he doesn't trust anything in his house right now.

Will update with final results this evening. It may still need a hardware programmer, we'll see.
 
Joined
Jun 27, 2015
Messages
785 (0.25/day)
System Name Fat NCASE
Processor Ryzen R9 3900X
Motherboard ASUS TUF GAMING B550M ZAKU (WIFI) Edition
Cooling Scythe Fuma with 3 SCYTHE Wondersnail 2400RPM + Arctic MX2
Memory Corsair Vengeance 128GB @3200Mhz Cl16 (32GB X 4)
Video Card(s) Palit RTX 3060 StormX ITX 12GB
Storage MX500 4TB SATA + Toshiba MG08 16TB HDD
Display(s) LG 27UL500 4K monitor
Case Jonsbo W2 black
Audio Device(s) Onboard realtek 1200 & Soundblaster G3 usb
Power Supply ASUS ROG STRIX 850W Gundam Edition
Mouse Elecom wireless mouse :)
Keyboard RK100 Royal Kludge
Software Windows 10 HOME
Benchmark Scores Don't know any benchmark. It runs good enough for me.
This thread give me so much chills than any horror movie or ghost stories. Now I am afraid to use my deskstop now. I never taught that a malware can be this complex and persistent. Usually I got the thought just a complete windows wipe and install can solve things.

Any tips of prevention for things like these?

You have awesome skills RTB
 
Joined
Feb 2, 2015
Messages
2,707 (0.81/day)
Location
On The Highway To Hell \m/
and actually, EASEUS is a legit company, I've even bought stuff from them.
Agreed. But...there has to be more to the story than that. From what he seems to be saying, he got a notification of an email from EASEUS. That instantly infected his PC, set off his AV, and subsequently disappeared from his inbox. He didn't even open it? Really? And he believe's the real EASEUS is somehow actually involved? Just because he may, or may not, have seen "EASEUS" in the momentary email notification(all trace of which is now gone and unprovable at this point). And WTF does Microsoft Mail have to do with this? The attacker knew that and took advantage of it? Seriously?

IMO...and I could be wrong...it was obviously not an email from EASEUS(whether it said it was or not, so why are we dragging their name in the dirt?). And he obviously did at least open it. And highly likely clicked on a link or attachment found therein. If I'm to believe otherwise, I require proof(and there ain't gonna be any..soooo...no...not having it). Or should I just go ahead and get all noided and uninstall Microsoft Mail immediately? I'll tell you why I'm not going to. It doesn't work like that. And unless I'm not going to check my email from my PC anymore...it wouldn't matter. As soon as I open any email client I'm screwed. Yeah...whatever. :rolleyes:
 
Last edited:
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Agreed. But...there has to be more to the story than that. From what he seems to be saying, he got a notification of an email from EASEUS. That instantly infected his PC, set off his AV, and subsequently disappeared from his inbox. He didn't even open it? Really? And he believe's the real EASEUS is somehow actually involved? Just because he may, or may not, have seen "EASEUS" in the momentary email notification(all trace of which is now gone and unprovable at this point). And WTF does Microsoft Mail have to do with this? The attacker knew that and took advantage of it? Seriously?

IMO...and I could be wrong...it was obviously not an email from EASEUS(whether it said it was or not, so why are we dragging their name in the dirt?). And he obviously did at least open it. And highly likely clicked on a link or attachment found therein. If I'm to believe otherwise, I require proof. Or should I just go ahead get all noided and uninstall Microsoft Mail immediately? I'll tell you why I'm not going to. It doesn't work like that. And unless I'm not going to check my email from my PC anymore...it wouldn't matter. As sson as I open any email client I'm screwed. Yeah...whatever. :rolleyes:

I'm thinking there's probably a lot more to it than just that. He's not the most computer knowledgable honestly, and it wouldn't surprise me if his machine was out of date and vulnerable to a million and one things or something.

Any tips of prevention for things like these?

