03-15-201704:38 PM - last edited on 03-05-202410:41 PM by ROGBot
A bunch of guys decided that it was a good idea to target my computer, dump all my user/passwords, restream all screens (even those that werent mine like my sister and my brothers'), get remote access, sell my info, etc.
The rootkit is (I think) in the FreeDOS partition. I need to remove it. It keeps showing up in windows as Boot(X: ), replacing the boot keys, uploading my passwords/pictures to god-knows-who, etc. This started three months ago. I got tricked into installing a program called ManageIQ but the JSON part was modified. It told me to put someone else's json key instead of generate mine. I suppose whoever did this was waiting for me to click and was part of the staff of that page idk.
Updating the bios does nothing. Its like a sub-system that has higher priority than the actual OS (Windows 10).
Yes i did. Tried with different methods, livecds, OSs and even different hard drives, it keeps coming back. The virus is in the firmware, not the hard drives. Its been 3 months since this started.
MZ790AE Bios 1602, GSkill F5-8400J4052G24GX2-TR5S, 14900KS, EKWB D5 TBE 300, Seasonic Prime TX-1600 ATX 3.0, Asus Strix 4090 w/ HK block, Phanteks Enthoo Elite, Asus Claymore 2, Asus Gladius 3, Asus XG349C, Crucial T705, Windows 11 Pro
Hopper64 wrote: Swap out the bios chip(s) on the motherboard?
That doesnt work.
This is the rootkit I got hit by *https://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706_page2.ht... OP gets called crazy at first and then more and more people start describing the same kind of rootkits. Its the worst kind of virus ever. It adapta pretty quickly and seems impossible to remove. They get remote access to your entire network, uploads files to some server, converts all your machines into VMs, etc.
At this point I dont think I can get any help here becaue this is way too complex and some of you might think Im joking so will try asking in sysinternals instead.*