My pc might be infected with virus on a hardware level

[rtwjunkie]

Aye / but i wouldn't do that on the infected machine ;

You wouldn’t do what? Wipe and erase partitions on a possibly infected machine?

That’s what you SHOULD DO to make sure no infection is present, including using a cleaned usb stick with a new W10 media creation tool install.

 

[jsfitz54]

You wouldn’t do what? Wipe and erase partitions on a possibly infected machine?

That’s what you SHOULD DO to make sure no infection is present, including using a cleaned usb stick with a new W10 media creation tool install.

Something about making a horse drink.

 

[DeathtoGnomes]

its really hard to infect on the hardware level these days, its usually targeted meaning only you, or its done via a USB stick bought 2nd hand or from a company thats shady to begin with. I think @R-T-B has done some work at this level.

 

[sepheronx]

You wouldn’t do what? Wipe and erase partitions on a possibly infected machine?

That’s what you SHOULD DO to make sure no infection is present, including using a cleaned usb stick with a new W10 media creation tool install.

he is talking of making the USB bootable on a clean machine which I agree with.

 

[Schmuckley]

Anyone can recommend something here? what should i do?

Secure-erase the SSD (you may have an option in BIOS for this)
Then install a different Windows. Turn off all remote connections and server stuff.
Before you do, make sure you have a way to install an OS.
I would use Parted Magic to secure-erase it. Wipe the whole thing. Back up anything not infected that you want to keep.

 

[eidairaman1]

Firmware would have to be infected at the machine code level

 

[Bill_Bright]

Firmware would have to be infected at the machine code level

And that would be highly unlikely if the firmware came from the manufacturer's official site.

 

[R-T-B]

its really hard to infect on the hardware level these days, its usually targeted meaning only you, or its done via a USB stick bought 2nd hand or from a company thats shady to begin with. I think @R-T-B has done some work at this level.

I have. I've seen it once and only once and all I can say is the client was high-value (money).

Pretty sure that's no secret anymore, so yeah.

Anyways, we got the police and local cable company to work together and that was the end of that for him, afaik. Never heard back so assume all was well.

If you really are high value enough to have a hardware virus, my advice is always the same now: Go to the police. Because even if I can clean it, they won't stop if they were that dedicated in the first place.

 

[the54thvoid]

Names mean a lot. OP is called Iraq Owns. If that's relevant... Could well be more insidious, in terms of political leaning. Depends on many factors. However, if my system was that bad, I'd call it quits and buy a new system, or a new router and change passwords.

Edit: to clarify, OP said he (or she) was a bad boy (or girl).

 

[sepheronx]

Names mean a lot. OP is called Iraq Owns. If that's relevant... Could well be more insidious, in terms of political leaning. Depends on many factors. However, if my system was that bad, I'd call it quits and buy a new system, or a new router and change passwords.

Edit: to clarify, OP said he (or she) was a bad boy (or girl).

Assuming user is Iraqi of course.

But if a proper wipe doesn't work, then indeed it could be hardware level.

If that is the case, I would aim for a new router/modem after shutting everything down, and work your way up to new hardware.

Could smart TVs and the like also be affected too via these virus' through the network?

And if user is Iraqi, then no point going to authorities for help.

 

[eidairaman1]

And that would be highly unlikely if the firmware came from the manufacturer's official site.

Bill if it is to be a hardware problem but also remember sometimes websites can be intercepted.

Just because it isn't likely doesn't mean it isn't possible I believe user @R-T-B help someone Purge their computers firmware of infection

However this sounds more like a software level infection

 

[Bill_Bright]

Bill if it is to be a hardware problem but also remember sometimes websites can be intercepted.

"Intercepted"? Not sure what you mean by that. Certainly users trying to access a website can be "redirected" to a malicious site, but that would suggest a different problem.

No doubt websites can be "hacked". But if a major manufacturer's website is hacked, and a firmware file is replaced by a malicious firmware file, pretty sure there would be lots of reports about it before long.

Just because it isn't likely doesn't mean it isn't possible

Ummm, "highly unlikely" doesn't mean impossible.

 

[Valantar]

So the OP should

• Buy a brand-new (sealed packaging) USB stick and create a Windows installer from a secondary and known good PC
• Ideally secure erase the SSD, but at the very least format it entirely
• Replace the keyboard
• Reinstall Windows while not connected to the Internet
• Not use any previously used USB storage devices until they are confirmed not to be compromised

If the problem still persists, there's a chance there's something going on in firmware somewhere, but that's ... unlikely. It is also possible that either the network router or some other device on the network the PC is connected to is infected and is re-infecting the PC. An old router is normally a weak point, and don't get me started on IOT devices ...

 

[birdie]

So the OP should

• Buy a brand-new (sealed packaging) USB stick and create a Windows installer from a secondary and known good PC
• Ideally secure erase the SSD, but at the very least format it entirely
• Replace the keyboard
• Reinstall Windows while not connected to the Internet
• Not use any previously used USB storage devices until they are confirmed not to be compromised

If the problem still persists, there's a chance there's something going on in firmware somewhere, but that's ... unlikely. It is also possible that either the network router or some other device on the network the PC is connected to is infected and is re-infecting the PC. An old router is normally a weak point, and don't get me started on IOT devices ...

