• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

GTX 1070 Firmware Overwritten by Malware - Unable to Reset

Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Joined
Jul 29, 2014
Messages
473 (0.25/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
I kind of gleaned why someone would want to target him in discussions, I won't say more than that. I will say it's a legit job he works, and not something sketchy or weird, but lucrative to infect.
I am very much intrigued with this Post, at this point OP need to be very watchful of all of his affairs in life especially his finances.
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
I am very much intrigued with this Post, at this point OP need to be very watchful of all of his affairs in life especially his finances.
I agree. As his modem was the entry point by all appearances (an old outdated comcast modem with firmware loopholes started this I think) he should be extra vigilant there IMO, but also I'd just be careful in general everything. This is unnerving, frankly.
 
Joined
Feb 2, 2015
Messages
2,707 (1.57/day)
Location
On The Highway To Hell \m/
MadBrit said:
20 years in the security industry and have dealt<sic> with trojans and viruses before...
Yet he opens a fishy email...totally fucking his computer. Maybe dude's not "crazy"(opinions vary). But there's definitely something wrong with his head. Learned absolutely nothing with 20 years experience?

BTW...this is why we use secure boot people. Well...in theory. :laugh:
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Yet he opens a fishy email...totally fucking his computer. Maybe dude's not crazy. But there's definitely something wrong with his head. Learned absolutely nothing with 20 years experience?
It's more like 20 years of experience 20 years ago... and I don't think he'll mind me saying that. :laugh:

and actually, EASEUS is a legit company, I've even bought stuff from them. I think it was a dns poisioning situation from his modem.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
27,476 (6.12/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
It's more like 20 years of experience 20 years ago... and I don't think he'll mind me saying that. :laugh:

and actually, EASEUS is a legit company, I've even bought stuff from them. I think it was a dns poisioning situation from his modem.
If the modems firmware isn't infected, i'd see about updating it. Was it Docsis 2 compatible?
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
If the modems firmware isn't infected, i'd see about updating it. Was it Docsis 2 compatible?
It was old is all I can be sure of. He's ready to replace it with a new fresh one. l. I'm sure it'll be fine provided he installs the new one after we finish scrubbing this thing.

I managed to flash the stock firmware gentlemen, now we see if it sticks...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
27,476 (6.12/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
It was old is all I can be sure of. He's ready to replace it with a new fresh one. l. I'm sure it'll be fine provided he installs the new one after we finish scrubbing this thing.

I managed to flash the stock firmware gentlemen, now we see if it sticks...
Heck If he isnt using a dynamic IP, I'D change it too.

Firmware updates to modem, router and even a hardware firewall with proxy scrambling might help him.
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Heck If he isnt using a dynamic IP, I'D change it too.

Firmware updates to modem, router and even a hardware firewall with proxy scrambling might help him.
I'll have him come back here when we got it all clean, I'm sure he could use some good average level tech security tips. Best practices and all.
 
Joined
Sep 10, 2016
Messages
528 (0.47/day)
Location
Riverwood, Skyrim
System Name Storm Wrought
Processor AMD Ryzen 7 3700x @stock
Motherboard Gigabyte X570 Aorus Pro WIFI m-ITX
Cooling Be Quiet! Dark Rock Slim, CM MasterFan Pro 120 Air Balance, stock 200mm fan
Memory G.Skill Trident 2x8GB 3600MHz 16-15-15-35
Video Card(s) Gigabyte GTX 1080ti Aorus Xtreme Edition
Storage Adata XPG SX8200 Pro 1TB, Samsung 850EVO 500GB, 2TB Seagate Barracuda, LG Blu-ray drive
Display(s) Samsung UJ590UDE 32" UHD monitor
Case Silverstone TJ08B-E
Audio Device(s) Onboard, HD 599 cans
Power Supply Corsair RMx 550
Mouse Rapoo (can't remember the model number)
Keyboard Rapoo v56
Benchmark Scores Look in the various benchmark threads
This thread became far more interesting that I was expecting after the first page. You've done a hell of a job @R-T-B
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
This thread became far more interesting that I was expecting after the first page. You've done a hell of a job @R-T-B
I'm actually not too good at malware cleaning anywhere but bios land. I'm a bios modder and I understand it as weird as it seems to most. When they try to move the infection there, I'm well equipped to hit back with everything i've got.

