cancel
Showing results for 
Search instead for 
Did you mean: 

Possibly infected by a virus that affects the Bios

OnlineNow
Level 7
Hi, I got infected a few months ago. Long story short they can literally see my screen and all my information, clear signals of remote access, etc.
I already explained aa bit on my orevious pot so want tell all my story again and will just describe my experience on the RVE.
First off it shows 3 keyboards and like 6 hubs on the bios even when I just have a keyboard and a mouse plugged in. Windows takes around *55 gbs after I install it, 2017 gpu drivers are installed even when I install a 2015 version of windows 10, performance is terrible, seems like Im using a core2duo. Cant use my ocmputer because of this.
All this is happening since January, tons of BIOS versions tested, always the same issues.
Today I updated to the latest version. Formatted using secure erase and same results.
*
Clearly something big is going on here, either they managed to edit some BIOS modules to work in a malicious way or they changed the firmware of one of the devices.

Can an Asus employee test a dump of my firmware and see if he/she can reproduce these same issues. Already tried everything since the day Imgot infected and Im still lost.
Thanks.*
13,893 Views
8 REPLIES 8

LiveOrDie
Level 11
3 keyboards and like 6 hubs


The bios sees some USB devices as keyboards its nothing to worry about, there no way a virus can get into your bios only if you have flashed a bios downloaded from other places than asus, but even then windows would see a issue with secure boot.

OnlineNow
Level 7
That explains why I was getting remote accessed' everywhere including webcams being turned on and a restream on a russian website.

What can I do to clean the previous register's info (Please send me this information to me first) so I can register it myself?

When I try to register my serial, it says "register null".

You probably bought a used motherboard. Reboot the BIOS and make a new installation of Windows.

Probably bought a used computer with a used copy of Win10 installed.

Disable Remote Access.
https://www.lifewire.com/disable-windows-remote-desktop-153337

Make sure Windows Firewall is running and properly configured. And make sure all "Remote Access" objects are Blocked unless you actually need to run them.
http://www.thewindowsclub.com/how-to-configure-windows-7-firewall

Scan the system to detect and repair/remove all malware, spyware, viruses, rootkits, and other yucky things.
http://www.pcworld.com/article/243818/security/how-to-remove-malware-from-your-windows-pc.html

Your other option, of course, is a full (fresh, clean) Windows 10 install. But do not start this process until you have backed up all your important data (on some other drive) and you've written down your Windows Product Key. Having clean copies of all necessary drivers/software nearby also helps, especially those which are required to get your computer working well enough to boot Windows and access the internet.
http://www.techadvisor.co.uk/how-to/windows/how-find-windows-10-product-key-3632749/
https://www.howtogeek.com/244678/you-dont-need-a-product-key-to-install-and-use-windows-10/

You can reset your BIOS to factory defaults. You can even download and install (flash) a clean version from your motherboard page. But this shouldn't be necessary and (if you don't know what you're doing) could actually cause more problems by breaking things that already work. Write down all BIOS settings you don't understand (or can't easily figure out) before changing or resetting anything.
The chances of your BIOS being "infected" or "compromised" with some kind of malware or backdoor are virtually insignificant, but you may choose to overwrite it with a clean version anyhow "just to be sure".

There's other threads online which describe your problem, but they're not very informative.
https://www.reddit.com/r/Windows10/comments/6kyzcn/someone_registered_my_w10_keys_on_his_microsoft/

And your final option is to contact Microsoft Support. You might be able to convince them to issue you a new Windows Product Key. Or you may be told there's nothing they can do until you buy a new one.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

OnlineNow,

You have been fighting this issue for 6-8 months. You need to take this to a computer repair shop that can do malware and rootkit removal.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

(How do you know this issue has persisted for 6-8 months?)
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

Korth wrote:
(How do you know this issue has persisted for 6-8 months?)


Previous thread:
https://rog.asus.com/forum/showthread.php?91729-Rootkit-on-FreeDOS

Also, merged the 2 threads created this month on this topic

@OnlineNow
We ask that you maintain one thread per issue. This way the people attempting to help you can review the history. You've created 4 threads related to your rootkit concerns which makes it difficult for anyone to help you because you keep starting over. Please use this thread from now on.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

Hawkstorm
Level 7
Actually your Bios isn't as secure as you think, I've had mine overwritten 3 times requiring a reflash off a stick.

God bless UEFI.

Flash your Bios with a USB stick in the port at the back of the machine with the Bios named RE5.CAP.

3701 is pretty good though it doesn't display the correct CPU speed.