The first sensible reply to the topic though I'd simplify it a little bit.

• There's no need to buy a new USB stick:

  cat /dev/zero > /dev/sdb

  under any bootable Linux LiveCD will be enough - this command wipes everything completely.Then you proceed to create an MBR disk, create a FAT32 partition and unpack Windows 10 ISO to it on a PC which is known to be clean. Or do it under Linux - that'll be safer. You must download a new ISO straight from Microsoft website on a PC which is known to be clean or better yet Linux.
• There's no need to secure erase your SSD disk. Again under any linux you run this command

  blkdiscard -v /dev/sda

  - this command wipes everything completely.
• Do not enable Windows file sharing or network discovery before fully updating Windows and rebooting at least twice and checking there are no updates left yet.
• Make sure secure EUFI boot is enabled - that's paramount. Secure UEFI does protect against all sorts of lowlevel malware, though it will not protect your against malware on a firmware level.

That's it.

If after following my instructions you're still getting random weird crap in your Windows, you could have firmware level malware.

 

[Valantar]

The first sensible reply to the topic though I'd simplify it a little bit.

• There's no need to buy a new USB stick:

  cat /dev/zero > /dev/sdb

  under any bootable Linux LiveCD will be enough - this command wipes everything completely.Then you proceed to create an MBR disk, create a FAT32 partition and unpack Windows 10 ISO to it on a PC which is known to be clean. Or do it under Linux - that'll be safer. You must download a new ISO straight from Microsoft website on a PC which is known to be clean or better yet Linux.

*Ahem* BadUSB.

Flash drives are not to be trusted in cases like this. They are much easier to get physical access to than PCs, and are frighteningly easy to compromise.

As for unpacking a Windows 10 ISO manually - it's much better to run the installer and let it configure things how it wants them, including recovery partitions and the like. No reason to do manually what can be done as quickly and in a better way by an automated process. And you do not install Windows 10 on a FAT32 partition. Period. Would that even work? Create an installer USB from the MS Media Creation Tool on a secondary, known good PC, and run it. If your goal is to simplify things, this is not that for the majority of PC users.

• There's no need to secure erase your SSD disk. Again under any linux you run this command

  blkdiscard -v /dev/sda

  - this command wipes everything completely.

Sure, but running a bootable secure erase utility might be more comfortable to a user not familiar with Linux.

• Do not enable Windows file sharing or network discovery before fully updating Windows and rebooting at least twice and checking there are no updates left yet.

True, though I wouldn't connect to the same network until I had confirmed that the router/modem/any other devices on the network were clean. Use a mobile data connection or bring the PC somewhere else first.

 

[Deleted member 181753]

That's because today's pc's don't belong anymore to the people..
Everything you do, beside that your pc is doing something else in parallel..
This was supposed not to happen visible to it's user..but hey everything has bug(s)..
Enjoy today's and next gen pc..

 

[birdie]

*Ahem* BadUSB.

Flash drives are not to be trusted in cases like this. They are much easier to get physical access to than PCs, and are frighteningly easy to compromise.

As for unpacking a Windows 10 ISO manually - it's much better to run the installer and let it configure things how it wants them, including recovery partitions and the like. No reason to do manually what can be done as quickly and in a better way by an automated process. And you do not install Windows 10 on a FAT32 partition. Period. Would that even work? Create an installer USB from the MS Media Creation Tool on a secondary, known good PC, and run it. If your goal is to simplify things, this is not that for the majority of PC users.


Sure, but running a bootable secure erase utility might be more comfortable to a user not familiar with Linux.

True, though I wouldn't connect to the same network until I had confirmed that the router/modem/any other devices on the network were clean. Use a mobile data connection or bring the PC somewhere else first.

You have totally misunderstood me

Have you ever actually installed Windows using a USB stick? Have you ever prepared a USB stick for installation? You're arguing with me but what you're writing is a load of complete and utter nonsense. What do you even mean by "running the installer and letting it configure things"? Are you saying you need to run the installer from an already running system? That will not eliminate any malware ever! God, What I'm reading is just embarrassing. If your system is compromised there's a great chance any media that you're preparing for installation will be infected. You cannot use the Windows media installation tool on a compromised system!

Also, do you understand the command cat /dev/zero > /dev/sdb? You surely don't understand it at all. It wipes everything from a flash drive, every single bit. Why did you even bother to reply to my comment if you misunderstood 99% of it? God, I don't understand why people often feel entitled to leave comments on the things they barely or don't understand at all.

 

[Valantar]

You have totally misunderstood me

Have you ever actually installed Windows using a USB stick? Have you ever prepared a USB stick for installation? You're arguing with me but what you're writing is a load of complete and utter nonsense. What do you even mean by "running the installer and letting it configure things"? Are you saying you need to run the installer from an already running system? That will not eliminate any malware ever! God, What I'm reading is just embarrassing. If your system is compromised there's a great chance any media that you're preparing for installation will be infected. You cannot use the Windows media installation tool on a compromised system!