I still hope this does not become a trend though. Very disturbing.

His kid has a doctors appointment so we are on standby. I am presently cooking him up a clean windows with the image tool and temphosting the image since he doesn't trust anything in his house right now.

Will update with final results this evening. It may still need a hardware programmer, we'll see.
 
Joined
Jun 27, 2015
Messages
516 (0.33/day)
System Name open air
Processor Ryzen R7 1700 Stock
Motherboard Fatal1ty AB350 Gaming-ITX/ac
Cooling Scythe Fuma
Memory Corsair Vengeance LPX 32GB (2 X 16GB) DDR4 DRAM 3466 (PC4-27700) C16 for Intel 100 Series - Red PC M
Video Card(s) XFX RX460 4GB SINGLE SLOT
Storage Crucial Mx100 256GB & Sandisk SSD Plus 480GB
Display(s) NOW LG 27MP38 1980X1080 IPS/OLD Philips Brilliance 220CW 1680x1050 CCFL Monitor ( DEFUNCT)
Case NOTHING no case
Audio Device(s) Onboard
Power Supply CORSAIR SF450 PLATINUM
Mouse Elecom wireless mouse
Keyboard Logitech Mk240 Nano Wireless Keyboard
Software Windows 10 Pro/Enterprise
Benchmark Scores Don't know any benchmark. It runs good enough for me.
This thread give me so much chills than any horror movie or ghost stories. Now I am afraid to use my deskstop now. I never taught that a malware can be this complex and persistent. Usually I got the thought just a complete windows wipe and install can solve things.

Any tips of prevention for things like these?

You have awesome skills RTB
 
Joined
Feb 2, 2015
Messages
2,707 (1.57/day)
Location
On The Highway To Hell \m/
and actually, EASEUS is a legit company, I've even bought stuff from them.
Agreed. But...there has to be more to the story than that. From what he seems to be saying, he got a notification of an email from EASEUS. That instantly infected his PC, set off his AV, and subsequently disappeared from his inbox. He didn't even open it? Really? And he believe's the real EASEUS is somehow actually involved? Just because he may, or may not, have seen "EASEUS" in the momentary email notification(all trace of which is now gone and unprovable at this point). And WTF does Microsoft Mail have to do with this? The attacker knew that and took advantage of it? Seriously?

IMO...and I could be wrong...it was obviously not an email from EASEUS(whether it said it was or not, so why are we dragging their name in the dirt?). And he obviously did at least open it. And highly likely clicked on a link or attachment found therein. If I'm to believe otherwise, I require proof(and there ain't gonna be any..soooo...no...not having it). Or should I just go ahead and get all noided and uninstall Microsoft Mail immediately? I'll tell you why I'm not going to. It doesn't work like that. And unless I'm not going to check my email from my PC anymore...it wouldn't matter. As soon as I open any email client I'm screwed. Yeah...whatever. :rolleyes:
 
Last edited:
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Agreed. But...there has to be more to the story than that. From what he seems to be saying, he got a notification of an email from EASEUS. That instantly infected his PC, set off his AV, and subsequently disappeared from his inbox. He didn't even open it? Really? And he believe's the real EASEUS is somehow actually involved? Just because he may, or may not, have seen "EASEUS" in the momentary email notification(all trace of which is now gone and unprovable at this point). And WTF does Microsoft Mail have to do with this? The attacker knew that and took advantage of it? Seriously?

IMO...and I could be wrong...it was obviously not an email from EASEUS(whether it said it was or not, so why are we dragging their name in the dirt?). And he obviously did at least open it. And highly likely clicked on a link or attachment found therein. If I'm to believe otherwise, I require proof. Or should I just go ahead get all noided and uninstall Microsoft Mail immediately? I'll tell you why I'm not going to. It doesn't work like that. And unless I'm not going to check my email from my PC anymore...it wouldn't matter. As sson as I open any email client I'm screwed. Yeah...whatever. :rolleyes:
I'm thinking there's probably a lot more to it than just that. He's not the most computer knowledgable honestly, and it wouldn't surprise me if his machine was out of date and vulnerable to a million and one things or something.