Stay updated and don't piss off state level actors. The way some of this is written someone had source code access to some high level source code in big companies.

I'm honestly very very confused how he got a target on his head this big, really. I don't think average joe has to worry much but I REALLY hope this isn't the start of something bigger.

You have awesome skills RTB

Honestly, I just bricked one too many mobos and learned to fix them the hard way...
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
23,314 (3.77/day)
Location
London,UK
System Name Codename: Icarus Mk.VI
Processor Intel 8600k@Stock -- pending tuning
Motherboard Asus ROG Strixx Z370-F
Cooling CPU: BeQuiet! Dark Rock Pro 4 {1xCorsair ML120 Pro|5xML140 Pro}
Memory 32GB XPG Gammix D10 {2x16GB}
Video Card(s) ASUS Dual Radeon™ RX 6700 XT OC Edition
Storage Samsung 970 Evo 512GB SSD (Boot)|WD SN770 (Gaming)|2x 3TB Toshiba DT01ACA300|2x 2TB Crucial BX500
Display(s) LG GP850-B
Case Corsair 760T (White)
Audio Device(s) Yamaha RX-V573|Speakers: JBL Control One|Auna 300-CN|Wharfedale Diamond SW150
Power Supply Corsair AX760
Mouse Logitech G900
Keyboard Duckyshine Dead LED(s) III
Software Windows 10 Pro
Benchmark Scores (ノಠ益ಠ)ノ彡┻━┻
Agreed. But...there has to be more to the story than that. From what he seems to be saying, he got a notification of an email from EASEUS. That instantly infected his PC, set off his AV, and subsequently disappeared from his inbox. He didn't even open it? Really? And he believe's the real EASEUS is somehow actually involved? Just because he may, or may not, have seen "EASEUS" in the momentary email notification(all trace of which is now gone and unprovable at this point). And WTF does Microsoft Mail have to do with this? The attacker knew that and took advantage of it? Seriously?

IMO...and I could be wrong...it was obviously not an email from EASEUS(whether it said it was or not, so why are we dragging their name in the dirt?). And he obviously did at least open it. And highly likely clicked on a link or attachment found therein. If I'm to believe otherwise, I require proof(and there ain't gonna be any..soooo...no...not having it). Or should I just go ahead get all noided and uninstall Microsoft Mail immediately? I'll tell you why I'm not going to. It doesn't work like that. And unless I'm not going to check my email from my PC anymore...it wouldn't matter. As soon as I open any email client I'm screwed. Yeah...whatever. :rolleyes:

The email could of been spoofed. The same guy could have gained access to an EASEUS server and created his own email address or used an existing one. THis one guy who did all of this must have some serious expertise in such things.


What a rollercoaster! Its amazing how this thread changed from calling out a troll to "ohhhhhhhh sh*****t!!"

R-T-B is the real MVP here. I dare say i am jealous of your skill and knowledge!
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
Tell me RTB is this man in the US? Curious. Also if it was targeted and this in depth, this is FBI territory. They should easily be able to nail whoever did this if its that targeted. Save everything as this could be evendence. And no I'm not trolling.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Tell me RTB is this man in the US? Curious. Also if it was targeted and this in depth, this is FBI territory. They should easily be able to nail whoever did this if its that targeted. Save everything as this could be evendence. And no I'm not trolling.

Way ahead of ya man.
 

MadBrit

New Member
Joined
May 17, 2018
Messages
6 (0.00/day)
System Name HomeBuild
Processor Intel i7-7700K
Motherboard ASUS Z270F
Cooling Corsair H55 Hydro Series
Memory 32GB G.Skill Ripjaws V (PC4 25600)
Video Card(s) ASUS STRIX-GTX 1070 8G Gaming
Storage Samsung 850 Pro x 3, Crucial M4 (spare boot)
Display(s) LG 34UC79-G
Case Thermaltake View 31
Audio Device(s) N/A
Power Supply Thermaltake Toughpower 850W
Mouse Logitec
Keyboard Logitec
Software Win 10 1803
Benchmark Scores With or without malware infection?
Hats off to R-T-B. Really appreciate the time he has taken to help me with this.

