uTalk

Official forum for Utopia Community

You are not logged in.

#1 2021-03-01 18:36:42

HanBaoCinch
Member
Registered: 2021-01-11
Posts: 93

Virus / Malware Identity & file theft?

Operating System
Windows 10 Home 64-bit
CPU
Intel Core i5 7500 @ 3.40GHz 56 °C
Kaby Lake 14nm Technology
RAM
4x8 32.0GB Dual-Channel G.Skillz @ 1066MHz (15-15-15-36)
Motherboard
MSI Z170A KRAIT GAMING 3X (MS-7A11) (U3E1) 33 °C
Graphics
GF276 (1920x1080@60Hz)
LG FULL HD (1920x1080@60Hz)
2047MB NVIDIA GeForce GTX 1060 6GB (EVGA) 38 °C
Storage
119GB ADATA SP600 (SATA (SSD)) 30 °C
1862GB Western Digital WD My Passport 2626 USB Device (USB (SATA) (SSD)) 30 °C
Optical Drives
HL-DT-ST DVDRAM GH24NSB0
Audio
NVIDIA High Definition Audio
Hi, Ive got a virus that persists even after formats, I believe I caught it from my roomate and he recently got his identity stolen, so Im pretty scared.
I was using kapersky internet security and windows 10, upgrading from Home to to Pro when I noticed everything, my main concern is that im being roped into an evil twin situation or at least having my files stolen, or technicly shared against my will.
Theres a few different things ive found out on my own, I have a background in web programming, I understand what shells are and limited cmd-line know-how like diskpart.
Persistence; it persists by a variety of ways that each install each other, or install extensions to central windows services and processes to avoid detection. The main methods of infection are dlls and registries and svchost/ntoskernel-run services that all eventually removes your authority over everything on the computer and then shares out your files.
Methods ive seen are: Binary coinstallers installed in locations where drivers are expected(probably based of hardware) like nvidia drivers. These coinstallers refer to PCI locations as devices with memory storage abilities of some kind(maybe they are virtualized objects in a shell?) There also seems to be a set of drivers installed in an "EFI Shell" and my ethernet adapter settings, accessible from bios, go like this:
Intel Gigabit 0.0 Uefi driver Adapter PBA FFFFFF-0FF. PCI ID ADDRESS MAC etc.
Theres a bunch of VPN and Network Drive / Virtual Drive / Sharing / Remote Administration / Workgroup / Domain Administration - related services and confirgurations set up, so I installed bitdefender and requeted all connections through that adapter be refused, bought a wifi one and built its profile a little more carefully.
However, my X: drive seems also affected, so I really just want someone to help me get a handle on whats happening and what I can do to log/Identify/Prevent/Wipe it.
All my files are saved and backep up, I just need a cleaning procedure for my pc and my and my roomates, and if I should do anything with my cellphones(I have 2 androids) before I go online and hunt out if anything has been opened in my name.
Im using an administrator account, disabled all others and set up strict firewall rules. Ive installed Kapersky Ccleaner MalwareBytes ProcessHacker Bitdefender and none of them come up with anything please help!

Offline

#2 2021-03-01 18:41:38

lolapolooza
Member
Registered: 2021-01-11
Posts: 66

Re: Virus / Malware Identity & file theft?

1. Format any / all drives. You can use the clean command in Windows if you really want to.
2. Install OS, and keep it updated. You can also update your BIOS which sometimes is based on security concerns.
3. Don't download or click on something that might not be safe.
4. Use a 3rd party security program (or use Windows Security).
5. Use common sense when using PC.
6. Make sure you have the firewall/security features turned on in your router/modem. When using the internet, make sure the connection is secure (not sending private info over unknown/unsecured networks).

If you follow those 6 rules, you shouldn't have any problem unless your PC is a high-value target for hackers or governments (which isn't likely).

Offline

#3 2021-03-02 05:34:01

Drassen
Member
Registered: 2021-01-11
Posts: 71

Re: Virus / Malware Identity & file theft?

Are you and your roommate sharing a router? If so, I'd also check the router model to ensure it isn't one that has hackable firmware. There are quite a few of them out there infected with malware.

Since you obviously can't control your roommates' computer habits, if your router supports multiple (or guest) networks it might even be a good idea to set up a separate network for each of you with separate wireless security keys.

Offline

#4 2021-03-02 08:10:43

HanBaoCinch
Member
Registered: 2021-01-11
Posts: 93

Re: Virus / Malware Identity & file theft?

Im a federal civil servant for the ministry if justice, as an ingress vector im attractive

My roomatte also is. How to i isilate two networks on the same router and avoi or regain control or ownership of the domain. Imagine every legacy and enterprise ms tool co establishing themselves in every piece of nonstandard memory or location possible. Efi, virtualized lan, boot partition, network drives only addressable at a specific recursion, smbus, dram pcie and interface or device worm storage. Then it gets shared to a sequential chain of cloud platforms opened in the names of others like you. Idc if it hasnt harmed me yet. Its violated my privacy and reliability, so now it dies screaming. Every time ive formated my system becomes inoperative in a very short amount of time. Im thinking of disssembling all the components to isolate, but the bigger issue i know less about is the networking aspect since ive never worked in an enterprise model. Technology is an interest not currently a trade of mine.

Offline

Board footer

Powered by FluxBB