Any tips of prevention for things like these?
Stay updated and don't piss off state level actors. The way some of this is written someone had source code access to some high level source code in big companies.

I'm honestly very very confused how he got a target on his head this big, really. I don't think average joe has to worry much but I REALLY hope this isn't the start of something bigger.

You have awesome skills RTB
Honestly, I just bricked one too many mobos and learned to fix them the hard way...
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
19,768 (4.33/day)
Location
London,UK
System Name Codename: Icarus Mk.V
Processor Intel 8600k@4.8Ghz
Motherboard Asus ROG Strixx Z370-F
Cooling Be Quiet! Dark Rock Pro 4
Memory 16 Corsair Vengeance White LED DDR4 3200Mhz
Video Card(s) Gigabyte 1080Ti Gaming OC|Accelero Xtreme IV
Storage Samsung 970Evo 512GB SSD (Boot)|WD Blue 1TB SSD|2x 3TB Toshiba DT01ACA300
Display(s) Asus PB278Q 27"
Case Corsair 760T (White) {1x140mm NF-P14s|1xCorsair ML120 Pro|4xML140 Pro}
Audio Device(s) Creative SB Z {AVR:Yamaha RX-V573|Speakers: JBL Control One|Auna 300-CN|Wharfedale Diamond SW150}
Power Supply Corsair AX760
Mouse Logitech G900/G502
Keyboard Duckyshine Dead LED(s) III
Software Windows 10 Pro
Benchmark Scores (ノಠ益ಠ)ノ彡┻━┻
Agreed. But...there has to be more to the story than that. From what he seems to be saying, he got a notification of an email from EASEUS. That instantly infected his PC, set off his AV, and subsequently disappeared from his inbox. He didn't even open it? Really? And he believe's the real EASEUS is somehow actually involved? Just because he may, or may not, have seen "EASEUS" in the momentary email notification(all trace of which is now gone and unprovable at this point). And WTF does Microsoft Mail have to do with this? The attacker knew that and took advantage of it? Seriously?

IMO...and I could be wrong...it was obviously not an email from EASEUS(whether it said it was or not, so why are we dragging their name in the dirt?). And he obviously did at least open it. And highly likely clicked on a link or attachment found therein. If I'm to believe otherwise, I require proof(and there ain't gonna be any..soooo...no...not having it). Or should I just go ahead get all noided and uninstall Microsoft Mail immediately? I'll tell you why I'm not going to. It doesn't work like that. And unless I'm not going to check my email from my PC anymore...it wouldn't matter. As soon as I open any email client I'm screwed. Yeah...whatever. :rolleyes:
The email could of been spoofed. The same guy could have gained access to an EASEUS server and created his own email address or used an existing one. THis one guy who did all of this must have some serious expertise in such things.


What a rollercoaster! Its amazing how this thread changed from calling out a troll to "ohhhhhhhh sh*****t!!"

R-T-B is the real MVP here. I dare say i am jealous of your skill and knowledge!
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (5.00/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
Tell me RTB is this man in the US? Curious. Also if it was targeted and this in depth, this is FBI territory. They should easily be able to nail whoever did this if its that targeted. Save everything as this could be evendence. And no I'm not trolling.
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Tell me RTB is this man in the US? Curious. Also if it was targeted and this in depth, this is FBI territory. They should easily be able to nail whoever did this if its that targeted. Save everything as this could be evendence. And no I'm not trolling.
Way ahead of ya man.
 

MadBrit

New Member
Joined
May 17, 2018
Messages
6 (0.01/day)
System Name HomeBuild
Processor Intel i7-7700K
Motherboard ASUS Z270F
Cooling Corsair H55 Hydro Series
Memory 32GB G.Skill Ripjaws V (PC4 25600)
Video Card(s) ASUS STRIX-GTX 1070 8G Gaming
Storage Samsung 850 Pro x 3, Crucial M4 (spare boot)
Display(s) LG 34UC79-G
Case Thermaltake View 31
Audio Device(s) N/A
Power Supply Thermaltake Toughpower 850W
Mouse Logitec
Keyboard Logitec
Software Win 10 1803
Benchmark Scores With or without malware infection?
Hats off to R-T-B. Really appreciate the time he has taken to help me with this.