Also, do you understand the command cat /dev/zero > /dev/sdb? You surely don't understand it at all. It wipes everything from a flash drive, every single bit. Why did you even bother to reply to my comment if you misunderstood 99% of it? God, I don't understand why people often feel entitled to leave comments on the things they barely or don't understand at all.

...

So the OP should

• Buy a brand-new (sealed packaging) USB stick and create a Windows installer from a secondary and known good PC

I realize I misunderstood what you were saying; I read your post as if you were arguing for somehow unpacking the Windows ISO onto the drive from within Linux, not just creating the installer USB from within Linux. That's all on me, sorry - really don't know how I got that mixed up in my head.

As for BadUSB, it is an actual firmware exploit, and will as such not be affected by something that

wipes everything from a flash drive, every single bit

as firmware obviously isn't stored in flash. A compromised USB stick stays compromised until it has its firmware flashed to a known good one, which isn't something that you can actually do unless you have very specialized skills.

BadUSB + the chance of other network devices being infected is the reason to use a new flash drive + a secondary PC (at a secondary location, which I guess I should have stated outright, though I did say not to trust the network). A compromised router can still do a man-in-the-middle attack on your Windows ISO download if you're running a Linux live USB, after all, and wiping the USB drive might not help if its firmware is compromised. Thus the safest route is to eliminate both these variables.

 

[Vayra86]

I might have missed something but how hard can it be to just clean install Windows from USB. Microsoft has extensive guides on it, all you do is google it and its almost done for you.

You don't even need your own install media, any random copy of the OS will do. License is not bound to software.

That's because today's pc's don't belong anymore to the people..
Everything you do, beside that your pc is doing something else in parallel..
This was supposed not to happen visible to it's user..but hey everything has bug(s)..
Enjoy today's and next gen pc..

And yet, current day Win 10 is 100% as functional even for legacy stuff as Win 7 is. Odd huh

 

[iraqownz]

i will try to do that on my laptop. thanks for the help

 

[pit200]

I am using an usb called Verbatim to install windows on my machine.

The build is:

Amd radeon 570 - Graphics card
Amd ryzen 5 2600 -Cpu
samsung 970 EVO plus NVME - SSD
Corsair LPX vengeance 2x8gb - Ram
Gigabyte B450m DS3H - Motherboard
Logitech G502 Hero - Mouse

Just to clarify i was having problems with my motherboard when i first got it. That resulted me taking the entire computer to a technician so that he can fix it. He later told me that it was the motherboards fault, so i had to get a new one.

I did not reformat the the hard drive after installation, so that might also be a factor.



The keyboard just types strings of letters. But it would happen occasionally. I did change keyboard to see if it persist, and sadly it does.

I REALLY THINK THAT I KNOW WHAT THE PROBLEM IS.
its 100% a virus in the mouse. i have your same mouse but after some testing i found it.
i thought it was a problem with keyboard typing random stuff, copy pasting randomly, infinite mess, sometimes not working and spamming letter c.
so i tryed another keyboard. same problem. so it wasnt that. i thought motherboard dmg or processor. so i attacked keyboard and mouse to a laptop just for play. and also on laptop was the same!! but for sure it wasnt keyboard bcs i tried many. so i disconnected the mouse and the thing stopped.
i asked to one my fried that is a programmer and its actually a malware inside mouse. dont ask me how.
so now the problem is how to "clean" it xD
any suggestions?

 

[pony66]

Anyone can recommend something here? what should i do?

You said evo, you do not format as it's worthless, anyway win formats when installing, you secure erase with tool from mfg samsung magician.
Download a new win 10 on another network if scared, secure erase, install win , set firewall on modem if it has one, and after win install set defender firewall, set apps inbound using allowed apps which you use
run a port scan an firewall test which will be on your modem. If you're running in stealth mode you won't get hacked, as others stated I doubt you have a hard or soft malware.

Malware is everything, trojan, worms, virus, it's all of them. Malwarebytes is ok for browser stuff but is worthless for a tro, virus, worms.
Run firefox an add ad blockers, trackers, and privacy badger. Learn how to use NETSTAT so you can see your network traffic or get wireshark.
You can also -under services,, disable remote access, the first four in list in services and remote registry.



If you're going to get cracks or go anywhere bad get Avira as it usually won't grab safe cracks.

 

[Toothless]

Nice thread necro guys.

 

[Hachi_Roku256563]

there is a piece of malware that can infect a motherboards uefi chip because it survives reinstall
however in your case i think you are not getting rid of the infection correctly

Nice thread necro guys.

forgive me im kinda new here waht is a necro
also i saw this thread and realized it was old i thoughed eiderman was back

 

[Toothless]

there is a piece of malware that can infect a motherboards uefi chip because it survives reinstall
however in your case i think you are not getting rid of the infection correctly

forgive me im kinda new here waht is a necro
also i saw this thread and realized it was old i thoughed eiderman was back

Thread has been a year dead and y'all decide to bring it back for no point.