@MrGenius ; Nope - didn't open the email. Saw in come in as a notification hooked up to Windows Mail, then it disappeared quick. Can't say who the email came from, but the subject looked fishy - so I went and looked for it immediately. I am "security aware" to some extent and do not open random emails. This was different. That's why I checked it out but found nothing. The big red flag was coming down next morning and finding my system on after turning it off the night before. That started the hunt. Not rocket science, just paranoia.

Yes - I have worked with White/grey hats for years who build security solutions. I think I know who this is (the Chinese references may be a deliberate false flag) and getting the FBI involved in this (unless they're after me - which is laughable) might be worth considering if RTB can deconstruct it.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Hats off to R-T-B. Really appreciate the time he has taken to help me with this.

@MrGenius ; Nope - didn't open the email. Saw in come in as a notification hooked up to Windows Mail, then it disappeared quick. Can't say who the email came from, but the subject looked fishy - so I went and looked for it immediately. I am "security aware" to some extent and do not open random emails. This was different. That's why I checked it out but found nothing. The big red flag was coming down next morning and finding my system on after turning it off the night before. That started the hunt. Not rocket science, just paranoia.

Yes - I have worked with White/grey hats for years who build security solutions. I think I know who this is (the Chinese references may be a deliberate false flag) and getting the FBI involved in this (unless they're after me - which is laughable) might be worth considering if RTB can deconstruct it.

You have some odd secure boot certificates stored in your CMOS also (found them in that dump you gave me) ,they claim they are from "cannoical" which is a linux distributor, but I'm skeptical if they are the actual certs from the company, and even more skeptical they'd be preinstalled but maybe I'm wrong on that front. Certainly glad we pulled that button cell.

Just dumping thoughts here. Will certainly take this thing apart as much as I can. Ignore the random zip named "malware" on my desktop, gentlemen...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
I'm thinking there's probably a lot more to it than just that. He's not the most computer knowledgable honestly, and it wouldn't surprise me if his machine was out of date and vulnerable to a million and one things or something.



Stay updated and don't piss off state level actors. The way some of this is written someone had source code access to some high level source code in big companies.

I'm honestly very very confused how he got a target on his head this big, really. I don't think average joe has to worry much but I REALLY hope this isn't the start of something bigger.



Honestly, I just bricked one too many mobos and learned to fix them the hard way...

I'd like to find bios chip sockets and solder them on so I can just swap them right out like during AXP/64 days. Now it seems all are soldered directly which makes it inconvenient to swap them out.
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
I'd like to find bios chip sockets and solder them on so I can just swap them right out like during AXP/64 days. Now it seems all are soldered directly which makes it inconvenient to swap them out.

You and me both...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
You and me both...

I might get a spi/flashcat for a plcc bios chip to put a stock bios back on a DFI LP NF2 Ultra-B board lol, it has a mod bios but seems to not be that much better than stock imho
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
I might get a spi/flashcat for a plcc bios chip to put a stock bios back on a DFI LP NF2 Ultra-B board lol, it has a mod bios but seems to not be that much better than stock imho

Wasn't it nice before all bios files were signed and bios chips soldered? Modders paradise it seemed like.

Those days are long gone and ironically, it's now that we have the bios level malware...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Wasn't it nice before all bios files were signed and bios chips soldered? Modders paradise it seemed like.

Those days are long gone and ironically, it's now that we have the bios level malware...

Oh that's like something out of the 90s-2000s even
 
Joined
Aug 20, 2007
Messages
20,714 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Oh that's like something out of the 90s-2000s even

I remember all the same. :)

Actually my ASUS P6T was socketed, now that I think about it...

Anyhow I'm presently wrangling with his one uninfected computer, a mac, trying to dd a windows image to a usb... stand by for status.
 
Status
Not open for further replies.
Top