@MrGenius ; Nope - didn't open the email. Saw in come in as a notification hooked up to Windows Mail, then it disappeared quick. Can't say who the email came from, but the subject looked fishy - so I went and looked for it immediately. I am "security aware" to some extent and do not open random emails. This was different. That's why I checked it out but found nothing. The big red flag was coming down next morning and finding my system on after turning it off the night before. That started the hunt. Not rocket science, just paranoia.

Yes - I have worked with White/grey hats for years who build security solutions. I think I know who this is (the Chinese references may be a deliberate false flag) and getting the FBI involved in this (unless they're after me - which is laughable) might be worth considering if RTB can deconstruct it.
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Hats off to R-T-B. Really appreciate the time he has taken to help me with this.

@MrGenius ; Nope - didn't open the email. Saw in come in as a notification hooked up to Windows Mail, then it disappeared quick. Can't say who the email came from, but the subject looked fishy - so I went and looked for it immediately. I am "security aware" to some extent and do not open random emails. This was different. That's why I checked it out but found nothing. The big red flag was coming down next morning and finding my system on after turning it off the night before. That started the hunt. Not rocket science, just paranoia.

Yes - I have worked with White/grey hats for years who build security solutions. I think I know who this is (the Chinese references may be a deliberate false flag) and getting the FBI involved in this (unless they're after me - which is laughable) might be worth considering if RTB can deconstruct it.
You have some odd secure boot certificates stored in your CMOS also (found them in that dump you gave me) ,they claim they are from "cannoical" which is a linux distributor, but I'm skeptical if they are the actual certs from the company, and even more skeptical they'd be preinstalled but maybe I'm wrong on that front. Certainly glad we pulled that button cell.

Just dumping thoughts here. Will certainly take this thing apart as much as I can. Ignore the random zip named "malware" on my desktop, gentlemen...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
27,476 (6.12/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
I'm thinking there's probably a lot more to it than just that. He's not the most computer knowledgable honestly, and it wouldn't surprise me if his machine was out of date and vulnerable to a million and one things or something.



Stay updated and don't piss off state level actors. The way some of this is written someone had source code access to some high level source code in big companies.

I'm honestly very very confused how he got a target on his head this big, really. I don't think average joe has to worry much but I REALLY hope this isn't the start of something bigger.



Honestly, I just bricked one too many mobos and learned to fix them the hard way...
I'd like to find bios chip sockets and solder them on so I can just swap them right out like during AXP/64 days. Now it seems all are soldered directly which makes it inconvenient to swap them out.
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
I'd like to find bios chip sockets and solder them on so I can just swap them right out like during AXP/64 days. Now it seems all are soldered directly which makes it inconvenient to swap them out.
You and me both...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
27,476 (6.12/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
You and me both...
I might get a spi/flashcat for a plcc bios chip to put a stock bios back on a DFI LP NF2 Ultra-B board lol, it has a mod bios but seems to not be that much better than stock imho
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
I might get a spi/flashcat for a plcc bios chip to put a stock bios back on a DFI LP NF2 Ultra-B board lol, it has a mod bios but seems to not be that much better than stock imho
Wasn't it nice before all bios files were signed and bios chips soldered? Modders paradise it seemed like.

Those days are long gone and ironically, it's now that we have the bios level malware...
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
27,476 (6.12/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Wasn't it nice before all bios files were signed and bios chips soldered? Modders paradise it seemed like.

Those days are long gone and ironically, it's now that we have the bios level malware...
Oh that's like something out of the 90s-2000s even
 
Joined
Aug 20, 2007
Messages
11,624 (2.62/day)
System Name Pioneer
Processor Intel i9 9900k @ Stock
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ DDR4-3400 14-14-14-34-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) USB Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Oh that's like something out of the 90s-2000s even
I remember all the same. :)

Actually my ASUS P6T was socketed, now that I think about it...

Anyhow I'm presently wrangling with his one uninfected computer, a mac, trying to dd a windows image to a usb... stand by for status.
 
Top